public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chart: Add service monitor and remove kube_rbac_proxy leftovers (#527) 

* remove all authProxy refs

* Add serviceMonitor

* fix metrics port

* fix newline

* fix newline

* bump chart version

* fix indentation typo

* Rename metrics.proxy

* Make metrics.portNumber configurable

* fix metrics port

* revert: chart version change

Co-authored-by: toast-gear <15716903+toast-gear@users.noreply.github.com>
This commit is contained in:
Yair Fried 2021-05-26 14:10:25 +03:00 committed by GitHub
parent 859e04a680
commit 2cbeca0e7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 86 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
View File

@ -54,3 +54,7 @@ Create the name of the service account to use
{{- define "actions-runner-controller-github-webhook-server.roleName" -}} {{- define "actions-runner-controller-github-webhook-server.roleName" -}}
{{- include "actions-runner-controller-github-webhook-server.fullname" . }} {{- include "actions-runner-controller-github-webhook-server.fullname" . }}
{{- end }} {{- end }}
{{- define "actions-runner-controller-github-webhook-server.serviceMonitorName" -}}
{{- include "actions-runner-controller-github-webhook-server.fullname" . | trunc 47 }}-service-monitor
{{- end }}

6
charts/actions-runner-controller/templates/_helpers.tpl
View File

@ -92,10 +92,14 @@ Create the name of the service account to use
{{- include "actions-runner-controller.fullname" . | trunc 55 }}-webhook {{- include "actions-runner-controller.fullname" . | trunc 55 }}-webhook
{{- end }} {{- end }}
{{- define "actions-runner-controller.authProxyServiceName" -}} {{- define "actions-runner-controller.metricsServiceName" -}}
{{- include "actions-runner-controller.fullname" . | trunc 47 }}-metrics-service {{- include "actions-runner-controller.fullname" . | trunc 47 }}-metrics-service
{{- end }} {{- end }}
{{- define "actions-runner-controller.serviceMonitorName" -}}
{{- include "actions-runner-controller.fullname" . | trunc 47 }}-service-monitor
{{- end }}
{{- define "actions-runner-controller.selfsignedIssuerName" -}} {{- define "actions-runner-controller.selfsignedIssuerName" -}}
{{- include "actions-runner-controller.fullname" . }}-selfsigned-issuer {{- include "actions-runner-controller.fullname" . }}-selfsigned-issuer
{{- end }} {{- end }}

2
charts/actions-runner-controller/templates/auth_proxy_role.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.metrics.proxy.enabled }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -11,3 +12,4 @@ rules:
resources: resources:
- subjectaccessreviews - subjectaccessreviews
verbs: ["create"] verbs: ["create"]
{{- end }}

2
charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.metrics.proxy.enabled }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -10,3 +11,4 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "actions-runner-controller.serviceAccountName" . }} name: {{ include "actions-runner-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
{{- end }}

8
charts/actions-runner-controller/templates/auth_proxy_service.yaml → charts/actions-runner-controller/templates/controller.metrics.service.yaml
View File

@ -3,12 +3,12 @@ kind: Service
metadata: metadata:
labels: labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }} {{- include "actions-runner-controller.labels" . | nindent 4 }}
name: {{ include "actions-runner-controller.authProxyServiceName" . }} name: {{ include "actions-runner-controller.metricsServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
ports: ports:
- name: https - name: metrics-port
port: 8443 port: {{ .Values.metrics.port }}
targetPort: https targetPort: metrics-port
selector: selector:
{{- include "actions-runner-controller.selectorLabels" . | nindent 4 }} {{- include "actions-runner-controller.selectorLabels" . | nindent 4 }}

15
charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.metrics.serviceMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }}
name: {{ include "actions-runner-controller.serviceMonitorName" . }}
spec:
endpoints:
- path: /metrics
port: metrics-port
selector:
matchLabels:
{{- include "actions-runner-controller.selectorLabels" . | nindent 6 }}
{{- end }}

21
charts/actions-runner-controller/templates/deployment.yaml
View File

@ -31,8 +31,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- args: - args:
{{- $metricsHost := .Values.kube_rbac_proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }} {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
- "--metrics-addr={{ $metricsHost }}:8080" {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
- "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
- "--enable-leader-election" - "--enable-leader-election"
- "--sync-period={{ .Values.syncPeriod }}" - "--sync-period={{ .Values.syncPeriod }}"
- "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}" - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}"
@ -79,9 +80,9 @@ spec:
- containerPort: 9443 - containerPort: 9443
name: webhook-server name: webhook-server
protocol: TCP protocol: TCP
{{- if not .Values.kube_rbac_proxy.enabled }} {{- if not .Values.metrics.proxy.enabled }}
- containerPort: 9443 - containerPort: {{ .Values.metrics.port }}
name: https name: metrics-port
protocol: TCP protocol: TCP
{{- end }} {{- end }}
resources: resources:
@ -97,18 +98,18 @@ spec:
- mountPath: /tmp/k8s-webhook-server/serving-certs - mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert name: cert
readOnly: true readOnly: true
{{- if .Values.kube_rbac_proxy.enabled }} {{- if .Values.metrics.proxy.enabled }}
- args: - args:
- "--secure-listen-address=0.0.0.0:8443" - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
- "--upstream=http://127.0.0.1:8080/" - "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true" - "--logtostderr=true"
- "--v=10" - "--v=10"
image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}" image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
name: kube-rbac-proxy name: kube-rbac-proxy
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
- containerPort: 8443 - containerPort: {{ .Values.metrics.port }}
name: https name: metrics-port
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:

19
charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
View File

@ -32,7 +32,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- args: - args:
- "--metrics-addr=127.0.0.1:8080" {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
{{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
- "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
- "--sync-period={{ .Values.githubWebhookServer.syncPeriod }}" - "--sync-period={{ .Values.githubWebhookServer.syncPeriod }}"
{{- if .Values.githubWebhookServer.logLevel }} {{- if .Values.githubWebhookServer.logLevel }}
- "--log-level={{ .Values.githubWebhookServer.logLevel }}" - "--log-level={{ .Values.githubWebhookServer.logLevel }}"
@ -57,25 +59,32 @@ spec:
- containerPort: 8000 - containerPort: 8000
name: http name: http
protocol: TCP protocol: TCP
{{- if not .Values.metrics.proxy.enabled }}
- containerPort: {{ .Values.metrics.port }}
name: metrics-port
protocol: TCP
{{- end }}
resources: resources:
{{- toYaml .Values.githubWebhookServer.resources | nindent 12 }} {{- toYaml .Values.githubWebhookServer.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.githubWebhookServer.securityContext | nindent 12 }} {{- toYaml .Values.githubWebhookServer.securityContext | nindent 12 }}
{{- if .Values.metrics.proxy.enabled }}
- args: - args:
- "--secure-listen-address=0.0.0.0:8443" - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
- "--upstream=http://127.0.0.1:8080/" - "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true" - "--logtostderr=true"
- "--v=10" - "--v=10"
image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}" image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
name: kube-rbac-proxy name: kube-rbac-proxy
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
- containerPort: 8443 - containerPort: {{ .Values.metrics.port }}
name: https name: metrics-port
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
{{- with .Values.githubWebhookServer.nodeSelector }} {{- with .Values.githubWebhookServer.nodeSelector }}
nodeSelector: nodeSelector:

5
charts/actions-runner-controller/templates/githubwebhook.service.yaml
View File

@ -12,6 +12,11 @@ spec:
{{ range $_, $port := .Values.githubWebhookServer.service.ports -}} {{ range $_, $port := .Values.githubWebhookServer.service.ports -}}
- {{ $port | toYaml | nindent 6 }} - {{ $port | toYaml | nindent 6 }}
{{- end }} {{- end }}
{{- if .Values.metrics.serviceMonitor }}
- name: metrics-port
port: {{ .Values.metrics.port }}
targetPort: metrics-port
{{- end }}
selector: selector:
{{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }} {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }}
{{- end }} {{- end }}

15
charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }}
name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
spec:
endpoints:
- path: /metrics
port: metrics-port
selector:
matchLabels:
{{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}
{{- end }}

15
charts/actions-runner-controller/values.yaml
View File

@ -30,12 +30,6 @@ image:
dindSidecarRepositoryAndTag: "docker:dind" dindSidecarRepositoryAndTag: "docker:dind"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
kube_rbac_proxy:
enabled: true
image:
repository: quay.io/brancz/kube-rbac-proxy
tag: v0.8.0
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@ -68,6 +62,15 @@ service:
type: ClusterIP type: ClusterIP
port: 443 port: 443
metrics:
serviceMonitor: false
port: 8443
proxy:
enabled: true
image:
repository: quay.io/brancz/kube-rbac-proxy
tag: v0.8.0
resources: resources:
{} {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious