From b3977b4c7c8a6cc52a0d1b117ffeb13d66f919b6 Mon Sep 17 00:00:00 2001 From: ThameezBo Date: Thu, 24 Aug 2023 12:55:32 +0200 Subject: [PATCH 1/5] feat: add in podmonitor to teleport-kube-agent helmchart --- .../teleport-kube-agent/.lint/podmonitor.yaml | 7 +++ .../templates/podmonitor.yaml | 31 +++++++++++++ .../tests/podmonitor_test.yaml | 43 +++++++++++++++++++ .../teleport-kube-agent/values.schema.json | 24 +++++++++++ .../chart/teleport-kube-agent/values.yaml | 15 +++++++ 5 files changed, 120 insertions(+) create mode 100644 examples/chart/teleport-kube-agent/.lint/podmonitor.yaml create mode 100644 examples/chart/teleport-kube-agent/templates/podmonitor.yaml create mode 100644 examples/chart/teleport-kube-agent/tests/podmonitor_test.yaml diff --git a/examples/chart/teleport-kube-agent/.lint/podmonitor.yaml b/examples/chart/teleport-kube-agent/.lint/podmonitor.yaml new file mode 100644 index 0000000000000..2cdb90bd4975d --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/podmonitor.yaml @@ -0,0 +1,7 @@ +proxyAddr: proxy.example.com:3080 +kubeClusterName: test-kube-cluster-name +podMonitor: + enabled: true + additionalLabels: + prometheus: default + interval: 30s diff --git a/examples/chart/teleport-kube-agent/templates/podmonitor.yaml b/examples/chart/teleport-kube-agent/templates/podmonitor.yaml new file mode 100644 index 0000000000000..6bc0ccdaf51e1 --- /dev/null +++ b/examples/chart/teleport-kube-agent/templates/podmonitor.yaml @@ -0,0 +1,31 @@ +{{- if.Values.podMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- with .Values.podMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ .Release.Name }} + podMetricsEndpoints: + - port: diag + path: /metrics + {{- with .Values.podMonitor.interval }} + interval: {{ . | quote }} + {{- end }} + podTargetLabels: + - "app.kubernetes.io/name" + - "app.kubernetes.io/instance" + - "app.kubernetes.io/component" + - "app.kubernetes.io/version" + - "teleport.dev/majorVersion" +{{- end }} diff --git a/examples/chart/teleport-kube-agent/tests/podmonitor_test.yaml b/examples/chart/teleport-kube-agent/tests/podmonitor_test.yaml new file mode 100644 index 0000000000000..474f34697677c --- /dev/null +++ b/examples/chart/teleport-kube-agent/tests/podmonitor_test.yaml @@ -0,0 +1,43 @@ +suite: PodMonitor +templates: + - podmonitor.yaml +tests: + - it: does not create a PodMonitor by default + set: + proxyAddr: proxy.example.com:3080 + kubeClusterName: test-kube-cluster-name + asserts: + - hasDocuments: + count: 0 + + - it: creates a PodMonitor when enabled + set: + proxyAddr: proxy.example.com:3080 + kubeClusterName: test-kube-cluster-name + podMonitor: + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodMonitor + + - it: configures scrape interval if provided + set: + proxyAddr: proxy.example.com:3080 + kubeClusterName: test-kube-cluster-name + podMonitor: + enabled: true + interval: 2m + asserts: + - equal: + path: spec.podMetricsEndpoints[0].interval + value: 2m + + - it: wears additional labels if provided + asserts: + - equal: + path: metadata.labels.prometheus + value: default + values: + - ../.lint/podmonitor.yaml \ No newline at end of file diff --git a/examples/chart/teleport-kube-agent/values.schema.json b/examples/chart/teleport-kube-agent/values.schema.json index 617de7560c843..af482d8033c32 100644 --- a/examples/chart/teleport-kube-agent/values.schema.json +++ b/examples/chart/teleport-kube-agent/values.schema.json @@ -23,6 +23,7 @@ "clusterRoleBindingName", "roleName", "roleBindingName", + "podMonitor", "serviceAccountName", "secretName", "log", @@ -363,6 +364,29 @@ } } }, + "podMonitor": { + "$id": "#/properties/podMonitor", + "type": "object", + "required": ["enabled"], + "properties": { + "enabled": { + "$id": "#/properties/podMonitor/enabled", + "type": "boolean", + "default": false + }, + "additionalLabels": { + "$id": "#/properties/podMonitor/additionalLabels", + "type": "object", + "default": {"prometheus": "default"}, + "additionalProperties": {"type": "string"} + }, + "interval": { + "$id": "#/properties/podMonitor/interval", + "type": "string", + "default": "30s" + } + } + }, "priorityClassName": { "$id": "#/properties/priorityClassName", "type": "string", diff --git a/examples/chart/teleport-kube-agent/values.yaml b/examples/chart/teleport-kube-agent/values.yaml index e469d2f957fae..0fe92b9c497e7 100644 --- a/examples/chart/teleport-kube-agent/values.yaml +++ b/examples/chart/teleport-kube-agent/values.yaml @@ -171,6 +171,21 @@ highAvailability: enabled: false minAvailable: 1 +# podMonitor controls the PodMonitor CR (from monitoring.coreos.com/v1) +# This CRD is managed by the prometheus-operator and allows workload to +# get monitored. To use this value, you need to run a `prometheus-operator` +# in the cluster for this value to take effect. +# See https://prometheus-operator.dev/docs/prologue/introduction/ +podMonitor: + # Whether the chart should deploy a PodMonitor. + # Disabled by default as it requires the PodMonitor CRD to be installed. + enabled: false + # additionalLabels to put on the PodMonitor. + # This is used to be selected by a specific prometheus instance. + additionalLabels: {} + # interval is the interval between two metrics scrapes. Defaults to 30s + interval: 30s + ################################################################ # Values that must be provided if using persistent storage for Teleport. # From 21c6747d4c34da6b436f7e6fb77b8e8155f9a3d2 Mon Sep 17 00:00:00 2001 From: ThameezBo Date: Thu, 24 Aug 2023 12:56:02 +0200 Subject: [PATCH 2/5] fix: backport fixes to linting and tests to teleport-cluster chart --- .../chart/teleport-cluster/.lint/podmonitor.yaml | 6 ++++++ .../teleport-cluster/tests/podmonitor_test.yaml | 13 +++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 examples/chart/teleport-cluster/.lint/podmonitor.yaml diff --git a/examples/chart/teleport-cluster/.lint/podmonitor.yaml b/examples/chart/teleport-cluster/.lint/podmonitor.yaml new file mode 100644 index 0000000000000..1c263f5e00b0e --- /dev/null +++ b/examples/chart/teleport-cluster/.lint/podmonitor.yaml @@ -0,0 +1,6 @@ +clusterName: test-kube-cluster-name +podMonitor: + enabled: true + additionalLabels: + prometheus: default + interval: 30s diff --git a/examples/chart/teleport-cluster/tests/podmonitor_test.yaml b/examples/chart/teleport-cluster/tests/podmonitor_test.yaml index d07ebc9a8bf2d..ccdf692ef742b 100644 --- a/examples/chart/teleport-cluster/tests/podmonitor_test.yaml +++ b/examples/chart/teleport-cluster/tests/podmonitor_test.yaml @@ -3,12 +3,15 @@ templates: - podmonitor.yaml tests: - it: does not create a PodMonitor by default + set: + clusterName: test-kube-cluster-name asserts: - hasDocuments: count: 0 - it: creates a PodMonitor when enabled set: + clusterName: test-kube-cluster-name podMonitor: enabled: true asserts: @@ -19,6 +22,7 @@ tests: - it: configures scrape interval if provided set: + clusterName: test-kube-cluster-name podMonitor: enabled: true interval: 2m @@ -28,12 +32,9 @@ tests: value: 2m - it: wears additional labels if provided - set: - podMonitor: - enabled: true - additionalLabels: - prometheus: teleport-only asserts: - equal: path: metadata.labels.prometheus - value: teleport-only + value: default + values: + - ../.lint/podmonitor.yaml \ No newline at end of file From bcd55605aab87ce50a67baadb84ed1d6ced868f0 Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Tue, 29 Aug 2023 14:53:32 -0400 Subject: [PATCH 3/5] docs: document the `podMonitor` field in chart references --- .../helm-reference/teleport-cluster.mdx | 40 +++++++++++++++++++ .../helm-reference/teleport-kube-agent.mdx | 40 +++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index 4e272c52e7921..3e9a4be48d1b0 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -948,6 +948,46 @@ recommended to use one of the other modes and rely on to inject your custom configuration. +## `podMonitor` + +`podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) +](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) +This custom resource is used to configure Prometheus to monitor workload running +in Kubernetes. This value can be used if you are using both Prometheus and +prometheus-operator to monitor workload running in the Kubernetes cluster. + +The CRD is deployed by the prometheus-operator and allows workload to +get monitored. You need to deploy the `prometheus-operator` +in the cluster prior to configuring the `podMonitor` section of the chart. See +[the prometheus-operator documentation](https://prometheus-operator.dev/docs/prologue/introduction/) +for setup instructions. + +### `podMonitor.enabled` + +| Type | Default value | +|--------|---------------| +| `bool` | `false` | + +Whether the chart should deploy a `PodMonitor` resource. This is disabled by +default as it requires the `PodMonitor` CRD to be installed in the cluster. + +### `podMonitor.additionalLabels` + +| Type | Default value | +|------------------------|----------------------------| +| `object[string]string` | `{"prometheus":"default"}` | + +Additional labels to put on the created PodMonitor Resource. +Those labels are used to be selected by a specific Prometheus instance. + +### `podMonitor.interval` + +| Type | Default value | +|----------|---------------| +| `string` | `30s` | + +`interval` is the interval between two metrics scrapes by Prometheus. + ## `persistence`
diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx index 6d507e226740d..1407eac3400f9 100644 --- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx +++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx @@ -1237,6 +1237,46 @@ Ensures that this number of replicas is available during voluntary disruptions, +## `podMonitor` + +`podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) +](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) +This custom resource is used to configure Prometheus to monitor workload running +in Kubernetes. This value can be used if you are using both Prometheus and +prometheus-operator to monitor workload running in the Kubernetes cluster. + +The CRD is deployed by the prometheus-operator and allows workload to +get monitored. You need to deploy the `prometheus-operator` +in the cluster prior to configuring the `podMonitor` section of the chart. See +[the prometheus-operator documentation](https://prometheus-operator.dev/docs/prologue/introduction/) +for setup instructions. + +### `podMonitor.enabled` + +| Type | Default value | +|--------|---------------| +| `bool` | `false` | + +Whether the chart should deploy a `PodMonitor` resource. This is disabled by +default as it requires the `PodMonitor` CRD to be installed in the cluster. + +### `podMonitor.additionalLabels` + +| Type | Default value | +|------------------------|----------------------------| +| `object[string]string` | `{"prometheus":"default"}` | + +Additional labels to put on the created PodMonitor Resource. +Those labels are used to be selected by a specific Prometheus instance. + +### `podMonitor.interval` + +| Type | Default value | +|----------|---------------| +| `string` | `30s` | + +`interval` is the interval between two metrics scrapes by Prometheus. + ## `clusterRoleName` | Type | Default value | From b2b6ea5157ee9e2cc11e2a9e9938968caf64f23f Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Wed, 30 Aug 2023 14:38:50 -0400 Subject: [PATCH 4/5] Apply suggestions from code review --- docs/pages/reference/helm-reference/teleport-cluster.mdx | 5 ++--- docs/pages/reference/helm-reference/teleport-kube-agent.mdx | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index 3e9a4be48d1b0..cc7b33077cc6a 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -952,9 +952,8 @@ to inject your custom configuration. `podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) ](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) -This custom resource is used to configure Prometheus to monitor workload running -in Kubernetes. This value can be used if you are using both Prometheus and -prometheus-operator to monitor workload running in the Kubernetes cluster. +that monitors the workload (auth and proxy pods) deployed by the chart. +This custom resource configures Prometheus and makes it scrape Teleport metrics. The CRD is deployed by the prometheus-operator and allows workload to get monitored. You need to deploy the `prometheus-operator` diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx index 1407eac3400f9..a2cee340a1874 100644 --- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx +++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx @@ -1241,9 +1241,8 @@ Ensures that this number of replicas is available during voluntary disruptions, `podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) ](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) -This custom resource is used to configure Prometheus to monitor workload running -in Kubernetes. This value can be used if you are using both Prometheus and -prometheus-operator to monitor workload running in the Kubernetes cluster. +that monitors the workload (auth and proxy pods) deployed by the chart. +This custom resource configures Prometheus and makes it scrape Teleport metrics. The CRD is deployed by the prometheus-operator and allows workload to get monitored. You need to deploy the `prometheus-operator` From f538a441084d3233430a01de04a57e5058a188b8 Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Wed, 30 Aug 2023 14:48:03 -0400 Subject: [PATCH 5/5] Lint --- docs/pages/reference/helm-reference/teleport-cluster.mdx | 2 +- docs/pages/reference/helm-reference/teleport-kube-agent.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index cc7b33077cc6a..2bd6e973a78c3 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -952,7 +952,7 @@ to inject your custom configuration. `podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) ](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) -that monitors the workload (auth and proxy pods) deployed by the chart. +that monitors the workload (Auth and Proxy Services) deployed by the chart. This custom resource configures Prometheus and makes it scrape Teleport metrics. The CRD is deployed by the prometheus-operator and allows workload to diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx index a2cee340a1874..66a14a9a41718 100644 --- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx +++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx @@ -1241,7 +1241,7 @@ Ensures that this number of replicas is available during voluntary disruptions, `podMonitor` controls [the PodMonitor CR (from monitoring.coreos.com/v1) ](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor) -that monitors the workload (auth and proxy pods) deployed by the chart. +that monitors the workload (Auth and Proxy Services) deployed by the chart. This custom resource configures Prometheus and makes it scrape Teleport metrics. The CRD is deployed by the prometheus-operator and allows workload to