mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-11-04 01:51:01 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1307 from PaytmLabs/feature/addons/aws-vpc-cni

Browse Source 
Turn AWS VPC CNI into a control plane add-on
This commit is contained in:
Paweł Krupa 2021-08-04 09:56:50 +02:00 committed by GitHub
commit 54d8f88162
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 111 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet Normal file
View File

@ -0,0 +1,110 @@
{
values+:: {
awsVpcCni: {
// `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
//
// References:
// https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
// https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
minimumWarmIPs: 10,
minimumWarmIPsTime: '10m',
},
},
kubernetesControlPlane+: {
serviceAwsVpcCni: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'aws-node',
namespace: 'kube-system',
labels: { 'app.kubernetes.io/name': 'aws-node' },
},
spec: {
ports: [
{
name: 'cni-metrics-port',
port: 61678,
targetPort: 61678,
},
],
selector: { 'app.kubernetes.io/name': 'aws-node' },
clusterIP: 'None',
},
},
serviceMonitorAwsVpcCni: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'aws-node',
namespace: $.values.common.namespace,
labels: {
'app.kubernetes.io/name': 'aws-node',
},
},
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: {
matchLabels: {
'app.kubernetes.io/name': 'aws-node',
},
},
namespaceSelector: {
matchNames: [
'kube-system',
],
},
endpoints: [
{
port: 'cni-metrics-port',
interval: '30s',
path: '/metrics',
relabelings: [
{
action: 'replace',
regex: '(.*)',
replacement: '$1',
sourceLabels: ['__meta_kubernetes_pod_node_name'],
targetLabel: 'instance',
},
],
},
],
},
},
prometheusRuleAwsVpcCni: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
name: 'aws-vpc-cni-rules',
namespace: $.prometheus._config.namespace,
},
spec: {
groups: [
{
name: 'aws-vpc-cni.rules',
rules: [
{
expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
labels: {
severity: 'critical',
},
annotations: {
summary: 'AWS VPC CNI has a low warm IP pool',
description: |||
Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
||| % $.values.awsVpcCni.minimumWarmIPs,
},
'for': $.values.awsVpcCni.minimumWarmIPsTime,
alert: 'AwsVpcCniWarmIPsLow',
},
],
},
],
},
},
},
}

108
jsonnet/kube-prometheus/platforms/eks.libsonnet
View File

@ -1,15 +1,5 @@
(import '../addons/aws-vpc-cni.libsonnet') +
(import '../addons/managed-cluster.libsonnet') + {
values+:: {
awsVpcCni: {
// `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
//
// References:
// https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
// https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
minimumWarmIPs: 10,
minimumWarmIPsTime: '10m',
},
},
kubernetesControlPlane+: {
serviceMonitorCoreDNS+: {
spec+: {
@ -22,101 +12,5 @@
],
},
},
serviceAwsVpcCniMetrics: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'aws-node',
namespace: 'kube-system',
labels: { 'app.kubernetes.io/name': 'aws-node' },
},
spec: {
ports: [
{
name: 'cni-metrics-port',
port: 61678,
targetPort: 61678,
},
],
selector: { 'app.kubernetes.io/name': 'aws-node' },
clusterIP: 'None',
},
},
serviceMonitorAwsVpcCni: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'aws-node',
namespace: $.values.common.namespace,
labels: {
'app.kubernetes.io/name': 'aws-node',
},
},
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: {
matchLabels: {
'app.kubernetes.io/name': 'aws-node',
},
},
namespaceSelector: {
matchNames: [
'kube-system',
],
},
endpoints: [
{
port: 'cni-metrics-port',
interval: '30s',
path: '/metrics',
relabelings: [
{
action: 'replace',
regex: '(.*)',
replacement: '$1',
sourceLabels: ['__meta_kubernetes_pod_node_name'],
targetLabel: 'instance',
},
],
},
],
},
},
prometheusRuleAwsVpcCni: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
name: 'aws-vpc-cni-rules',
namespace: $.prometheus._config.namespace,
},
spec: {
groups: [
{
name: 'kube-prometheus-aws-vpc-cni.rules',
rules: [
{
expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
labels: {
severity: 'critical',
},
annotations: {
summary: 'AWS VPC CNI has a low warm IP pool',
description: |||
Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
||| % $.values.awsVpcCni.minimumWarmIPs,
},
'for': $.values.awsVpcCni.minimumWarmIPsTime,
alert: 'AwsVpcCniWarmIPsLow',
},
],
},
],
},
},
},
}