From daa18e130bb2be6043501ab95b161ddc6ae7c2c4 Mon Sep 17 00:00:00 2001 From: Mathew Merrick Date: Wed, 14 May 2025 00:10:53 +0000 Subject: [PATCH 1/5] add hubble and dns proxy --- .../prometheus-podMonitorCiliumAgent.yaml | 34 ++++++++++++++++++- ...us-podMonitorCiliumStandaloneDNSProxy.yaml | 31 +++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml index 0acdd167af..59d879c907 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml @@ -1,8 +1,18 @@ {{$PROMETHEUS_SCRAPE_CILIUM_AGENT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT false}} {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_PORT "prometheus"}} {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL "30s"}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE false}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_METRIC_KEEP_LIST "(.*)"}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_PORT 9965}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL "30s"}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST "(.*)"}} + +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT 9961}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL "30s"}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST "(.*)"}} -{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT }} + +{{if or $PROMETHEUS_SCRAPE_CILIUM_AGENT $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor @@ -13,8 +23,30 @@ metadata: namespace: monitoring spec: podMetricsEndpoints: +{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT }} - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL }} port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_PORT }} + metricRelabelings: + - sourceLabels: [__name__] + regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_METRIC_KEEP_LIST }} + action: keep +{{end}} +{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE }} + - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL }} + port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_PORT }} + metricRelabelings: + - sourceLabels: [__name__] + regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST }} + action: keep +{{end}} +{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY }} + - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL }} + port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT }} + metricRelabelings: + - sourceLabels: [__name__] + regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST }} + action: keep +{{end}} jobLabel: k8s-app selector: matchLabels: diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml new file mode 100644 index 0000000000..e1ca708240 --- /dev/null +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml @@ -0,0 +1,31 @@ +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT 9961}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL "30s"}} +{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST "(.*)"}} + +{{if or PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} + +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + k8s-app: acns-security-agent + name: cilium-standalone-dns-proxy + namespace: monitoring +spec: + podMetricsEndpoints: +{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY }} + - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL }} + port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT }} + metricRelabelings: + - sourceLabels: [__name__] + regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST }} + action: keep +{{end}} + jobLabel: k8s-app + selector: + matchLabels: + k8s-app: acns-security-agent + namespaceSelector: + matchNames: + - kube-system +{{end}} From b5bebdf258c9c94411ef6f2041e50106da300357 Mon Sep 17 00:00:00 2001 From: Mathew Merrick Date: Wed, 14 May 2025 00:20:26 +0000 Subject: [PATCH 2/5] only in dns proxy config --- .../default/prometheus-podMonitorCiliumAgent.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml index 59d879c907..98715f4bc3 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml @@ -7,12 +7,8 @@ {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL "30s"}} {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST "(.*)"}} -{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT 9961}} -{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL "30s"}} -{{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST "(.*)"}} - -{{if or $PROMETHEUS_SCRAPE_CILIUM_AGENT $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} +{{if or $PROMETHEUS_SCRAPE_CILIUM_AGENT $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor @@ -38,14 +34,6 @@ spec: - sourceLabels: [__name__] regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST }} action: keep -{{end}} -{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY }} - - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL }} - port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT }} - metricRelabelings: - - sourceLabels: [__name__] - regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST }} - action: keep {{end}} jobLabel: k8s-app selector: From 618398aec848be63e29bf1f47a1f71528fb595de Mon Sep 17 00:00:00 2001 From: Mathew Merrick Date: Wed, 14 May 2025 00:27:14 +0000 Subject: [PATCH 3/5] port quotes --- .../manifests/default/prometheus-podMonitorCiliumAgent.yaml | 4 ++-- .../prometheus-podMonitorCiliumStandaloneDNSProxy.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml index 98715f4bc3..13b2840de4 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumAgent.yaml @@ -21,7 +21,7 @@ spec: podMetricsEndpoints: {{if $PROMETHEUS_SCRAPE_CILIUM_AGENT }} - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL }} - port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_PORT }} + port: "{{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_PORT }}" metricRelabelings: - sourceLabels: [__name__] regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_METRIC_KEEP_LIST }} @@ -29,7 +29,7 @@ spec: {{end}} {{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE }} - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_INTERVAL }} - port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_PORT }} + port: "{{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_PORT }}" metricRelabelings: - sourceLabels: [__name__] regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_HUBBLE_METRIC_KEEP_LIST }} diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml index e1ca708240..e88aebdc6d 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml @@ -15,7 +15,7 @@ spec: podMetricsEndpoints: {{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY }} - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL }} - port: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT }} + port: "{{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_PORT }}" metricRelabelings: - sourceLabels: [__name__] regex: {{ $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST }} From fad9c13b1918e4052083104c43c4c7da21c6e8ba Mon Sep 17 00:00:00 2001 From: Mathew Merrick Date: Wed, 14 May 2025 00:34:48 +0000 Subject: [PATCH 4/5] remove or --- .../default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml index e88aebdc6d..f568fe2444 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml @@ -2,7 +2,7 @@ {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL "30s"}} {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST "(.*)"}} -{{if or PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} +{{if PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor From 0fe3532e8812a991fda195addb89cc3b72b3e657 Mon Sep 17 00:00:00 2001 From: Mathew Merrick Date: Wed, 14 May 2025 15:29:25 +0000 Subject: [PATCH 5/5] add missing var --- .../default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml index f568fe2444..497c49b2fc 100644 --- a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumStandaloneDNSProxy.yaml @@ -2,7 +2,7 @@ {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_INTERVAL "30s"}} {{$PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST := DefaultParam .PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY_METRIC_KEEP_LIST "(.*)"}} -{{if PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} +{{if $PROMETHEUS_SCRAPE_CILIUM_AGENT_STANDALONE_DNS_PROXY}} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor