Merge pull request #1713 from rpudlowski93/feature/1673

Node-exporter as DaemonSet for "K8S as cloud service"
hitachienergy · Oct 2, 2020 · 919ecbf · 919ecbf
2 parents e28d863 + 74676a2
commit 919ecbf
Show file tree

Hide file tree

Showing 16 changed files with 204 additions and 86 deletions.
diff --git a/CHANGELOG-0.8.md b/CHANGELOG-0.8.md
@@ -15,6 +15,7 @@
 - [#1225](https://github.com/epiphany-platform/epiphany/issues/1225) - Add OS_PATCHING.md with information about patching RHEL OS
 - [#1656](https://github.com/epiphany-platform/epiphany/issues/1656) - Run Helm tasks from Epiphany container
 - [#1640](https://github.com/epiphany-platform/epiphany/issues/1640) - Added separate machine for repository and changed helm to use localhost address
+- [#1640](https://github.com/epiphany-platform/epiphany/issues/1673) - Added Node Exporter as DaemonSet for Kubernetes as Cloud Service
 
 ### Updated
 

diff --git a/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py b/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py
@@ -121,6 +121,7 @@ def write_role_manifest_vars(self, ansible_dir, role, kind):
     def populate_group_vars(self, ansible_dir):
         main_vars = ObjDict()
         main_vars['admin_user'] = self.cluster_model.specification.admin_user
+        main_vars['k8s_as_cloud_service'] = self.cluster_model.specification.cloud.k8s_as_cloud_service
         main_vars['validate_certs'] = Config().validate_certs
         main_vars['offline_requirements'] = Config().offline_requirements
         main_vars['wait_for_pods'] = Config().wait_for_pods

diff --git a/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml b/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml
@@ -9,6 +9,7 @@ specification:
     name: operations # YOUR-ADMIN-USERNAME
     key_path: /user/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH
   cloud:
+    k8s_as_cloud_service: False
     use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN)
     credentials:
       key: XXXX-XXXX-XXXX

diff --git a/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml b/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml
@@ -9,6 +9,7 @@ specification:
     name: operations # YOUR-ADMIN-USERNAME
     key_path: /user/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH
   cloud:
+    k8s_as_cloud_service: False
     use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN)
   components:
     repository:

diff --git a/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml b/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml
@@ -8,3 +8,5 @@
   become_method: sudo
   roles:
     - node_exporter
+  environment:
+    KUBECONFIG: "{{ kubeconfig.local }}"
diff --git a/...common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-daemonset.yml b/...common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-daemonset.yml
@@ -0,0 +1,51 @@
+---
+
+- name: Prepare configuration and upgrade/install Node-Exporter's Helm chart
+  vars:
+    # Handling "undefined", "null", "empty" and "boolean" values all at once.
+    disable_helm_chart_bool: "{{ specification.disable_helm_chart | default(false, true) | bool }}"
+
+    # Handling "undefined", "null" and "empty" values all at once.
+    helm_chart_values_bool: "{{ specification.helm_chart_values | default(false) | ternary(true, false) }}"
+
+  delegate_to: localhost
+  become: false
+  run_once: true
+  when: not disable_helm_chart_bool
+  block:
+    - name: Set Node-Exporter's Chart file name to install
+      set_fact:
+        exporter_chart_file_name: "{{ specification.files.node_exporter_helm_chart_file_name }}"
+
+    - name: Download Node-Exporter's Chart File
+      include_role:
+        name: download
+        tasks_from: download_file
+      vars:
+        file_name: "{{ exporter_chart_file_name }}"
+        repository_url: http://localhost/epirepo
+
+    - when: helm_chart_values_bool
+    # IF `helm_chart_values`
+      block:
+        - name: Copy Node-Exporter's Helm chart's custom configuration to file
+          copy:
+            content: "{{ specification.helm_chart_values }}"
+            dest: "{{ download_directory }}/{{ specification.helm_chart_name }}_values.yaml"
+
+        - name: Install Node-Exporter's Helm chart (with custom values.yaml)
+          delegate_to: localhost
+          shell: |
+            helm upgrade --install \
+              -f {{ download_directory }}/{{ specification.helm_chart_name }}_values.yaml \
+              {{ specification.helm_chart_name }} \
+              {{ download_directory }}/{{ exporter_chart_file_name }}
+
+    - when: not helm_chart_values_bool
+    # ELSE
+      block:
+        - name: Install Node-Exporter's Helm chart (with default values.yaml)
+          shell: |
+            helm upgrade --install \
+              {{ specification.helm_chart_name }} \
+              {{ download_directory }}/{{ exporter_chart_file_name }}
diff --git a/...n/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-system-service.yml b/...n/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-system-service.yml
@@ -0,0 +1,83 @@
+---
+
+- name: Create node_exporter system group
+  group:
+    name: node_exporter
+    system: true
+    state: present
+
+- name: Create node_exporter system user
+  user:
+    name: node_exporter
+    system: true
+    shell: "/usr/sbin/nologin"
+    group: node_exporter
+    createhome: false
+
+- name: Set Node Exporter file name to install
+  set_fact:
+    exporter_file_name: "node_exporter-{{ exporter.version }}.linux-amd64.tar.gz"
+
+- name: Download Node Exporter binaries
+  include_role:
+    name: download
+    tasks_from: download_file
+  vars:
+    file_name: "{{ exporter_file_name }}"
+
+- name: Create /opt/node_exporter directories
+  file:
+    path: "{{ item }}"
+    recurse: true
+    owner: root
+    group: "node_exporter"
+    mode: u=rwx,g=rx,o=
+    state: directory
+  with_items:
+    - /opt/node_exporter
+
+- name: Unpack node_exporter binary
+  unarchive:
+    remote_src: true
+    src: "{{ download_directory }}/{{ exporter_file_name }}"
+    dest: "/opt/node_exporter"
+    creates: "/opt/node_exporter/node_exporter"
+    extra_opts: [--strip-components=1]
+    mode: u=rwx,g=rx,o=rx
+    owner: root
+    group: node_exporter
+  check_mode: false
+  notify:
+    - restart prometheus node exporter service
+
+- name: Install node_exporter service to systemd
+  template:
+    src: prometheus-node-exporter.service.j2
+    dest: "/etc/systemd/system/{{ exporter.service.name }}.service"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: Configure systemd to use node_exporter service
+  systemd:
+    daemon_reload: true
+    enabled: true
+    name: "{{ exporter.service.name }}.service"
+
+- name: Start exporter
+  service:
+    name: "{{ exporter.service.name }}"
+    state: started
+
+- name: Copy file_sd_config to prometheus hosts
+  template:
+    dest: "{{ specification.config_for_prometheus.prometheus_config_dir }}/file_sd/node-{{ inventory_hostname }}.yml"
+    src: file_sd_config.yml.j2
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  delegate_to: "{{ item }}"
+  with_inventory_hostnames:
+    - prometheus
+  notify:
+    - restart prometheus on remote servers
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml
@@ -1,83 +1,8 @@
 ---
-- name: Create node_exporter system group
-  group:
-    name: node_exporter
-    system: true
-    state: present
 
-- name: Create node_exporter system user
-  user:
-    name: node_exporter
-    system: true
-    shell: "/usr/sbin/nologin"
-    group: node_exporter
-    createhome: false
+- name: Include installation tasks for Node Exporter as System Service
+  include_tasks: install-node-exporter-as-system-service.yml
 
-- name: Set Node Exporter file name to install
-  set_fact:
-    exporter_file_name: "node_exporter-{{ exporter.version }}.linux-amd64.tar.gz"
-
-- name: Download Node Exporter binaries
-  include_role:
-    name: download
-    tasks_from: download_file
-  vars:
-    file_name: "{{ exporter_file_name }}"
-
-- name: Create /opt/node_exporter directories
-  become: true
-  file:
-    path: "{{ item }}"
-    recurse: true
-    owner: root
-    group: "node_exporter"
-    mode: 0750
-    state: directory
-  with_items:
-  - /opt/node_exporter
-
-- name: Unpack node_exporter binary
-  become: true
-  unarchive:
-    remote_src: true
-    src: "{{ download_directory }}/{{ exporter_file_name }}"
-    dest: "/opt/node_exporter"
-    creates: "/opt/node_exporter/node_exporter"
-    extra_opts: [--strip-components=1]
-    mode: 0755
-    owner: root
-    group: node_exporter
-  check_mode: false
-  notify:
-    - restart prometheus node exporter service
-
-- name: Install node_exporter service to systemd
-  template:
-    src: prometheus-node-exporter.service.j2
-    dest: "/etc/systemd/system/{{ exporter.service.name }}.service"
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Configure systemd to use node_exporter service
-  systemd:
-    daemon_reload: true
-    enabled: true
-    name: "{{ exporter.service.name }}.service"
-
-- name: Start exporter
-  service:
-    name: "{{ exporter.service.name }}"
-    state: started
-
-- name: Copy file_sd_config to prometheus hosts
-  template:
-    dest: "{{ specification.config_for_prometheus.prometheus_config_dir }}/file_sd/node-{{ inventory_hostname }}.yml"
-    src: file_sd_config.yml.j2
-    owner: root
-    group: root
-    mode: 0644
-  delegate_to: "{{ item }}"
-  with_inventory_hostnames:
-    - prometheus
-  notify: restart prometheus on remote servers
+- name: Include installation tasks for Node Exporter as DaemonSet for "k8s as cloud service"
+  when: k8s_as_cloud_service is defined and k8s_as_cloud_service
+  include_tasks: install-node-exporter-as-daemonset.yml
diff --git a/...li/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml b/...li/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml
@@ -1,11 +1,28 @@
 ---
-- name: Set master hostname variable
-  set_fact:
-    master_hostname: "{{ groups['kubernetes_master'] | first }}"
+- name: Set facts for "classic epiphany k8s"
+  when: k8s_as_cloud_service is defined and not k8s_as_cloud_service
+  block:
+    - name: Set master hostname variable
+      set_fact:
+        master_hostname: "{{ groups['kubernetes_master'] | first }}"
 
-- name: Set api server address variable
-  set_fact:
-    api_server_address: "https://{{ master_hostname }}:6443"
+    - name: Set api server address variable
+      set_fact:
+        api_server_address: "https://{{ master_hostname }}:6443"
+
+- name: Set facts for "k8s as cloud service"
+  when: k8s_as_cloud_service is defined and k8s_as_cloud_service
+  block:
+    - name: Get api server address from "k8s as cloud service"
+      become: false
+      command: "kubectl config view -o jsonpath='{.clusters[0].cluster.server}'"
+      register: cluster_api_server_address
+      run_once: true
+      delegate_to: localhost
+
+    - name: Set api server address variable
+      set_fact:
+        api_server_address: "{{ cluster_api_server_address.stdout }}"
 
 - name: Apply rolebinding to K8s for Prometheus
   become: false

diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2
@@ -60,6 +60,29 @@ scrape_configs:
       - __meta_kubernetes_namespace
       - __meta_kubernetes_service_name
       - __meta_kubernetes_endpoint_port_name
+
+# Scrape config for node exporters in "k8s as cloud service"
+
+{% if k8s_as_cloud_service is defined and k8s_as_cloud_service %}
+  - job_name: 'kubernetes-node-exporters'
+    kubernetes_sd_configs:
+    - role: endpoints
+      api_server: "{{ api_server_address }}"
+      tls_config:
+        insecure_skip_verify: true
+      bearer_token: "{{ bearer_token }}"
+    tls_config:
+      insecure_skip_verify: true
+    bearer_token: "{{ bearer_token }}"
+    relabel_configs:
+    - source_labels: 
+	  - __meta_kubernetes_endpoints_name
+      regex: 'node-exporter'
+      action: keep
+    - source_labels:
+      - __meta_kubernetes_endpoint_node_name
+      target_label: instance
+{% endif %}
 
 # Scrape config for nodes (kubelet).
 

diff --git a/.../ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt b/.../ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt
@@ -160,6 +160,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip
 https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz
 https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz
 https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz
+https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz
 
 [images]
 haproxy:2.2.2-alpine

diff --git a/.../ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt b/.../ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt
@@ -157,6 +157,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip
 https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz
 https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz
 https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz
+https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz
 
 [images]
 haproxy:2.2.2-alpine

diff --git a/...ible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt b/...ible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt
@@ -186,6 +186,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip
 https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz
 https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz
 https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz
+https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz
 
 [images]
 haproxy:2.2.2-alpine

diff --git a/core/src/epicli/data/common/defaults/configuration/node-exporter.yml b/core/src/epicli/data/common/defaults/configuration/node-exporter.yml
@@ -2,6 +2,14 @@ kind: configuration/node-exporter
 title: "Node exporter"
 name: default
 specification:
+  helm_chart_name: node-exporter
+  disable_helm_chart: false
+  helm_chart_values:
+    service:
+      port: 9100
+      targetPort: 9100 
+  files:
+    node_exporter_helm_chart_file_name: node-exporter-1.1.2.tgz
   enabled_collectors:
     - conntrack
     - diskstats

diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml
@@ -9,6 +9,7 @@ specification:
     name: operations # YOUR-ADMIN-USERNAME
     key_path: /root/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH
   cloud:
+    k8s_as_cloud_service: False
     subscription_name: YOUR-SUB-NAME
     vnet_address_pool: 10.1.0.0/20
     use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN)

diff --git a/docs/home/COMPONENTS.md b/docs/home/COMPONENTS.md
@@ -40,6 +40,7 @@ Note that versions are default versions and can be changed in certain cases thro
 | Apache2                   | 2.4.29  | https://httpd.apache.org/                             | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) |
 | Hasicorp Vault                   | 1.4.0  | https://httpd.apache.org/                             | [Mozilla Public License 2.0](https://github.com/hashicorp/vault/blob/master/LICENSE) |
 | Hasicorp Vault Helm Chart                  | 0.4.0  | https://httpd.apache.org/                             | [Mozilla Public License 2.0](https://github.com/hashicorp/vault-helm/blob/master/LICENSE.md) |
+| Bitnami Node-Exporter Helm Chart           | 1.1.2   | https://github.com/bitnami/charts                    | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) |
 
 ## Epicli binary dependencies