diff --git a/CHANGELOG-0.8.md b/CHANGELOG-0.8.md index b0e6e0edfa..f1bbb9bbca 100644 --- a/CHANGELOG-0.8.md +++ b/CHANGELOG-0.8.md @@ -15,6 +15,7 @@ - [#1225](https://github.com/epiphany-platform/epiphany/issues/1225) - Add OS_PATCHING.md with information about patching RHEL OS - [#1656](https://github.com/epiphany-platform/epiphany/issues/1656) - Run Helm tasks from Epiphany container - [#1640](https://github.com/epiphany-platform/epiphany/issues/1640) - Added separate machine for repository and changed helm to use localhost address +- [#1640](https://github.com/epiphany-platform/epiphany/issues/1673) - Added Node Exporter as DaemonSet for Kubernetes as Cloud Service ### Updated diff --git a/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py b/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py index b1fc8e2b7c..9e96f99bed 100644 --- a/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py +++ b/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py @@ -121,6 +121,7 @@ def write_role_manifest_vars(self, ansible_dir, role, kind): def populate_group_vars(self, ansible_dir): main_vars = ObjDict() main_vars['admin_user'] = self.cluster_model.specification.admin_user + main_vars['k8s_as_cloud_service'] = self.cluster_model.specification.cloud.k8s_as_cloud_service main_vars['validate_certs'] = Config().validate_certs main_vars['offline_requirements'] = Config().offline_requirements main_vars['wait_for_pods'] = Config().wait_for_pods diff --git a/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml b/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml index dea78fa713..9005e443ab 100644 --- a/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml +++ b/core/src/epicli/data/aws/defaults/configuration/minimal-cluster-config.yml @@ -9,6 +9,7 @@ specification: name: operations # YOUR-ADMIN-USERNAME key_path: /user/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH cloud: + k8s_as_cloud_service: False use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN) credentials: key: XXXX-XXXX-XXXX diff --git a/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml b/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml index a81871a0d5..41af4a2155 100644 --- a/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml +++ b/core/src/epicli/data/azure/defaults/configuration/minimal-cluster-config.yml @@ -9,6 +9,7 @@ specification: name: operations # YOUR-ADMIN-USERNAME key_path: /user/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH cloud: + k8s_as_cloud_service: False use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN) components: repository: diff --git a/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml b/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml index 2d8d9b97e0..7cbfe5e3fe 100644 --- a/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml +++ b/core/src/epicli/data/common/ansible/playbooks/node_exporter.yml @@ -8,3 +8,5 @@ become_method: sudo roles: - node_exporter + environment: + KUBECONFIG: "{{ kubeconfig.local }}" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-daemonset.yml b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-daemonset.yml new file mode 100644 index 0000000000..0caa34c18e --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-daemonset.yml @@ -0,0 +1,51 @@ +--- + +- name: Prepare configuration and upgrade/install Node-Exporter's Helm chart + vars: + # Handling "undefined", "null", "empty" and "boolean" values all at once. + disable_helm_chart_bool: "{{ specification.disable_helm_chart | default(false, true) | bool }}" + + # Handling "undefined", "null" and "empty" values all at once. + helm_chart_values_bool: "{{ specification.helm_chart_values | default(false) | ternary(true, false) }}" + + delegate_to: localhost + become: false + run_once: true + when: not disable_helm_chart_bool + block: + - name: Set Node-Exporter's Chart file name to install + set_fact: + exporter_chart_file_name: "{{ specification.files.node_exporter_helm_chart_file_name }}" + + - name: Download Node-Exporter's Chart File + include_role: + name: download + tasks_from: download_file + vars: + file_name: "{{ exporter_chart_file_name }}" + repository_url: http://localhost/epirepo + + - when: helm_chart_values_bool + # IF `helm_chart_values` + block: + - name: Copy Node-Exporter's Helm chart's custom configuration to file + copy: + content: "{{ specification.helm_chart_values }}" + dest: "{{ download_directory }}/{{ specification.helm_chart_name }}_values.yaml" + + - name: Install Node-Exporter's Helm chart (with custom values.yaml) + delegate_to: localhost + shell: | + helm upgrade --install \ + -f {{ download_directory }}/{{ specification.helm_chart_name }}_values.yaml \ + {{ specification.helm_chart_name }} \ + {{ download_directory }}/{{ exporter_chart_file_name }} + + - when: not helm_chart_values_bool + # ELSE + block: + - name: Install Node-Exporter's Helm chart (with default values.yaml) + shell: | + helm upgrade --install \ + {{ specification.helm_chart_name }} \ + {{ download_directory }}/{{ exporter_chart_file_name }} diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-system-service.yml b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-system-service.yml new file mode 100644 index 0000000000..75f196f15e --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/install-node-exporter-as-system-service.yml @@ -0,0 +1,83 @@ +--- + +- name: Create node_exporter system group + group: + name: node_exporter + system: true + state: present + +- name: Create node_exporter system user + user: + name: node_exporter + system: true + shell: "/usr/sbin/nologin" + group: node_exporter + createhome: false + +- name: Set Node Exporter file name to install + set_fact: + exporter_file_name: "node_exporter-{{ exporter.version }}.linux-amd64.tar.gz" + +- name: Download Node Exporter binaries + include_role: + name: download + tasks_from: download_file + vars: + file_name: "{{ exporter_file_name }}" + +- name: Create /opt/node_exporter directories + file: + path: "{{ item }}" + recurse: true + owner: root + group: "node_exporter" + mode: u=rwx,g=rx,o= + state: directory + with_items: + - /opt/node_exporter + +- name: Unpack node_exporter binary + unarchive: + remote_src: true + src: "{{ download_directory }}/{{ exporter_file_name }}" + dest: "/opt/node_exporter" + creates: "/opt/node_exporter/node_exporter" + extra_opts: [--strip-components=1] + mode: u=rwx,g=rx,o=rx + owner: root + group: node_exporter + check_mode: false + notify: + - restart prometheus node exporter service + +- name: Install node_exporter service to systemd + template: + src: prometheus-node-exporter.service.j2 + dest: "/etc/systemd/system/{{ exporter.service.name }}.service" + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: Configure systemd to use node_exporter service + systemd: + daemon_reload: true + enabled: true + name: "{{ exporter.service.name }}.service" + +- name: Start exporter + service: + name: "{{ exporter.service.name }}" + state: started + +- name: Copy file_sd_config to prometheus hosts + template: + dest: "{{ specification.config_for_prometheus.prometheus_config_dir }}/file_sd/node-{{ inventory_hostname }}.yml" + src: file_sd_config.yml.j2 + owner: root + group: root + mode: u=rw,g=r,o=r + delegate_to: "{{ item }}" + with_inventory_hostnames: + - prometheus + notify: + - restart prometheus on remote servers diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml index 12382ab038..86601df110 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/node_exporter/tasks/main.yml @@ -1,83 +1,8 @@ --- -- name: Create node_exporter system group - group: - name: node_exporter - system: true - state: present -- name: Create node_exporter system user - user: - name: node_exporter - system: true - shell: "/usr/sbin/nologin" - group: node_exporter - createhome: false +- name: Include installation tasks for Node Exporter as System Service + include_tasks: install-node-exporter-as-system-service.yml -- name: Set Node Exporter file name to install - set_fact: - exporter_file_name: "node_exporter-{{ exporter.version }}.linux-amd64.tar.gz" - -- name: Download Node Exporter binaries - include_role: - name: download - tasks_from: download_file - vars: - file_name: "{{ exporter_file_name }}" - -- name: Create /opt/node_exporter directories - become: true - file: - path: "{{ item }}" - recurse: true - owner: root - group: "node_exporter" - mode: 0750 - state: directory - with_items: - - /opt/node_exporter - -- name: Unpack node_exporter binary - become: true - unarchive: - remote_src: true - src: "{{ download_directory }}/{{ exporter_file_name }}" - dest: "/opt/node_exporter" - creates: "/opt/node_exporter/node_exporter" - extra_opts: [--strip-components=1] - mode: 0755 - owner: root - group: node_exporter - check_mode: false - notify: - - restart prometheus node exporter service - -- name: Install node_exporter service to systemd - template: - src: prometheus-node-exporter.service.j2 - dest: "/etc/systemd/system/{{ exporter.service.name }}.service" - owner: root - group: root - mode: 0644 - -- name: Configure systemd to use node_exporter service - systemd: - daemon_reload: true - enabled: true - name: "{{ exporter.service.name }}.service" - -- name: Start exporter - service: - name: "{{ exporter.service.name }}" - state: started - -- name: Copy file_sd_config to prometheus hosts - template: - dest: "{{ specification.config_for_prometheus.prometheus_config_dir }}/file_sd/node-{{ inventory_hostname }}.yml" - src: file_sd_config.yml.j2 - owner: root - group: root - mode: 0644 - delegate_to: "{{ item }}" - with_inventory_hostnames: - - prometheus - notify: restart prometheus on remote servers +- name: Include installation tasks for Node Exporter as DaemonSet for "k8s as cloud service" + when: k8s_as_cloud_service is defined and k8s_as_cloud_service + include_tasks: install-node-exporter-as-daemonset.yml diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml b/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml index 53aa209781..77fd4e37b6 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/tasks/configure-k8s-apps-monitoring.yml @@ -1,11 +1,28 @@ --- -- name: Set master hostname variable - set_fact: - master_hostname: "{{ groups['kubernetes_master'] | first }}" +- name: Set facts for "classic epiphany k8s" + when: k8s_as_cloud_service is defined and not k8s_as_cloud_service + block: + - name: Set master hostname variable + set_fact: + master_hostname: "{{ groups['kubernetes_master'] | first }}" -- name: Set api server address variable - set_fact: - api_server_address: "https://{{ master_hostname }}:6443" + - name: Set api server address variable + set_fact: + api_server_address: "https://{{ master_hostname }}:6443" + +- name: Set facts for "k8s as cloud service" + when: k8s_as_cloud_service is defined and k8s_as_cloud_service + block: + - name: Get api server address from "k8s as cloud service" + become: false + command: "kubectl config view -o jsonpath='{.clusters[0].cluster.server}'" + register: cluster_api_server_address + run_once: true + delegate_to: localhost + + - name: Set api server address variable + set_fact: + api_server_address: "{{ cluster_api_server_address.stdout }}" - name: Apply rolebinding to K8s for Prometheus become: false diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2 index 39144749d9..765f92808d 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2 +++ b/core/src/epicli/data/common/ansible/playbooks/roles/prometheus/templates/prometheus.yml.j2 @@ -60,6 +60,29 @@ scrape_configs: - __meta_kubernetes_namespace - __meta_kubernetes_service_name - __meta_kubernetes_endpoint_port_name + +# Scrape config for node exporters in "k8s as cloud service" + +{% if k8s_as_cloud_service is defined and k8s_as_cloud_service %} + - job_name: 'kubernetes-node-exporters' + kubernetes_sd_configs: + - role: endpoints + api_server: "{{ api_server_address }}" + tls_config: + insecure_skip_verify: true + bearer_token: "{{ bearer_token }}" + tls_config: + insecure_skip_verify: true + bearer_token: "{{ bearer_token }}" + relabel_configs: + - source_labels: + - __meta_kubernetes_endpoints_name + regex: 'node-exporter' + action: keep + - source_labels: + - __meta_kubernetes_endpoint_node_name + target_label: instance +{% endif %} # Scrape config for nodes (kubelet). diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt index 208f2b5960..4779b14377 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt @@ -160,6 +160,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz +https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz [images] haproxy:2.2.2-alpine diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt index b3f2e81a14..33c6354026 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt @@ -157,6 +157,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz +https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz [images] haproxy:2.2.2-alpine diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt index f951255f2c..ac764f9f44 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt @@ -186,6 +186,7 @@ https://releases.hashicorp.com/vault/1.4.0/vault_1.4.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz https://github.com/wrouesnel/postgres_exporter/releases/download/v0.8.0/postgres_exporter_v0.8.0_linux-amd64.tar.gz +https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz [images] haproxy:2.2.2-alpine diff --git a/core/src/epicli/data/common/defaults/configuration/node-exporter.yml b/core/src/epicli/data/common/defaults/configuration/node-exporter.yml index 3058f08da1..2ee72ed1d0 100644 --- a/core/src/epicli/data/common/defaults/configuration/node-exporter.yml +++ b/core/src/epicli/data/common/defaults/configuration/node-exporter.yml @@ -2,6 +2,14 @@ kind: configuration/node-exporter title: "Node exporter" name: default specification: + helm_chart_name: node-exporter + disable_helm_chart: false + helm_chart_values: + service: + port: 9100 + targetPort: 9100 + files: + node_exporter_helm_chart_file_name: node-exporter-1.1.2.tgz enabled_collectors: - conntrack - diskstats diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml index c25d52e813..27ed2a581c 100644 --- a/core/src/epicli/data/common/defaults/epiphany-cluster.yml +++ b/core/src/epicli/data/common/defaults/epiphany-cluster.yml @@ -9,6 +9,7 @@ specification: name: operations # YOUR-ADMIN-USERNAME key_path: /root/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH cloud: + k8s_as_cloud_service: False subscription_name: YOUR-SUB-NAME vnet_address_pool: 10.1.0.0/20 use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN) diff --git a/docs/home/COMPONENTS.md b/docs/home/COMPONENTS.md index 2955ec0b6a..8673799740 100644 --- a/docs/home/COMPONENTS.md +++ b/docs/home/COMPONENTS.md @@ -40,6 +40,7 @@ Note that versions are default versions and can be changed in certain cases thro | Apache2 | 2.4.29 | https://httpd.apache.org/ | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | Hasicorp Vault | 1.4.0 | https://httpd.apache.org/ | [Mozilla Public License 2.0](https://github.com/hashicorp/vault/blob/master/LICENSE) | | Hasicorp Vault Helm Chart | 0.4.0 | https://httpd.apache.org/ | [Mozilla Public License 2.0](https://github.com/hashicorp/vault-helm/blob/master/LICENSE.md) | +| Bitnami Node-Exporter Helm Chart | 1.1.2 | https://github.com/bitnami/charts | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | ## Epicli binary dependencies