From 24c1ab6512962a5d5d246af253ee656bab3f73ea Mon Sep 17 00:00:00 2001 From: Ashok Srirama Date: Sat, 9 Nov 2024 23:10:13 -0500 Subject: [PATCH 1/2] Add kcm and ksh metrics scraping jobs --- .../add-ons/adot-operator/main.tf | 5 +++ .../otel-config/templates/clusterrole.yaml | 7 ++++ .../templates/opentelemetrycollector.yaml | 36 +++++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/modules/eks-monitoring/add-ons/adot-operator/main.tf b/modules/eks-monitoring/add-ons/adot-operator/main.tf index 3a68306b..9e476f11 100644 --- a/modules/eks-monitoring/add-ons/adot-operator/main.tf +++ b/modules/eks-monitoring/add-ons/adot-operator/main.tf @@ -176,6 +176,11 @@ resource "kubernetes_cluster_role_v1" "adot" { non_resource_urls = ["/metrics"] verbs = ["get"] } + rule { + api_groups = ["metrics.eks.amazonaws.com"] + verbs = ["get"] + resources = ["kcm/metrics", "ksh/metrics"] + } rule { api_groups = [""] resources = ["configmaps"] diff --git a/modules/eks-monitoring/otel-config/templates/clusterrole.yaml b/modules/eks-monitoring/otel-config/templates/clusterrole.yaml index 4bb1fb76..cad72a9f 100644 --- a/modules/eks-monitoring/otel-config/templates/clusterrole.yaml +++ b/modules/eks-monitoring/otel-config/templates/clusterrole.yaml @@ -23,6 +23,13 @@ rules: - get - list - watch + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get - nonResourceURLs: - /metrics verbs: diff --git a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml index ab022456..43820e5e 100644 --- a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml +++ b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml @@ -104,6 +104,42 @@ spec: regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) replacement: $${1} action: drop + - job_name: 'ksh-metrics' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + metrics_path: /apis/metrics.eks.amazonaws.com/v1/ksh/container/metrics + relabel_configs: + - source_labels: + [ + __meta_kubernetes_namespace, + __meta_kubernetes_service_name, + __meta_kubernetes_endpoint_port_name, + ] + action: keep + regex: default;kubernetes;https + - job_name: 'kcm-metrics' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + metrics_path: /apis/metrics.eks.amazonaws.com/v1/kcm/container/metrics + relabel_configs: + - source_labels: + [ + __meta_kubernetes_namespace, + __meta_kubernetes_service_name, + __meta_kubernetes_endpoint_port_name, + ] + action: keep + regex: default;kubernetes;https {{ end }} - job_name: serviceMonitor/default/kube-prometheus-stack-prometheus-node-exporter/0 From c626d7156bece379b4c75bed8f80ae60bb7c5463 Mon Sep 17 00:00:00 2001 From: Ashok Srirama Date: Sat, 9 Nov 2024 23:46:13 -0500 Subject: [PATCH 2/2] tflint updates --- modules/eks-monitoring/add-ons/adot-operator/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/eks-monitoring/add-ons/adot-operator/main.tf b/modules/eks-monitoring/add-ons/adot-operator/main.tf index 9e476f11..daabee78 100644 --- a/modules/eks-monitoring/add-ons/adot-operator/main.tf +++ b/modules/eks-monitoring/add-ons/adot-operator/main.tf @@ -177,9 +177,9 @@ resource "kubernetes_cluster_role_v1" "adot" { verbs = ["get"] } rule { - api_groups = ["metrics.eks.amazonaws.com"] - verbs = ["get"] - resources = ["kcm/metrics", "ksh/metrics"] + api_groups = ["metrics.eks.amazonaws.com"] + verbs = ["get"] + resources = ["kcm/metrics", "ksh/metrics"] } rule { api_groups = [""]