diff --git a/release/start-kube-burner/start-kube-burner.sh b/release/start-kube-burner/start-kube-burner.sh index 26aa685..8be9ef1 100755 --- a/release/start-kube-burner/start-kube-burner.sh +++ b/release/start-kube-burner/start-kube-burner.sh @@ -39,8 +39,6 @@ temp_metrics_file="${DIR}"/metrics.yml sed '/captureStart/d' "${KUBE_BURNER_METRICS_FILE}" > "$temp_metrics_file" kubectl create configmap --from-file="$temp_metrics_file" kube-burner-metrics-config -n kube-burner -kubectl create configmap --from-file="$KUBE_BURNER_METRICS_FILE" kube-burner-metrics-config -n kube-burner - kubectl create -f "${DIR}"/service-account.yaml kubectl create -f "${DIR}"/cluster-role-binding.yaml diff --git a/release/start-secured-cluster/monitoring-values-override.yaml b/release/start-secured-cluster/monitoring-values-override.yaml new file mode 100644 index 0000000..68dfca9 --- /dev/null +++ b/release/start-secured-cluster/monitoring-values-override.yaml @@ -0,0 +1,72 @@ +resources: + requests: + memory: "8Gi" + limits: + memory: "8Gi" + +prometheus: + scrape_configs: | + - job_name: "kubernetes-pods" + tls_config: + insecure_skip_verify: false + kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node_name + + - job_name: "kubernetes-cadvisor" + scheme: https + metrics_path: /metrics/cadvisor + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + authorization: + credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + + metric_relabel_configs: + - source_labels: [container] + regex: berserker + action: drop + - source_labels: [namespace] + regex: berserker-* + action: drop + + - job_name: stackrox + tls_config: + insecure_skip_verify: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + relabel_configs: + - source_labels: [__meta_kubernetes_endpoint_port_name] + action: keep + regex: monitoring + - source_labels: [__meta_kubernetes_endpoints_name] + action: replace + target_label: job + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_endpoint_node_name] + action: replace + target_label: node_name + + rules_custom: "" diff --git a/release/start-secured-cluster/start-secured-cluster.sh b/release/start-secured-cluster/start-secured-cluster.sh index 96a3f31..be84c0f 100755 --- a/release/start-secured-cluster/start-secured-cluster.sh +++ b/release/start-secured-cluster/start-secured-cluster.sh @@ -13,6 +13,7 @@ kubectl -n stackrox create secret generic access-rhacs \ kubectl create -f "${SCRIPT_DIR}/collector-config.yaml" echo "Deploying Monitoring..." + helm_args=( --set persistence.type="${STORAGE}" --set exposure.type="${MONITORING_LOAD_BALANCER}" @@ -20,6 +21,9 @@ helm_args=( helm dependency update "${COMMON_DIR}/../charts/monitoring" envsubst < "${COMMON_DIR}/../charts/monitoring/values.yaml" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" -helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}" +helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" \ + --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" \ + --values "${SCRIPT_DIR}/monitoring-values-override.yaml" \ + "${helm_args[@]}" + rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" -echo "Deployed Monitoring..."