feat: added rancher-monitoring RBAC & smon

This commit adds the necessary templates to be able to parse the rancher deployments metrics. The resources were copied from the official rancher-monitoring chart. The default behavior should be not to activate this monitoring, because the chart is typically deployed in downstream clusters, which don't have any rancher deployments.
caas-team · Jan 22, 2025 · ed3c4b7 · ed3c4b7
1 parent f2b061c
commit ed3c4b7
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -59,13 +59,14 @@ The installation can be configured using the various parameters defined in the `
 | `caas.grafana.dashboards.rancherHome` | bool | `true` | whether to deploy the rancher home dashboard |
 | `caas.grafana.dashboards.rancherK8sComponents` | bool | `true` | whether to deploy the rancher k8s components dashboard |
 | `caas.grafana.dashboards.rancherNodes` | bool | `true` | whether to deploy the rancher nodes dashboard |
-| `caas.grafana.dashboards.rancherPerformance` | bool | `true` | whether to deploy the rancher performance dashboard |
+| `caas.grafana.dashboards.rancherPerformance` | bool | `false` | whether to deploy the rancher performance dashboard |
 | `caas.grafana.dashboards.rancherPods` | bool | `true` | whether to deploy the rancher pods dashboard |
 | `caas.grafana.dashboards.rancherWorkloads` | bool | `true` | whether to deploy the rancher workloads dashboard |
 | `caas.longhorn` | bool | `true` | whether a longhorn network egress policy is needed for longhorn monitoring |
 | `caas.nameOverride` | string | `""` |  |
 | `caas.namespaceOverride` | string | `""` | overrides the default namespace for caas related resources |
 | `caas.prometheusAuth` | bool | `true` | whether the cluster has Prometheus-Auth  installed |
+| `caas.rancherMonitoring.enabled` | bool | `false` |  |
 | `caas.rbac.enabled` | bool | `true` | create a namespaces ServiceAccount |
 | `caas.rbac.serviceAccount.create` | bool | `true` |  |
 | `caas.rbac.serviceAccount.name` | string | `"rancher-monitoring"` |  |

diff --git a/templates/exporters/rancher-monitoring.yaml b/templates/exporters/rancher-monitoring.yaml
@@ -0,0 +1,57 @@
+{{- if .Values.caas.rancherMonitoring.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: rancher
+  namespace: cattle-system
+  labels:
+    release: {{ .Release.Name }}
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    port: http
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      insecureSkipVerify: true
+      serverName: rancher
+    metricRelabelings:
+    {{ if .Values.global.cattle.clusterId }}
+      - sourceLabels: [__address__]
+        targetLabel: cluster_id
+        replacement: {{ .Values.global.cattle.clusterId }}
+    {{- end }}
+    {{ if .Values.global.cattle.clusterName}}
+      - sourceLabels: [__address__]
+        targetLabel: cluster_name
+        replacement: {{ .Values.global.cattle.clusterName }}
+    {{- end }}
+  jobLabel: rancher
+  selector:
+    matchLabels:
+      app: rancher
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-metrics
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1   
+kind: ClusterRoleBinding                                                                                                                       
+metadata:                                                                                                                                      
+  name: rancher-metrics
+roleRef:                                         
+  apiGroup: rbac.authorization.k8s.io          
+  kind: ClusterRole                           
+  name: rancher-metrics
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/values.yaml b/values.yaml
@@ -17,6 +17,9 @@ caas:
   namespaceOverride: ""
   # -- whether the cluster has Prometheus-Auth  installed
   prometheusAuth: true
+  rancherMonitoring:
+    ## -- whether to monitor the rancher pod and fleet components metrics
+    enabled: false
   rbac:
     # -- create a namespaces ServiceAccount
     enabled: true
@@ -36,7 +39,7 @@ caas:
       # -- whether to deploy the rancher nodes dashboard
       rancherNodes: true
       # -- whether to deploy the rancher performance dashboard
-      rancherPerformance: true
+      rancherPerformance: false
       # -- whether to deploy the rancher pods dashboard
       rancherPods: true
       # -- whether to deploy the rancher workloads dashboard