-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path10_kube-system_metrics_K8S.yaml
178 lines (178 loc) · 5.36 KB
/
10_kube-system_metrics_K8S.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
name: metrics-k8s
namespace: kube-system
spec:
type: metricbeat
version: 7.16.2
elasticsearchRef:
name: logging-and-metrics
namespace: monitoring
kibanaRef:
name: logging-and-metrics
namespace: monitoring
config:
# Disabled mb based monitoring and enabled internal collection instead (because of hostNetwork)
# http.enabled: true
# http.port: 5066
# http.host: 0.0.0.0
monitoring.enabled: true
metricbeat:
autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints:
default_config: {}
enabled: true # double check if this is wanted
# I like the following section (cluster level metrics) more in a Deployment than in a daemonSet with unique = true
# But anyway this shows the new __unique__ functionality of autodiscover in metricbeat
- type: kubernetes
scope: cluster
node: ${NODE_NAME}
unique: true
identifier: leader-election-metricbeat
templates:
- config:
- module: kubernetes
hosts: ["kube-state-metrics:8080"]
period: 30s
add_metadata: true
metricsets:
- state_node
- state_deployment
- state_daemonset
- state_replicaset
- state_statefulset
- state_pod
- state_container
- state_cronjob
- state_resourcequota
- state_service
- state_persistentvolume
- state_persistentvolumeclaim
- state_storageclass
- module: kubernetes
metricsets:
- apiserver
hosts: ["https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"]
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
ssl.certificate_authorities:
- /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
period: 30s
# Uncomment this to get k8s events:
- module: kubernetes
metricsets:
- event
# HOST level metrics / modules
modules:
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
process:
include_top_n:
by_cpu: 5
by_memory: 5
processes:
- .*
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)'
- module: kubernetes
period: 10s
host: ${NODE_NAME}
hosts:
- https://${NODE_NAME}:10250
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
ssl:
verification_mode: none
metricsets:
- node
- system
- pod
- container
- volume
- module: kubernetes
metricsets:
- proxy
period: 10s
host: ${NODE_NAME}
hosts: ["localhost:10249"]
processors:
- add_cloud_metadata: {}
- add_host_metadata: {}
daemonSet:
podTemplate:
metadata:
labels:
# label to allow / avoid metricbeat based monitoring of this beat
mb_collection_enabled: "false"
spec:
# tolerate any hint (we want it to run in all nodes). Irrelevant if k8s taints not used
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
# resources:
# requests:
# memory: 1Gi
# cpu: 300m
# limits:
# memory: 4Gi
# cpu: 2
serviceAccountName: metricbeat
automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
containers:
- args:
- -e
- -c
- /etc/beat.yml
- -system.hostfs=/hostfs
name: metricbeat
ports:
- containerPort: 5066
name: monitoring
protocol: TCP
volumeMounts:
- mountPath: /hostfs/sys/fs/cgroup
name: cgroup
# this mount point shouldn't be needed as we don't use docker module.
- mountPath: /var/run/docker.sock
name: dockersock
- mountPath: /hostfs/proc
name: proc
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
securityContext:
runAsUser: 0
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /sys/fs/cgroup
name: cgroup
- hostPath:
path: /var/run/docker.sock
name: dockersock
- hostPath:
path: /proc
name: proc