Make the allow list more sensible to work with. (#11)

If no allow list is wanted, don't waste the step with the relabel component.
grafana · Jul 5, 2023 · d44a70f · d44a70f
1 parent e08d99c
commit d44a70f
Show file tree

Hide file tree

Showing 14 changed files with 2,432 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -28,9 +28,9 @@ If you make changes to this chart, please ensure that you've done the following:
 * Use [Helm Docs](https://github.com/norwoodj/helm-docs) to check for updates to the chart documentation
   * `cd charts/k8s-monitoring; helm-docs`
 * Check for updates to the test outputs
-  * `cd test; make test`
+  * `cd tests; make test`
   * If changes are acceptable, regenerate the outputs:
-  * `cd test; make regenerate-outputs`
+  * `cd tests; make regenerate-outputs`
 
 Required tools:
 

diff --git a/charts/k8s-monitoring/Chart.yaml b/charts/k8s-monitoring/Chart.yaml
@@ -3,7 +3,7 @@ name: k8s-monitoring
 description: A Helm chart for gathering, scraping, and forwarding Kubernetes infrastructure metrics and logs to a Grafana Stack.
 type: application
 
-version: 0.0.4
+version: 0.0.5
 appVersion: 1.1.5
 icon: https://raw.githubusercontent.com/grafana/grafana/main/public/img/grafana_icon.svg
 maintainers:

diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md
@@ -1,6 +1,6 @@
 # k8s-monitoring
 
-![Version: 0.0.4](https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.5](https://img.shields.io/badge/AppVersion-1.1.5-informational?style=flat-square)
+![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.5](https://img.shields.io/badge/AppVersion-1.1.5-informational?style=flat-square)
 
 A Helm chart for gathering, scraping, and forwarding Kubernetes infrastructure metrics and logs to a Grafana Stack.
 
@@ -93,7 +93,7 @@ shown in the following sections.
 If you want to allow all metrics, set this in the values file:
 
 ```yaml
-allowList: ["*"]
+allowList: null
 ```
 
 ### Allow List for Kube State Metrics
@@ -229,10 +229,3 @@ Visit the OpenCost [documentation](https://www.opencost.io/docs/prometheus#avail
 * pv_hourly_cost
 * service_selector_labels
 * statefulSet_match_labels
-
-## TODO
-
-* Finish requirements for OpenShift
-* Start investigating Tanzu
-* Start investigating Tempo and traces
-* Start investigating OTel for infrastructure metrics and logs
diff --git a/charts/k8s-monitoring/README.md.gotmpl b/charts/k8s-monitoring/README.md.gotmpl
@@ -49,7 +49,7 @@ shown in the following sections.
 If you want to allow all metrics, set this in the values file:
 
 ```yaml
-allowList: ["*"]
+allowList: null
 ```
 
 ### Allow List for Kube State Metrics
@@ -186,10 +186,3 @@ Visit the OpenCost [documentation](https://www.opencost.io/docs/prometheus#avail
 * pv_hourly_cost
 * service_selector_labels
 * statefulSet_match_labels
-
-## TODO
-
-* Finish requirements for OpenShift
-* Start investigating Tanzu
-* Start investigating Tempo and traces
-* Start investigating OTel for infrastructure metrics and logs
diff --git a/charts/k8s-monitoring/templates/agent_config/_cadvisor.river.txt b/charts/k8s-monitoring/templates/agent_config/_cadvisor.river.txt
@@ -27,8 +27,13 @@ prometheus.scrape "cadvisor" {
   tls_config {
     insecure_skip_verify = true
   }
+{{- if .Values.metrics.cadvisor.allowList }}
   forward_to = [prometheus.relabel.cadvisor.receiver]
+{{- else }}
+  forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
+{{- end }}
 }
+{{- if .Values.metrics.cadvisor.allowList }}
 
 prometheus.relabel "cadvisor" {
   rule {
@@ -38,4 +43,5 @@ prometheus.relabel "cadvisor" {
   }
   forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
 }
+{{- end }}
 {{ end }}
diff --git a/charts/k8s-monitoring/templates/agent_config/_kube_state_metrics.river.txt b/charts/k8s-monitoring/templates/agent_config/_kube_state_metrics.river.txt
@@ -29,7 +29,11 @@ discovery.relabel "kube_state_metrics" {
 prometheus.scrape "kube_state_metrics" {
   job_name   = "integrations/kubernetes/kube-state-metrics"
   targets    = discovery.relabel.kube_state_metrics.output
+{{- if (index .Values.metrics "kube-state-metrics").allowList }}
   forward_to = [prometheus.relabel.kube_state_metrics.receiver]
+{{- else }}
+  forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
+{{- end }}
 {{- if (index .Values.metrics "kube-state-metrics").service.isTLS }}
   scheme     = "https"
   bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token"
@@ -38,6 +42,7 @@ prometheus.scrape "kube_state_metrics" {
   }
 {{- end }}
 }
+{{- if (index .Values.metrics "kube-state-metrics").allowList }}
 
 prometheus.relabel "kube_state_metrics" {
   rule {
@@ -47,4 +52,5 @@ prometheus.relabel "kube_state_metrics" {
   }
   forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
 }
+{{- end }}
 {{ end }}
diff --git a/charts/k8s-monitoring/templates/agent_config/_kubelet.river.txt b/charts/k8s-monitoring/templates/agent_config/_kubelet.river.txt
@@ -27,8 +27,13 @@ prometheus.scrape "kubelet" {
   tls_config {
     insecure_skip_verify = true
   }
+{{- if .Values.metrics.kubelet.allowList }}
   forward_to = [prometheus.relabel.kubelet.receiver]
+{{- else }}
+  forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
+{{- end }}
 }
+{{- if .Values.metrics.kubelet.allowList }}
 
 prometheus.relabel "kubelet" {
   rule {
@@ -38,4 +43,5 @@ prometheus.relabel "kubelet" {
   }
   forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
 }
+{{- end }}
 {{ end }}
diff --git a/charts/k8s-monitoring/templates/agent_config/_node_exporter.river.txt b/charts/k8s-monitoring/templates/agent_config/_node_exporter.river.txt
@@ -29,14 +29,19 @@ discovery.relabel "node_exporter" {
 prometheus.scrape "node_exporter" {
   job_name   = "integrations/node_exporter"
   targets  = discovery.relabel.node_exporter.output
+{{- if (index .Values.metrics "node-exporter").allowList }}
   forward_to = [prometheus.relabel.node_exporter.receiver]
+{{- else }}
+  forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
+{{- end }}
   scheme     = "https"
   bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token"
   tls_config {
     ca_file = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
     insecure_skip_verify = true
   }
 }
+{{- if (index .Values.metrics "node-exporter").allowList }}
 
 prometheus.relabel "node_exporter" {
   rule {
@@ -46,4 +51,5 @@ prometheus.relabel "node_exporter" {
   }
   forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
 }
+{{- end }}
 {{ end }}
diff --git a/charts/k8s-monitoring/templates/agent_config/_opencost.txt b/charts/k8s-monitoring/templates/agent_config/_opencost.txt
@@ -27,8 +27,13 @@ discovery.relabel "opencost" {
 prometheus.scrape "opencost" {
   job_name   = "integrations/kubernetes/opencost"
   targets    = discovery.relabel.opencost.output
+{{- if .Values.metrics.cost.allowList }}
   forward_to = [prometheus.relabel.opencost.receiver]
+{{- else }}
+  forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
+{{- end }}
 }
+{{- if .Values.metrics.cost.allowList }}
 
 prometheus.relabel "opencost" {
   rule {
@@ -38,4 +43,5 @@ prometheus.relabel "opencost" {
   }
   forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver]
 }
+{{- end }}
 {{ end }}
diff --git a/tests/Makefile b/tests/Makefile
@@ -8,7 +8,7 @@ endif
 INPUT_FILES = $(wildcard ./*/values.yaml)
 OUTPUT_FILES = $(subst values.yaml,output.yaml,$(INPUT_FILES))
 
-lint-config: $(OUTPUT_FILES)
+lint-config:
 	for file in $^; \
 	do \
 		echo "Linting Agent config in $${file}..."; \