diff --git a/charts/kubeskoop/.helmignore b/charts/kubeskoop/.helmignore new file mode 100644 index 0000000..691fa13 --- /dev/null +++ b/charts/kubeskoop/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/kubeskoop/Chart.yaml b/charts/kubeskoop/Chart.yaml new file mode 100644 index 0000000..d4b76e0 --- /dev/null +++ b/charts/kubeskoop/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +name: kubeskoop +description: Promtheus exporter and kernel tracing for OS metrics in kubernetes, with pluggable metric collectors and kernel eBPF tracers. +type: application +annotations: + category: Analytics + licenses: Apache-2.0 +version: 1.0.0 +appVersion: 1.0.0 +icon: https://img.shields.io/github/v/tag/alibaba/kubeskoop +keywords: + - kubeskoop + - kubernetes + - prometheus + - eBPF + - ebpf + - monitoring +home: https://github.com/alibaba/kubeskoop +sources: + - https://github.com/alibaba/kubeskoop + - https://kubeskoop.io/ +maintainers: +- name: KubeSkoop + url: https://kubeskoop.io/ diff --git a/charts/kubeskoop/README.md b/charts/kubeskoop/README.md new file mode 100644 index 0000000..52eca04 --- /dev/null +++ b/charts/kubeskoop/README.md @@ -0,0 +1,57 @@ +# KubeSkoop exporter + +## INSTALLATION + +```shell +# Add KubeSkoop charts repo +helm repo add kubeskoop https://kubeskoop.github.io + +# You need to update helm repo info for the first time. +helm repo update + +# Install KubeSkoop exporter. +helm install -n kubeskoop --create-namespace kubeskoop-exporter kubeskoop/kubeskoop-exporter +``` + +You can also install locally if you need to debug the Helm Chart. + +```shell +# Clone KubeSkoop to local disk. +git clone https://github.com/alibaba/kubeskoop.git + +# Install the helm chart locally. +helm install -n kubeskoop --create-namespace kubeskoop-exporter ./kubeskoop/deploy/kubeskoop-exporter-0.3.0.tgz --debug +``` + +KubeSkoop exporter are deployed in DaemonSet. You can check the running status via: + +```shell +# Get pod running status of KubeSkoop exporter +kubectl get pod -n kubeskoop -l app=kubeskoop-exporter -o wide + +# After pods are runing, you can get running status of probes through API server. +kubectl get --raw /api/v1/namespaces/{{kubeskoop-exporter的pod namespace}}/pods/{{kubeskoop-exporter的pod name}}:9102/proxy/status | jq . + +# You can also curl it if you have direct access to the pod IP. +curl {{kubeskoop-exporter的pod ip}}:9102/status |jq . +``` + +## VARIABLES + +| Setting | Description | Default | +|------------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| name | DaemonSet name of KubeSkoop exporter. | `kubeskoop-exporter` | +| debugMode | Enable debug mode for kubeskoop-exporter, with debug interface, debug log level and pprof support. | `false` | +| appName | Pod app label. | `kubeskoop-exporter` | +| runtimeEndpoint | CRI runtime endpoint socket, you can use `crictl info | awk -F":" '/containerdEndpoint/ {print $2'` to obtain it. | `/run/containerd/containerd.sock` | +| image.repository | Image repository for KubeSkoop exporter container. | `kubeskoop/agent` | +| image.tag | Image tag for KubeSkoop exporter container. | `latest` | +| image.imagePullPolicy | `imagePullPolicy` for KubeSkoop exporter container. | `Always` | +| initContainer.enabled | Enable `btfhack` as initContainer to automate discover btf file when kernel does not carry btf information itself. | `true` | +| initContainer.repository | Image repository for `btfhack` container. | `registry.cn-hangzhou.aliyuncs.com/acs/btfhack` | +| initContainer.tag | Image tag for `btfhack` container. | `latest` | +| initContainer.imagePullPolicy | `imagePullPolicy` for `btfhack` container. | `Always` | +| config.serverPort | kubeskoop metrics server port, provide HTTP service. | 9102 | +| config.metricsProbes | Metric probes to enable. | Refer to the probe guide. | +| config.eventProbes | Event probes to enable. | Refer to the probe guide. | +| config.eventSinks | Sink config for events, stderr/file/loki are supported now. | 15 | diff --git a/charts/kubeskoop/templates/configMap.yaml b/charts/kubeskoop/templates/configMap.yaml new file mode 100644 index 0000000..e728c37 --- /dev/null +++ b/charts/kubeskoop/templates/configMap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubeskoop-config + namespace: {{ .Release.Namespace }} +data: + config.yaml: |- + debugmode: {{ .Values.agent.debug }} + port: {{ .Values.agent.port }} + metrics: + probes: + {{- toYaml .Values.config.metricProbes | nindent 6 }} + event: + probes: + {{- toYaml .Values.config.eventProbes | nindent 6 }} + sinks: + {{- toYaml .Values.config.eventSinks | nindent 6 }} diff --git a/charts/kubeskoop/templates/controller/clusterrole.yaml b/charts/kubeskoop/templates/controller/clusterrole.yaml new file mode 100644 index 0000000..bab1d27 --- /dev/null +++ b/charts/kubeskoop/templates/controller/clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.controller.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeskoop-controller +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - configmaps + - namespaces + - pods + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get", "list"] +- apiGroups: ["networking.k8s.io"] + resources: ["networkpolicies"] + verbs: ["get", "list"] +- apiGroups: ["projectcalico.org", "crd.projectcalico.org"] + resources: ["ippools"] + verbs: ["get", "list"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/clusterrolebinding.yaml b/charts/kubeskoop/templates/controller/clusterrolebinding.yaml new file mode 100644 index 0000000..27f3168 --- /dev/null +++ b/charts/kubeskoop/templates/controller/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.controller.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeskoop-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeskoop-controller +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/configmap.yaml b/charts/kubeskoop/templates/controller/configmap.yaml new file mode 100644 index 0000000..a1a8795 --- /dev/null +++ b/charts/kubeskoop/templates/controller/configmap.yaml @@ -0,0 +1,20 @@ +{{- if .Values.controller.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: controller-config + namespace: {{ .Release.Namespace }} +data: + controller.yaml: |- + logLevel: debug + server: + httpPort: 10264 + agentPort: 10263 + controller: + namespace: {{ .Release.Namespace }} + prometheus: "{{ .Values.controller.config.prometheusEndpoint }}" + loki: "{{ .Values.controller.config.lokiEndpoint }}" + database: + type: sqlite3 + diagnose: {} + {{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/deployment.yaml b/charts/kubeskoop/templates/controller/deployment.yaml new file mode 100644 index 0000000..bd09312 --- /dev/null +++ b/charts/kubeskoop/templates/controller/deployment.yaml @@ -0,0 +1,47 @@ +{{- if .Values.controller.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller + namespace: {{ .Release.Namespace }} +{{- with .Values.controller }} +spec: + replicas: 1 + selector: + matchLabels: + app: controller + template: + metadata: + name: controller + labels: + app: controller + spec: + containers: + - name: controller + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.imagePullPolicy }} + command: + - "/bin/controller" + volumeMounts: + - name: lib + mountPath: /var/lib/kubeskoop + - name: config + mountPath: /etc/kubeskoop + resources: + {{ toYaml .resources | nindent 12 }} + {{- with .nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: lib + emptyDir: { } + - name: config + configMap: + name: controller-config +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/role.yaml b/charts/kubeskoop/templates/controller/role.yaml new file mode 100644 index 0000000..5f50ffd --- /dev/null +++ b/charts/kubeskoop/templates/controller/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: controller + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubeskoop-config"] + verbs: ["get", "update"] +- apiGroups: [""] + resources: + - pods + verbs: ["get", "list", "watch", "delete", "create"] +- apiGroups: [""] + resources: ["pods/exec", "pods/attach", "pods/portforward"] + verbs: ["create", "get", "list", "update", "delete"] +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/rolebinding.yaml b/charts/kubeskoop/templates/controller/rolebinding.yaml new file mode 100644 index 0000000..7922d72 --- /dev/null +++ b/charts/kubeskoop/templates/controller/rolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.controller.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: controller + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/controller/service.yaml b/charts/kubeskoop/templates/controller/service.yaml new file mode 100644 index 0000000..e38a2f0 --- /dev/null +++ b/charts/kubeskoop/templates/controller/service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.controller.enabled}} +apiVersion: v1 +kind: Service +metadata: + name: controller + namespace: {{ .Release.Namespace }} +spec: + selector: + app: controller + ports: + - name: grpc + port: 10263 + targetPort: 10263 + - name: http + port: 10264 + targetPort: 10264 +{{- end }} \ No newline at end of file diff --git a/charts/kubeskoop/templates/daemonset.yaml b/charts/kubeskoop/templates/daemonset.yaml new file mode 100644 index 0000000..a0673ce --- /dev/null +++ b/charts/kubeskoop/templates/daemonset.yaml @@ -0,0 +1,115 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: agent + namespace: {{ .Release.Namespace }} + labels: + app: kubeskoop-agent +{{- with .Values.agent }} +spec: + selector: + matchLabels: + app: kubeskoop-agent + template: + metadata: + labels: + app: kubeskoop-agent + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .config.port }}" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + spec: + hostNetwork: true + hostPID: true + hostIPC: true + dnsPolicy: ClusterFirstWithHostNet + {{- if .btfhack.enabled }} + initContainers: + - name: btfhack + image: "{{ .btfhack.repository }}:{{ .btfhack.tag }}" + imagePullPolicy: {{ .btfhack.imagePullPolicy }} + volumeMounts: + - name: bpfdir + mountPath: /etc/net-exporter/btf + - mountPath: /boot/ + name: boot + command: + - btfhack + - discover + - -p + - /etc/net-exporter/btf/ + {{- end }} + containers: + - name: inspector + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.imagePullPolicy }} + env: + - name: INSPECTOR_NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: configvolume + mountPath: /etc/config/ + - name: bpfdir + mountPath: /etc/net-exporter/btf + - name: procfs + mountPath: /proc + - mountPath: /run/containerd/containerd.sock + name: runtimeendpoint + - mountPath: /var/run/ + name: rundir + - mountPath: /sys/fs/bpf + name: bpfmap + mountPropagation: HostToContainer + - mountPath: /sys/kernel/debug + name: bpfdebugfs + mountPropagation: HostToContainer + - mountPath: /etc/node-hostname + name: hostname + command: + - /bin/inspector + - server + securityContext: + privileged: true + resources: + {{- toYaml .resources | nindent 12 }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: procfs + hostPath: + path: /proc + - name: runtimeendpoint + hostPath: + path: {{ .config.runtimeEndpoint }} + - name: boot + hostPath: + path: /boot/ + - name: rundir + hostPath: + path: /var/run/ + - hostPath: + path: /sys/fs/bpf + type: DirectoryOrCreate + name: bpfmap + - hostPath: + path: /sys/kernel/debug + name: bpfdebugfs + - name: hostname + hostPath: + path: /etc/hostname + type: FileOrCreate + - name: configvolume + configMap: + name: kubeskoop-config + - name: bpfdir + emptyDir: {} +{{- end }} diff --git a/charts/kubeskoop/templates/webconsole/deployment.yaml b/charts/kubeskoop/templates/webconsole/deployment.yaml new file mode 100644 index 0000000..89a3051 --- /dev/null +++ b/charts/kubeskoop/templates/webconsole/deployment.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.controller.enabled .Values.webconsole.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webconsole + namespace: {{ .Release.Namespace }} +{{- with .Values.webconsole }} +spec: + replicas: 1 + selector: + matchLabels: + app: webconsole + template: + metadata: + name: webconsole + labels: + app: webconsole + spec: + containers: + - name: webconsole + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.imagePullPolicy }} + command: [ "/bin/webconsole" ] + env: + - name: CONTROLLER_ENDPOINT + value: "http://controller:10264" + - name: GRAFANA_PROXY + value: "{{ .grafana.proxy }}" + - name: GRAFANA_ENDPOINT + value: "{{ .grafana.endpoint }}" + - name: GRAFANA_USERNAME + value: "{{ .grafana.username }}" + - name: GRAFANA_PASSWORD + value: "{{ .grafana.password }}" + - name: AUTH_USERNAME + value: "{{ .auth.username }}" + - name: AUTH_PASSWORD + value: "{{ .auth.password }}" + resources: + {{- toYaml .resources | nindent 12 }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + {{ with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{ with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubeskoop/templates/webconsole/service.yaml b/charts/kubeskoop/templates/webconsole/service.yaml new file mode 100644 index 0000000..80f41fb --- /dev/null +++ b/charts/kubeskoop/templates/webconsole/service.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.controller.enabled .Values.webconsole.enabled}} +apiVersion: v1 +kind: Service +metadata: + name: webconsole + namespace: {{ .Release.Namespace }} + annotations: + {{- .Values.webconsole.service.annotations | toYaml | nindent 4 }} +spec: + type: {{ .Values.webconsole.service.type }} + selector: + app: webconsole + ports: + - name: http + port: {{ .Values.webconsole.service.port }} + targetPort: 8080 +{{- end }} diff --git a/charts/kubeskoop/values.yaml b/charts/kubeskoop/values.yaml new file mode 100644 index 0000000..0f8cf97 --- /dev/null +++ b/charts/kubeskoop/values.yaml @@ -0,0 +1,100 @@ +config: + metricProbes: + - name: conntrack + - name: qdisc + - name: netdev + - name: io + - name: sock + - name: tcpsummary + - name: tcp + - name: tcpext + - name: udp + - name: kernellatency + - name: packetloss + - name: flow + args: + enablePortInLabel: false + - name: tcpretrans + eventProbes: + - name: biolatency + - name: kernellatency + - name: packetloss + args: + enableStack: false + - name: tcpreset + - name: tcpretrans + eventSinks: + - name: stderr + +agent: + config: + debug: false + port: 9102 + runtimeEndpoint: /run/containerd/containerd.sock + image: + repository: kubeskoop/agent + tag: v1.0.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 500m + memory: 1024Mi + requests: + cpu: 500m + memory: 1024Mi + btfhack: + enabled: true + repository: kubeskoop/agent + tag: v1.0.0 + imagePullPolicy: IfNotPresent + nodeSelector: {} + tolerations: {} + +controller: + enabled: true + config: + logLevel: info + prometheusEndpoint: '' + lokiEndpoint: '' + image: + repository: kubeskoop/controller + tag: v1.0.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 500m + memory: 200Mi + requests: + cpu: 50m + memory: 20Mi + nodeSelector: {} + tolerations: {} + +webconsole: + enabled: true + service: + type: NodePort + port: 80 + annotations: {} + auth: + username: admin + password: kubeskoop + grafana: + endpoint: http://grafana/grafana + proxy: true + # used for proxy mode + username: admin + password: kubeskoop + image: + repository: kubeskoop/controller + tag: v1.0.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 500m + memory: 200Mi + requests: + cpu: 50m + memory: 20Mi + nodeSelector: { } + tolerations: { }