Created
December 4, 2018 09:11
-
-
Save majodev/cdacbf1a97a20d7404d40b22d12f3d90 to your computer and use it in GitHub Desktop.
netdata daemonset on kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM netdata/netdata:latest | |
| MAINTAINER YOUR_EMAIL | |
| # add netdata user to root group (access volumne mounts from host) | |
| RUN apk --no-cache add shadow | |
| RUN usermod -a -G root netdata | |
| ENTRYPOINT ["/usr/sbin/run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: netdata-config | |
| namespace: YOUR_NETDATA_NAMESPACE | |
| data: | |
| # The following stream adaptions were made: | |
| # * Stream configuration (netdata slave, destination + api key) | |
| # The following netdata adaptions were made: | |
| # * [global] Operate in memory only, no access-log | |
| # * [web] web headless | |
| # * [plugin:cgroups] Docker cname resolution comes first, see https://github.com/netdata/netdata/issues/3369#issuecomment-361693959 but prevent system slices https://github.com/netdata/netdata/issues/2973 | |
| # * [plugin:proc:diskspace] Also monitor docker mounts disk space, see https://github.com/netdata/netdata/issues/2408 | |
| # * [plugin:cgroups] Disable script to get cgroup network interfaces disable (non working anyways, slowdowns, replaced with echo) | |
| stream.conf: |- | |
| # Your stream.conf | |
| destination = XXXX:XXXX | |
| api key = XXXXX | |
| netdata.conf: |- | |
| # Your netdata.conf | |
| [global] | |
| memory mode = none | |
| access log = none | |
| [web] | |
| mode = none | |
| [plugins] | |
| tc = no | |
| enable running new plugins = no | |
| node.d = no | |
| fping = no | |
| python.d = no | |
| [plugin:cgroups] | |
| script to get cgroup network interfaces = echo | |
| run script to rename cgroups matching = !/ !/system.slice/* !/system.slice/var-*.scope *docker* !*.mount !*.socket !*.partition /machine.slice/*.service !*.service !*.slice !*.swap !*.user !init.scope !*.scope/vcpu* !*.scope/emulator *.scope *lxc* *qemu* *kubepods* *.libvirt-qemu * | |
| [plugin:proc:diskspace] | |
| check for new mount points every = 5 | |
| exclude space metrics on paths = /proc/* /sys/* /var/run/user/* /run/user/* /snap/* /var/lib/docker/* /host/proc/* /host/sys/* /var/lib/kubelet/pods/*/volume-subpaths/* /var/lib/kubelet/pods/*/volumes/kubernetes.io~secret/* | |
| space usage for all disks = yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet # netdata should run on every node | |
| metadata: | |
| name: netdata | |
| namespace: YOUR_NETDATA_NAMESPACE | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: netdata | |
| template: | |
| metadata: | |
| annotations: | |
| # https://kubernetes.io/docs/tutorials/clusters/apparmor/ | |
| container.apparmor.security.beta.kubernetes.io/netdata: "unconfined" | |
| name: netdata | |
| labels: | |
| app: netdata | |
| spec: | |
| # Must run in docker group to resolve container names | |
| # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| # https://github.com/netdata/netdata/wiki/Install-netdata-with-Docker#docker-container-names-resolution | |
| # Mount propagation must be enabled for proc, sys and var-lib-kubelet to receive subsequent volumes mounts from the host | |
| # https://github.com/kubernetes/kubernetes/issues/44713 | |
| # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation | |
| securityContext: | |
| # we need to run as root to grap fs metrics (resolv.conf in all fs mounts for all containers) | |
| runAsUser: 0 | |
| fsGroup: 0 | |
| hostNetwork: true | |
| containers: | |
| - name: netdata | |
| image: YOUR_ROOT_ENABLED_NETDATA_DOCKERFILE | |
| env: | |
| - name: PGID | |
| value: "115" # docker gid on host | |
| volumeMounts: | |
| - name: var-run-docker | |
| readOnly: true | |
| mountPath: /var/run/docker.sock | |
| - name: var-lib-kubelet | |
| readOnly: true | |
| mountPath: /var/lib/kubelet | |
| mountPropagation: HostToContainer | |
| - name: proc | |
| readOnly: true | |
| mountPath: /host/proc | |
| mountPropagation: HostToContainer | |
| - name: sys | |
| readOnly: true | |
| mountPath: /host/sys | |
| mountPropagation: HostToContainer | |
| - name: netdata-config | |
| mountPath: /usr/lib/netdata/conf.d/stream.conf | |
| subPath: stream.conf | |
| - name: netdata-config | |
| mountPath: /etc/netdata/netdata.conf | |
| subPath: netdata.conf | |
| # https://github.com/netdata/netdata/wiki/Install-netdata-with-Docker | |
| # https://www.weave.works/blog/container-capabilities-kubernetes/ | |
| securityContext: | |
| capabilities: | |
| # https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h | |
| add: | |
| - SYS_PTRACE | |
| - SYS_ADMIN | |
| volumes: | |
| - name: var-run-docker | |
| hostPath: | |
| path: /var/run/docker.sock | |
| - name: var-lib-kubelet | |
| hostPath: | |
| path: /var/lib/kubelet | |
| - name: proc | |
| hostPath: | |
| path: /proc | |
| - name: sys | |
| hostPath: | |
| path: /sys | |
| - name: netdata-config | |
| configMap: | |
| name: netdata-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment