Skip to content
This repository was archived by the owner on Jun 9, 2025. It is now read-only.

Commit eb28273

Browse files
beyangbeyang
committed
new base cluster, modified from un-privileged cluster
1 parent 81e4fe6 commit eb28273

66 files changed

Lines changed: 4908 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

new/resources/monitoring/apps_v1_daemonset_cadvisor.yaml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
annotations:
5+
description: DaemonSet to ensure all nodes run a cAdvisor pod.
6+
seccomp.security.alpha.kubernetes.io/pod: docker/default
7+
labels:
8+
app.kubernetes.io/component: cadvisor
9+
deploy: sourcegraph
10+
sourcegraph-resource-requires: cluster-admin
11+
name: cadvisor
12+
namespace: ns-sourcegraph
13+
spec:
14+
selector:
15+
matchLabels:
16+
app: cadvisor
17+
template:
18+
metadata:
19+
annotations:
20+
description: Collects and exports container metrics.
21+
prometheus.io/port: "48080"
22+
sourcegraph.prometheus/scrape: "true"
23+
labels:
24+
app: cadvisor
25+
deploy: sourcegraph
26+
spec:
27+
automountServiceAccountToken: false
28+
containers:
29+
- args:
30+
- --store_container_labels=false
31+
- --whitelisted_container_labels=io.kubernetes.container.name,io.kubernetes.pod.name,io.kubernetes.pod.namespace,io.kubernetes.pod.uid
32+
image: index.docker.io/sourcegraph/cadvisor:187572_2022-12-06_cbecc5321c7d@sha256:755748f2f9b00d8f70bd65349e85235585bdf1a663e26198c8eaf91dfd5636e1
33+
name: cadvisor
34+
ports:
35+
- containerPort: 48080
36+
name: http
37+
protocol: TCP
38+
resources:
39+
limits:
40+
cpu: 300m
41+
memory: 2000Mi
42+
requests:
43+
cpu: 150m
44+
memory: 200Mi
45+
securityContext:
46+
privileged: null
47+
volumeMounts:
48+
- mountPath: /rootfs
49+
name: rootfs
50+
readOnly: true
51+
- mountPath: /var/run
52+
name: var-run
53+
readOnly: true
54+
- mountPath: /sys
55+
name: sys
56+
readOnly: true
57+
- mountPath: /var/lib/docker
58+
name: docker
59+
readOnly: true
60+
- mountPath: /dev/disk
61+
name: disk
62+
readOnly: true
63+
serviceAccountName: cadvisor
64+
terminationGracePeriodSeconds: 30
65+
volumes:
66+
- hostPath:
67+
path: /
68+
name: rootfs
69+
- hostPath:
70+
path: /var/run
71+
name: var-run
72+
- hostPath:
73+
path: /sys
74+
name: sys
75+
- hostPath:
76+
path: /var/lib/docker
77+
name: docker
78+
- hostPath:
79+
path: /dev/disk
80+
name: disk

new/resources/monitoring/apps_v1_daemonset_node-exporter.yaml

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
annotations:
5+
description: DaemonSet to ensure all nodes run a node-exporter pod.
6+
seccomp.security.alpha.kubernetes.io/pod: docker/default
7+
labels:
8+
app: node-exporter
9+
app.kubernetes.io/component: node-exporter
10+
deploy: sourcegraph
11+
name: node-exporter
12+
namespace: ns-sourcegraph
13+
spec:
14+
selector:
15+
matchLabels:
16+
app: node-exporter
17+
template:
18+
metadata:
19+
annotations:
20+
description: Collects and exports machine metrics.
21+
kubectl.kubernetes.io/default-container: node-exporter
22+
labels:
23+
app: node-exporter
24+
deploy: sourcegraph
25+
spec:
26+
affinity: null
27+
automountServiceAccountToken: false
28+
containers:
29+
- args:
30+
- --web.listen-address=:9100
31+
- --path.sysfs=/host/sys
32+
- --path.rootfs=/host/root
33+
- --path.procfs=/host/proc
34+
- --no-collector.wifi
35+
- --no-collector.hwmon
36+
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
37+
- --collector.netclass.ignored-devices=^(veth.*)$
38+
- --collector.netdev.device-exclude=^(veth.*)$
39+
env: null
40+
image: index.docker.io/sourcegraph/node-exporter:187572_2022-12-06_cbecc5321c7d@sha256:2d9dcdf0b2226f0c3d550a64d2667710265462350a3ba9ebe37d0302bc64af0f
41+
imagePullPolicy: IfNotPresent
42+
livenessProbe:
43+
failureThreshold: 3
44+
httpGet:
45+
port: metrics
46+
scheme: HTTP
47+
initialDelaySeconds: 0
48+
periodSeconds: 10
49+
successThreshold: 1
50+
timeoutSeconds: 1
51+
name: node-exporter
52+
ports:
53+
- containerPort: 9100
54+
name: metrics
55+
protocol: TCP
56+
readinessProbe:
57+
failureThreshold: 3
58+
httpGet:
59+
port: metrics
60+
scheme: HTTP
61+
initialDelaySeconds: 0
62+
periodSeconds: 10
63+
successThreshold: 1
64+
timeoutSeconds: 1
65+
resources:
66+
limits:
67+
cpu: "1"
68+
memory: 1Gi
69+
requests:
70+
cpu: 200m
71+
memory: 100Mi
72+
securityContext:
73+
allowPrivilegeEscalation: false
74+
readOnlyRootFilesystem: true
75+
runAsGroup: 65534
76+
runAsUser: 65534
77+
terminationMessagePolicy: FallbackToLogsOnError
78+
volumeMounts:
79+
- mountPath: /host/root
80+
mountPropagation: HostToContainer
81+
name: rootfs
82+
readOnly: true
83+
- mountPath: /host/sys
84+
mountPropagation: HostToContainer
85+
name: sys
86+
readOnly: true
87+
- mountPath: /host/proc
88+
mountPropagation: HostToContainer
89+
name: proc
90+
readOnly: true
91+
hostPID: true
92+
nodeSelector: null
93+
securityContext:
94+
fsGroup: 65534
95+
runAsGroup: 65534
96+
runAsNonRoot: true
97+
runAsUser: 65534
98+
terminationGracePeriodSeconds: 30
99+
tolerations: null
100+
volumes:
101+
- hostPath:
102+
path: /
103+
name: rootfs
104+
- hostPath:
105+
path: /sys
106+
name: sys
107+
- hostPath:
108+
path: /proc
109+
name: proc

new/resources/monitoring/apps_v1_daemonset_otel-agent.yaml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
annotations:
5+
description: Forwards telemetry data to the OpenTelemetry Collector Deployment.
6+
prometheus.io/port: "8888"
7+
sourcegraph.prometheus/scrape: "true"
8+
labels:
9+
app.kubernetes.io/component: otel-collector
10+
deploy: sourcegraph
11+
sourcegraph-resource-requires: no-cluster-admin
12+
name: otel-agent
13+
namespace: ns-sourcegraph
14+
spec:
15+
minReadySeconds: 5
16+
revisionHistoryLimit: 10
17+
selector:
18+
matchLabels:
19+
app: otel-agent
20+
template:
21+
metadata:
22+
annotations:
23+
kubectl.kubernetes.io/default-container: otel-agent
24+
labels:
25+
app: otel-agent
26+
deploy: sourcegraph
27+
spec:
28+
containers:
29+
- command:
30+
- /bin/otelcol-sourcegraph
31+
- --config=/etc/otel-agent/config.yaml
32+
image: index.docker.io/sourcegraph/opentelemetry-collector:187572_2022-12-06_cbecc5321c7d@sha256:113a84fcef33f06f7e529961d5eb64400488953b23ac07ea8a3d628db6789ef0
33+
livenessProbe:
34+
httpGet:
35+
path: /
36+
port: 13133
37+
name: otel-agent
38+
ports:
39+
- containerPort: 55679
40+
name: zpages
41+
- containerPort: 4317
42+
hostPort: 4317
43+
name: otlp-grpc
44+
- containerPort: 4318
45+
hostPort: 4318
46+
name: otlp-http
47+
- containerPort: 8888
48+
name: metrics
49+
readinessProbe:
50+
httpGet:
51+
path: /
52+
port: 13133
53+
resources:
54+
limits:
55+
cpu: 500m
56+
memory: 500Mi
57+
requests:
58+
cpu: 100m
59+
memory: 100Mi
60+
terminationMessagePolicy: FallbackToLogsOnError
61+
volumeMounts:
62+
- mountPath: /etc/otel-agent
63+
name: config
64+
terminationGracePeriodSeconds: 120
65+
volumes:
66+
- configMap:
67+
items:
68+
- key: config.yaml
69+
path: config.yaml
70+
name: otel-agent
71+
name: config

new/resources/monitoring/apps_v1_deployment_otel-collector.yaml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
annotations:
5+
description: Receives, processes, and exports telemetry data.
6+
labels:
7+
app.kubernetes.io/component: otel-collector
8+
deploy: sourcegraph
9+
sourcegraph-resource-requires: no-cluster-admin
10+
name: otel-collector
11+
namespace: ns-sourcegraph
12+
spec:
13+
minReadySeconds: 5
14+
progressDeadlineSeconds: 120
15+
replicas: 1
16+
revisionHistoryLimit: 10
17+
selector:
18+
matchLabels:
19+
app: otel-collector
20+
template:
21+
metadata:
22+
annotations:
23+
kubectl.kubernetes.io/default-container: otel-collector
24+
labels:
25+
app: otel-collector
26+
deploy: sourcegraph
27+
spec:
28+
containers:
29+
- command:
30+
- /bin/otelcol-sourcegraph
31+
- --config=/etc/otel-collector/configs/logging.yaml
32+
image: index.docker.io/sourcegraph/opentelemetry-collector:187572_2022-12-06_cbecc5321c7d@sha256:113a84fcef33f06f7e529961d5eb64400488953b23ac07ea8a3d628db6789ef0
33+
livenessProbe:
34+
httpGet:
35+
path: /
36+
port: 13133
37+
name: otel-collector
38+
ports:
39+
- containerPort: 55679
40+
name: zpages
41+
- containerPort: 4317
42+
name: otlp-grpc
43+
- containerPort: 4318
44+
name: otlp-http
45+
- containerPort: 8888
46+
name: metrics
47+
readinessProbe:
48+
httpGet:
49+
path: /
50+
port: 13133
51+
resources:
52+
limits:
53+
cpu: "2"
54+
memory: 3Gi
55+
requests:
56+
cpu: "0.5"
57+
memory: 1Gi
58+
terminationMessagePolicy: FallbackToLogsOnError
59+
volumeMounts:
60+
- mountPath: /etc/otel-collector/conf
61+
name: config
62+
terminationGracePeriodSeconds: 120
63+
volumes:
64+
- configMap:
65+
items:
66+
- key: config.yaml
67+
path: config.yaml
68+
name: otel-collector
69+
name: config

0 commit comments

Comments
 (0)