logicmonitor / k8s-helm-charts Goto Github PK
View Code? Open in Web Editor NEWThe official LogicMonitor Helm chart repository.
License: Mozilla Public License 2.0
The official LogicMonitor Helm chart repository.
License: Mozilla Public License 2.0
We're using the latest version of the logicmonitor/argus and logicmonitor/collectorset-controller charts. While deploying logicmonitor/argus, we're passing in a nodeSelector
and tolerations
to the statefulsetspec
for the collector, and it's not applying to the collector.
Example taint on the nodes: key1=value1:NoSchedule
Example label on the nodes: label1=""
Run:
helm upgrade \
--install \
--debug \
--wait \
--cleanup-on-fail \
--namespace="default" \
--set accessID=<<accessId>> \
--set accessKey=<<accessKey>> \
--set account=<<account>> \
--set nodeSelector.label1="" \
--set tolerations[0].key=key1 \
--set tolerations[0].operator="Exists" \
--set tolerations[0].effect="NoSchedule" \
--set enableRBAC=true \
--set clusterName=cluster1 \
collectorset-controller logicmonitor/collectorset-controller
helm upgrade \
--install \
--debug \
--wait \
--cleanup-on-fail \
--namespace="default" \
--set accessID=<<accessId>> \
--set nodeSelector.label1="" \
--set tolerations[0].key="key1" \
--set tolerations[0].operator="Exists" \
--set tolerations[0].effect="NoSchedule" \
--set accessKey=<<accessKey>> \
--set account=<<account>> \
--set enableRBAC=true \
--set clusterName=cluster1 \
--set clusterGroupID=<<clusterGroupID>> \
--set collector.groupID=<<collectorGroup>> \
--set collector.replicas=1 \
--set collector.size=small \
--set collector.escalationChainID=25 \
--set collector.statefulsetspec.template.spec.nodeSelector.label1="" \
--set collector.statefulsetspec.template.spec.tolerations[0].key="key1" \
--set collector.statefulsetspec.template.spec.tolerations[0].operator="Exists" \
--set collector.statefulsetspec.template.spec.tolerations[0].effect="NoSchedule" \
argus logicmonitor/argus
The following resources are created
On Nodes with label1 and taint key1=value1:NoSchedule:
On other Nodes:
N/A
The following resources are created
On Nodes with label1 and taint key1=value1:NoSchedule:
On other Nodes:
The nodeSelector is being rendered into the template and is clearly there in the output of --dry-run
apiVersion: logicmonitor.com/v1alpha1
kind: CollectorSet
metadata:
name: cluster1
namespace: default
spec:
clusterName: cluster1
escalationChainID: 25
groupID: 4
imagePullPolicy: Always
imageRepository: logicmonitor/collector
imageTag: latest
policy:
distributionStrategy: RoundRobin
orchestrator: Kubernetes
replicas: 1
size: small
statefulsetspec:
template:
spec:
nodeSelector:
label1: ""
tolerations:
- effect: NoSchedule
key: key1
operator: Exists
It appears that the nodeSelector and tolerations are not being passed to the collector pod upon execution
From kubectl describe pod cluster1-0
:
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
In more and more K8S setups we see the use of Pod Security Policies (PSP). In these setups ClusterRoles without a specific PSP default to no privileges and thus are disallowed to deploy any pods.
It would be great if there was an option to provide the PSP to be used at deployment stage with helm instead of manually change the helm created ClusterRoles afterwards.
Hi, I found this and I have been following it for a little while. I know it is early stages but I am interested in what LM will have for k8s.
argus-918127526-k6xk1 collector
[argus-918127526-k6xk1 collector] DEBUG:root:finding collector Collector Description
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:39Z" level=info msg="Found device group "Kubernetes Cluster: cluster.example.com.au" with id 26"
[argus-918127526-k6xk1 collector] DEBUG:root:Collector not found
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:40Z" level=info msg="Found device group "Etcd" with id 57"
[argus-918127526-k6xk1 collector] DEBUG:root:finding collector group /
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:40Z" level=info msg="Found device group "_deleted" with id 58"
[argus-918127526-k6xk1 collector] DEBUG:root:adding collector
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:41Z" level=info msg="Found device group "Nodes" with id 28"
[argus-918127526-k6xk1 collector] ERROR:root:Status 1069 calling add_collector
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:41Z" level=info msg="Found device group "_deleted" with id 55"
[argus-918127526-k6xk1 collector] No such escalation chain id:1
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:42Z" level=info msg="Found device group "Services" with id 27"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:43Z" level=info msg="Found device group "_deleted" with id 54"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:43Z" level=info msg="Found device group "Pods" with id 29"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:44Z" level=info msg="Found device group "_deleted" with id 56"
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:45Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:40:55Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:41:06Z" level=info msg="No collector found, waiting 10 seconds..."
[argus-918127526-k6xk1 argus] time="2017-09-04T23:41:16Z" level=info msg="No collector found, waiting 10 seconds..."
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:48:23Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:30:51Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Run with:
helm upgrade \
--install \
--debug \
--wait \
--namespace kube-monitoring \
--set accessID='aaaa' \
--set accessKey='aaaa' \
--set account='example' \
--set clusterName='cluster.example.com.au' \
--set collectorDescription='Collector Description' \
--set etcdDiscoveryToken='etcd-cluster-token-etcd' \
argus logicmonitor/argus
We are seeing
Error: looks like "https://logicmonitor.github.com/k8s-helm-charts" is not a valid chart repository or cannot be reached: error converting YAML to JSON: yaml: line 6: could not find expected ':'
helm.go:81: [debug] error converting YAML to JSON: yaml: line 6: could not find expected ':'
In our pipelines.
Also seeing same error from our dev machines.
helm version
version.BuildInfo{Version:"v3.5.3", GitCommit:"041ce5a2c17a58be0fcd5f5e16fb3e7e95fea622", GitTreeState:"dirty", GoVersion:"go1.16"}
This was working for us a few days ago, perhaps something with https://github.com/logicmonitor/k8s-helm-charts/pull/76
RBAC Failures Blocking Argus Deployments
Attempts to deploy Argus are failing due to RBAC issues.
This has been verified on both minikube (minikube v0.23.0, kubectl v1.8.0) and GKE (nodes running v1.8.2-gke.0). Client kubectl is v1.8.4.
Steps to replicate:
$ helm upgrade -i --debug --wait --namespace 'logicmonitor' -f values.yml argus logicmonitor/argus
[debug] Created tunnel using local port: '53473'
[debug] SERVER: "127.0.0.1:53473"
[debug] Fetched logicmonitor/argus to /Users/USERNAME/.helm/cache/archive/argus-0.2.0.tgz
Error: UPGRADE FAILED: failed to create resource: clusterroles.rbac.authorization.k8s.io "collectorset-controller" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["*"]} PolicyRule{Resources:["collectorsets"], APIGroups:["*"], Verbs:["*"]} PolicyRule{Resources:["customresourcedefinitions"], APIGroups:["apiextensions.k8s.io"], Verbs:["*"]}] user=&{system:serviceaccount:kube-system:default bf82f105-c9d8-11e7-a490-42010a840067 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swagger-2.0.0.pb-v1" "/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
Running a second time produces:
Error: UPGRADE FAILED: failed to create resource: clusterroles.rbac.authorization.k8s.io "collector" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["containers"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["containers"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["componentstatuses"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["componentstatuses"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["replicasets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["replicasets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["ingress"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["ingress"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{NonResourceURLs:["/"], Verbs:["get"]} PolicyRule{NonResourceURLs:["/healthz/*"], Verbs:["get"]}] user=&{system:serviceaccount:kube-system:default bf82f105-c9d8-11e7-a490-42010a840067 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swagger-2.0.0.pb-v1" "/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
Contents of values.yml:
clusterName: "argus"
collectorDescription: "argus"
global:
account: "real_account"
accessID: "real_access_id"
accessKey: "real_access_key"
Prometheus's helm chart works with issue and I have full admin rights for the GCP account.
Collectorset-controller and argus helm templates are using a deprecated api endpoint and fails on k8s V: 1.19.3 with an error stating the API version must be updated to rbac.authorization.k8s.io/v1
The old api endpoint referanse can be seen in templates/rbac.yml - line 4
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.