From 0f24341e5ce440b40716a3299ef31244daa4bc0d Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 23 Jun 2024 10:02:37 -0500
Subject: [PATCH] collectd: Add DaemonSet for collectd

Since all the nodes in the cluster run Fedora CoreOS now, we can
deploy collectd as a container, managed by a DaemonSet.

Note that while _collectd_ has to run as _root_ in order to collect
a lot of metrics, it should not run with all privileges.  It does need
to run as a "super-privileged container" (`spc_t` SELinux domain), but
it does _not_ need most kernel capabilities.
---
 collectd/collectd.d/df.conf         | 10 ++++
 collectd/collectd.d/log.conf        |  8 ++++
 collectd/collectd.d/plugins.conf    |  9 ++++
 collectd/collectd.d/prometheus.conf |  5 ++
 collectd/collectd.yaml              | 74 +++++++++++++++++++++++++++++
 collectd/kustomization.yaml         | 34 +++++++++++++
 collectd/namespace.yaml             |  6 +++
 7 files changed, 146 insertions(+)
 create mode 100644 collectd/collectd.d/df.conf
 create mode 100644 collectd/collectd.d/log.conf
 create mode 100644 collectd/collectd.d/plugins.conf
 create mode 100644 collectd/collectd.d/prometheus.conf
 create mode 100644 collectd/collectd.yaml
 create mode 100644 collectd/kustomization.yaml
 create mode 100644 collectd/namespace.yaml

diff --git a/collectd/collectd.d/df.conf b/collectd/collectd.d/df.conf
new file mode 100644
index 0000000..377a37f
--- /dev/null
+++ b/collectd/collectd.d/df.conf
@@ -0,0 +1,10 @@
+LoadPlugin df
+
+<Plugin df>
+    ReportByDevice true
+
+    FSType autofs
+    FSType overlay
+    FSType efivarfs
+    IgnoreSelected true
+</Plugin>
diff --git a/collectd/collectd.d/log.conf b/collectd/collectd.d/log.conf
new file mode 100644
index 0000000..aca9138
--- /dev/null
+++ b/collectd/collectd.d/log.conf
@@ -0,0 +1,8 @@
+LoadPlugin logfile
+
+<Plugin logfile>
+	LogLevel info
+	File stderr
+	Timestamp false
+	PrintSeverity true
+</Plugin>
diff --git a/collectd/collectd.d/plugins.conf b/collectd/collectd.d/plugins.conf
new file mode 100644
index 0000000..c961a39
--- /dev/null
+++ b/collectd/collectd.d/plugins.conf
@@ -0,0 +1,9 @@
+LoadPlugin chrony
+LoadPlugin cpufreq
+LoadPlugin disk
+LoadPlugin entropy
+LoadPlugin processes
+LoadPlugin swap
+LoadPlugin tcpconns
+LoadPlugin thermal
+LoadPlugin uptime
diff --git a/collectd/collectd.d/prometheus.conf b/collectd/collectd.d/prometheus.conf
new file mode 100644
index 0000000..8283102
--- /dev/null
+++ b/collectd/collectd.d/prometheus.conf
@@ -0,0 +1,5 @@
+LoadPlugin write_prometheus
+
+<Plugin write_prometheus>
+    Port 9103
+</Plugin>
diff --git a/collectd/collectd.yaml b/collectd/collectd.yaml
new file mode 100644
index 0000000..1bab01d
--- /dev/null
+++ b/collectd/collectd.yaml
@@ -0,0 +1,74 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: collectd
+  labels:
+    app.kubernetes.io/name: collectd
+    app.kubernetes.io/component: collectd
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: collectd
+      app.kubernetes.io/component: collectd
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: collectd
+        app.kubernetes.io/component: collectd
+    spec:
+      containers:
+      - name: collectd
+        image: git.pyrocufflink.net/containerimages/collectd
+        ports:
+        - containerPort: 9103
+          name: http
+        readinessProbe: &probe
+          httpGet:
+            port: http
+            path: /metrics
+          periodSeconds: 60
+        startupProbe:
+          <<: *probe
+          periodSeconds: 1
+          successThreshold: 1
+          failureThreshold: 30
+          timeoutSeconds: 1
+        securityContext:
+          capabilities:
+            add:
+            - DAC_READ_SEARCH
+            drop:
+            - ALL
+          seLinuxOptions:
+            type: spc_t
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /etc/collectd.d
+          name: config
+          readOnly: true
+        - mountPath: /host
+          name: host
+        - mountPath: /run
+          name: host
+          subPath: run
+        - mountPath: /tmp
+          name: tmp
+      hostNetwork: true
+      hostPID: true
+      hostIPC: true
+      tolerations:
+      - effect: NoExecute
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+      volumes:
+      - name: config
+        configMap:
+          name: collectd
+      - name: host
+        hostPath:
+          path: /
+      - name: tmp
+        emptyDir:
+          medium: Memory
diff --git a/collectd/kustomization.yaml b/collectd/kustomization.yaml
new file mode 100644
index 0000000..4671bc5
--- /dev/null
+++ b/collectd/kustomization.yaml
@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: collectd
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: collectd
+    app.kubernetes.io/part-of: collectd
+  includeSelectors: false
+
+resources:
+- namespace.yaml
+- collectd.yaml
+
+configMapGenerator:
+- name: collectd
+  files:
+  - collectd.d/df.conf
+  - collectd.d/log.conf
+  - collectd.d/plugins.conf
+  - collectd.d/prometheus.conf
+
+patches:
+- patch: |-
+    apiVersion: apps/v1
+    kind: DaemonSet
+    metadata:
+      name: collectd
+    spec:
+      template:
+        spec:
+          nodeSelector:
+            du5t1n.me/collectd: 'true'
diff --git a/collectd/namespace.yaml b/collectd/namespace.yaml
new file mode 100644
index 0000000..d577ee3
--- /dev/null
+++ b/collectd/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: collectd
+  labels:
+    app.kubernetes.io/name: collectd