infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

collectd: Add DaemonSet for collectd

Browse Source 
Since all the nodes in the cluster run Fedora CoreOS now, we can
deploy collectd as a container, managed by a DaemonSet.

Note that while _collectd_ has to run as _root_ in order to collect
a lot of metrics, it should not run with all privileges.  It does need
to run as a "super-privileged container" (`spc_t` SELinux domain), but
it does _not_ need most kernel capabilities.
This commit is contained in:
Dustin
2024-06-23 10:02:37 -05:00
parent ab458df415
commit 0f24341e5c
7 changed files with 146 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
collectd/collectd.yaml Normal file
View File

@@ -0,0 +1,74 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: collectd
labels:
app.kubernetes.io/name: collectd
app.kubernetes.io/component: collectd
spec:
selector:
matchLabels:
app.kubernetes.io/name: collectd
app.kubernetes.io/component: collectd
template:
metadata:
labels:
app.kubernetes.io/name: collectd
app.kubernetes.io/component: collectd
spec:
containers:
- name: collectd
image: git.pyrocufflink.net/containerimages/collectd
ports:
- containerPort: 9103
name: http
readinessProbe: &probe
httpGet:
port: http
path: /metrics
periodSeconds: 60
startupProbe:
<<: *probe
periodSeconds: 1
successThreshold: 1
failureThreshold: 30
timeoutSeconds: 1
securityContext:
capabilities:
add:
- DAC_READ_SEARCH
drop:
- ALL
seLinuxOptions:
type: spc_t
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/collectd.d
name: config
readOnly: true
- mountPath: /host
name: host
- mountPath: /run
name: host
subPath: run
- mountPath: /tmp
name: tmp
hostNetwork: true
hostPID: true
hostIPC: true
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
volumes:
- name: config
configMap:
name: collectd
- name: host
hostPath:
path: /
- name: tmp
emptyDir:
medium: Memory