diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index 5c48fb23a77..3bee60be91e 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -13,7 +13,7 @@ The Tetragon Helm chart source is available under and is distributed from the Cilium helm charts repository [helm.cilium.io](https://helm.cilium.io). To deploy Tetragon using this Helm chart you can run the following commands: -```shell +```shell-session helm repo add cilium https://helm.cilium.io helm repo update helm install tetragon cilium/tetragon -n kube-system @@ -90,7 +90,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.prometheus.serviceMonitor.scrapeInterval | string | `"10s"` | Interval at which metrics should be scraped. If not specified, Prometheus' global scrape interval is used. | | tetragon.resources | object | `{}` | | | tetragon.securityContext.privileged | bool | `true` | | -| tetragonOperator | object | `{"affinity":{},"annotations":{},"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.0.0"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}]}` | Tetragon Operator settings | +| tetragonOperator | object | `{"affinity":{},"annotations":{},"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.0.0"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}]}` | Tetragon Operator settings | | tetragonOperator.annotations | object | `{}` | Annotations for the Tetragon Operator Deployment. | | tetragonOperator.extraLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment. | | tetragonOperator.extraPodLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment Pods. | @@ -101,9 +101,13 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | | tetragonOperator.podSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | securityContext for the Tetragon Operator Deployment Pod container. | | tetragonOperator.priorityClassName | string | `""` | priorityClassName for the Tetragon Operator Deployment Pods. | -| tetragonOperator.prometheus | object | `{"address":"","enabled":true,"port":2113}` | Enables the Tetragon Operator metrics. | +| tetragonOperator.prometheus | object | `{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}}` | Enables the Tetragon Operator metrics. | | tetragonOperator.prometheus.address | string | `""` | The address at which to expose Tetragon Operator metrics. Set it to "" to expose on all available interfaces. | | tetragonOperator.prometheus.port | int | `2113` | The port at which to expose metrics. | +| tetragonOperator.prometheus.serviceMonitor | object | `{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}` | The labels to include with supporting metrics. | +| tetragonOperator.prometheus.serviceMonitor.enabled | bool | `false` | Whether to create a 'ServiceMonitor' resource targeting the tetragonOperator pods. | +| tetragonOperator.prometheus.serviceMonitor.labelsOverride | object | `{}` | The set of labels to place on the 'ServiceMonitor' resource. | +| tetragonOperator.prometheus.serviceMonitor.scrapeInterval | string | `"10s"` | Interval at which metrics should be scraped. If not specified, Prometheus' global scrape interval is used. | | tetragonOperator.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | resources for the Tetragon Operator Deployment Pod container. | | tetragonOperator.securityContext | object | `{}` | securityContext for the Tetragon Operator Deployment Pods. | | tetragonOperator.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | tetragon-operator service account. | diff --git a/install/kubernetes/README.md b/install/kubernetes/README.md index cb53f769f54..138b20a82c0 100644 --- a/install/kubernetes/README.md +++ b/install/kubernetes/README.md @@ -73,7 +73,7 @@ Helm chart for Tetragon | tetragon.prometheus.serviceMonitor.scrapeInterval | string | `"10s"` | Interval at which metrics should be scraped. If not specified, Prometheus' global scrape interval is used. | | tetragon.resources | object | `{}` | | | tetragon.securityContext.privileged | bool | `true` | | -| tetragonOperator | object | `{"affinity":{},"annotations":{},"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.0.0"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}]}` | Tetragon Operator settings | +| tetragonOperator | object | `{"affinity":{},"annotations":{},"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.0.0"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}]}` | Tetragon Operator settings | | tetragonOperator.annotations | object | `{}` | Annotations for the Tetragon Operator Deployment. | | tetragonOperator.extraLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment. | | tetragonOperator.extraPodLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment Pods. | @@ -84,9 +84,13 @@ Helm chart for Tetragon | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | | tetragonOperator.podSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | securityContext for the Tetragon Operator Deployment Pod container. | | tetragonOperator.priorityClassName | string | `""` | priorityClassName for the Tetragon Operator Deployment Pods. | -| tetragonOperator.prometheus | object | `{"address":"","enabled":true,"port":2113}` | Enables the Tetragon Operator metrics. | +| tetragonOperator.prometheus | object | `{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}}` | Enables the Tetragon Operator metrics. | | tetragonOperator.prometheus.address | string | `""` | The address at which to expose Tetragon Operator metrics. Set it to "" to expose on all available interfaces. | | tetragonOperator.prometheus.port | int | `2113` | The port at which to expose metrics. | +| tetragonOperator.prometheus.serviceMonitor | object | `{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}` | The labels to include with supporting metrics. | +| tetragonOperator.prometheus.serviceMonitor.enabled | bool | `false` | Whether to create a 'ServiceMonitor' resource targeting the tetragonOperator pods. | +| tetragonOperator.prometheus.serviceMonitor.labelsOverride | object | `{}` | The set of labels to place on the 'ServiceMonitor' resource. | +| tetragonOperator.prometheus.serviceMonitor.scrapeInterval | string | `"10s"` | Interval at which metrics should be scraped. If not specified, Prometheus' global scrape interval is used. | | tetragonOperator.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | resources for the Tetragon Operator Deployment Pod container. | | tetragonOperator.securityContext | object | `{}` | securityContext for the Tetragon Operator Deployment Pods. | | tetragonOperator.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | tetragon-operator service account. | diff --git a/install/kubernetes/templates/operator_servicemonitor.yaml b/install/kubernetes/templates/operator_servicemonitor.yaml new file mode 100644 index 00000000000..7dda09baff9 --- /dev/null +++ b/install/kubernetes/templates/operator_servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.tetragonOperator.enabled .Values.tetragonOperator.prometheus.enabled .Values.tetragonOperator.prometheus.serviceMonitor.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + {{- with .Values.tetragonOperator.prometheus.serviceMonitor.labelsOverride}} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- include "tetragon.labels" . | nindent 4 }} + {{- end }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - honorLabels: true + interval: {{ .Values.tetragonOperator.prometheus.serviceMonitor.scrapeInterval }} + path: /metrics + port: metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- with .Values.serviceLabelsOverride}} + {{- toYaml . | nindent 6 }} + {{- else }} + {{- include "tetragon.labels" . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/install/kubernetes/templates/servicemonitor.yaml b/install/kubernetes/templates/servicemonitor.yaml index 94905e03206..b56888519ce 100644 --- a/install/kubernetes/templates/servicemonitor.yaml +++ b/install/kubernetes/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.tetragon.prometheus.serviceMonitor.enabled -}} +{{- if and .Values.tetragon.enabled .Values.tetragon.prometheus.enabled .Values.tetragon.prometheus.serviceMonitor.enabled -}} --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/install/kubernetes/values.yaml b/install/kubernetes/values.yaml index e9f3e7859b8..de28f6b2b62 100644 --- a/install/kubernetes/values.yaml +++ b/install/kubernetes/values.yaml @@ -224,6 +224,14 @@ tetragonOperator: address: "" # -- The port at which to expose metrics. port: 2113 + # -- The labels to include with supporting metrics. + serviceMonitor: + # -- Whether to create a 'ServiceMonitor' resource targeting the tetragonOperator pods. + enabled: false + # -- The set of labels to place on the 'ServiceMonitor' resource. + labelsOverride: {} + # -- Interval at which metrics should be scraped. If not specified, Prometheus' global scrape interval is used. + scrapeInterval: "10s" # -- Tetragon event settings export: # "stdout". "" to disable.