From 9643ea5fa3b8207f1722f014489b54a08521a773 Mon Sep 17 00:00:00 2001 From: Rafael Franzke Date: Wed, 19 Jul 2023 19:51:58 +0200 Subject: [PATCH] Move `seed-bootstrap` chart and monitoring-related logic in `Seed` controller into `monitoring` component (#8237) * Component boilerplate * Deploy component in seed flow * Move `fluentoperator` custom resource component creation into dedicated function * Move VPA cleanup code into component * Drop dead code * Move remaining monitoring-related code into component The chart will be moved in the next commit, accordingly the rendering logic will be adapted * Move chart and apply it from embedded file system * Address PR review feedback --- .../charts/monitoring/charts/utils-templates | 1 - charts/seed-bootstrap/charts/utils-templates | 1 - hack/test-prometheus.sh | 2 +- .../core/v1beta1/constants/types_constants.go | 7 + pkg/component/logging/vali/vali.go | 3 +- pkg/component/monitoring/bootstrap.go | 276 ++++++++++++++ .../monitoring/charts/bootstrap}/Chart.yaml | 0 .../fluent-bit.rules.test.yaml | 0 .../vali.rules.test.yaml | 0 .../fluent-bit.rules.yaml | 0 .../metering.rules.stateful.yaml | 0 .../vali.rules.yaml | 0 .../bootstrap}/charts/monitoring/Chart.yaml | 0 .../monitoring/seed-prometheus-rules/.gitkeep | 0 .../templates/clusterrolebinding.yaml | 2 +- .../charts/monitoring/templates/config.yaml | 0 .../charts/monitoring/templates/helpers.tpl | 0 .../monitoring/templates/prometheus-vpa.yaml | 2 +- .../charts/monitoring/templates/rules.yaml | 0 .../charts/monitoring/templates/service.yaml | 0 .../monitoring/templates/serviceaccount.yaml | 0 .../monitoring/templates/statefulset.yaml | 2 +- .../bootstrap}/charts/monitoring/values.yaml | 0 .../metering.rules.stateful.sh | 0 .../metering.rules.stateful.yaml | 0 .../prometheus-rules/metering.rules.yaml | 0 .../recording-rules.rules.yaml | 0 .../clusterrolebinding.yaml | 2 +- .../aggregate-prometheus/config.yaml | 0 .../aggregate-prometheus/helpers.tpl | 0 .../templates/aggregate-prometheus/hvpa.yaml | 2 +- .../aggregate-prometheus/ingress.yaml | 2 +- .../templates/aggregate-prometheus/rules.yaml | 0 .../aggregate-prometheus/service.yaml | 0 .../aggregate-prometheus/serviceaccount.yaml | 0 .../aggregate-prometheus/statefulset.yaml | 2 +- .../templates/aggregate-prometheus/vpa.yaml | 2 +- .../templates/alertmanager/alertmanager.yaml | 2 +- .../templates/alertmanager/config.tpl | 0 .../templates/alertmanager/config.yaml | 0 .../templates/clusterrole-prometheus.yaml | 2 +- .../prometheus/clusterrolebinding.yaml | 2 +- .../templates/prometheus/config.yaml | 0 .../bootstrap}/templates/prometheus/hvpa.yaml | 2 +- .../templates/prometheus/networkpolicy.yaml | 0 .../templates/prometheus/prometheus-vpa.yaml | 2 +- .../templates/prometheus/resource.tpl | 0 .../templates/prometheus/rules.yaml | 0 .../templates/prometheus/service.yaml | 0 .../templates/prometheus/serviceaccount.yaml | 0 .../templates/prometheus/statefulset.yaml | 2 +- .../monitoring/charts/bootstrap}/values.yaml | 0 pkg/component/shared/fluent_operator.go | 2 - .../controller/seed/seed/components.go | 176 +++++++++ .../seed/seed/reconciler_reconcile.go | 356 ++---------------- pkg/operation/botanist/botanist.go | 2 - pkg/operation/botanist/monitoring.go | 4 +- 57 files changed, 510 insertions(+), 348 deletions(-) delete mode 120000 charts/seed-bootstrap/charts/monitoring/charts/utils-templates delete mode 120000 charts/seed-bootstrap/charts/utils-templates create mode 100644 pkg/component/monitoring/bootstrap.go rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/Chart.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/aggregate-prometheus-rules-tests/fluent-bit.rules.test.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/aggregate-prometheus-rules-tests/vali.rules.test.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/aggregate-prometheus-rules/fluent-bit.rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/aggregate-prometheus-rules/metering.rules.stateful.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/aggregate-prometheus-rules/vali.rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/Chart.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/seed-prometheus-rules/.gitkeep (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/clusterrolebinding.yaml (89%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/config.yaml (100%) rename charts/seed-bootstrap/charts/monitoring/templates/_helpers.tpl => pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/helpers.tpl (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/prometheus-vpa.yaml (86%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/service.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/serviceaccount.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/templates/statefulset.yaml (98%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/charts/monitoring/values.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/prometheus-rules/metering.rules.stateful.sh (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/prometheus-rules/metering.rules.stateful.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/prometheus-rules/metering.rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/prometheus-rules/recording-rules.rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/clusterrolebinding.yaml (89%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/config.yaml (100%) rename charts/seed-bootstrap/templates/aggregate-prometheus/_helpers.tpl => pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/helpers.tpl (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/hvpa.yaml (97%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/ingress.yaml (94%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/service.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/serviceaccount.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/statefulset.yaml (98%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/aggregate-prometheus/vpa.yaml (84%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/alertmanager/alertmanager.yaml (98%) rename charts/seed-bootstrap/templates/alertmanager/_config.tpl => pkg/component/monitoring/charts/bootstrap/templates/alertmanager/config.tpl (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/alertmanager/config.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/clusterrole-prometheus.yaml (92%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/clusterrolebinding.yaml (88%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/config.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/hvpa.yaml (97%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/networkpolicy.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/prometheus-vpa.yaml (84%) rename charts/seed-bootstrap/templates/prometheus/_resource.tpl => pkg/component/monitoring/charts/bootstrap/templates/prometheus/resource.tpl (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/rules.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/service.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/serviceaccount.yaml (100%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/templates/prometheus/statefulset.yaml (98%) rename {charts/seed-bootstrap => pkg/component/monitoring/charts/bootstrap}/values.yaml (100%) diff --git a/charts/seed-bootstrap/charts/monitoring/charts/utils-templates b/charts/seed-bootstrap/charts/monitoring/charts/utils-templates deleted file mode 120000 index 84502af3c59..00000000000 --- a/charts/seed-bootstrap/charts/monitoring/charts/utils-templates +++ /dev/null @@ -1 +0,0 @@ -../../../../utils-templates \ No newline at end of file diff --git a/charts/seed-bootstrap/charts/utils-templates b/charts/seed-bootstrap/charts/utils-templates deleted file mode 120000 index db495912817..00000000000 --- a/charts/seed-bootstrap/charts/utils-templates +++ /dev/null @@ -1 +0,0 @@ -../../utils-templates \ No newline at end of file diff --git a/hack/test-prometheus.sh b/hack/test-prometheus.sh index 9cdada9286c..a8aead2f819 100755 --- a/hack/test-prometheus.sh +++ b/hack/test-prometheus.sh @@ -26,6 +26,6 @@ promtool test rules rules-tests/*test.yaml popd > /dev/null echo "Executing aggregate Prometheus alert tests" -pushd "$(dirname $0)/../charts/seed-bootstrap/aggregate-prometheus-rules-tests" > /dev/null +pushd "$(dirname $0)/../pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules-tests" > /dev/null promtool test rules *test.yaml popd > /dev/null diff --git a/pkg/apis/core/v1beta1/constants/types_constants.go b/pkg/apis/core/v1beta1/constants/types_constants.go index 07955bf5c27..c71c6f3b707 100644 --- a/pkg/apis/core/v1beta1/constants/types_constants.go +++ b/pkg/apis/core/v1beta1/constants/types_constants.go @@ -14,6 +14,10 @@ package constants +import ( + "time" +) + const ( // SecretManagerIdentityControllerManager is the identity for the secret manager used inside controller-manager. SecretManagerIdentityControllerManager = "controller-manager" @@ -743,6 +747,9 @@ const ( // EnvSeedName is a constant for the environment variable which holds the name of the Seed that the extension // controller is running on. EnvSeedName = "SEED_NAME" + + // IngressTLSCertificateValidity is the default validity for ingress TLS certificates. + IngressTLSCertificateValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 ) var ( diff --git a/pkg/component/logging/vali/vali.go b/pkg/component/logging/vali/vali.go index 4634f165292..d7b201da9cc 100644 --- a/pkg/component/logging/vali/vali.go +++ b/pkg/component/logging/vali/vali.go @@ -20,7 +20,6 @@ import ( _ "embed" "fmt" "text/template" - "time" "github.com/Masterminds/sprig" hvpav1alpha1 "github.com/gardener/hvpa-controller/api/v1alpha1" @@ -208,7 +207,7 @@ func (v *vali) Deploy(ctx context.Context) error { Organization: []string{"gardener.cloud:monitoring:ingress"}, DNSNames: []string{v.values.IngressHost}, CertType: secrets.ServerCert, - Validity: pointer.Duration(730 * 24 * time.Hour), // ~2 years, see https://support.apple.com/en-us/HT210176) + Validity: pointer.Duration(v1beta1constants.IngressTLSCertificateValidity), SkipPublishingCACertificate: true, }, secretsmanager.SignedByCA(v1beta1constants.SecretNameCACluster)) if err != nil { diff --git a/pkg/component/monitoring/bootstrap.go b/pkg/component/monitoring/bootstrap.go new file mode 100644 index 00000000000..3ea61bf17b7 --- /dev/null +++ b/pkg/component/monitoring/bootstrap.go @@ -0,0 +1,276 @@ +// Copyright 2023 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package monitoring + +import ( + "context" + "embed" + "fmt" + "path/filepath" + "strings" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + vpaautoscalingv1 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1" + "k8s.io/utils/pointer" + "sigs.k8s.io/controller-runtime/pkg/client" + + v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" + "github.com/gardener/gardener/pkg/client/kubernetes" + "github.com/gardener/gardener/pkg/component" + "github.com/gardener/gardener/pkg/component/hvpa" + "github.com/gardener/gardener/pkg/component/istio" + "github.com/gardener/gardener/pkg/component/kubestatemetrics" + "github.com/gardener/gardener/pkg/operation/common" + "github.com/gardener/gardener/pkg/utils" + kubernetesutils "github.com/gardener/gardener/pkg/utils/kubernetes" + secretsutils "github.com/gardener/gardener/pkg/utils/secrets" + secretsmanager "github.com/gardener/gardener/pkg/utils/secrets/manager" +) + +var ( + //go:embed charts/bootstrap + chart embed.FS + chartPath = filepath.Join("charts", "bootstrap") +) + +// Values is a set of configuration values for the monitoring components. +type Values struct { + // AlertingSMTPSecret is the alerting SMTP secret.. + AlertingSMTPSecret *corev1.Secret + // GlobalMonitoringSecret is the global monitoring secret for the garden cluster. + GlobalMonitoringSecret *corev1.Secret + // HVPAEnabled states whether HVPA is enabled or not. + HVPAEnabled bool + // ImageAlertmanager is the image of Alertmanager. + ImageAlertmanager string + // ImageAlpine is the image of Alpine. + ImageAlpine string + // ImageConfigmapReloader is the image of ConfigmapReloader. + ImageConfigmapReloader string + // ImagePrometheus is the image of Prometheus. + ImagePrometheus string + // IngressHost is the host name of Prometheus. + IngressHost string + // SeedName is the name of the seed. + SeedName string + // StorageCapacityAlertmanager is the storage capacity of Alertmanager. + StorageCapacityAlertmanager string + // StorageCapacityPrometheus is the storage capacity of Prometheus. + StorageCapacityPrometheus string + // StorageCapacityAggregatePrometheus is the storage capacity of AggregatePrometheus. + StorageCapacityAggregatePrometheus string + // WildcardCertName is name of wildcard tls certificate which is issued for the seed's ingress domain. + WildcardCertName *string +} + +// New creates a new instance of Deployer for the monitoring components. +func New( + client client.Client, + chartApplier kubernetes.ChartApplier, + secretsManager secretsmanager.Interface, + namespace string, + values Values, +) component.Deployer { + return &bootstrapper{ + client: client, + chartApplier: chartApplier, + namespace: namespace, + secretsManager: secretsManager, + values: values, + } +} + +type bootstrapper struct { + client client.Client + chartApplier kubernetes.ChartApplier + namespace string + secretsManager secretsmanager.Interface + values Values +} + +func (b *bootstrapper) Deploy(ctx context.Context) error { + if b.values.HVPAEnabled { + if err := kubernetesutils.DeleteObjects(ctx, b.client, + &vpaautoscalingv1.VerticalPodAutoscaler{ObjectMeta: metav1.ObjectMeta{Name: "prometheus-vpa", Namespace: b.namespace}}, + &vpaautoscalingv1.VerticalPodAutoscaler{ObjectMeta: metav1.ObjectMeta{Name: "aggregate-prometheus-vpa", Namespace: b.namespace}}, + ); err != nil { + return err + } + } + + // Fetch component-specific aggregate and central monitoring configuration + var ( + aggregateScrapeConfigs = strings.Builder{} + aggregateMonitoringComponentFunctions = []component.AggregateMonitoringConfiguration{ + istio.AggregateMonitoringConfiguration, + } + + centralScrapeConfigs = strings.Builder{} + centralCAdvisorScrapeConfigMetricRelabelConfigs = strings.Builder{} + centralMonitoringComponentFunctions = []component.CentralMonitoringConfiguration{ + hvpa.CentralMonitoringConfiguration, + kubestatemetrics.CentralMonitoringConfiguration, + } + ) + + for _, componentFn := range aggregateMonitoringComponentFunctions { + aggregateMonitoringConfig, err := componentFn() + if err != nil { + return err + } + + for _, config := range aggregateMonitoringConfig.ScrapeConfigs { + aggregateScrapeConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) + } + } + + for _, componentFn := range centralMonitoringComponentFunctions { + centralMonitoringConfig, err := componentFn() + if err != nil { + return err + } + + for _, config := range centralMonitoringConfig.ScrapeConfigs { + centralScrapeConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) + } + + for _, config := range centralMonitoringConfig.CAdvisorScrapeConfigMetricRelabelConfigs { + centralCAdvisorScrapeConfigMetricRelabelConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) + } + } + + // Monitoring resource values + monitoringResources := map[string]interface{}{ + "prometheus": map[string]interface{}{}, + "aggregate-prometheus": map[string]interface{}{}, + } + + if b.values.HVPAEnabled { + for resource := range monitoringResources { + currentResources, err := kubernetesutils.GetContainerResourcesInStatefulSet(ctx, b.client, kubernetesutils.Key(b.namespace, resource)) + if err != nil { + return err + } + if len(currentResources) != 0 && currentResources["prometheus"] != nil { + monitoringResources[resource] = map[string]interface{}{ + "prometheus": currentResources["prometheus"], + } + } + } + } + + // AlertManager configuration + alertManagerConfig := map[string]interface{}{ + "storage": b.values.StorageCapacityAlertmanager, + } + + if b.values.AlertingSMTPSecret != nil { + emailConfig := map[string]interface{}{ + "to": string(b.values.AlertingSMTPSecret.Data["to"]), + "from": string(b.values.AlertingSMTPSecret.Data["from"]), + "smarthost": string(b.values.AlertingSMTPSecret.Data["smarthost"]), + "auth_username": string(b.values.AlertingSMTPSecret.Data["auth_username"]), + "auth_identity": string(b.values.AlertingSMTPSecret.Data["auth_identity"]), + "auth_password": string(b.values.AlertingSMTPSecret.Data["auth_password"]), + } + alertManagerConfig["enabled"] = true + alertManagerConfig["emailConfigs"] = []map[string]interface{}{emailConfig} + } else { + alertManagerConfig["enabled"] = false + if err := common.DeleteAlertmanager(ctx, b.client, b.namespace); err != nil { + return err + } + } + + var ( + vpaGK = schema.GroupKind{Group: "autoscaling.k8s.io", Kind: "VerticalPodAutoscaler"} + hvpaGK = schema.GroupKind{Group: "autoscaling.k8s.io", Kind: "Hvpa"} + issuerGK = schema.GroupKind{Group: "certmanager.k8s.io", Kind: "ClusterIssuer"} + + applierOptions = kubernetes.CopyApplierOptions(kubernetes.DefaultMergeFuncs) + retainStatusInformation = func(new, old *unstructured.Unstructured) { + // Apply status from old Object to retain status information + new.Object["status"] = old.Object["status"] + } + ) + + applierOptions[vpaGK] = retainStatusInformation + applierOptions[hvpaGK] = retainStatusInformation + applierOptions[issuerGK] = retainStatusInformation + + var ingressTLSSecretName string + if b.values.WildcardCertName != nil { + ingressTLSSecretName = *b.values.WildcardCertName + } else { + ingressTLSSecret, err := b.secretsManager.Generate(ctx, &secretsutils.CertificateSecretConfig{ + Name: "aggregate-prometheus-tls", + CommonName: "prometheus", + Organization: []string{"gardener.cloud:monitoring:ingress"}, + DNSNames: []string{b.values.IngressHost}, + CertType: secretsutils.ServerCert, + Validity: pointer.Duration(v1beta1constants.IngressTLSCertificateValidity), + SkipPublishingCACertificate: true, + }, secretsmanager.SignedByCA(v1beta1constants.SecretNameCASeed)) + if err != nil { + return err + } + ingressTLSSecretName = ingressTLSSecret.Name + } + + values := kubernetes.Values(map[string]interface{}{ + "global": map[string]interface{}{ + "ingressClass": v1beta1constants.SeedNginxIngressClass, + "images": map[string]string{ + "alertmanager": b.values.ImageAlertmanager, + "alpine": b.values.ImageAlpine, + "configmap-reloader": b.values.ImageConfigmapReloader, + "prometheus": b.values.ImagePrometheus, + }, + }, + "prometheus": map[string]interface{}{ + "resources": monitoringResources["prometheus"], + "storage": b.values.StorageCapacityPrometheus, + "additionalScrapeConfigs": centralScrapeConfigs.String(), + "additionalCAdvisorScrapeConfigMetricRelabelConfigs": centralCAdvisorScrapeConfigMetricRelabelConfigs.String(), + }, + "aggregatePrometheus": map[string]interface{}{ + "resources": monitoringResources["aggregate-prometheus"], + "storage": b.values.StorageCapacityAggregatePrometheus, + "seed": b.values.SeedName, + "hostName": b.values.IngressHost, + "secretName": ingressTLSSecretName, + "additionalScrapeConfigs": aggregateScrapeConfigs.String(), + }, + "alertmanager": alertManagerConfig, + "hvpa": map[string]interface{}{ + "enabled": b.values.HVPAEnabled, + }, + "istio": map[string]interface{}{ + "enabled": true, + }, + "ingress": map[string]interface{}{ + "authSecretName": b.values.GlobalMonitoringSecret.Name, + }, + }) + + return b.chartApplier.ApplyFromEmbeddedFS(ctx, chart, chartPath, b.namespace, "monitoring", values, applierOptions) +} + +func (b *bootstrapper) Destroy(ctx context.Context) error { + return nil +} diff --git a/charts/seed-bootstrap/Chart.yaml b/pkg/component/monitoring/charts/bootstrap/Chart.yaml similarity index 100% rename from charts/seed-bootstrap/Chart.yaml rename to pkg/component/monitoring/charts/bootstrap/Chart.yaml diff --git a/charts/seed-bootstrap/aggregate-prometheus-rules-tests/fluent-bit.rules.test.yaml b/pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules-tests/fluent-bit.rules.test.yaml similarity index 100% rename from charts/seed-bootstrap/aggregate-prometheus-rules-tests/fluent-bit.rules.test.yaml rename to pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules-tests/fluent-bit.rules.test.yaml diff --git a/charts/seed-bootstrap/aggregate-prometheus-rules-tests/vali.rules.test.yaml b/pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules-tests/vali.rules.test.yaml similarity index 100% rename from charts/seed-bootstrap/aggregate-prometheus-rules-tests/vali.rules.test.yaml rename to pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules-tests/vali.rules.test.yaml diff --git a/charts/seed-bootstrap/aggregate-prometheus-rules/fluent-bit.rules.yaml b/pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/fluent-bit.rules.yaml similarity index 100% rename from charts/seed-bootstrap/aggregate-prometheus-rules/fluent-bit.rules.yaml rename to pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/fluent-bit.rules.yaml diff --git a/charts/seed-bootstrap/aggregate-prometheus-rules/metering.rules.stateful.yaml b/pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/metering.rules.stateful.yaml similarity index 100% rename from charts/seed-bootstrap/aggregate-prometheus-rules/metering.rules.stateful.yaml rename to pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/metering.rules.stateful.yaml diff --git a/charts/seed-bootstrap/aggregate-prometheus-rules/vali.rules.yaml b/pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/vali.rules.yaml similarity index 100% rename from charts/seed-bootstrap/aggregate-prometheus-rules/vali.rules.yaml rename to pkg/component/monitoring/charts/bootstrap/aggregate-prometheus-rules/vali.rules.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/Chart.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/Chart.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/Chart.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/Chart.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/seed-prometheus-rules/.gitkeep b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/seed-prometheus-rules/.gitkeep similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/seed-prometheus-rules/.gitkeep rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/seed-prometheus-rules/.gitkeep diff --git a/charts/seed-bootstrap/charts/monitoring/templates/clusterrolebinding.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/clusterrolebinding.yaml similarity index 89% rename from charts/seed-bootstrap/charts/monitoring/templates/clusterrolebinding.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/clusterrolebinding.yaml index c28ab2f902d..57a820990ff 100644 --- a/charts/seed-bootstrap/charts/monitoring/templates/clusterrolebinding.yaml +++ b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "rbacversion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/charts/seed-bootstrap/charts/monitoring/templates/config.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/config.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/templates/config.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/config.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/templates/_helpers.tpl b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/helpers.tpl similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/templates/_helpers.tpl rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/helpers.tpl diff --git a/charts/seed-bootstrap/charts/monitoring/templates/prometheus-vpa.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/prometheus-vpa.yaml similarity index 86% rename from charts/seed-bootstrap/charts/monitoring/templates/prometheus-vpa.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/prometheus-vpa.yaml index 5eeddb4d2cb..e1cb1b244ce 100644 --- a/charts/seed-bootstrap/charts/monitoring/templates/prometheus-vpa.yaml +++ b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/prometheus-vpa.yaml @@ -11,7 +11,7 @@ spec: minAllowed: memory: 400Mi targetRef: - apiVersion: {{ include "statefulsetversion" . }} + apiVersion: apps/v1 kind: StatefulSet name: seed-prometheus updatePolicy: diff --git a/charts/seed-bootstrap/charts/monitoring/templates/rules.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/rules.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/templates/rules.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/rules.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/templates/service.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/service.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/templates/service.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/service.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/templates/serviceaccount.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/serviceaccount.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/templates/serviceaccount.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/serviceaccount.yaml diff --git a/charts/seed-bootstrap/charts/monitoring/templates/statefulset.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/statefulset.yaml similarity index 98% rename from charts/seed-bootstrap/charts/monitoring/templates/statefulset.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/statefulset.yaml index 71f397c1fec..a6853a15dee 100644 --- a/charts/seed-bootstrap/charts/monitoring/templates/statefulset.yaml +++ b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/templates/statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "statefulsetversion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: seed-prometheus diff --git a/charts/seed-bootstrap/charts/monitoring/values.yaml b/pkg/component/monitoring/charts/bootstrap/charts/monitoring/values.yaml similarity index 100% rename from charts/seed-bootstrap/charts/monitoring/values.yaml rename to pkg/component/monitoring/charts/bootstrap/charts/monitoring/values.yaml diff --git a/charts/seed-bootstrap/prometheus-rules/metering.rules.stateful.sh b/pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.stateful.sh similarity index 100% rename from charts/seed-bootstrap/prometheus-rules/metering.rules.stateful.sh rename to pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.stateful.sh diff --git a/charts/seed-bootstrap/prometheus-rules/metering.rules.stateful.yaml b/pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.stateful.yaml similarity index 100% rename from charts/seed-bootstrap/prometheus-rules/metering.rules.stateful.yaml rename to pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.stateful.yaml diff --git a/charts/seed-bootstrap/prometheus-rules/metering.rules.yaml b/pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.yaml similarity index 100% rename from charts/seed-bootstrap/prometheus-rules/metering.rules.yaml rename to pkg/component/monitoring/charts/bootstrap/prometheus-rules/metering.rules.yaml diff --git a/charts/seed-bootstrap/prometheus-rules/recording-rules.rules.yaml b/pkg/component/monitoring/charts/bootstrap/prometheus-rules/recording-rules.rules.yaml similarity index 100% rename from charts/seed-bootstrap/prometheus-rules/recording-rules.rules.yaml rename to pkg/component/monitoring/charts/bootstrap/prometheus-rules/recording-rules.rules.yaml diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml similarity index 89% rename from charts/seed-bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml index 3e2f8b91223..0ddaa051a97 100644 --- a/charts/seed-bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "rbacversion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/config.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/config.yaml similarity index 100% rename from charts/seed-bootstrap/templates/aggregate-prometheus/config.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/config.yaml diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/_helpers.tpl b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/helpers.tpl similarity index 100% rename from charts/seed-bootstrap/templates/aggregate-prometheus/_helpers.tpl rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/helpers.tpl diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/hvpa.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/hvpa.yaml similarity index 97% rename from charts/seed-bootstrap/templates/aggregate-prometheus/hvpa.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/hvpa.yaml index d9354882c11..268cbb2950d 100644 --- a/charts/seed-bootstrap/templates/aggregate-prometheus/hvpa.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/hvpa.yaml @@ -75,7 +75,7 @@ spec: startReplicaCount: 1 lastReplicaCount: 1 targetRef: - apiVersion: {{ include "statefulsetversion" . }} + apiVersion: apps/v1 kind: StatefulSet name: aggregate-prometheus {{ end }} diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/ingress.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/ingress.yaml similarity index 94% rename from charts/seed-bootstrap/templates/aggregate-prometheus/ingress.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/ingress.yaml index dfb7518466e..6d213658ef8 100644 --- a/charts/seed-bootstrap/templates/aggregate-prometheus/ingress.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "ingressversion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/rules.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/rules.yaml similarity index 100% rename from charts/seed-bootstrap/templates/aggregate-prometheus/rules.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/rules.yaml diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/service.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/service.yaml similarity index 100% rename from charts/seed-bootstrap/templates/aggregate-prometheus/service.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/service.yaml diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/serviceaccount.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/serviceaccount.yaml similarity index 100% rename from charts/seed-bootstrap/templates/aggregate-prometheus/serviceaccount.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/serviceaccount.yaml diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/statefulset.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/statefulset.yaml similarity index 98% rename from charts/seed-bootstrap/templates/aggregate-prometheus/statefulset.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/statefulset.yaml index 3c0874f8615..c15de9bfb62 100644 --- a/charts/seed-bootstrap/templates/aggregate-prometheus/statefulset.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "statefulsetversion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: aggregate-prometheus diff --git a/charts/seed-bootstrap/templates/aggregate-prometheus/vpa.yaml b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/vpa.yaml similarity index 84% rename from charts/seed-bootstrap/templates/aggregate-prometheus/vpa.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/vpa.yaml index 8281f844a11..cfcfa4a437e 100644 --- a/charts/seed-bootstrap/templates/aggregate-prometheus/vpa.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/aggregate-prometheus/vpa.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace }} spec: targetRef: - apiVersion: {{ include "statefulsetversion" . }} + apiVersion: apps/v1 kind: StatefulSet name: aggregate-prometheus updatePolicy: diff --git a/charts/seed-bootstrap/templates/alertmanager/alertmanager.yaml b/pkg/component/monitoring/charts/bootstrap/templates/alertmanager/alertmanager.yaml similarity index 98% rename from charts/seed-bootstrap/templates/alertmanager/alertmanager.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/alertmanager/alertmanager.yaml index 7f2ea4418bb..894d820dc5a 100644 --- a/charts/seed-bootstrap/templates/alertmanager/alertmanager.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/alertmanager/alertmanager.yaml @@ -38,7 +38,7 @@ spec: component: alertmanager role: monitoring --- -apiVersion: {{ include "statefulsetversion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: alertmanager diff --git a/charts/seed-bootstrap/templates/alertmanager/_config.tpl b/pkg/component/monitoring/charts/bootstrap/templates/alertmanager/config.tpl similarity index 100% rename from charts/seed-bootstrap/templates/alertmanager/_config.tpl rename to pkg/component/monitoring/charts/bootstrap/templates/alertmanager/config.tpl diff --git a/charts/seed-bootstrap/templates/alertmanager/config.yaml b/pkg/component/monitoring/charts/bootstrap/templates/alertmanager/config.yaml similarity index 100% rename from charts/seed-bootstrap/templates/alertmanager/config.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/alertmanager/config.yaml diff --git a/charts/seed-bootstrap/templates/clusterrole-prometheus.yaml b/pkg/component/monitoring/charts/bootstrap/templates/clusterrole-prometheus.yaml similarity index 92% rename from charts/seed-bootstrap/templates/clusterrole-prometheus.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/clusterrole-prometheus.yaml index ab6822ea180..5a931f13527 100644 --- a/charts/seed-bootstrap/templates/clusterrole-prometheus.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/clusterrole-prometheus.yaml @@ -1,5 +1,5 @@ --- -apiVersion: {{ include "rbacversion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus diff --git a/charts/seed-bootstrap/templates/prometheus/clusterrolebinding.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/clusterrolebinding.yaml similarity index 88% rename from charts/seed-bootstrap/templates/prometheus/clusterrolebinding.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/clusterrolebinding.yaml index a424ed02593..a961afaa8e2 100644 --- a/charts/seed-bootstrap/templates/prometheus/clusterrolebinding.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "rbacversion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/charts/seed-bootstrap/templates/prometheus/config.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/config.yaml similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/config.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/config.yaml diff --git a/charts/seed-bootstrap/templates/prometheus/hvpa.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/hvpa.yaml similarity index 97% rename from charts/seed-bootstrap/templates/prometheus/hvpa.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/hvpa.yaml index 67b536a1bd9..fa3d93f75ab 100644 --- a/charts/seed-bootstrap/templates/prometheus/hvpa.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/hvpa.yaml @@ -75,7 +75,7 @@ spec: startReplicaCount: 1 lastReplicaCount: 1 targetRef: - apiVersion: {{ include "statefulsetversion" . }} + apiVersion: apps/v1 kind: StatefulSet name: prometheus {{ end }} diff --git a/charts/seed-bootstrap/templates/prometheus/networkpolicy.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/networkpolicy.yaml similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/networkpolicy.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/networkpolicy.yaml diff --git a/charts/seed-bootstrap/templates/prometheus/prometheus-vpa.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/prometheus-vpa.yaml similarity index 84% rename from charts/seed-bootstrap/templates/prometheus/prometheus-vpa.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/prometheus-vpa.yaml index 570927fd05a..f84fede8182 100644 --- a/charts/seed-bootstrap/templates/prometheus/prometheus-vpa.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/prometheus-vpa.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace }} spec: targetRef: - apiVersion: {{ include "statefulsetversion" . }} + apiVersion: apps/v1 kind: StatefulSet name: prometheus updatePolicy: diff --git a/charts/seed-bootstrap/templates/prometheus/_resource.tpl b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/resource.tpl similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/_resource.tpl rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/resource.tpl diff --git a/charts/seed-bootstrap/templates/prometheus/rules.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/rules.yaml similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/rules.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/rules.yaml diff --git a/charts/seed-bootstrap/templates/prometheus/service.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/service.yaml similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/service.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/service.yaml diff --git a/charts/seed-bootstrap/templates/prometheus/serviceaccount.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/serviceaccount.yaml similarity index 100% rename from charts/seed-bootstrap/templates/prometheus/serviceaccount.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/serviceaccount.yaml diff --git a/charts/seed-bootstrap/templates/prometheus/statefulset.yaml b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/statefulset.yaml similarity index 98% rename from charts/seed-bootstrap/templates/prometheus/statefulset.yaml rename to pkg/component/monitoring/charts/bootstrap/templates/prometheus/statefulset.yaml index 5ac7ea0b0ab..c9987514191 100644 --- a/charts/seed-bootstrap/templates/prometheus/statefulset.yaml +++ b/pkg/component/monitoring/charts/bootstrap/templates/prometheus/statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: {{ include "statefulsetversion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: prometheus diff --git a/charts/seed-bootstrap/values.yaml b/pkg/component/monitoring/charts/bootstrap/values.yaml similarity index 100% rename from charts/seed-bootstrap/values.yaml rename to pkg/component/monitoring/charts/bootstrap/values.yaml diff --git a/pkg/component/shared/fluent_operator.go b/pkg/component/shared/fluent_operator.go index a554e285bba..4845e26ca22 100644 --- a/pkg/component/shared/fluent_operator.go +++ b/pkg/component/shared/fluent_operator.go @@ -15,7 +15,6 @@ package shared import ( - "github.com/Masterminds/semver" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gardener/gardener/pkg/component" @@ -28,7 +27,6 @@ import ( func NewFluentOperator( c client.Client, gardenNamespaceName string, - runtimeVersion *semver.Version, imageVector imagevector.ImageVector, enabled bool, priorityClassName string, diff --git a/pkg/gardenlet/controller/seed/seed/components.go b/pkg/gardenlet/controller/seed/seed/components.go index d94caeef44f..73520de4fb1 100644 --- a/pkg/gardenlet/controller/seed/seed/components.go +++ b/pkg/gardenlet/controller/seed/seed/components.go @@ -18,6 +18,7 @@ import ( "context" "github.com/Masterminds/semver" + fluentbitv1alpha2 "github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2" proberapi "github.com/gardener/dependency-watchdog/api/prober" weederapi "github.com/gardener/dependency-watchdog/api/weeder" hvpav1alpha1 "github.com/gardener/hvpa-controller/api/v1alpha1" @@ -32,16 +33,42 @@ import ( v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" v1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" "github.com/gardener/gardener/pkg/chartrenderer" + "github.com/gardener/gardener/pkg/client/kubernetes" "github.com/gardener/gardener/pkg/component" + "github.com/gardener/gardener/pkg/component/clusterautoscaler" + "github.com/gardener/gardener/pkg/component/coredns" "github.com/gardener/gardener/pkg/component/dependencywatchdog" "github.com/gardener/gardener/pkg/component/etcd" + "github.com/gardener/gardener/pkg/component/extensions" + "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/downloader" + "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/containerd" + "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/docker" + "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/kubelet" + "github.com/gardener/gardener/pkg/component/hvpa" "github.com/gardener/gardener/pkg/component/kubeapiserver" kubeapiserverconstants "github.com/gardener/gardener/pkg/component/kubeapiserver/constants" + "github.com/gardener/gardener/pkg/component/kubecontrollermanager" + "github.com/gardener/gardener/pkg/component/kubeproxy" + "github.com/gardener/gardener/pkg/component/kubernetesdashboard" + "github.com/gardener/gardener/pkg/component/kubescheduler" + "github.com/gardener/gardener/pkg/component/kubestatemetrics" + "github.com/gardener/gardener/pkg/component/logging/eventlogger" + "github.com/gardener/gardener/pkg/component/logging/vali" + "github.com/gardener/gardener/pkg/component/machinecontrollermanager" + "github.com/gardener/gardener/pkg/component/metricsserver" + "github.com/gardener/gardener/pkg/component/monitoring" + "github.com/gardener/gardener/pkg/component/nginxingress" + "github.com/gardener/gardener/pkg/component/nodeexporter" + "github.com/gardener/gardener/pkg/component/nodeproblemdetector" "github.com/gardener/gardener/pkg/component/plutono" + "github.com/gardener/gardener/pkg/component/resourcemanager" "github.com/gardener/gardener/pkg/component/seedsystem" "github.com/gardener/gardener/pkg/component/shared" + "github.com/gardener/gardener/pkg/component/vpa" "github.com/gardener/gardener/pkg/component/vpnauthzserver" "github.com/gardener/gardener/pkg/component/vpnseedserver" + "github.com/gardener/gardener/pkg/component/vpnshoot" + "github.com/gardener/gardener/pkg/features" "github.com/gardener/gardener/pkg/gardenlet/apis/config" seedpkg "github.com/gardener/gardener/pkg/operation/seed" "github.com/gardener/gardener/pkg/utils" @@ -386,3 +413,152 @@ func defaultPlutono( false, ) } + +func defaultMonitoring( + c client.Client, + chartApplier kubernetes.ChartApplier, + secretsManager secretsmanager.Interface, + imageVector imagevector.ImageVector, + namespace string, + seed *seedpkg.Seed, + alertingSMTPSecret *corev1.Secret, + globalMonitoringSecret *corev1.Secret, + hvpaEnabled bool, + ingressHost string, + wildcardCertName *string, +) ( + component.Deployer, + error, +) { + imageAlertmanager, err := imageVector.FindImage(images.ImageNameAlertmanager) + if err != nil { + return nil, err + } + imageAlpine, err := imageVector.FindImage(images.ImageNameAlpine) + if err != nil { + return nil, err + } + imageConfigmapReloader, err := imageVector.FindImage(images.ImageNameConfigmapReloader) + if err != nil { + return nil, err + } + imagePrometheus, err := imageVector.FindImage(images.ImageNamePrometheus) + if err != nil { + return nil, err + } + + return monitoring.New( + c, + chartApplier, + secretsManager, + namespace, + monitoring.Values{ + AlertingSMTPSecret: alertingSMTPSecret, + GlobalMonitoringSecret: globalMonitoringSecret, + HVPAEnabled: hvpaEnabled, + ImageAlertmanager: imageAlertmanager.String(), + ImageAlpine: imageAlpine.String(), + ImageConfigmapReloader: imageConfigmapReloader.String(), + ImagePrometheus: imagePrometheus.String(), + IngressHost: ingressHost, + SeedName: seed.GetInfo().Name, + StorageCapacityAlertmanager: seed.GetValidVolumeSize("1Gi"), + StorageCapacityPrometheus: seed.GetValidVolumeSize("10Gi"), + StorageCapacityAggregatePrometheus: seed.GetValidVolumeSize("20Gi"), + WildcardCertName: wildcardCertName, + }, + ), nil +} + +func defaultFluentOperatorCustomResources( + c client.Client, + namespace string, + imageVector imagevector.ImageVector, + loggingEnabled bool, + eventLoggingEnabled bool, +) ( + deployer component.DeployWaiter, + err error, +) { + var ( + inputs []*fluentbitv1alpha2.ClusterInput + filters []*fluentbitv1alpha2.ClusterFilter + parsers []*fluentbitv1alpha2.ClusterParser + ) + + if loggingEnabled { + componentsFunctions := []component.CentralLoggingConfiguration{ + // journald components + kubelet.CentralLoggingConfiguration, + docker.CentralLoggingConfiguration, + containerd.CentralLoggingConfiguration, + downloader.CentralLoggingConfiguration, + // seed system components + extensions.CentralLoggingConfiguration, + dependencywatchdog.CentralLoggingConfiguration, + resourcemanager.CentralLoggingConfiguration, + monitoring.CentralLoggingConfiguration, + vali.CentralLoggingConfiguration, + // shoot control plane components + etcd.CentralLoggingConfiguration, + clusterautoscaler.CentralLoggingConfiguration, + kubeapiserver.CentralLoggingConfiguration, + kubescheduler.CentralLoggingConfiguration, + kubecontrollermanager.CentralLoggingConfiguration, + kubestatemetrics.CentralLoggingConfiguration, + hvpa.CentralLoggingConfiguration, + plutono.CentralLoggingConfiguration, + vpa.CentralLoggingConfiguration, + vpnseedserver.CentralLoggingConfiguration, + // shoot system components + coredns.CentralLoggingConfiguration, + kubeproxy.CentralLoggingConfiguration, + metricsserver.CentralLoggingConfiguration, + nodeexporter.CentralLoggingConfiguration, + nodeproblemdetector.CentralLoggingConfiguration, + vpnshoot.CentralLoggingConfiguration, + // shoot addon components + kubernetesdashboard.CentralLoggingConfiguration, + nginxingress.CentralLoggingConfiguration, + } + + if eventLoggingEnabled { + componentsFunctions = append(componentsFunctions, eventlogger.CentralLoggingConfiguration) + } + + if features.DefaultFeatureGate.Enabled(features.MachineControllerManagerDeployment) { + componentsFunctions = append(componentsFunctions, machinecontrollermanager.CentralLoggingConfiguration) + } + + // Fetch component specific logging configurations + for _, componentFn := range componentsFunctions { + loggingConfig, err := componentFn() + if err != nil { + return nil, err + } + + if len(loggingConfig.Inputs) > 0 { + inputs = append(inputs, loggingConfig.Inputs...) + } + + if len(loggingConfig.Filters) > 0 { + filters = append(filters, loggingConfig.Filters...) + } + + if len(loggingConfig.Parsers) > 0 { + parsers = append(parsers, loggingConfig.Parsers...) + } + } + } + + return shared.NewFluentOperatorCustomResources( + c, + namespace, + imageVector, + loggingEnabled, + v1beta1constants.PriorityClassNameSeedSystem600, + inputs, + filters, + parsers, + ) +} diff --git a/pkg/gardenlet/controller/seed/seed/reconciler_reconcile.go b/pkg/gardenlet/controller/seed/seed/reconciler_reconcile.go index b18e81f57d0..a5e058a4163 100644 --- a/pkg/gardenlet/controller/seed/seed/reconciler_reconcile.go +++ b/pkg/gardenlet/controller/seed/seed/reconciler_reconcile.go @@ -18,23 +18,19 @@ import ( "context" "errors" "fmt" - "path/filepath" "strings" "time" "github.com/Masterminds/semver" - fluentbitv1alpha2 "github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2" "github.com/go-logr/logr" istiov1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/util/sets" - vpaautoscalingv1 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1" podsecurityadmissionapi "k8s.io/pod-security-admission/api" "k8s.io/utils/clock" "k8s.io/utils/pointer" @@ -46,43 +42,18 @@ import ( v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" v1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper" resourcesv1alpha1 "github.com/gardener/gardener/pkg/apis/resources/v1alpha1" - "github.com/gardener/gardener/pkg/client/kubernetes" "github.com/gardener/gardener/pkg/component" "github.com/gardener/gardener/pkg/component/clusterautoscaler" "github.com/gardener/gardener/pkg/component/clusteridentity" - "github.com/gardener/gardener/pkg/component/coredns" - "github.com/gardener/gardener/pkg/component/dependencywatchdog" "github.com/gardener/gardener/pkg/component/etcd" - "github.com/gardener/gardener/pkg/component/extensions" extensioncrds "github.com/gardener/gardener/pkg/component/extensions/crds" - "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/downloader" - "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/containerd" - "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/docker" - "github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components/kubelet" "github.com/gardener/gardener/pkg/component/hvpa" "github.com/gardener/gardener/pkg/component/istio" - "github.com/gardener/gardener/pkg/component/kubeapiserver" "github.com/gardener/gardener/pkg/component/kubeapiserverexposure" - "github.com/gardener/gardener/pkg/component/kubecontrollermanager" - "github.com/gardener/gardener/pkg/component/kubeproxy" - "github.com/gardener/gardener/pkg/component/kubernetesdashboard" - "github.com/gardener/gardener/pkg/component/kubescheduler" - "github.com/gardener/gardener/pkg/component/kubestatemetrics" - "github.com/gardener/gardener/pkg/component/logging/eventlogger" "github.com/gardener/gardener/pkg/component/logging/fluentoperator" - "github.com/gardener/gardener/pkg/component/logging/vali" "github.com/gardener/gardener/pkg/component/machinecontrollermanager" - "github.com/gardener/gardener/pkg/component/metricsserver" - "github.com/gardener/gardener/pkg/component/monitoring" - "github.com/gardener/gardener/pkg/component/nginxingress" - "github.com/gardener/gardener/pkg/component/nodeexporter" - "github.com/gardener/gardener/pkg/component/nodeproblemdetector" - "github.com/gardener/gardener/pkg/component/plutono" - "github.com/gardener/gardener/pkg/component/resourcemanager" sharedcomponent "github.com/gardener/gardener/pkg/component/shared" "github.com/gardener/gardener/pkg/component/vpa" - "github.com/gardener/gardener/pkg/component/vpnseedserver" - "github.com/gardener/gardener/pkg/component/vpnshoot" "github.com/gardener/gardener/pkg/controllerutils" "github.com/gardener/gardener/pkg/features" "github.com/gardener/gardener/pkg/gardenlet/apis/config" @@ -93,7 +64,6 @@ import ( "github.com/gardener/gardener/pkg/utils/flow" gardenerutils "github.com/gardener/gardener/pkg/utils/gardener" "github.com/gardener/gardener/pkg/utils/gardener/tokenrequest" - "github.com/gardener/gardener/pkg/utils/images" "github.com/gardener/gardener/pkg/utils/imagevector" kubernetesutils "github.com/gardener/gardener/pkg/utils/kubernetes" "github.com/gardener/gardener/pkg/utils/retry" @@ -226,14 +196,6 @@ func (r *Reconciler) checkMinimumK8SVersion(version string) (string, error) { return version, nil } -const ( - seedBootstrapChartName = "seed-bootstrap" - kubeAPIServerPrefix = "api-seed" - plutonoPrefix = "g-seed" - prometheusPrefix = "p-seed" - ingressTLSCertificateValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 -) - func (r *Reconciler) runReconcileSeedFlow( ctx context.Context, log logr.Logger, @@ -278,29 +240,20 @@ func (r *Reconciler) runReconcileSeedFlow( } var ( - vpaGK = schema.GroupKind{Group: "autoscaling.k8s.io", Kind: "VerticalPodAutoscaler"} - hvpaGK = schema.GroupKind{Group: "autoscaling.k8s.io", Kind: "Hvpa"} - issuerGK = schema.GroupKind{Group: "certmanager.k8s.io", Kind: "ClusterIssuer"} - vpaEnabled = seed.GetInfo().Spec.Settings == nil || seed.GetInfo().Spec.Settings.VerticalPodAutoscaler == nil || seed.GetInfo().Spec.Settings.VerticalPodAutoscaler.Enabled hvpaEnabled = features.DefaultFeatureGate.Enabled(features.HVPA) loggingEnabled = gardenlethelper.IsLoggingEnabled(&r.Config) - - gardenNamespace = &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: r.GardenNamespace, - }, - } ) if !vpaEnabled { // VPA is a prerequisite. If it's not enabled via the seed spec it must be provided through some other mechanism. - if _, err := seedClient.RESTMapper().RESTMapping(vpaGK); err != nil { + if _, err := seedClient.RESTMapper().RESTMapping(schema.GroupKind{Group: "autoscaling.k8s.io", Kind: "VerticalPodAutoscaler"}); err != nil { return fmt.Errorf("VPA is required for seed cluster: %s", err) } } // create + label garden namespace + gardenNamespace := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: r.GardenNamespace}} log.Info("Labeling and annotating namespace", "namespaceName", gardenNamespace.Name) if _, err := controllerutils.CreateOrGetAndMergePatch(ctx, seedClient, gardenNamespace, func() error { metav1.SetMetaDataLabel(&gardenNamespace.ObjectMeta, "role", v1beta1constants.GardenNamespace) @@ -331,14 +284,8 @@ func (r *Reconciler) runReconcileSeedFlow( return errors.New("global monitoring secret not found in seed namespace") } - globalMonitoringSecretSeed := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "seed-" + globalMonitoringSecretGarden.Name, - Namespace: r.GardenNamespace, - }, - } - log.Info("Replicating global monitoring secret to garden namespace in seed", "secret", client.ObjectKeyFromObject(globalMonitoringSecretGarden)) + globalMonitoringSecretSeed := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "seed-" + globalMonitoringSecretGarden.Name, Namespace: r.GardenNamespace}} if _, err := controllerutils.GetAndCreateOrMergePatch(ctx, seedClient, globalMonitoringSecretSeed, func() error { globalMonitoringSecretSeed.Type = globalMonitoringSecretGarden.Type globalMonitoringSecretSeed.Data = globalMonitoringSecretGarden.Data @@ -353,23 +300,9 @@ func (r *Reconciler) runReconcileSeedFlow( return err } - seedImages, err := imagevector.FindImages( - r.ImageVector, - []string{ - images.ImageNameAlertmanager, - images.ImageNameAlpine, - images.ImageNameConfigmapReloader, - images.ImageNameVali, - images.ImageNameValiCurator, - images.ImageNameTune2fs, - images.ImageNamePlutono, - images.ImageNamePrometheus, - }, - imagevector.RuntimeVersion(kubernetesVersion.String()), - imagevector.TargetVersion(kubernetesVersion.String()), - ) - if err != nil { - return err + var alertingSMTPSecret *corev1.Secret + if secret, ok := secrets[v1beta1constants.GardenRoleAlerting]; ok && string(secret.Data["auth_type"]) == "smtp" { + alertingSMTPSecret = secret } // Deploy the CRDs in the seed cluster. @@ -462,218 +395,14 @@ func (r *Reconciler) runReconcileSeedFlow( return err } - if hvpaEnabled { - if err := kubernetesutils.DeleteObjects(ctx, seedClient, - &vpaautoscalingv1.VerticalPodAutoscaler{ObjectMeta: metav1.ObjectMeta{Name: "prometheus-vpa", Namespace: r.GardenNamespace}}, - &vpaautoscalingv1.VerticalPodAutoscaler{ObjectMeta: metav1.ObjectMeta{Name: "aggregate-prometheus-vpa", Namespace: r.GardenNamespace}}, - ); err != nil { - return err - } - } - - // Fetch component-specific aggregate and central monitoring configuration - var ( - aggregateScrapeConfigs = strings.Builder{} - aggregateMonitoringComponentFunctions = []component.AggregateMonitoringConfiguration{ - istio.AggregateMonitoringConfiguration, - } - - centralScrapeConfigs = strings.Builder{} - centralCAdvisorScrapeConfigMetricRelabelConfigs = strings.Builder{} - centralMonitoringComponentFunctions = []component.CentralMonitoringConfiguration{ - hvpa.CentralMonitoringConfiguration, - kubestatemetrics.CentralMonitoringConfiguration, - } - ) - - for _, componentFn := range aggregateMonitoringComponentFunctions { - aggregateMonitoringConfig, err := componentFn() - if err != nil { - return err - } - - for _, config := range aggregateMonitoringConfig.ScrapeConfigs { - aggregateScrapeConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) - } - } - - for _, componentFn := range centralMonitoringComponentFunctions { - centralMonitoringConfig, err := componentFn() - if err != nil { - return err - } - - for _, config := range centralMonitoringConfig.ScrapeConfigs { - centralScrapeConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) - } - - for _, config := range centralMonitoringConfig.CAdvisorScrapeConfigMetricRelabelConfigs { - centralCAdvisorScrapeConfigMetricRelabelConfigs.WriteString(fmt.Sprintf("- %s\n", utils.Indent(config, 2))) - } - } - - // Logging feature gate - var ( - inputs []*fluentbitv1alpha2.ClusterInput - filters []*fluentbitv1alpha2.ClusterFilter - parsers []*fluentbitv1alpha2.ClusterParser - ) - - if loggingEnabled { - componentsFunctions := []component.CentralLoggingConfiguration{ - // journald components - kubelet.CentralLoggingConfiguration, - docker.CentralLoggingConfiguration, - containerd.CentralLoggingConfiguration, - downloader.CentralLoggingConfiguration, - // seed system components - extensions.CentralLoggingConfiguration, - dependencywatchdog.CentralLoggingConfiguration, - resourcemanager.CentralLoggingConfiguration, - monitoring.CentralLoggingConfiguration, - vali.CentralLoggingConfiguration, - // shoot control plane components - etcd.CentralLoggingConfiguration, - clusterautoscaler.CentralLoggingConfiguration, - kubeapiserver.CentralLoggingConfiguration, - kubescheduler.CentralLoggingConfiguration, - kubecontrollermanager.CentralLoggingConfiguration, - kubestatemetrics.CentralLoggingConfiguration, - hvpa.CentralLoggingConfiguration, - plutono.CentralLoggingConfiguration, - vpa.CentralLoggingConfiguration, - vpnseedserver.CentralLoggingConfiguration, - // shoot system components - coredns.CentralLoggingConfiguration, - kubeproxy.CentralLoggingConfiguration, - metricsserver.CentralLoggingConfiguration, - nodeexporter.CentralLoggingConfiguration, - nodeproblemdetector.CentralLoggingConfiguration, - vpnshoot.CentralLoggingConfiguration, - // shoot addon components - kubernetesdashboard.CentralLoggingConfiguration, - nginxingress.CentralLoggingConfiguration, - } - - if gardenlethelper.IsEventLoggingEnabled(&r.Config) { - componentsFunctions = append(componentsFunctions, eventlogger.CentralLoggingConfiguration) - } - - if features.DefaultFeatureGate.Enabled(features.MachineControllerManagerDeployment) { - componentsFunctions = append(componentsFunctions, machinecontrollermanager.CentralLoggingConfiguration) - } - - // Fetch component specific logging configurations - for _, componentFn := range componentsFunctions { - loggingConfig, err := componentFn() - if err != nil { - return err - } - - if len(loggingConfig.Inputs) > 0 { - inputs = append(inputs, loggingConfig.Inputs...) - } - - if len(loggingConfig.Filters) > 0 { - filters = append(filters, loggingConfig.Filters...) - } - - if len(loggingConfig.Parsers) > 0 { - parsers = append(parsers, loggingConfig.Parsers...) - } - } - } - - // Monitoring resource values - monitoringResources := map[string]interface{}{ - "prometheus": map[string]interface{}{}, - "aggregate-prometheus": map[string]interface{}{}, - } - - if hvpaEnabled { - for resource := range monitoringResources { - currentResources, err := kubernetesutils.GetContainerResourcesInStatefulSet(ctx, seedClient, kubernetesutils.Key(r.GardenNamespace, resource)) - if err != nil { - return err - } - if len(currentResources) != 0 && currentResources["prometheus"] != nil { - monitoringResources[resource] = map[string]interface{}{ - "prometheus": currentResources["prometheus"], - } - } - } - } - - // AlertManager configuration - alertManagerConfig := map[string]interface{}{ - "storage": seed.GetValidVolumeSize("1Gi"), - } - - if alertingSMTPSecret, ok := secrets[v1beta1constants.GardenRoleAlerting]; ok && string(alertingSMTPSecret.Data["auth_type"]) == "smtp" { - emailConfig := map[string]interface{}{ - "to": string(alertingSMTPSecret.Data["to"]), - "from": string(alertingSMTPSecret.Data["from"]), - "smarthost": string(alertingSMTPSecret.Data["smarthost"]), - "auth_username": string(alertingSMTPSecret.Data["auth_username"]), - "auth_identity": string(alertingSMTPSecret.Data["auth_identity"]), - "auth_password": string(alertingSMTPSecret.Data["auth_password"]), - } - alertManagerConfig["enabled"] = true - alertManagerConfig["emailConfigs"] = []map[string]interface{}{emailConfig} - } else { - alertManagerConfig["enabled"] = false - if err := common.DeleteAlertmanager(ctx, seedClient, r.GardenNamespace); err != nil { - return err - } - } - - var ( - applierOptions = kubernetes.CopyApplierOptions(kubernetes.DefaultMergeFuncs) - retainStatusInformation = func(new, old *unstructured.Unstructured) { - // Apply status from old Object to retain status information - new.Object["status"] = old.Object["status"] - } - plutonoHost = seed.GetIngressFQDN(plutonoPrefix) - prometheusHost = seed.GetIngressFQDN(prometheusPrefix) - ) - - applierOptions[vpaGK] = retainStatusInformation - applierOptions[hvpaGK] = retainStatusInformation - applierOptions[issuerGK] = retainStatusInformation - wildcardCert, err := gardenerutils.GetWildcardCertificate(ctx, seedClient) if err != nil { return err } - var ( - plutonoWildCardSecretName *string - prometheusIngressTLSSecretName string - ) - + var wildCardSecretName *string if wildcardCert != nil { - plutonoWildCardSecretName = pointer.String(wildcardCert.GetName()) - prometheusIngressTLSSecretName = wildcardCert.GetName() - } else { - prometheusIngressTLSSecret, err := secretsManager.Generate(ctx, &secretsutils.CertificateSecretConfig{ - Name: "aggregate-prometheus-tls", - CommonName: "prometheus", - Organization: []string{"gardener.cloud:monitoring:ingress"}, - DNSNames: []string{seed.GetIngressFQDN(prometheusPrefix)}, - CertType: secretsutils.ServerCert, - Validity: pointer.Duration(ingressTLSCertificateValidity), - SkipPublishingCACertificate: true, - }, secretsmanager.SignedByCA(v1beta1constants.SecretNameCASeed)) - if err != nil { - return err - } - - prometheusIngressTLSSecretName = prometheusIngressTLSSecret.Name - } - - imageVectorOverwrites := make(map[string]string, len(r.ComponentImageVectors)) - for name, data := range r.ComponentImageVectors { - imageVectorOverwrites[name] = data + wildCardSecretName = pointer.String(wildcardCert.GetName()) } seedIsOriginOfClusterIdentity, err := clusteridentity.IsClusterIdentityEmptyOrFromOrigin(ctx, seedClient, v1beta1constants.ClusterIdentityOriginSeed) @@ -685,37 +414,6 @@ func (r *Reconciler) runReconcileSeedFlow( return err } - values := kubernetes.Values(map[string]interface{}{ - "global": map[string]interface{}{ - "ingressClass": v1beta1constants.SeedNginxIngressClass, - "images": imagevector.ImageMapToValues(seedImages), - }, - "prometheus": map[string]interface{}{ - "resources": monitoringResources["prometheus"], - "storage": seed.GetValidVolumeSize("10Gi"), - "additionalScrapeConfigs": centralScrapeConfigs.String(), - "additionalCAdvisorScrapeConfigMetricRelabelConfigs": centralCAdvisorScrapeConfigMetricRelabelConfigs.String(), - }, - "aggregatePrometheus": map[string]interface{}{ - "resources": monitoringResources["aggregate-prometheus"], - "storage": seed.GetValidVolumeSize("20Gi"), - "seed": seed.GetInfo().Name, - "hostName": prometheusHost, - "secretName": prometheusIngressTLSSecretName, - "additionalScrapeConfigs": aggregateScrapeConfigs.String(), - }, - "alertmanager": alertManagerConfig, - "hvpa": map[string]interface{}{ - "enabled": hvpaEnabled, - }, - "istio": map[string]interface{}{ - "enabled": true, - }, - "ingress": map[string]interface{}{ - "authSecretName": globalMonitoringSecretSeed.Name, - }, - }) - // Delete Grafana artifacts. if err := common.DeleteGrafana(ctx, r.SeedClientSet, r.GardenNamespace); err != nil { return err @@ -745,10 +443,6 @@ func (r *Reconciler) runReconcileSeedFlow( } } - if err := chartApplier.Apply(ctx, filepath.Join(r.ChartsPath, seedBootstrapChartName), r.GardenNamespace, seedBootstrapChartName, values, applierOptions); err != nil { - return err - } - // setup for flow graph var dnsRecord component.DeployMigrateWaiter @@ -764,6 +458,22 @@ func (r *Reconciler) runReconcileSeedFlow( if err != nil { return err } + monitoring, err := defaultMonitoring( + seedClient, + chartApplier, + secretsManager, + r.ImageVector, + r.GardenNamespace, + seed, + alertingSMTPSecret, + globalMonitoringSecretSeed, + hvpaEnabled, + seed.GetIngressFQDN("p-seed"), + wildCardSecretName, + ) + if err != nil { + return err + } var ( g = flow.NewGraph("Seed cluster creation") @@ -803,6 +513,10 @@ func (r *Reconciler) runReconcileSeedFlow( Name: "Deploying VPN authorization server", Fn: vpnAuthzServer.Deploy, }) + _ = g.Add(flow.Task{ + Name: "Deploying monitoring components", + Fn: monitoring.Deploy, + }) _ = g.Add(flow.Task{ Name: "Renewing garden access secrets", Fn: flow.TaskFn(func(ctx context.Context) error { @@ -874,15 +588,12 @@ func (r *Reconciler) runReconcileSeedFlow( return err } - fluentOperatorCustomResources, err := sharedcomponent.NewFluentOperatorCustomResources( + fluentOperatorCustomResources, err := defaultFluentOperatorCustomResources( seedClient, r.GardenNamespace, r.ImageVector, loggingEnabled, - v1beta1constants.PriorityClassNameSeedSystem600, - inputs, - filters, - parsers, + gardenlethelper.IsEventLoggingEnabled(&r.Config), ) if err != nil { return err @@ -891,7 +602,6 @@ func (r *Reconciler) runReconcileSeedFlow( fluentOperator, err := sharedcomponent.NewFluentOperator( seedClient, r.GardenNamespace, - kubernetesVersion, r.ImageVector, loggingEnabled, v1beta1constants.PriorityClassNameSeedSystem600, @@ -905,9 +615,9 @@ func (r *Reconciler) runReconcileSeedFlow( r.GardenNamespace, r.ImageVector, secretsManager, - plutonoHost, + seed.GetIngressFQDN("g-seed"), globalMonitoringSecretSeed.Name, - plutonoWildCardSecretName, + wildCardSecretName, ) if err != nil { return err @@ -977,7 +687,7 @@ func (r *Reconciler) runReconcileSeedFlow( kubeAPIServerService := kubeapiserverexposure.NewInternalNameService(seedClient, r.GardenNamespace) if wildcardCert != nil { kubeAPIServerIngress := kubeapiserverexposure.NewIngress(seedClient, r.GardenNamespace, kubeapiserverexposure.IngressValues{ - Host: seed.GetIngressFQDN(kubeAPIServerPrefix), + Host: seed.GetIngressFQDN("api-seed"), IngressClassName: pointer.String(v1beta1constants.SeedNginxIngressClass), ServiceName: v1beta1constants.DeploymentNameKubeAPIServer, TLSSecretName: &wildcardCert.Name, diff --git a/pkg/operation/botanist/botanist.go b/pkg/operation/botanist/botanist.go index 58bebf59b50..dca8f81b962 100644 --- a/pkg/operation/botanist/botanist.go +++ b/pkg/operation/botanist/botanist.go @@ -41,8 +41,6 @@ const DefaultInterval = 5 * time.Second var ( // ChartsPath is an alias for charts.Path. Exposed for testing. ChartsPath = charts.Path - - ingressTLSCertificateValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 ) // New takes an operation object and creates a new Botanist object. It checks whether the given Shoot DNS diff --git a/pkg/operation/botanist/monitoring.go b/pkg/operation/botanist/monitoring.go index f294a0fb92c..f2f572789ef 100644 --- a/pkg/operation/botanist/monitoring.go +++ b/pkg/operation/botanist/monitoring.go @@ -165,7 +165,7 @@ func (b *Botanist) DeploySeedMonitoring(ctx context.Context) error { Organization: []string{"gardener.cloud:monitoring:ingress"}, DNSNames: b.ComputePrometheusHosts(), CertType: secrets.ServerCert, - Validity: &ingressTLSCertificateValidity, + Validity: pointer.Duration(v1beta1constants.IngressTLSCertificateValidity), SkipPublishingCACertificate: true, }, secretsmanager.SignedByCA(v1beta1constants.SecretNameCACluster)) if err != nil { @@ -354,7 +354,7 @@ func (b *Botanist) DeploySeedMonitoring(ctx context.Context) error { Organization: []string{"gardener.cloud:monitoring:ingress"}, DNSNames: b.ComputeAlertManagerHosts(), CertType: secrets.ServerCert, - Validity: &ingressTLSCertificateValidity, + Validity: pointer.Duration(v1beta1constants.IngressTLSCertificateValidity), SkipPublishingCACertificate: true, }, secretsmanager.SignedByCA(v1beta1constants.SecretNameCACluster)) if err != nil {