185 lines
7.0 KiB
YAML
185 lines
7.0 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kafka-exporter-yc
|
|
namespace: kafka-exporter
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: kafka-exporter-yc
|
|
namespace: kafka-exporter
|
|
spec:
|
|
dependsOn:
|
|
- name: prometheus-stack
|
|
namespace: prometheus-stack
|
|
interval: 5m
|
|
timeout: 10m
|
|
chart:
|
|
spec:
|
|
chart: kafka-exporter-prod
|
|
version: "0.27.0"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: yc-oci-charts
|
|
namespace: flux-system
|
|
interval: 10m
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
postRenderers:
|
|
- kustomize:
|
|
patches:
|
|
- target:
|
|
group: apps
|
|
version: v1
|
|
kind: Deployment
|
|
name: kafka-exporter-yc
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/metadata/annotations
|
|
value:
|
|
vault.hashicorp.com/agent-init-first: "true"
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
vault.hashicorp.com/agent-pre-populate-only: "true"
|
|
vault.hashicorp.com/auth-path: auth/kubernetes
|
|
vault.hashicorp.com/role: kafka-exporter-yc
|
|
vault.hashicorp.com/agent-inject-secret-kafka-bootstrap: secrets/data/vault/apps/kafka-exporter-yc
|
|
vault.hashicorp.com/agent-inject-template-kafka-bootstrap: |-
|
|
{{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}}
|
|
{{ index .Data.data "KAFKA_BOOTSTRAP" }}
|
|
{{- end -}}
|
|
vault.hashicorp.com/agent-inject-secret-kafka-user: secrets/data/vault/apps/kafka-exporter-yc
|
|
vault.hashicorp.com/agent-inject-template-kafka-user: |-
|
|
{{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}}
|
|
{{ index .Data.data "KAFKA_USER" }}
|
|
{{- end -}}
|
|
vault.hashicorp.com/agent-inject-secret-kafka-password: secrets/data/vault/apps/kafka-exporter-yc
|
|
vault.hashicorp.com/agent-inject-template-kafka-password: |-
|
|
{{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}}
|
|
{{ index .Data.data "KAFKA_PASSWORD" }}
|
|
{{- end -}}
|
|
vault.hashicorp.com/agent-inject-secret-kafka-ca.pem: secrets/data/vault/apps/kafka-exporter-yc
|
|
vault.hashicorp.com/agent-inject-template-kafka-ca.pem: |-
|
|
{{- with secret "secrets/data/vault/apps/kafka-exporter-yc" -}}
|
|
{{ index .Data.data "KAFKA_CA_PEM" }}
|
|
{{- end -}}
|
|
- op: add
|
|
path: /spec/template/spec/serviceAccountName
|
|
value: kafka-exporter-yc
|
|
- op: add
|
|
path: /spec/template/spec/imagePullSecrets
|
|
value:
|
|
- name: regcred
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/command
|
|
value:
|
|
- /bin/sh
|
|
- -ec
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/args
|
|
value:
|
|
- |-
|
|
KAFKA_BOOTSTRAP="$(cat /vault/secrets/kafka-bootstrap)"
|
|
KAFKA_USER="$(cat /vault/secrets/kafka-user)"
|
|
KAFKA_PASSWORD="$(cat /vault/secrets/kafka-password)"
|
|
if command -v kafka_exporter >/dev/null 2>&1; then
|
|
KAFKA_EXPORTER_BIN="$(command -v kafka_exporter)"
|
|
else
|
|
KAFKA_EXPORTER_BIN=/bin/kafka_exporter
|
|
fi
|
|
OLD_IFS="${IFS}"
|
|
IFS=,
|
|
set --
|
|
for broker in ${KAFKA_BOOTSTRAP}; do
|
|
broker="$(printf '%s' "${broker}" | tr -d '[:space:]')"
|
|
if [ -n "${broker}" ]; then
|
|
set -- "$@" --kafka.server="${broker}"
|
|
fi
|
|
done
|
|
IFS="${OLD_IFS}"
|
|
exec "${KAFKA_EXPORTER_BIN}" \
|
|
"$@" \
|
|
--sasl.enabled \
|
|
--sasl.username="${KAFKA_USER}" \
|
|
--sasl.password="${KAFKA_PASSWORD}" \
|
|
--sasl.mechanism=scram-sha512 \
|
|
--tls.enabled \
|
|
--tls.ca-file=/vault/secrets/kafka-ca.pem \
|
|
--kafka.labels=yc-kafka \
|
|
--topic.exclude='^__.*' \
|
|
--verbosity=0
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds
|
|
value: 60
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/livenessProbe/failureThreshold
|
|
value: 6
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds
|
|
value: 30
|
|
- op: replace
|
|
path: /spec/template/spec/containers/0/readinessProbe/failureThreshold
|
|
value: 6
|
|
- target:
|
|
group: monitoring.coreos.com
|
|
version: v1
|
|
kind: ServiceMonitor
|
|
name: kafka-exporter-yc
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/selector/matchLabels/app.kubernetes.io~1instance
|
|
value: kafka-exporter-yc
|
|
- op: add
|
|
path: /spec/endpoints/0/relabelings
|
|
value:
|
|
- action: replace
|
|
targetLabel: kafka_instance
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: source_cluster
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: monitored_cluster
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: cluster
|
|
replacement: brusnika-prod
|
|
values:
|
|
fullnameOverride: kafka-exporter-yc
|
|
image:
|
|
repository: danielqsj/kafka-exporter
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
kafkaExporter:
|
|
kafka:
|
|
servers:
|
|
- kafka-bootstrap.from-vault.invalid:9091
|
|
sasl:
|
|
enabled: false
|
|
tls:
|
|
enabled: false
|
|
prometheus:
|
|
serviceMonitor:
|
|
enabled: true
|
|
namespace: kafka-exporter
|
|
interval: 30s
|
|
additionalLabels:
|
|
app: kafka-exporter-yc
|
|
metricRelabelings:
|
|
- action: replace
|
|
targetLabel: kafka_instance
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: source_cluster
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: monitored_cluster
|
|
replacement: yc-kafka
|
|
- action: replace
|
|
targetLabel: cluster
|
|
replacement: brusnika-prod
|