add roles

wandb · Oct 19, 2023 · da60b62 · da60b62
1 parent 5e09b01
commit da60b62
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 4 deletions.
diff --git a/charts/operator-wandb/charts/otel/templates/_config.tpl b/charts/operator-wandb/charts/otel/templates/_config.tpl
@@ -5,6 +5,7 @@
 {{- $config = mustMergeOverwrite (include "otel.logsCollectionReceiver" . | fromYaml) $config }}
 {{- $config = mustMergeOverwrite (include "otel.kubeletMetricsReceiver" . | fromYaml) $config }}
 {{- $config = mustMergeOverwrite (include "otel.kubernetesEventReceiver" . | fromYaml) $config }}
+{{- $config = mustMergeOverwrite (include "otel.kubernetesClusterReceiver" . | fromYaml) $config }}
 {{- $config = mustMergeOverwrite (include "otel.extensions" . | fromYaml) $config }}
 {{- $config = mustMergeOverwrite (include "otel.processors" . | fromYaml) $config }}
 {{- $config = mustMergeOverwrite (include "otel.service" . | fromYaml) $config }}
@@ -33,7 +34,7 @@ processors:
     spike_limit_percentage: 25
   k8sattributes:
     filter:
-      node_from_env_var: NODE_NAME
+      node_from_env_var: K8S_NODE_NAME
     passthrough: false
     pod_association:
     - sources:
@@ -67,7 +68,7 @@ service:
     metrics:
       exporters: [debug]
       processors: [memory_limiter, batch, k8sattributes]
-      receivers: [hostmetrics]
+      receivers: [hostmetrics, k8s_cluster, kubeletstats]
     logs:
       exporters: [debug]
       processors: [memory_limiter, batch]

diff --git a/charts/operator-wandb/charts/otel/templates/_receivers.tpl b/charts/operator-wandb/charts/otel/templates/_receivers.tpl
@@ -140,7 +140,8 @@ receivers:
   kubeletstats:
     collection_interval: 20s
     auth_type: "serviceAccount"
-    endpoint: "${env:NODE_NAME}:10250"
+    endpoint: "https://${env:K8S_NODE_NAME}:10250"
+    insecure_skip_verify: true
 {{- end }}
 
 {{- define "otel.kubernetesEventReceiver" -}}
@@ -152,4 +153,10 @@ receivers:
         group: "events.k8s.io"
         exclude_watch_type:
           - "DELETED"
+{{- end }}
+
+{{- define "otel.kubernetesClusterReceiver" -}}
+receivers:
+  k8s_cluster:
+    collection_interval: 10s
 {{- end }}
diff --git a/charts/operator-wandb/charts/otel/templates/clusterrole.yaml b/charts/operator-wandb/charts/otel/templates/clusterrole.yaml
@@ -0,0 +1,54 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "otel.fullname" . }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "wandb.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.clusterRole.labels -}}
+    {{-   toYaml .Values.clusterRole.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.clusterRole.annotations -}}
+    {{-   toYaml .Values.clusterRole.annotations | nindent 4 }}
+    {{- end }}
+rules:
+  # kubernetesAttributes
+  - apiGroups: [""]
+    resources: ["pods", "namespaces"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["replicasets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["replicasets"]
+    verbs: ["get", "list", "watch"]
+
+  # clusterMetrics
+  - apiGroups: [""]
+    resources: ["events", "namespaces", "namespaces/status", "nodes", "nodes/spec", "pods", "pods/status", "replicationcontrollers", "replicationcontrollers/status", "resourcequotas", "services" ]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["daemonsets", "deployments", "replicasets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["jobs", "cronjobs"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["autoscaling"]
+    resources: ["horizontalpodautoscalers"]
+    verbs: ["get", "list", "watch"]
+
+  # kubeletMetrics
+  - apiGroups: [""]
+    resources: ["nodes/stats"]
+    verbs: ["get", "watch", "list"]
+
+  # kubernetesEvents
+  - apiGroups: ["events.k8s.io"]
+    resources: ["events"]
+    verbs: ["watch", "list"]
diff --git a/charts/operator-wandb/charts/otel/templates/clusterrolebinding.yaml b/charts/operator-wandb/charts/otel/templates/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "otel.fullname" . }}
+  labels:
+    {{- include "wandb.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.clusterRole.labels -}}
+    {{-   toYaml .Values.clusterRole.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.clusterRole.annotations -}}
+    {{-   toYaml .Values.clusterRole.annotations | nindent 4 }}
+    {{- end }}
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: {{ include "otel.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "otel.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/operator-wandb/charts/otel/templates/deamonset.yaml b/charts/operator-wandb/charts/otel/templates/deamonset.yaml
@@ -74,7 +74,7 @@ spec:
               protocol: TCP
               hostPort: 9411
           env:
-            - name: NODE_NAME
+            - name: K8S_NODE_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName