linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update prometheus to only scrape proxies in the same mesh (#1402) 

Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>
This commit is contained in:
Kevin Lingerfelt 2018-08-06 12:05:55 -07:00 committed by GitHub
parent 0e6c0a2f3b
commit bd19e8aaff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 36 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cli/cmd/testdata/install_default.golden vendored
View File

@ -625,8 +625,9 @@ data:
- source_labels:
- __meta_kubernetes_pod_container_name
- __meta_kubernetes_pod_container_port_name
- __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
action: keep
regex: ^linkerd-proxy;linkerd-metrics$
regex: ^linkerd-proxy;linkerd-metrics;linkerd$
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
@ -647,9 +648,6 @@ data:
# drop all labels that we just made copies of in the previous labelmap
- action: labeldrop
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
# __meta_kubernetes_pod_label_foo=bar => foo=bar
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
### Grafana ###
---

6
cli/cmd/testdata/install_output.golden vendored
View File

@ -628,8 +628,9 @@ data:
- source_labels:
- __meta_kubernetes_pod_container_name
- __meta_kubernetes_pod_container_port_name
- __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
action: keep
regex: ^linkerd-proxy;linkerd-metrics$
regex: ^linkerd-proxy;linkerd-metrics;Namespace$
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
@ -650,9 +651,6 @@ data:
# drop all labels that we just made copies of in the previous labelmap
- action: labeldrop
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
# __meta_kubernetes_pod_label_foo=bar => foo=bar
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
### Grafana ###
---

6
cli/install/template.go
View File

@ -451,8 +451,9 @@ data:
- source_labels:
- __meta_kubernetes_pod_container_name
- __meta_kubernetes_pod_container_port_name
- __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
action: keep
regex: ^linkerd-proxy;linkerd-metrics$
regex: ^linkerd-proxy;linkerd-metrics;{{.Namespace}}$
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
@ -473,9 +474,6 @@ data:
# drop all labels that we just made copies of in the previous labelmap
- action: labeldrop
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
# __meta_kubernetes_pod_label_foo=bar => foo=bar
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
### Grafana ###
---

7
controller/api/public/stat_summary.go
View File

@ -505,7 +505,7 @@ func (s *grpcServer) getPodStats(obj runtime.Object) (*podStats, error) {
meshCount.failed++
} else {
meshCount.total++
if isInMesh(pod) {
if k8s.IsMeshed(pod, s.controllerNamespace) {
meshCount.inMesh++
}
}
@ -558,11 +558,6 @@ func checkContainerErrors(containerStatuses []apiv1.ContainerStatus, containerNa
return errors
}
func isInMesh(pod *apiv1.Pod) bool {
_, ok := pod.Annotations[k8s.ProxyVersionAnnotation]
return ok
}
func isInvalidServiceRequest(req *pb.StatSummaryRequest) bool {
fromResource := req.GetFromResource()
if fromResource != nil {

60
controller/api/public/stat_summary_test.go
View File

@ -180,8 +180,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`, `
@ -202,8 +201,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Completed
`,
@ -241,8 +239,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -287,8 +284,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -336,8 +332,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -391,8 +386,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -446,8 +440,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`, `
@ -458,8 +451,7 @@ metadata:
namespace: totallydifferent
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -513,8 +505,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`, `
@ -525,8 +516,7 @@ metadata:
namespace: totallydifferent
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -605,8 +595,7 @@ metadata:
namespace: not-right-emojivoto-namespace
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`, `
@ -617,8 +606,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -915,8 +903,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Succeeded
`, `
@ -927,8 +914,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Failed
`},
@ -976,8 +962,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`, `
@ -998,8 +983,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Failed
`, `
@ -1010,8 +994,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Succeeded
`},
@ -1049,8 +1032,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -1092,8 +1074,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,
@ -1142,8 +1123,7 @@ metadata:
namespace: emojivoto
labels:
app: emoji-svc
annotations:
linkerd.io/proxy-version: testinjectversion
linkerd.io/control-plane-ns: linkerd
status:
phase: Running
`,

6
controller/ca/controller.go
View File

@ -158,7 +158,7 @@ func (c *CertificateController) syncSecret(key string) error {
func (c *CertificateController) handlePodAdd(obj interface{}) {
pod := obj.(*v1.Pod)
if c.isInjectedPod(pod) {
if pkgK8s.IsMeshed(pod, c.namespace) {
log.Debugf("enqueuing update of CA bundle configmap in %s", pod.Namespace)
c.queue.Add(pod.Namespace)
@ -172,7 +172,3 @@ func (c *CertificateController) handlePodAdd(obj interface{}) {
func (c *CertificateController) handlePodUpdate(oldObj, newObj interface{}) {
c.handlePodAdd(newObj)
}
func (c *CertificateController) isInjectedPod(pod *v1.Pod) bool {
return pkgK8s.GetControllerNs(pod) == c.namespace
}

7
controller/destination/listener.go
View File

@ -172,14 +172,17 @@ func (l *endpointListener) toAddrSet(addresses []*updateAddress) *pb.AddrSet {
}
func (l *endpointListener) getAddrMetadata(pod *coreV1.Pod) (map[string]string, *pb.ProtocolHint, *pb.TlsIdentity) {
controllerNs := pkgK8s.GetControllerNs(pod)
controllerNs := pod.Labels[pkgK8s.ControllerNSLabel]
ownerKind, ownerName := l.ownerKindAndName(pod)
labels := pkgK8s.GetPodLabels(ownerKind, ownerName, pod)
var hint *pb.ProtocolHint
// If the pod is controlled by us, then it can be hinted that this destination
// knows H2 (and handles our orig-proto translation).
// knows H2 (and handles our orig-proto translation). Note that this check
// does not verify that the pod's control plane matches the control plane
// where the destination service is running; all pods injected for all control
// planes are considered valid for providing the H2 hint.
if controllerNs != "" {
hint = &pb.ProtocolHint{
Protocol: &pb.ProtocolHint_H2_{

6
pkg/k8s/labels.go
View File

@ -93,7 +93,7 @@ func GetPodLabels(ownerKind, ownerName string, pod *coreV1.Pod) map[string]strin
labels[ownerKind] = ownerName
}
if controllerNS := GetControllerNs(pod); controllerNS != "" {
if controllerNS := pod.Labels[ControllerNSLabel]; controllerNS != "" {
labels["linkerd_io_control_plane_ns"] = controllerNS
}
@ -104,8 +104,8 @@ func GetPodLabels(ownerKind, ownerName string, pod *coreV1.Pod) map[string]strin
return labels
}
func GetControllerNs(pod *coreV1.Pod) string {
return pod.Labels[ControllerNSLabel]
func IsMeshed(pod *coreV1.Pod, controllerNS string) bool {
return pod.Labels[ControllerNSLabel] == controllerNS
}
// TLSIdentity is the identity of a pod owner (Deployment, Pod,