chore(victoriametrics): add drycc controller metrics

duanhongyi · duanhongyi · commit a55dc24744ac · 2025-06-10T22:32:59.000+08:00
diff --git a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml
@@ -1,7 +1,7 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: drycc-victoriametrics-networkpolicy
+  name: drycc-victoriametrics
 spec:
   podSelector:
     matchLabels:
@@ -13,4 +13,13 @@ spec:
     - namespaceSelector:
         matchLabels:
           kubernetes.io/metadata.name: {{.Release.Namespace}}
-      podSelector: {}
+      podSelector:
+        matchLabels:
+          app: drycc-controller-api
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{.Release.Namespace}}
+      podSelector:
+        matchLabels:
+          app: drycc-victoriametrics
diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml
@@ -11,41 +11,44 @@ data:
     {{- (tpl .Values.vmagent.prometheus $)  | nindent 4 }}
     {{- else }}
     global:
-      ## How frequently to scrape targets by default
-      ##
       scrape_interval: 1m
-      ## How long until a scrape request times out
-      ##
       scrape_timeout: 10s
     scrape_configs:
       - job_name: vmagent
         static_configs:
           - targets: ["localhost:8429"]
+      - job_name: "controller-nodes"
+        scheme: http
+        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+        kubernetes_sd_configs:
+          - role: node
+        relabel_configs:
+          - target_label: __address__
+            replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80
+          - source_labels: [__meta_kubernetes_node_name]
+            regex: (.+)
+            target_label: __metrics_path__
+            replacement: /v2/nodes/$1/proxy/metrics
+      - job_name: "controller-nodes-cadvisor"
+        scheme: http
+        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+        kubernetes_sd_configs:
+          - role: node
+        relabel_configs:
+          - target_label: __address__
+            replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80
+          - source_labels: [__meta_kubernetes_node_name]
+            regex: (.+)
+            target_label: __metrics_path__
+            replacement: /v2/nodes/$1/proxy/metrics/cadvisor
       - job_name: "kubernetes-apiservers"
         kubernetes_sd_configs:
           - role: endpoints
-        # Default to scraping over https. If required, just disable this or change to
-        # `http`.
         scheme: https
-        # This TLS & bearer token file config is used to connect to the actual scrape
-        # endpoints for cluster components. This is separate to discovery auth
-        # configuration because discovery & scraping are two separate concerns in
-        # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-        # the cluster. Otherwise, more config options have to be provided within the
-        # <kubernetes_sd_config>.
         tls_config:
           ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-          # If your node certificates are self-signed or use a different CA to the
-          # master CA, then you need to disable certificate verification. Note that
-          # certificate verification is an integral part of a secure infrastructure
-          # so this should only be disabled in a controlled environment. You can
-          # enable certificate verification by commenting the line below.
-          #
           insecure_skip_verify: true
         bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-        # Keep only the default/kubernetes service endpoints for the https port. This
-        # will add targets for each API server which Kubernetes adds an endpoint to
-        # the default/kubernetes service.
         relabel_configs:
           - source_labels:
               [
@@ -56,23 +59,9 @@ data:
             action: keep
             regex: default;kubernetes;https
       - job_name: "kubernetes-nodes"
-        # Default to scraping over https. If required, just disable this or change to
-        # `http`.
         scheme: https
-        # This TLS & bearer token file config is used to connect to the actual scrape
-        # endpoints for cluster components. This is separate to discovery auth
-        # configuration because discovery & scraping are two separate concerns in
-        # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-        # the cluster. Otherwise, more config options have to be provided within the
-        # <kubernetes_sd_config>.
         tls_config:
           ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-          # If your node certificates are self-signed or use a different CA to the
-          # master CA, then you need to disable certificate verification. Note that
-          # certificate verification is an integral part of a secure infrastructure
-          # so this should only be disabled in a controlled environment. You can
-          # enable certificate verification by commenting the line below.
-          #
           insecure_skip_verify: true
         bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
         kubernetes_sd_configs:
@@ -87,32 +76,13 @@ data:
             target_label: __metrics_path__
             replacement: /api/v1/nodes/$1/proxy/metrics
       - job_name: "kubernetes-nodes-cadvisor"
-        # Default to scraping over https. If required, just disable this or change to
-        # `http`.
         scheme: https
-        # This TLS & bearer token file config is used to connect to the actual scrape
-        # endpoints for cluster components. This is separate to discovery auth
-        # configuration because discovery & scraping are two separate concerns in
-        # Prometheus. The discovery auth config is automatic if Prometheus runs inside
-        # the cluster. Otherwise, more config options have to be provided within the
-        # <kubernetes_sd_config>.
         tls_config:
           ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-          # If your node certificates are self-signed or use a different CA to the
-          # master CA, then disable certificate verification below. Note that
-          # certificate verification is an integral part of a secure infrastructure
-          # so this should only be disabled in a controlled environment. You can
-          # disable certificate verification by uncommenting the line below.
-          #
           insecure_skip_verify: true
         bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
         kubernetes_sd_configs:
           - role: node
-        # This configuration will work only on kubelet 1.7.3+
-        # As the scrape endpoints for cAdvisor have changed
-        # if you are using older version you need to change the replacement to
-        # replacement: /api/v1/nodes/$1:4194/proxy/metrics
-        # more info here https://github.com/coreos/prometheus-operator/issues/633
         relabel_configs:
           - action: labelmap
             regex: __meta_kubernetes_node_label_(.+)
diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml
@@ -24,13 +24,15 @@ spec:
         nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmagent.nodeAffinityPreset.type "key" .Values.vmagent.nodeAffinityPreset.key "values" .Values.vmagent.nodeAffinityPreset.values ) | nindent 10 }}
       serviceAccount: drycc-victoriametrics-vmagent
       initContainers:
-      - name: drycc-victoriametrics-vmstorage-init
+      - name: drycc-victoriametrics-vmagent-init
         image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest
         imagePullPolicy: {{.Values.imagePullPolicy}}
         args:
         - netcat
         - -v
         - -a
+        - $(DRYCC_CONTROLLER_API_SERVICE_HOST):$(DRYCC_CONTROLLER_API_SERVICE_PORT)
+        - -a
         - {{ printf "drycc-victoriametrics-vminsert.%s.svc.%s:8480" $.Release.Namespace $.Values.global.clusterDomain }}
       containers:
       - name: drycc-victoriametrics-vmagent
@@ -42,7 +44,7 @@ spec:
         {{- else }}
         args:
         - vmagent
-        - --remoteWrite.url={{ printf "http://drycc-victoriametrics-vminsert.%s.svc.%s:8480/insert/0/prometheus/api/v1/write" $.Release.Namespace $.Values.global.clusterDomain }}
+        - --remoteWrite.url={{ printf "http://drycc-victoriametrics-vminsert.%s.svc.%s:8480/insert/multitenant/prometheus/api/v1/write" $.Release.Namespace $.Values.global.clusterDomain }}
         - --remoteWrite.tmpDataPath=/data
         - --httpListenAddr=:8429
         - --promscrape.config=/opt/drycc/victoriametrics/config/prometheus.yaml
