From a55dc24744aca5a4b536af95574dba26832dce05 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 9 Jun 2025 20:52:22 +0800 Subject: [PATCH 01/13] chore(victoriametrics): add drycc controller metrics --- .../victoriametrics/networkpolicy.yaml | 13 +++- .../vmagent/vmagent-configmap.yaml | 78 ++++++------------- .../vmagent/vmagent-statefulset.yaml | 6 +- 3 files changed, 39 insertions(+), 58 deletions(-) diff --git a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml index 4c281db..d94f531 100644 --- a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml +++ b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: drycc-victoriametrics-networkpolicy + name: drycc-victoriametrics spec: podSelector: matchLabels: @@ -13,4 +13,13 @@ spec: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{.Release.Namespace}} - podSelector: {} + podSelector: + matchLabels: + app: drycc-controller-api + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{.Release.Namespace}} + podSelector: + matchLabels: + app: drycc-victoriametrics diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml index dfc1e99..80f0b0d 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml @@ -11,41 +11,44 @@ data: {{- (tpl .Values.vmagent.prometheus $) | nindent 4 }} {{- else }} global: - ## How frequently to scrape targets by default - ## scrape_interval: 1m - ## How long until a scrape request times out - ## scrape_timeout: 10s scrape_configs: - job_name: vmagent static_configs: - targets: ["localhost:8429"] + - job_name: "controller-nodes" + scheme: http + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - target_label: __address__ + replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /v2/nodes/$1/proxy/metrics + - job_name: "controller-nodes-cadvisor" + scheme: http + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - target_label: __address__ + replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /v2/nodes/$1/proxy/metrics/cadvisor - job_name: "kubernetes-apiservers" kubernetes_sd_configs: - role: endpoints - # Default to scraping over https. If required, just disable this or change to - # `http`. scheme: https - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then you need to disable certificate verification. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # enable certificate verification by commenting the line below. - # insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - # Keep only the default/kubernetes service endpoints for the https port. This - # will add targets for each API server which Kubernetes adds an endpoint to - # the default/kubernetes service. relabel_configs: - source_labels: [ @@ -56,23 +59,9 @@ data: action: keep regex: default;kubernetes;https - job_name: "kubernetes-nodes" - # Default to scraping over https. If required, just disable this or change to - # `http`. scheme: https - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then you need to disable certificate verification. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # enable certificate verification by commenting the line below. - # insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: @@ -87,32 +76,13 @@ data: target_label: __metrics_path__ replacement: /api/v1/nodes/$1/proxy/metrics - job_name: "kubernetes-nodes-cadvisor" - # Default to scraping over https. If required, just disable this or change to - # `http`. scheme: https - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node - # This configuration will work only on kubelet 1.7.3+ - # As the scrape endpoints for cAdvisor have changed - # if you are using older version you need to change the replacement to - # replacement: /api/v1/nodes/$1:4194/proxy/metrics - # more info here https://github.com/coreos/prometheus-operator/issues/633 relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml index e7aac0c..bcc81a0 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml @@ -24,13 +24,15 @@ spec: nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmagent.nodeAffinityPreset.type "key" .Values.vmagent.nodeAffinityPreset.key "values" .Values.vmagent.nodeAffinityPreset.values ) | nindent 10 }} serviceAccount: drycc-victoriametrics-vmagent initContainers: - - name: drycc-victoriametrics-vmstorage-init + - name: drycc-victoriametrics-vmagent-init image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest imagePullPolicy: {{.Values.imagePullPolicy}} args: - netcat - -v - -a + - $(DRYCC_CONTROLLER_API_SERVICE_HOST):$(DRYCC_CONTROLLER_API_SERVICE_PORT) + - -a - {{ printf "drycc-victoriametrics-vminsert.%s.svc.%s:8480" $.Release.Namespace $.Values.global.clusterDomain }} containers: - name: drycc-victoriametrics-vmagent @@ -42,7 +44,7 @@ spec: {{- else }} args: - vmagent - - --remoteWrite.url={{ printf "http://drycc-victoriametrics-vminsert.%s.svc.%s:8480/insert/0/prometheus/api/v1/write" $.Release.Namespace $.Values.global.clusterDomain }} + - --remoteWrite.url={{ printf "http://drycc-victoriametrics-vminsert.%s.svc.%s:8480/insert/multitenant/prometheus/api/v1/write" $.Release.Namespace $.Values.global.clusterDomain }} - --remoteWrite.tmpDataPath=/data - --httpListenAddr=:8429 - --promscrape.config=/opt/drycc/victoriametrics/config/prometheus.yaml From a8f141e9ca96c861141cb2bb364dff28301feae1 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 17 Jun 2025 15:40:15 +0800 Subject: [PATCH 02/13] feat(vmauth): add vmauth --- .../victoriametrics/networkpolicy.yaml | 19 ++++- .../vmauth/vmauth-configmap.yaml | 17 +++++ .../vmauth/vmauth-creds-secret.yaml | 10 +++ .../vmauth/vmauth-deployment.yaml | 76 +++++++++++++++++++ .../victoriametrics/vmauth/vmauth-svc.yaml | 21 +++++ charts/victoriametrics/values.yaml | 22 ++++++ 6 files changed, 161 insertions(+), 4 deletions(-) create mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml create mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml create mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml create mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml diff --git a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml index d94f531..393c7d4 100644 --- a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml +++ b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml @@ -15,11 +15,22 @@ spec: kubernetes.io/metadata.name: {{.Release.Namespace}} podSelector: matchLabels: - app: drycc-controller-api + app: drycc-victoriametrics + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: drycc-victoriametrics-vmauth +spec: + podSelector: + matchLabels: + app: drycc-victoriametrics + component: drycc-victoriametrics-vmauth + policyTypes: + - Ingress + ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{.Release.Namespace}} - podSelector: - matchLabels: - app: drycc-victoriametrics diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml new file mode 100644 index 0000000..9f7a9f9 --- /dev/null +++ b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: victoriametrics-vmauth-config + labels: + heritage: drycc +data: + vmauth.yaml: | + users: + - username: {{ .Values.vmauth.username }} + password: {{ .Values.vmauth.password }} + url_map: + - src_paths: + - "/insert" + url_prefix: "http://drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480/" + url_prefix: "http://drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481/" + discover_backend_ips: true diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml new file mode 100644 index 0000000..c50cc52 --- /dev/null +++ b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: victoriametrics-vmauth-creds + labels: + heritage: drycc +type: Opaque +data: + username: {{ .Values.vmauth.username | b64enc }} + password: {{ .Values.vmauth.password | b64enc }} diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml new file mode 100644 index 0000000..0f3eec1 --- /dev/null +++ b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drycc-victoriametrics-vmauth + labels: + app: drycc-victoriametrics + heritage: drycc + component: drycc-victoriametrics-vmauth +spec: + replicas: {{ .Values.vmauth.replicas }} + selector: + matchLabels: + app: drycc-victoriametrics + component: drycc-victoriametrics-vmauth + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app: drycc-victoriametrics + component: drycc-victoriametrics-vmauth + spec: + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmauth.nodeAffinityPreset.type "key" .Values.vmauth.nodeAffinityPreset.key "values" .Values.vmauth.nodeAffinityPreset.values ) | nindent 10 }} + initContainers: + - name: drycc-victoriametrics-vmauth-init + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest + imagePullPolicy: {{.Values.imagePullPolicy}} + args: + - netcat + - -v + - -a + - drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481 + - -a + - drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480 + containers: + - name: drycc-victoriametrics-vmauth + image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/victoriametrics:{{.Values.imageTag}} + imagePullPolicy: {{.Values.imagePullPolicy}} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} + {{- else }} + args: + - vmauth + - --auth.config=/etc/victoriametrics/vmauth.yaml + {{- if .Values.vmauth.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraArgs "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- with index .Values "vmauth" "resources" }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8427 + livenessProbe: + tcpSocket: + port: 8427 + readinessProbe: + httpGet: + path: /health + port: 8427 + startupProbe: + httpGet: + path: /health + port: 8427 + volumeMounts: + - name: victoriametrics-vmauth-config + subPath: vmauth.yaml + readOnly: true + mountPath: /etc/victoriametrics/vmauth.yaml + volumes: + - name: victoriametrics-vmauth-config + configMap: + name: victoriametrics-vmauth-config diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml new file mode 100644 index 0000000..38047cd --- /dev/null +++ b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: drycc-victoriametrics-vmauth + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8427" + prometheus.io/path: "/metrics" + labels: + app: drycc-victoriametrics + heritage: drycc + component: drycc-victoriametrics-vmauth +spec: + clusterIP: None + ports: + - port: 8427 + name: http + targetPort: 8427 + selector: + app: drycc-victoriametrics + component: drycc-victoriametrics-vmauth diff --git a/charts/victoriametrics/values.yaml b/charts/victoriametrics/values.yaml index 8638be7..31dc4ce 100644 --- a/charts/victoriametrics/values.yaml +++ b/charts/victoriametrics/values.yaml @@ -51,6 +51,28 @@ vmagent: size: 5Gi storageClass: "" +## victoriametrics vmauth configuration +## +vmauth: + username: admin + password: admin + nodeAffinityPreset: + key: "drycc.cc/node" + type: "soft" + values: + - "true" + podAffinityPreset: + type: "" + extraMatchLabels: + security: "drycc-security" + podAntiAffinityPreset: + type: "soft" + extraMatchLabels: + app: "drycc-victoriametrics-vmauth" + replicas: 1 + resources: {} + extraArgs: {} + ## victoriametrics vminsert configuration ## vminsert: From 59d0c1c0cd81d0ac873d1286882d038772eb7ea4 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Fri, 20 Jun 2025 11:37:18 +0800 Subject: [PATCH 03/13] chore(vmauth): use random user --- .../victoriametrics/vmauth/vmauth-config.yaml | 31 +++++++++++++++++++ .../vmauth/vmauth-configmap.yaml | 17 ---------- .../vmauth/vmauth-creds-secret.yaml | 10 ------ charts/victoriametrics/values.yaml | 4 +-- 4 files changed, 33 insertions(+), 29 deletions(-) create mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml delete mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml delete mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml new file mode 100644 index 0000000..d556da1 --- /dev/null +++ b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml @@ -0,0 +1,31 @@ +{{ $username := include "common.secrets.lookup" (dict "secret" "victoriametrics-vmauth-creds" "key" "username" "defaultValue" (default (randAlphaNum 16) .Values.vmauth.username) "context" $) }} +{{ $password := include "common.secrets.lookup" (dict "secret" "victoriametrics-vmauth-creds" "key" "password" "defaultValue" (default (randAlphaNum 32) .Values.vmauth.password) "context" $) }} +apiVersion: v1 +kind: Secret +metadata: + name: victoriametrics-vmauth-creds + labels: + heritage: drycc +type: Opaque +data: + username: {{ $username }} + password: {{ $password }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: victoriametrics-vmauth-config + labels: + heritage: drycc +data: + vmauth.yaml: | + users: + - username: {{ $username | b64dec }} + password: {{ $password | b64dec }} + url_map: + - src_paths: + - "/insert" + url_prefix: "http://drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480/" + url_prefix: "http://drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481/" + discover_backend_ips: true diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml deleted file mode 100644 index 9f7a9f9..0000000 --- a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: victoriametrics-vmauth-config - labels: - heritage: drycc -data: - vmauth.yaml: | - users: - - username: {{ .Values.vmauth.username }} - password: {{ .Values.vmauth.password }} - url_map: - - src_paths: - - "/insert" - url_prefix: "http://drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480/" - url_prefix: "http://drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481/" - discover_backend_ips: true diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml deleted file mode 100644 index c50cc52..0000000 --- a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-creds-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: victoriametrics-vmauth-creds - labels: - heritage: drycc -type: Opaque -data: - username: {{ .Values.vmauth.username | b64enc }} - password: {{ .Values.vmauth.password | b64enc }} diff --git a/charts/victoriametrics/values.yaml b/charts/victoriametrics/values.yaml index 31dc4ce..b8b2fb5 100644 --- a/charts/victoriametrics/values.yaml +++ b/charts/victoriametrics/values.yaml @@ -54,8 +54,8 @@ vmagent: ## victoriametrics vmauth configuration ## vmauth: - username: admin - password: admin + username: "" + password: "" nodeAffinityPreset: key: "drycc.cc/node" type: "soft" From 635cefc04abbfe9d00112cf726765aba5c38177a Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Wed, 25 Jun 2025 10:37:54 +0800 Subject: [PATCH 04/13] chore(victoriametrics): remove vmauth --- .../victoriametrics/networkpolicy.yaml | 19 +---- .../victoriametrics/vmauth/vmauth-config.yaml | 31 -------- .../vmauth/vmauth-deployment.yaml | 76 ------------------- .../victoriametrics/vmauth/vmauth-svc.yaml | 21 ----- charts/victoriametrics/values.yaml | 22 ------ 5 files changed, 4 insertions(+), 165 deletions(-) delete mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml delete mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml delete mode 100644 charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml diff --git a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml index 393c7d4..d94f531 100644 --- a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml +++ b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml @@ -15,22 +15,11 @@ spec: kubernetes.io/metadata.name: {{.Release.Namespace}} podSelector: matchLabels: - app: drycc-victoriametrics - ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: drycc-victoriametrics-vmauth -spec: - podSelector: - matchLabels: - app: drycc-victoriametrics - component: drycc-victoriametrics-vmauth - policyTypes: - - Ingress - ingress: + app: drycc-controller-api - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{.Release.Namespace}} + podSelector: + matchLabels: + app: drycc-victoriametrics diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml deleted file mode 100644 index d556da1..0000000 --- a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-config.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ $username := include "common.secrets.lookup" (dict "secret" "victoriametrics-vmauth-creds" "key" "username" "defaultValue" (default (randAlphaNum 16) .Values.vmauth.username) "context" $) }} -{{ $password := include "common.secrets.lookup" (dict "secret" "victoriametrics-vmauth-creds" "key" "password" "defaultValue" (default (randAlphaNum 32) .Values.vmauth.password) "context" $) }} -apiVersion: v1 -kind: Secret -metadata: - name: victoriametrics-vmauth-creds - labels: - heritage: drycc -type: Opaque -data: - username: {{ $username }} - password: {{ $password }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: victoriametrics-vmauth-config - labels: - heritage: drycc -data: - vmauth.yaml: | - users: - - username: {{ $username | b64dec }} - password: {{ $password | b64dec }} - url_map: - - src_paths: - - "/insert" - url_prefix: "http://drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480/" - url_prefix: "http://drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481/" - discover_backend_ips: true diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml deleted file mode 100644 index 0f3eec1..0000000 --- a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: drycc-victoriametrics-vmauth - labels: - app: drycc-victoriametrics - heritage: drycc - component: drycc-victoriametrics-vmauth -spec: - replicas: {{ .Values.vmauth.replicas }} - selector: - matchLabels: - app: drycc-victoriametrics - component: drycc-victoriametrics-vmauth - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app: drycc-victoriametrics - component: drycc-victoriametrics-vmauth - spec: - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmauth.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmauth.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmauth.nodeAffinityPreset.type "key" .Values.vmauth.nodeAffinityPreset.key "values" .Values.vmauth.nodeAffinityPreset.values ) | nindent 10 }} - initContainers: - - name: drycc-victoriametrics-vmauth-init - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest - imagePullPolicy: {{.Values.imagePullPolicy}} - args: - - netcat - - -v - - -a - - drycc-victoriametrics-vmselect.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8481 - - -a - - drycc-victoriametrics-vminsert.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:8480 - containers: - - name: drycc-victoriametrics-vmauth - image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/victoriametrics:{{.Values.imageTag}} - imagePullPolicy: {{.Values.imagePullPolicy}} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 10 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 10 }} - {{- else }} - args: - - vmauth - - --auth.config=/etc/victoriametrics/vmauth.yaml - {{- if .Values.vmauth.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.vmauth.extraArgs "context" $) | nindent 8 }} - {{- end }} - {{- end }} - {{- with index .Values "vmauth" "resources" }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - ports: - - containerPort: 8427 - livenessProbe: - tcpSocket: - port: 8427 - readinessProbe: - httpGet: - path: /health - port: 8427 - startupProbe: - httpGet: - path: /health - port: 8427 - volumeMounts: - - name: victoriametrics-vmauth-config - subPath: vmauth.yaml - readOnly: true - mountPath: /etc/victoriametrics/vmauth.yaml - volumes: - - name: victoriametrics-vmauth-config - configMap: - name: victoriametrics-vmauth-config diff --git a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml b/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml deleted file mode 100644 index 38047cd..0000000 --- a/charts/victoriametrics/templates/victoriametrics/vmauth/vmauth-svc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: drycc-victoriametrics-vmauth - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8427" - prometheus.io/path: "/metrics" - labels: - app: drycc-victoriametrics - heritage: drycc - component: drycc-victoriametrics-vmauth -spec: - clusterIP: None - ports: - - port: 8427 - name: http - targetPort: 8427 - selector: - app: drycc-victoriametrics - component: drycc-victoriametrics-vmauth diff --git a/charts/victoriametrics/values.yaml b/charts/victoriametrics/values.yaml index b8b2fb5..8638be7 100644 --- a/charts/victoriametrics/values.yaml +++ b/charts/victoriametrics/values.yaml @@ -51,28 +51,6 @@ vmagent: size: 5Gi storageClass: "" -## victoriametrics vmauth configuration -## -vmauth: - username: "" - password: "" - nodeAffinityPreset: - key: "drycc.cc/node" - type: "soft" - values: - - "true" - podAffinityPreset: - type: "" - extraMatchLabels: - security: "drycc-security" - podAntiAffinityPreset: - type: "soft" - extraMatchLabels: - app: "drycc-victoriametrics-vmauth" - replicas: 1 - resources: {} - extraArgs: {} - ## victoriametrics vminsert configuration ## vminsert: From 4ea37f9be6849b0286592f99f0cd9ff156169cba Mon Sep 17 00:00:00 2001 From: lijianguo <842666271@qq.com> Date: Wed, 2 Jul 2025 16:44:38 +0800 Subject: [PATCH 05/13] chore(charts): set honor_labels true (#1) --- .../templates/victoriametrics/vmagent/vmagent-configmap.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml index 80f0b0d..bc6cee2 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml @@ -145,6 +145,7 @@ data: replacement: $1.$2.svc.cluster.local:$3 target_label: __address__ - job_name: "kubernetes-service-endpoints" + honor_labels: true kubernetes_sd_configs: - role: endpointslices relabel_configs: @@ -198,6 +199,7 @@ data: action: replace target_label: node - job_name: "kubernetes-service-endpoints-slow" + honor_labels: true scrape_interval: 5m scrape_timeout: 30s kubernetes_sd_configs: @@ -248,6 +250,7 @@ data: action: replace target_label: node - job_name: "kubernetes-services" + honor_labels: true metrics_path: /probe params: module: [http_2xx] @@ -271,6 +274,7 @@ data: - source_labels: [__meta_kubernetes_service_name] target_label: service - job_name: "kubernetes-pods" + honor_labels: true kubernetes_sd_configs: - role: pod relabel_configs: From ff70cce98c63eddb4342c223eb9ac072ba24b2f0 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 15 Jul 2025 22:41:03 +0800 Subject: [PATCH 06/13] chore(charts): simplify the connection controller --- .../victoriametrics/vmagent/vmagent-configmap.yaml | 8 ++++---- .../victoriametrics/vmagent/vmagent-statefulset.yaml | 8 +++----- .../victoriametrics/vminsert/vminsert-deployment.yaml | 2 +- .../victoriametrics/vmselect/vmselect-deployment.yaml | 2 +- charts/victoriametrics/values.yaml | 10 ---------- 5 files changed, 9 insertions(+), 21 deletions(-) diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml index bc6cee2..d531f5e 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml @@ -24,7 +24,7 @@ data: - role: node relabel_configs: - target_label: __address__ - replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80 + replacement: drycc-controller-api:80 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ @@ -36,7 +36,7 @@ data: - role: node relabel_configs: - target_label: __address__ - replacement: drycc-controller-api.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:80 + replacement: drycc-controller-api:80 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ @@ -132,7 +132,7 @@ data: ] separator: ; regex: (.+);(.+) - replacement: $1.$2.svc.cluster.local + replacement: $1.$2.svc target_label: __address__ - source_labels: [ @@ -142,7 +142,7 @@ data: ] separator: ; regex: (.+);(.+);(\d+) - replacement: $1.$2.svc.cluster.local:$3 + replacement: $1.$2.svc:$3 target_label: __address__ - job_name: "kubernetes-service-endpoints" honor_labels: true diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml index bcc81a0..454b331 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml @@ -30,10 +30,8 @@ spec: args: - netcat - -v - - -a - - $(DRYCC_CONTROLLER_API_SERVICE_HOST):$(DRYCC_CONTROLLER_API_SERVICE_PORT) - - -a - - {{ printf "drycc-victoriametrics-vminsert.%s.svc.%s:8480" $.Release.Namespace $.Values.global.clusterDomain }} + - -u + - http://drycc-controller-api,http://drycc-victoriametrics-vminsert:8480 containers: - name: drycc-victoriametrics-vmagent image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/victoriametrics:{{.Values.imageTag}} @@ -44,7 +42,7 @@ spec: {{- else }} args: - vmagent - - --remoteWrite.url={{ printf "http://drycc-victoriametrics-vminsert.%s.svc.%s:8480/insert/multitenant/prometheus/api/v1/write" $.Release.Namespace $.Values.global.clusterDomain }} + - --remoteWrite.url=http://drycc-victoriametrics-vminsert:8480/insert/multitenant/prometheus/api/v1/write - --remoteWrite.tmpDataPath=/data - --httpListenAddr=:8429 - --promscrape.config=/opt/drycc/victoriametrics/config/prometheus.yaml diff --git a/charts/victoriametrics/templates/victoriametrics/vminsert/vminsert-deployment.yaml b/charts/victoriametrics/templates/victoriametrics/vminsert/vminsert-deployment.yaml index 4897844..884d0b5 100644 --- a/charts/victoriametrics/templates/victoriametrics/vminsert/vminsert-deployment.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vminsert/vminsert-deployment.yaml @@ -1,7 +1,7 @@ {{- $replicas := .Values.vmstorage.replicas | int -}} {{- $endpoints := list -}} {{- range $i := until $replicas -}} - {{- $endpoint := printf "drycc-victoriametrics-vmstorage-%d.drycc-victoriametrics-vmstorage.%s.svc.%s:8400" $i $.Release.Namespace $.Values.global.clusterDomain -}} + {{- $endpoint := printf "drycc-victoriametrics-vmstorage-%d.drycc-victoriametrics-vmstorage:8400" $i -}} {{- $endpoints = append $endpoints $endpoint -}} {{- end -}} {{- $storageNodes := join "," $endpoints -}} diff --git a/charts/victoriametrics/templates/victoriametrics/vmselect/vmselect-deployment.yaml b/charts/victoriametrics/templates/victoriametrics/vmselect/vmselect-deployment.yaml index 7929443..9ca114f 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmselect/vmselect-deployment.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmselect/vmselect-deployment.yaml @@ -1,7 +1,7 @@ {{- $replicas := .Values.vmstorage.replicas | int -}} {{- $endpoints := list -}} {{- range $i := until $replicas -}} - {{- $endpoint := printf "drycc-victoriametrics-vmstorage-%d.drycc-victoriametrics-vmstorage.%s.svc.%s:8401" $i $.Release.Namespace $.Values.global.clusterDomain -}} + {{- $endpoint := printf "drycc-victoriametrics-vmstorage-%d.drycc-victoriametrics-vmstorage:8401" $i -}} {{- $endpoints = append $endpoints $endpoint -}} {{- end -}} {{- $storageNodes := join "," $endpoints -}} diff --git a/charts/victoriametrics/values.yaml b/charts/victoriametrics/values.yaml index 8638be7..a5eec4a 100644 --- a/charts/victoriametrics/values.yaml +++ b/charts/victoriametrics/values.yaml @@ -216,13 +216,3 @@ kubeStateMetrics: - storageclasses - validatingwebhookconfigurations - volumeattachments - # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers - -global: - # Admin email, used for each component to send email to administrator - email: "drycc@drycc.cc" - # A domain name consists of one or more parts. - # Periods (.) are used to separate these parts. - # Each part must be 1 to 63 characters in length and can contain lowercase letters, digits, and hyphens (-). - # It must start and end with a lowercase letter or digit. - clusterDomain: "cluster.local" From 6915bd7c369fefd03acd8a06b5940d8ba4d7ee88 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 24 Jul 2025 15:18:44 +0800 Subject: [PATCH 07/13] chore(charts): change controller match labels --- .../victoriametrics/networkpolicy.yaml | 2 +- .../vmagent/vmagent-configmap.yaml | 62 ++++++++++++++----- 2 files changed, 47 insertions(+), 17 deletions(-) diff --git a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml index d94f531..6b394b9 100644 --- a/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml +++ b/charts/victoriametrics/templates/victoriametrics/networkpolicy.yaml @@ -15,7 +15,7 @@ spec: kubernetes.io/metadata.name: {{.Release.Namespace}} podSelector: matchLabels: - app: drycc-controller-api + app: drycc-controller - from: - namespaceSelector: matchLabels: diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml index d531f5e..2bd6947 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml @@ -23,24 +23,40 @@ data: kubernetes_sd_configs: - role: node relabel_configs: - - target_label: __address__ - replacement: drycc-controller-api:80 + - target_label: __param_scheme + replacement: https + - target_label: __param_host + replacement: kubernetes.default.svc + - target_label: __param_port + replacement: 443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) - target_label: __metrics_path__ - replacement: /v2/nodes/$1/proxy/metrics + target_label: __param_path + replacement: /api/v1/nodes/$1/proxy/metrics + - target_label: __address__ + replacement: drycc-controller-metric:8000 + - target_label: __metrics_path__ + replacement: /v2/metrics - job_name: "controller-nodes-cadvisor" scheme: http bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node relabel_configs: - - target_label: __address__ - replacement: drycc-controller-api:80 + - target_label: __param_scheme + replacement: https + - target_label: __param_host + replacement: kubernetes.default.svc + - target_label: __param_port + replacement: 443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) - target_label: __metrics_path__ - replacement: /v2/nodes/$1/proxy/metrics/cadvisor + target_label: __param_path + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + - target_label: __address__ + replacement: drycc-controller-metric:8000 + - target_label: __metrics_path__ + replacement: /v2/metrics - job_name: "kubernetes-apiservers" kubernetes_sd_configs: - role: endpoints @@ -163,11 +179,14 @@ data: separator: ; regex: "true;true" action: drop - - source_labels: - [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] regex: (https?) + replacement: $1 + target_label: __scheme__ + - source_labels: [__scheme__] + regex: ^$ + replacement: http + target_label: __scheme__ - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] action: replace @@ -214,11 +233,14 @@ data: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] action: keep regex: true - - source_labels: - [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] regex: (https?) + replacement: $1 + target_label: __scheme__ + - source_labels: [__scheme__] + regex: ^$ + replacement: http + target_label: __scheme__ - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] action: replace @@ -286,6 +308,14 @@ data: - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + regex: (https?) + replacement: $1 + target_label: __scheme__ + - source_labels: [__scheme__] + regex: ^$ + replacement: http + target_label: __scheme__ - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ From 52b803b41c3d24cccaacc86876f50a335f07b241 Mon Sep 17 00:00:00 2001 From: lijianguo Date: Wed, 27 Aug 2025 10:18:57 +0800 Subject: [PATCH 08/13] chore(kubeStateMetrics): add metricAnnotationsAllowList config (#2) --- charts/victoriametrics/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/victoriametrics/values.yaml b/charts/victoriametrics/values.yaml index a5eec4a..18ef170 100644 --- a/charts/victoriametrics/values.yaml +++ b/charts/victoriametrics/values.yaml @@ -216,3 +216,5 @@ kubeStateMetrics: - storageclasses - validatingwebhookconfigurations - volumeattachments + metricAnnotationsAllowList: + - persistentvolumeclaims=[*] From b828cd52bf5d74f22736f4cb6973bf2258f317b4 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sun, 14 Sep 2025 01:13:51 +0800 Subject: [PATCH 09/13] chore(victoriametrics): bump new version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0b62a8c..cff4e14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,8 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/data \ NODE_EXPORTER_VERSION="1.9.1" \ - KUBE_STATE_METRICS="2.15.0" \ - VICTORIAMETRICS_VERSION="1.116.0" + KUBE_STATE_METRICS="2.17.0" \ + VICTORIAMETRICS_VERSION="1.125.1" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ From c68cd18bdf2fbc5be9e814ce4efc2008bfa4d749 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 30 Sep 2025 10:46:51 +0800 Subject: [PATCH 10/13] feat(scrape): add controller pods job --- .../vmagent/vmagent-configmap.yaml | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml index 2bd6947..ed99185 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-configmap.yaml @@ -57,6 +57,53 @@ data: replacement: drycc-controller-metric:8000 - target_label: __metrics_path__ replacement: /v2/metrics + - job_name: "controller-pods" + scheme: http + honor_labels: true + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: drop + source_labels: [__meta_kubernetes_pod_container_init] + regex: true + - action: keep_if_equal + source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - target_label: __param_scheme + replacement: http + - source_labels: [__address__] + regex: ([^:]+)(?::\d+)? + target_label: __param_host + replacement: $1 + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] + regex: (\d+);.*|.*;(\d+) + target_label: __param_port + replacement: ${1}${2} + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + regex: (.+) + target_label: __param_path + replacement: $1 + - source_labels: [__param_path] + regex: ^$ + replacement: /metrics + target_label: __param_path + - target_label: __address__ + replacement: drycc-controller-metric:8000 + - target_label: __metrics_path__ + replacement: /v2/metrics + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + - source_labels: [__meta_kubernetes_pod_container_name] + target_label: container + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node - job_name: "kubernetes-apiservers" kubernetes_sd_configs: - role: endpoints From 46bf71877098b59f3bd02d3613ed58cc2049c46f Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 6 Nov 2025 17:00:00 +0800 Subject: [PATCH 11/13] chore(victoriametrics): change env to build arg --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cff4e14..d02a576 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG CODENAME FROM registry.drycc.cc/drycc/base:${CODENAME} -ENV DRYCC_UID=1001 \ +ARG DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/data \ NODE_EXPORTER_VERSION="1.9.1" \ From dd09a12d7c83d5f1878cbc95cfc1bb044da80796 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 15 Nov 2025 21:21:39 +0800 Subject: [PATCH 12/13] chore(victoriametrics): bump version to 1.129.1 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d02a576..e9ab496 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,9 +4,9 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ARG DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/data \ - NODE_EXPORTER_VERSION="1.9.1" \ + NODE_EXPORTER_VERSION="1.10.2" \ KUBE_STATE_METRICS="2.17.0" \ - VICTORIAMETRICS_VERSION="1.125.1" + VICTORIAMETRICS_VERSION="1.129.1" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \ From 97a69783323f09c64b998cb85a606e30b4089a97 Mon Sep 17 00:00:00 2001 From: lijianguo Date: Fri, 8 May 2026 13:44:56 +0800 Subject: [PATCH 13/13] chore(charts): config securityContext (#3) --- .../victoriametrics/vmagent/vmagent-statefulset.yaml | 4 ++++ .../victoriametrics/vmstorage/vmstorage-statefulset.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml index 454b331..3880916 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmagent/vmagent-statefulset.yaml @@ -23,6 +23,10 @@ spec: podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmagent.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmagent.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmagent.nodeAffinityPreset.type "key" .Values.vmagent.nodeAffinityPreset.key "values" .Values.vmagent.nodeAffinityPreset.values ) | nindent 10 }} serviceAccount: drycc-victoriametrics-vmagent + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 initContainers: - name: drycc-victoriametrics-vmagent-init image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/python-dev:latest diff --git a/charts/victoriametrics/templates/victoriametrics/vmstorage/vmstorage-statefulset.yaml b/charts/victoriametrics/templates/victoriametrics/vmstorage/vmstorage-statefulset.yaml index 1d555be..b27a19b 100644 --- a/charts/victoriametrics/templates/victoriametrics/vmstorage/vmstorage-statefulset.yaml +++ b/charts/victoriametrics/templates/victoriametrics/vmstorage/vmstorage-statefulset.yaml @@ -23,6 +23,10 @@ spec: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmstorage.podAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmstorage.podAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.vmstorage.podAntiAffinityPreset.type "component" "" "extraMatchLabels" .Values.vmstorage.podAntiAffinityPreset.extraMatchLabels "topologyKey" "" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.vmstorage.nodeAffinityPreset.type "key" .Values.vmstorage.nodeAffinityPreset.key "values" .Values.vmstorage.nodeAffinityPreset.values ) | nindent 10 }} + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 containers: - name: drycc-victoriametrics-vmstorage image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/victoriametrics:{{.Values.imageTag}}