Skip to content

rook-ceph: add exporter psp and fix dashboard #433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lunkan93 merged 1 commit into from
Apr 23, 2025
Merged

rook-ceph: add exporter psp and fix dashboard #433

lunkan93 merged 1 commit into from
Apr 23, 2025

Conversation

@lunkan93
Copy link
Contributor

@lunkan93 lunkan93 commented Apr 17, 2025
edited
Loading

Warning

This is a public repository, ensure not to disclose:

  • personal data beyond what is necessary for interacting with this pull request, nor
  • business confidential information, such as customer names.

What kind of PR is this?

Required: Mark one of the following that is applicable:

  • kind/feature
  • kind/improvement
  • kind/deprecation
  • kind/documentation
  • kind/clean-up
  • kind/bug
  • kind/other

Optional: Mark one or more of the following that are applicable:

Important

Breaking changes should be marked kind/admin-change or kind/dev-change depending on type
Critical security fixes should be marked with kind/security

  • kind/admin-change
  • kind/dev-change
  • kind/security
  • [kind/adr](set-me)

What does this PR do / why do we need this PR?

...

  • Fixes #

Information to reviewers

Checklist

  • Proper commit message prefix on all commits
  • Change checks:
    • The change is transparent
    • The change is disruptive
    • The change requires no migration steps
    • The change requires migration steps
  • Documentation checks:
  • Metrics checks:
    • The metrics are still exposed and present in Grafana after the change
    • The metrics names didn't change (Grafana dashboards and Prometheus alerts required no updates)
    • The metrics names did change (Grafana dashboards and Prometheus alerts required an update)
  • Logs checks:
    • The logs do not show any errors after the change
  • PodSecurityPolicy checks:
    • Any changed Pod is covered by Kubernetes Pod Security Standards
    • Any changed Pod is covered by Gatekeeper Pod Security Policies
    • The change does not cause any Pods to be blocked by Pod Security Standards or Policies
  • NetworkPolicy checks:
    • Any changed Pod is covered by Network Policies
    • The change does not cause any dropped packets in the NetworkPolicy Dashboard
  • Audit checks:
    • The change does not cause any unnecessary Kubernetes audit events
    • The change requires changes to Kubernetes audit policy
  • Falco checks:
    • The change does not cause any alerts to be generated by Falco
  • Bug checks:
    • The bug fix is covered by regression tests

@lunkan93 lunkan93 self-assigned this Apr 17, 2025
@lunkan93 lunkan93 requested a review from a team as a code owner April 17, 2025 11:03
aarnq
aarnq reviewed Apr 17, 2025
View reviewed changes
Copy link
Contributor

@aarnq aarnq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do the dashboard changes work with old v17 metrics?

@lunkan93
Copy link
Contributor Author

lunkan93 commented Apr 17, 2025

Do the dashboard changes work with old v17 metrics?

Some of the panels seem to get the issue that this fixes when on v17 😵

aarnq
aarnq approved these changes Apr 17, 2025
View reviewed changes
Copy link
Contributor

@aarnq aarnq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

linus-astrom
linus-astrom reviewed Apr 17, 2025
View reviewed changes
rook/helmfile.d/values/podsecuritypolicies.yaml.gotmpl
app: rook-ceph-exporter
allow:
allowPrivilegeEscalation: true
privileged: true
Copy link

@linus-astrom linus-astrom Apr 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a need to allow privileged to be true? from what i can see of the exporter pod it runs it as false

Copy link
Contributor Author

@lunkan93 lunkan93 Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can probably be removed, I did not have time to construct the PSP super carefully as this was found during maintenance

@lunkan93
Copy link
Contributor Author

lunkan93 commented Apr 17, 2025
edited
Loading

Do the dashboard changes work with old v17 metrics?

Some of the panels seem to get the issue that this fixes when on v17 😵

Just to clarify: I tested the changes on v17 and I found that not all, but for at least one panel the change actually introduces the issue on v17, that it fixes on v18.

@davidumea
Copy link
Contributor

davidumea commented Apr 17, 2025

Well done thank you

@lunkan93 lunkan93 merged commit f5cf21f into main Apr 23, 2025
2 of 5 checks passed
@lunkan93 lunkan93 deleted the simonl/rook-ceph-fixes branch April 23, 2025 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@linus-astrom linus-astrom linus-astrom left review comments

@davidumea davidumea davidumea approved these changes

@aarnq aarnq aarnq approved these changes

@lucianvlad lucianvlad Awaiting requested review from lucianvlad

Assignees

@lunkan93 lunkan93

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lunkan93 @davidumea @aarnq @linus-astrom