Turn AWS VPC CNI into a control plane add-on

Author: maxbrunet

jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet

@@ -0,0 +1,110 @@
+{
+  values+:: {
+    awsVpcCni: {
+      // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
+      //
+      // References:
+      // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
+      // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
+      minimumWarmIPs: 10,
+      minimumWarmIPsTime: '10m',
+    },
+  },
+  kubernetesControlPlane+: {
+    serviceAwsVpcCni: {
+      apiVersion: 'v1',
+      kind: 'Service',
+      metadata: {
+        name: 'aws-node',
+        namespace: 'kube-system',
+        labels: { 'app.kubernetes.io/name': 'aws-node' },
+      },
+      spec: {
+        ports: [
+          {
+            name: 'cni-metrics-port',
+            port: 61678,
+            targetPort: 61678,
+          },
+        ],
+        selector: { 'app.kubernetes.io/name': 'aws-node' },
+        clusterIP: 'None',
+      },
+    },
+
+    serviceMonitorAwsVpcCni: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'ServiceMonitor',
+      metadata: {
+        name: 'aws-node',
+        namespace: $.values.common.namespace,
+        labels: {
+          'app.kubernetes.io/name': 'aws-node',
+        },
+      },
+      spec: {
+        jobLabel: 'app.kubernetes.io/name',
+        selector: {
+          matchLabels: {
+            'app.kubernetes.io/name': 'aws-node',
+          },
+        },
+        namespaceSelector: {
+          matchNames: [
+            'kube-system',
+          ],
+        },
+        endpoints: [
+          {
+            port: 'cni-metrics-port',
+            interval: '30s',
+            path: '/metrics',
+            relabelings: [
+              {
+                action: 'replace',
+                regex: '(.*)',
+                replacement: '$1',
+                sourceLabels: ['__meta_kubernetes_pod_node_name'],
+                targetLabel: 'instance',
+              },
+            ],
+          },
+        ],
+      },
+    },
+
+    prometheusRuleAwsVpcCni: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
+        name: 'aws-vpc-cni-rules',
+        namespace: $.prometheus._config.namespace,
+      },
+      spec: {
+        groups: [
+          {
+            name: 'aws-vpc-cni.rules',
+            rules: [
+              {
+                expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
+                labels: {
+                  severity: 'critical',
+                },
+                annotations: {
+                  summary: 'AWS VPC CNI has a low warm IP pool',
+                  description: |||
+                    Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
+                    It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
+                  ||| % $.values.awsVpcCni.minimumWarmIPs,
+                },
+                'for': $.values.awsVpcCni.minimumWarmIPsTime,
+                alert: 'AwsVpcCniWarmIPsLow',
+              },
+            ],
+          },
+        ],
+      },
+    },
+  },
+}

jsonnet/kube-prometheus/platforms/eks.libsonnet

@@ -1,15 +1,5 @@
+(import '../addons/aws-vpc-cni.libsonnet') +
 (import '../addons/managed-cluster.libsonnet') + {
-  values+:: {
-    awsVpcCni: {
-      // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
-      //
-      // References:
-      // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
-      // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
-      minimumWarmIPs: 10,
-      minimumWarmIPsTime: '10m',
-    },
-  },
   kubernetesControlPlane+: {
     serviceMonitorCoreDNS+: {
       spec+: {
@@ -22,101 +12,5 @@
         ],
       },
     },
-
-    serviceAwsVpcCniMetrics: {
-      apiVersion: 'v1',
-      kind: 'Service',
-      metadata: {
-        name: 'aws-node',
-        namespace: 'kube-system',
-        labels: { 'app.kubernetes.io/name': 'aws-node' },
-      },
-      spec: {
-        ports: [
-          {
-            name: 'cni-metrics-port',
-            port: 61678,
-            targetPort: 61678,
-          },
-        ],
-        selector: { 'app.kubernetes.io/name': 'aws-node' },
-        clusterIP: 'None',
-      },
-    },
-
-    serviceMonitorAwsVpcCni: {
-      apiVersion: 'monitoring.coreos.com/v1',
-      kind: 'ServiceMonitor',
-      metadata: {
-        name: 'aws-node',
-        namespace: $.values.common.namespace,
-        labels: {
-          'app.kubernetes.io/name': 'aws-node',
-        },
-      },
-      spec: {
-        jobLabel: 'app.kubernetes.io/name',
-        selector: {
-          matchLabels: {
-            'app.kubernetes.io/name': 'aws-node',
-          },
-        },
-        namespaceSelector: {
-          matchNames: [
-            'kube-system',
-          ],
-        },
-        endpoints: [
-          {
-            port: 'cni-metrics-port',
-            interval: '30s',
-            path: '/metrics',
-            relabelings: [
-              {
-                action: 'replace',
-                regex: '(.*)',
-                replacement: '$1',
-                sourceLabels: ['__meta_kubernetes_pod_node_name'],
-                targetLabel: 'instance',
-              },
-            ],
-          },
-        ],
-      },
-    },
-
-    prometheusRuleAwsVpcCni: {
-      apiVersion: 'monitoring.coreos.com/v1',
-      kind: 'PrometheusRule',
-      metadata: {
-        labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
-        name: 'aws-vpc-cni-rules',
-        namespace: $.prometheus._config.namespace,
-      },
-      spec: {
-        groups: [
-          {
-            name: 'kube-prometheus-aws-vpc-cni.rules',
-            rules: [
-              {
-                expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
-                labels: {
-                  severity: 'critical',
-                },
-                annotations: {
-                  summary: 'AWS VPC CNI has a low warm IP pool',
-                  description: |||
-                    Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
-                    It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
-                  ||| % $.values.awsVpcCni.minimumWarmIPs,
-                },
-                'for': $.values.awsVpcCni.minimumWarmIPsTime,
-                alert: 'AwsVpcCniWarmIPsLow',
-              },
-            ],
-          },
-        ],
-      },
-    },
   },
 }