diff --git a/k8s/apps/telegraf/config/telegraf.conf b/k8s/apps/telegraf/config/telegraf.conf index 5f0e7ef3b5..718ac1d180 100644 --- a/k8s/apps/telegraf/config/telegraf.conf +++ b/k8s/apps/telegraf/config/telegraf.conf @@ -1,30 +1,82 @@ -[global_tags] - [agent] - interval = "60s" - round_interval = false + interval = "10s" + round_interval = true + hostname = "$HOST_NAME" - metric_batch_size = 1000 - metric_buffer_limit = 10000 +[[outputs.influxdb_v2]] + urls = ["http://influxdb.influxdb:8086"] + token = "${INFLUXDB_TOKEN}" + organization = "primary" + bucket = "telegraf" - collection_jitter = "0s" - flush_interval = "10s" - flush_jitter = "0s" +# [[outputs.exec]] +# command = ["/opt/telegraf/plugins/telegraf-output-mackerel"] +# timeout = "10s" - precision = "" - hostname = "lily" +[[inputs.cgroup]] -[[outputs.exec]] - command = ["/opt/telegraf/plugins/telegraf-output-mackerel"] - timeout = "10s" +[[inputs.cpu]] + percpu = true + totalcpu = true + report_active = true + core_tags = true + +[[inputs.disk]] + +[[inputs.diskio]] + +[[inputs.ethtool]] + interface_include = ["enp1s0", "tailscale0"] -[[inputs.temp]] [[inputs.internet_speed]] - interval = "5m" - cache = true - server_id_include = ["21569", "48463"] + interval = "15m" + enable_file_download = true + +[[inputs.interrupts]] + +[[inputs.kernel]] + +[[inputs.kernel_vmstat]] + +[[inputs.kubernetes]] + url = "https://$HOST_IP:10250" + insecure_skip_verify = true + +[[inputs.linux_cpu]] + +[[inputs.linux_cpu]] + # [[inputs.sensors]] + +[[inputs.mem]] + +[[inputs.net]] + interfaces = ["enp*", "lo", "tailscale0"] + ignore_protocol_stats = true + +[[inputs.nstat]] + +[[inputs.netstat]] + +# [[inputs.mysql]] + +[[inputs.ping]] + urls = ["google.com", "github.com", "x.com"] + method = "native" + +# [[inputs.postgresql]] + +[[inputs.processes]] + +[[inputs.swap]] + +[[inputs.system]] + +# [[inputs.systemd_units]] + # [[inputs.smart]] # attributes = true # use_sudo = true # read_method = "sequential" + +[[inputs.temp]] diff --git a/k8s/apps/telegraf/kustomization.yaml b/k8s/apps/telegraf/kustomization.yaml index b4df56eac5..54beb36a35 100644 --- a/k8s/apps/telegraf/kustomization.yaml +++ b/k8s/apps/telegraf/kustomization.yaml @@ -6,6 +6,7 @@ resources: - ./resources/namespace.yaml - ./resources/deployment.yaml - ./resources/secret.yaml + - ./resources/service-account.yaml configMapGenerator: - name: app-config diff --git a/k8s/apps/telegraf/resources/deployment.yaml b/k8s/apps/telegraf/resources/deployment.yaml index a5588ab4ae..b8ea15b5ad 100644 --- a/k8s/apps/telegraf/resources/deployment.yaml +++ b/k8s/apps/telegraf/resources/deployment.yaml @@ -17,41 +17,35 @@ spec: - name: app image: public.ecr.aws/bitnami/telegraf:1.32.2@sha256:c5afd4511a4e5c8173d65dd861186988b8ce7f41fd16896596808116d0d23958 command: - - /bin/bash - - -c - - | - apt update - apt install -y sudo smartmontools - rm -rf /var/lib/apt/lists/* - echo "Cmnd_Alias SMARTCTL = /usr/sbin/smartctl" >> /etc/sudoers - echo "telegraf ALL=(ALL) NOPASSWD: SMARTCTL" >> /etc/sudoers - echo "Defaults!SMARTCTL !logfile, !syslog, !pam_session" >> /etc/sudoers - telegraf + - telegraf env: + - name: TZ + value: Asia/Tokyo + - name: HOST_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP - name: HOST_ETC value: /hostfs/etc - - name: HOST_MOUNT_PREFIX - value: /hostfs - name: HOST_PROC value: /hostfs/proc - - name: HOST_RUN - value: /hostfs/run - name: HOST_SYS value: /hostfs/sys - name: HOST_VAR value: /hostfs/var - - name: TZ - value: Asia/Tokyo - - name: MACKEREL_API_KEY - valueFrom: - secretKeyRef: - name: app-secret - key: mackerel-api-key - - name: MACKEREL_HOST_ID - valueFrom: - secretKeyRef: - name: app-secret - key: mackerel-host-id + - name: HOST_RUN + value: /hostfs/run + - name: HOST_MOUNT_PREFIX + value: /hostfs + - name: PROC_ROOT + value: /hostfs/proc + envFrom: + - secretRef: + name: app-secret volumeMounts: - name: config mountPath: /etc/telegraf/telegraf.conf @@ -60,21 +54,19 @@ spec: - name: plugins mountPath: /opt/telegraf/plugins readOnly: true - - name: host-var - mountPath: /hostfs/var - readOnly: true - - name: host-proc - mountPath: /hostfs/proc - readOnly: true - - name: host-sys - mountPath: /hostfs/sys - readOnly: true - - name: host-etc - mountPath: /hostfs/etc + - name: hostfs + mountPath: /hostfs readOnly: true - - name: host-run - mountPath: /hostfs/run + - name: run-udev + mountPath: /run/udev readOnly: true + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi securityContext: privileged: true volumes: @@ -85,24 +77,13 @@ spec: hostPath: path: /opt/k8s-volumes/telegraf/plugins type: Directory - - name: host-var - hostPath: - path: /var - type: Directory - - name: host-proc - hostPath: - path: /proc - type: Directory - - name: host-sys - hostPath: - path: /sys - type: Directory - - name: host-etc + - name: hostfs hostPath: - path: /etc + path: / type: Directory - - name: host-run + - name: run-udev hostPath: - path: /run + path: /run/udev type: Directory restartPolicy: Always + serviceAccountName: telegraf diff --git a/k8s/apps/telegraf/resources/service-account.yaml b/k8s/apps/telegraf/resources/service-account.yaml new file mode 100644 index 0000000000..659089b57f --- /dev/null +++ b/k8s/apps/telegraf/resources/service-account.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: telegraf + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: telegraf-cluster-role + +rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/stats + - persistentvolumes + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: telegraf-cluster-role-binding + +roleRef: + name: telegraf-cluster-role + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +subjects: + - name: telegraf + kind: ServiceAccount