Talk:Helm/Upstream Charts/kube-state-metrics
Appearance
Rendered with Parsoid
Latest comment: 11 months ago by Elukey in topic Review
Review
I took a look at the chart and it's history and I'm overall pretty happy with it:
- The chart is actively maintained by multiple people (hosted in the "official" prometheus community repo)
- RBAC permissions are broad by nature, but limited to relevant resources and read-only
- build in networkpolicy support
I've used the following config to achieve what I think would fly in our clusters (minus resource requests/limits) when run in a system namespace. It should be possible to run in a non-system namespace but I think we should not do that for sake of similarity with other admin_ng stuff:
networkPolicy:
enabled: true
selfMonitor:
enabled: true
# This will enable scraping of both the kube-state-metrics and the metrics of the service itself, see
# https://phabricator.wikimedia.org/T318707#8878939
podAnnotations:
prometheus.io/scrape: true
# Quite counterintuitive, but the only thing this does is remove the scrape annotation from
# the Service object. As we only scrape pods anyways it should not be an issue to leave this
# enabled (the default).
prometheusScrape: false
From my side I'd say we should absolutely go with importing it and we can most likely use it without any modification. JMeybohm (talk) 14:20, 11 August 2023 (UTC)
- From https://phabricator.wikimedia.org/T264625#9214879:
- From a quick check of https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics the helm chart seems a good fit for our use case:
- PSP policies can be enabled/disabled (since we'll have to depreacate them soon) and more in general, all features like autoscaling etc.. are if-guarded and not enabled by default. There seems to be no option/feature automatically enabled that we don't support.
- Network policies seems sane, and we'll just need to allow kube-state-metrics pod to reach the Kube API, so very easy use case.
- I don't see any weird permission to assign to the kube-state-metrics pod.
- There seems to be an active community behind it (https://github.com/prometheus-community/helm-charts/commits/main/charts/kube-state-metrics).
- I'd be in favor to start testing the helm chart, there may be some tweak needed but overall it looks good imho.
- +1 to proceed :) Elukey (talk) 14:38, 9 October 2023 (UTC)