Talk:Helm/Upstream Charts/kube-state-metrics

Rendered with Parsoid
From Wikitech
Latest comment: 7 months ago by Elukey in topic Review

Review

Latest comment: 7 months ago2 comments2 people in discussion

I took a look at the chart and it's history and I'm overall pretty happy with it:

  • The chart is actively maintained by multiple people (hosted in the "official" prometheus community repo)
  • RBAC permissions are broad by nature, but limited to relevant resources and read-only
  • build in networkpolicy support

I've used the following config to achieve what I think would fly in our clusters (minus resource requests/limits) when run in a system namespace. It should be possible to run in a non-system namespace but I think we should not do that for sake of similarity with other admin_ng stuff:

networkPolicy:
  enabled: true
selfMonitor:
  enabled: true
# This will enable scraping of both the kube-state-metrics and the metrics of the service itself, see
# https://phabricator.wikimedia.org/T318707#8878939
podAnnotations:
  prometheus.io/scrape: true
# Quite counterintuitive, but the only thing this does is remove the scrape annotation from
# the Service object. As we only scrape pods anyways it should not be an issue to leave this
# enabled (the default).
prometheusScrape: false

From my side I'd say we should absolutely go with importing it and we can most likely use it without any modification. JMeybohm (talk) 14:20, 11 August 2023 (UTC)Reply

From https://phabricator.wikimedia.org/T264625#9214879:
From a quick check of https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics the helm chart seems a good fit for our use case:
PSP policies can be enabled/disabled (since we'll have to depreacate them soon) and more in general, all features like autoscaling etc.. are if-guarded and not enabled by default. There seems to be no option/feature automatically enabled that we don't support.
Network policies seems sane, and we'll just need to allow kube-state-metrics pod to reach the Kube API, so very easy use case.
I don't see any weird permission to assign to the kube-state-metrics pod.
There seems to be an active community behind it (https://github.com/prometheus-community/helm-charts/commits/main/charts/kube-state-metrics).
I'd be in favor to start testing the helm chart, there may be some tweak needed but overall it looks good imho.
+1 to proceed :) Elukey (talk) 14:38, 9 October 2023 (UTC)Reply
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Talk:Helm/Upstream_Charts/kube-state-metrics&oldid=2118429"