giantswarm / net-exporter Goto Github PK

View Code? Open in Web Editor NEW

40.0 15.0 5.0 13.14 MB

A Prometheus exporter for exposing network information in Kubernetes clusters

Home Page: https://giantswarm.io

License: Apache License 2.0

Go 78.54% Dockerfile 0.57% Smarty 2.35% Makefile 18.54%

prometheus prometheus-exporter kubernetes core-component

net-exporter's Introduction

net-exporter

net-exporter is a Prometheus exporter for exposing network information in Kubernetes clusters. It is packaged as a Helm chart.

net-exporter runs as a Kubernetes Daemonset. This is to allow for intra-pod network calls, to determine network latency.

How to build

Build it using the standard go build command.

go build github.com/giantswarm/net-exporter

Deployment

Managed by [app-operator].
Production releases are stored in the [default-catalog].
WIP releases are stored in the [default-test-catalog].

Installing the Chart

To install the chart locally:

$ git clone https://github.com/giantswarm/net-exporter.git
$ cd net-exporter
$ helm install helm/net-exporter

Provide a custom values.yaml:

$ helm install net-exporter -f values.yaml

Changes to Charts

At the current stage under helm, there are two charts. The net-exporter is pushed to the App Catalog. The net-exporter-chart is pushed to the Quay appr repo.

It is important that they are kept in sync.

We have this differentiation in place because in our Control Planes, we don't use the app-operator to deploy.

Release Process

Currently only members of the Giant Swarm organization can create releases for this project. For up to date steps, please refer to internal docs here: https://intranet.giantswarm.io/docs/dev-and-releng/how-to-release-a-project/

Collectors

All Collectors are enabled by default.

Name	Description
dns	Exposes DNS latency statistics. Performs host lookups, exposing the time taken per host.
network	Exposes network latency statistics. Performs dials to the other net-exporter Pods, exposing the time taken per host.

Metrics

Name	Description
`dns_latency_seconds_bucket`	A Prometheus Histogram of DNS resolution latency. See also `dns_latency_seconds_count` and `dns_latency_seconds_sum`.
`dns_resolve_error_total`	The total number of errors encountered resolving DNS.
`dns_error_total`	The total number of internal errors encountered testing DNS resolution.
`network_latency_seconds_bucket`	A Prometheus Histogram of network latency. See also `network_latency_seconds_count` and `network_latency_seconds_sum`.
`network_dial_error_total`	The total number of errors encountered dialing other hosts.
`network_error_total`	The total number of internal errors encountered testing network latency.

For example (some labels ommited for clarity):

dns_latency_seconds_bucket{instance="192.168.120.239:8000", host="kubernetes.default.svc.cluster.local", le="0.008"} | 7

Here, we expose the latency for the specific instance to resolve the dns host.

network_latency_seconds_bucket{instance="192.168.120.239:8000", host="192.168.120.239:8000", le="0.004"} | 28

Here, we expose the latency for the specific instance to resolve another instance (specifically, the net-exporter pod, labeled as host).

Contact

Mailing list: giantswarm
IRC: #giantswarm on freenode.org
Bugs: issues

Contributing & Reporting Bugs

See CONTRIBUTING for details on submitting patches, the contribution workflow as well as reporting bugs.

License

net-exporter is under the Apache 2.0 license. See the LICENSE file for details.

net-exporter's People

Contributors

Stargazers

Watchers

Forkers

leonsodhi qqshfox stefan06ro vincnt bilbof

net-exporter's Issues

Reporting a vulnerability

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Allow non kube-system namespace

Hi there! This tool is great!

I was wondering if it was possible for the net-exporter daemonset to run in a non kube-system namespace? Reason for that being the kube-system namespace is generally reserved for objects created by the Kubernetes system.

I've tried inputting a different namespace into values.yaml under dns.namespace, but in dns.go:183 , kube-system is hardcoded into the namespace so our dns service is never found (which exists in a different namespace).

{"caller":"github.com/giantswarm/net-exporter/dns/dns.go:185","level":"error","message":"could not collect service from kubernetes api","stack":{"annotation":"services \"coredns\" not found","kind":"unknown"},"time":"2022-03-14T14:02:29.964814+00:00"}

If we pass in a helm value into that line, would that fix the problem? Or is there a specific reason you've chosen to use the kube-system namespace?

Thank you!

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Update dependency go to v1.23.0

Detected dependencies

circleci

.circleci/config.yml

architect 5.5.0

dockerfile

Dockerfile

quay.io/giantswarm/alpine 3.20.2-giantswarm

gomod

go.mod

go 1.22.0

go 1.22.6

github.com/beevik/ntp v1.4.3

github.com/giantswarm/exporterkit v1.2.0

github.com/giantswarm/k8sclient/v7 v7.2.0

github.com/giantswarm/microerror v0.4.1

github.com/giantswarm/microkit v1.0.1

github.com/giantswarm/micrologger v1.1.1

github.com/go-kit/kit v0.13.0

github.com/google/go-cmp v0.6.0

github.com/miekg/dns v1.1.62

github.com/prometheus/client_golang v1.20.1

k8s.io/api v0.31.0

k8s.io/apimachinery v0.31.0

k8s.io/client-go v0.31.0

github.com/golang-jwt/jwt v3.2.2+incompatible

github.com/spf13/viper v1.19.0

google.golang.org/grpc v1.65.0

kubernetes

helm/net-exporter/templates/daemonset.yaml

DaemonSet apps/v1

helm/net-exporter/templates/np.yaml

NetworkPolicy networking.k8s.io/v1

helm/net-exporter/templates/psp.yaml

PodSecurityPolicy policy/v1beta1

helm/net-exporter/templates/rbac.yaml

ClusterRole rbac.authorization.k8s.io/v1

ClusterRoleBinding rbac.authorization.k8s.io/v1

Check this box to trigger a request for Renovate to run again on this repository