-
-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add Cadvisor #225
base: main
Are you sure you want to change the base?
add Cadvisor #225
Conversation
Some feedback on the role:
|
The documentation page mentions For other roles, we do it like this, because the main hostname ( For this role, there's no web UI and you're telling people to use |
Thank you for your feedback, @spantaleev. I recognized that the role was far from ready for merging as it contained copy/paste artifacts from the initial role. I have since updated the documentation and made changes to the role accordingly. Regarding cAdvisor, I have removed the "metrics" labels since it exposes both metrics and webUI at the same address and port I believe the role should now be ready for testing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking of pushing this over the finish line, but it has tons of issues.
Besides the ones reported in inline comments in the review, there are also these:
- the
cadvisor_config_providers_docker_endpoint_is_unix_socket
variable invars/main.yml
has some Traefik mentions in its comments. Not sure if it's relevant to cAdvisor or not - the systemd service file (
templates/cadvisor.service.j2
) does--cap-drop=ALL
only when a non-unix-socket is used. Not sure if this is intentional or a mistake - the cAdvisor container seems stuck in an unhealthy state, which makes Traefik not want to send requests to it. The docs page seems to mention an additional environment variable (
CADVISOR_HEALTHCHECK_URL=http://localhost:8080/healthz
), but.. adding this does not help either. If this is a good value, it should be default anyway - why ask users to specify it manually? Regardless of what i did, the container was unhealthy, which may be due to a misconfiguration. - the docs page says "You will have to mount specific folders depending on your need", but.. it's not clear what a good default is.. I tried mounting whatever you're recommending (except for
/dev/disk/
) and cAdvisor still fails to start in a healthy state cadvisor_dashboard_urls
points to some dashboard, but I don't see it being mentioned in the docs (with instructions how to hook it to Grafana). For some example instructions, seedocs/services/grafana.md
cadvisor_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}" | ||
cadvisor_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" | ||
cadvisor_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ cadvisor_identifier }}" | ||
cadvisor_container_labels_metrics_traefik_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" | ||
cadvisor_container_labels_metrics_traefik_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" | ||
cadvisor_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" | ||
cadvisor_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These variables do not seem to be defined anymore, yet.. they're here.
That said, I think it's better if metrics had their own Traefik router (separate from the web UI) and for them to respect the mash_playbook_metrics_exposure_*
variables automatically (auto-enabling metrics exposure for this service, possibly protected with the Basic Auth credentials specified in mash_playbook_metrics_exposure_http_basic_auth_*
).
The web UI could remain optional and have its (optional) separate set of Basic Auth credentials
Co-authored-by: Slavi Pantaleev <[email protected]>
Co-authored-by: Slavi Pantaleev <[email protected]>
Co-authored-by: Slavi Pantaleev <[email protected]>
role is working but :
can't run rootless
path_prefix doesn't work (it's currently commented in the group_vars)
please also consider cloning ansible-role-cadvisor and updating url in requierements.yml to let mash own the role (and use your automation to keep it updated)