feat: TFO-Agent configure for K8S

zeroc0d3 · zeroc0d3 · commit acaa90a795e2 · 2026-03-15T11:52:12.000+07:00
diff --git a/configs/tfo-agent-one-for-all.yaml b/configs/tfo-agent-one-for-all.yaml
@@ -26,12 +26,18 @@ collectors:
     pdb: true
     events: true
     metrics_api: true
-    # KSM gaps (new)
+    # KSM gaps
     resource_quotas: true
     limit_ranges: true
     pod_conditions: true
     node_taints: true
     workload_generations: true
+    # Extended metrics — full observability without external tools
+    apiserver_metrics: true
+    coredns_metrics: true
+    coredns_service: "kube-dns.kube-system.svc.cluster.local:9153"
+    container_extended_metrics: true
+    pv_io_stats: true
 
   prometheus_scraper:
     enabled: true
diff --git a/configs/tfo-agent.default.yaml b/configs/tfo-agent.default.yaml
@@ -246,6 +246,12 @@ collectors:
     pod_logs: true # Collect recent log lines from each running container
     pod_logs_tail_lines: 100 # Log lines per container per collection cycle
     pod_logs_namespaces: [] # Restrict pod log collection to these namespaces (empty = same as namespace filter)
+    # Extended metrics — TFO Agent replaces Prometheus + kube-state-metrics + cAdvisor
+    apiserver_metrics: true # Scrape kube-apiserver /metrics endpoint
+    coredns_metrics: true # Scrape CoreDNS /metrics endpoint
+    coredns_service: "kube-dns.kube-system.svc.cluster.local:9153"
+    container_extended_metrics: true # cpu_throttled, memory_working_set, oom (via Kubelet)
+    pv_io_stats: true # PV usage + IOPS from Kubelet volume stats
     # Sync resource state to TFO backend (PostgreSQL entities)
     sync_to_backend: true
     sync_interval: 60s
diff --git a/configs/tfo-agent.yaml b/configs/tfo-agent.yaml
@@ -247,6 +247,12 @@ collectors:
     pod_logs: true # Collect recent log lines from each running container
     pod_logs_tail_lines: 100 # Log lines per container per collection cycle
     pod_logs_namespaces: [] # Restrict pod log collection to these namespaces (empty = same as namespace filter)
+    # Extended metrics — TFO Agent replaces Prometheus + kube-state-metrics + cAdvisor
+    apiserver_metrics: true # Scrape kube-apiserver /metrics endpoint
+    coredns_metrics: true # Scrape CoreDNS /metrics endpoint
+    coredns_service: "kube-dns.kube-system.svc.cluster.local:9153" # CoreDNS service address
+    container_extended_metrics: true # cpu_throttled, memory_working_set, oom (via Kubelet /stats/summary + cAdvisor)
+    pv_io_stats: true # PV usage + IOPS from Kubelet volume stats
     # Sync resource state to TFO backend (populates PostgreSQL K8s entities)
     sync_to_backend: true
     sync_interval: 60s
diff --git a/deploy/helm/telemetryflow-agent/templates/clusterrole.yaml b/deploy/helm/telemetryflow-agent/templates/clusterrole.yaml
@@ -67,9 +67,28 @@ rules:
       - pods
     verbs: ["get", "list"]
 
-  # Non-resource URLs (e.g. /metrics, /healthz)
+  # Pod logs (for pod_logs collector)
+  - apiGroups: [""]
+    resources:
+      - pods/log
+    verbs: ["get", "list"]
+
+  # Policy resources (PDB)
+  - apiGroups: ["policy"]
+    resources:
+      - poddisruptionbudgets
+    verbs: ["get", "list", "watch"]
+
+  # Discovery (EndpointSlices)
+  - apiGroups: ["discovery.k8s.io"]
+    resources:
+      - endpointslices
+    verbs: ["get", "list", "watch"]
+
+  # Non-resource URLs (metrics, healthz, cAdvisor)
   - nonResourceURLs:
       - /metrics
+      - /metrics/cadvisor
       - /healthz
       - /readyz
     verbs: ["get"]
diff --git a/deploy/helm/telemetryflow-agent/values-one-for-all.yaml b/deploy/helm/telemetryflow-agent/values-one-for-all.yaml
@@ -27,11 +27,11 @@ config:
       enabled: true
 
     kubernetes:
-      enabled: false  # overridden to true in kubernetes.config section below
+      enabled: false # overridden to true in kubernetes.config section below
 
     prometheus_scraper:
       enabled: true
-      scrape_jobs: []  # user fills in their targets
+      scrape_jobs: [] # user fills in their targets
 
     remote_write_receiver:
       enabled: true
@@ -48,3 +48,9 @@ kubernetes:
         node_taints: true
         workload_generations: true
         metrics_api: true
+        # Extended metrics — full observability without external tools
+        apiserver_metrics: true
+        coredns_metrics: true
+        coredns_service: "kube-dns.kube-system.svc.cluster.local:9153"
+        container_extended_metrics: true
+        pv_io_stats: true
diff --git a/deploy/helm/telemetryflow-agent/values.yaml b/deploy/helm/telemetryflow-agent/values.yaml
@@ -25,7 +25,7 @@ environment: production
 image:
   repository: ghcr.io/telemetryflow/tfo-agent
   pullPolicy: IfNotPresent
-  tag: ""  # Defaults to Chart.appVersion
+  tag: "" # Defaults to Chart.appVersion
 
 imagePullSecrets: []
 
@@ -298,6 +298,12 @@ kubernetes:
         pod_logs_namespaces: []
         exclude_namespaces:
           - kube-system
+        # Extended metrics — TFO Agent collects directly (replaces Prometheus stack)
+        apiserver_metrics: true # Scrape kube-apiserver /metrics
+        coredns_metrics: true # Scrape CoreDNS /metrics
+        coredns_service: "kube-dns.kube-system.svc.cluster.local:9153"
+        container_extended_metrics: true # cpu_throttled, memory_working_set, oom (via Kubelet)
+        pv_io_stats: true # PV usage + IOPS (via Kubelet volume stats)
         # KSM gaps (new — all default false, enabled by oneForAll.enabled)
         resource_quotas: false
         limit_ranges: false
diff --git a/deploy/kubernetes/configmap.yaml b/deploy/kubernetes/configmap.yaml
@@ -121,6 +121,16 @@ data:
         resource_counts: true
         network: true    # Kubelet /stats/summary (requires nodes/proxy RBAC)
         metrics_api: true  # CPU/Memory usage from metrics-server (set false if not installed)
+        hpa: true
+        pdb: true
+        pod_logs: true
+        pod_logs_tail_lines: 100
+        # Extended metrics — replaces Prometheus + kube-state-metrics + cAdvisor
+        apiserver_metrics: true
+        coredns_metrics: true
+        coredns_service: "kube-dns.kube-system.svc.cluster.local:9153"
+        container_extended_metrics: true  # cpu_throttled, memory_working_set, oom
+        pv_io_stats: true                 # PV usage + IOPS from Kubelet volume stats
         sync_to_backend: true
         sync_interval: 60s
         cluster_name: ""     # auto-detected from CLUSTER_NAME env or hostname
diff --git a/deploy/kubernetes/daemonset.yaml b/deploy/kubernetes/daemonset.yaml
@@ -140,7 +140,7 @@ spec:
             - name: TELEMETRYFLOW_NODE_EXPORTER_ENABLED
               value: "true"
             - name: TELEMETRYFLOW_K8S_ENABLED
-              value: "false"  # K8s state handled by tfo-agent-k8s Deployment (deployment-k8s.yaml)
+              value: "false" # K8s state handled by tfo-agent-k8s Deployment (deployment-k8s.yaml)
 
             # Prometheus server for liveness/readiness probes
             - name: TELEMETRYFLOW_PROMETHEUS_ENABLED
@@ -156,7 +156,7 @@ spec:
 
             # Cluster and environment tags for OTEL resource attributes
             - name: CLUSTER_NAME
-              value: ""     # override with your cluster name, or auto-detected from hostname
+              value: "" # override with your cluster name, or auto-detected from hostname
             - name: ENVIRONMENT
               value: "production"
 
@@ -205,15 +205,15 @@ spec:
               mountPropagation: HostToContainer
 
           securityContext:
-            runAsUser: 0      # required to read /proc and /sys for node metrics
+            runAsUser: 0 # required to read /proc and /sys for node metrics
             runAsGroup: 0
             readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
               add:
-                - SYS_PTRACE  # process inspection for node metrics
+                - SYS_PTRACE # process inspection for node metrics
 
       volumes:
         - name: config
diff --git a/deploy/kubernetes/deployment-k8s.yaml b/deploy/kubernetes/deployment-k8s.yaml
@@ -29,7 +29,7 @@ metadata:
     app.kubernetes.io/component: k8s-collector
     app.kubernetes.io/part-of: telemetryflow
 spec:
-  replicas: 1   # exactly 1 — multiple replicas would duplicate cluster state syncs
+  replicas: 1 # exactly 1 — multiple replicas would duplicate cluster state syncs
   selector:
     matchLabels:
       app.kubernetes.io/name: tfo-agent
@@ -134,7 +134,7 @@ spec:
             - name: TELEMETRYFLOW_K8S_ENABLED
               value: "true"
             - name: TELEMETRYFLOW_NODE_EXPORTER_ENABLED
-              value: "false"  # node metrics handled by tfo-agent DaemonSet
+              value: "false" # node metrics handled by tfo-agent DaemonSet
 
             # Prometheus server for liveness/readiness probes
             - name: TELEMETRYFLOW_PROMETHEUS_ENABLED
@@ -144,7 +144,7 @@ spec:
 
             # Cluster identity — used in auto-registration name and OTEL resource attributes
             - name: CLUSTER_NAME
-              value: ""   # override with your cluster name; auto-detected from hostname if empty
+              value: "" # override with your cluster name; auto-detected from hostname if empty
             - name: ENVIRONMENT
               value: "production"
 
diff --git a/deploy/kubernetes/rbac.yaml b/deploy/kubernetes/rbac.yaml
@@ -79,6 +79,18 @@ rules:
       - volumeattachments
     verbs: ["get", "list", "watch"]
 
+  # Pod logs — for pod_logs collector
+  - apiGroups: [""]
+    resources:
+      - pods/log
+    verbs: ["get", "list"]
+
+  # Policy — PodDisruptionBudgets
+  - apiGroups: ["policy"]
+    resources:
+      - poddisruptionbudgets
+    verbs: ["get", "list", "watch"]
+
   # Events API (events.k8s.io/v1 replaces core/v1 events in K8s 1.19+)
   - apiGroups: ["events.k8s.io"]
     resources:
