From 57acbafb48735b127cee87e4e3fc952476997936 Mon Sep 17 00:00:00 2001 From: Jayapriya Pai Date: Mon, 17 Nov 2025 12:11:34 +0530 Subject: [PATCH] MON-4432: Add EndpointSlice support to DaemonSet ServiceMonitors Configure all ServiceMonitor objects for DaemonSet workloads to use EndpointSlice for service discovery instead of the default Endpoints API, improving scalability and performance for monitoring DaemonSet pods. Changes: - Add serviceDiscoveryRole: EndpointSlice to ServiceMonitor specs - Add discovery.k8s.io/endpointslices RBAC permissions to prometheus-k8s Roles Signed-off-by: Jayapriya Pai --- bindata/kube-proxy/monitor.yaml | 9 +++++++++ bindata/network/frr-k8s/monitor.yaml | 9 +++++++++ bindata/network/network-metrics/002-prometheus.yaml | 9 +++++++++ bindata/network/openshift-sdn/monitor.yaml | 10 ++++++++++ .../network/ovn-kubernetes/common/monitor-node.yaml | 9 +++++++++ 5 files changed, 46 insertions(+) diff --git a/bindata/kube-proxy/monitor.yaml b/bindata/kube-proxy/monitor.yaml index 47ff244d78..107f780e0b 100644 --- a/bindata/kube-proxy/monitor.yaml +++ b/bindata/kube-proxy/monitor.yaml @@ -24,6 +24,7 @@ spec: selector: matchLabels: app: kube-proxy + serviceDiscoveryRole: EndpointSlice --- apiVersion: v1 kind: Service @@ -63,6 +64,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/bindata/network/frr-k8s/monitor.yaml b/bindata/network/frr-k8s/monitor.yaml index 42c4531108..b6a0e4e9a8 100644 --- a/bindata/network/frr-k8s/monitor.yaml +++ b/bindata/network/frr-k8s/monitor.yaml @@ -57,6 +57,7 @@ spec: selector: matchLabels: name: frr-k8s-monitor-service + serviceDiscoveryRole: EndpointSlice --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -74,6 +75,14 @@ rules: - get - list - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/bindata/network/network-metrics/002-prometheus.yaml b/bindata/network/network-metrics/002-prometheus.yaml index 755fe51c86..60f4ea7044 100644 --- a/bindata/network/network-metrics/002-prometheus.yaml +++ b/bindata/network/network-metrics/002-prometheus.yaml @@ -24,6 +24,7 @@ spec: namespaceSelector: matchNames: - openshift-multus + serviceDiscoveryRole: EndpointSlice --- apiVersion: v1 kind: Service @@ -61,6 +62,14 @@ rules: - get - list - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/bindata/network/openshift-sdn/monitor.yaml b/bindata/network/openshift-sdn/monitor.yaml index 8540ed1b5b..729fb14ad7 100644 --- a/bindata/network/openshift-sdn/monitor.yaml +++ b/bindata/network/openshift-sdn/monitor.yaml @@ -24,6 +24,7 @@ spec: selector: matchLabels: app: sdn + serviceDiscoveryRole: EndpointSlice --- apiVersion: v1 kind: Service @@ -72,6 +73,7 @@ spec: selector: matchLabels: app: sdn-controller + serviceDiscoveryRole: EndpointSlice --- apiVersion: v1 kind: Service @@ -111,6 +113,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/bindata/network/ovn-kubernetes/common/monitor-node.yaml b/bindata/network/ovn-kubernetes/common/monitor-node.yaml index 238acaa953..54c55fe91f 100644 --- a/bindata/network/ovn-kubernetes/common/monitor-node.yaml +++ b/bindata/network/ovn-kubernetes/common/monitor-node.yaml @@ -31,6 +31,7 @@ spec: selector: matchLabels: app: ovnkube-node + serviceDiscoveryRole: EndpointSlice --- apiVersion: v1 kind: Service @@ -74,6 +75,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding