From 3792787d7e7cc3b8c44ccbbc83a3c2f9a9299f38 Mon Sep 17 00:00:00 2001 From: Zohar Galor Date: Thu, 19 Oct 2017 11:11:32 +0300 Subject: Switch to stateful set in prometheus Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template --- roles/openshift_prometheus/templates/prometheus.j2 | 247 +++++++++++++++++++++ .../templates/prometheus_deployment.j2 | 240 -------------------- 2 files changed, 247 insertions(+), 240 deletions(-) create mode 100644 roles/openshift_prometheus/templates/prometheus.j2 delete mode 100644 roles/openshift_prometheus/templates/prometheus_deployment.j2 (limited to 'roles/openshift_prometheus/templates') diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2 new file mode 100644 index 000000000..81f043491 --- /dev/null +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -0,0 +1,247 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: prometheus + namespace: {{ namespace }} + labels: + app: prometheus +spec: + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + selector: + provider: openshift + matchLabels: + app: prometheus + template: + metadata: + name: prometheus + labels: + app: prometheus + spec: + serviceAccountName: prometheus +{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} + nodeSelector: +{% for key, value in openshift_prometheus_node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + # Deploy Prometheus behind an oauth proxy + - name: prom-proxy + image: "{{ openshift_prometheus_image_proxy }}" + imagePullPolicy: IfNotPresent + resources: + requests: +{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} + memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" +{% endif %} +{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} + cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" +{% endif %} + limits: +{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} + memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" +{% endif %} +{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} + cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" +{% endif %} + ports: + - containerPort: 8443 + name: web + args: + - -provider=openshift + - -https-address=:8443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:9090 + - -client-id=system:serviceaccount:{{ namespace }}:prometheus + - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -skip-auth-regex=^/metrics + volumeMounts: + - mountPath: /etc/tls/private + name: prometheus-tls + - mountPath: /etc/proxy/secrets + name: prometheus-secrets + - mountPath: /prometheus + name: prometheus-data + + - name: prometheus + args: + - --storage.tsdb.retention=6h + - --storage.tsdb.min-block-duration=2m + - --config.file=/etc/prometheus/prometheus.yml + - --web.listen-address=localhost:9090 + image: "{{ openshift_prometheus_image_prometheus }}" + imagePullPolicy: IfNotPresent + resources: + requests: +{% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} + memory: "{{openshift_prometheus_memory_requests}}" +{% endif %} +{% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} + cpu: "{{openshift_prometheus_cpu_requests}}" +{% endif %} + limits: +{% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} + memory: "{{ openshift_prometheus_memory_limit }}" +{% endif %} +{% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} + cpu: "{{openshift_prometheus_cpu_limit}}" +{% endif %} + + volumeMounts: + - mountPath: /etc/prometheus + name: prometheus-config + - mountPath: /prometheus + name: prometheus-data + + # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy + - name: alerts-proxy + image: "{{ openshift_prometheus_image_proxy }}" + imagePullPolicy: IfNotPresent + resources: + requests: +{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} + memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" +{% endif %} +{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} + cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" +{% endif %} + limits: +{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} + memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" +{% endif %} +{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} + cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" +{% endif %} + ports: + - containerPort: 9443 + name: web + args: + - -provider=openshift + - -https-address=:9443 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:9099 + - -client-id=system:serviceaccount:{{ namespace }}:prometheus + - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + volumeMounts: + - mountPath: /etc/tls/private + name: alerts-tls + - mountPath: /etc/proxy/secrets + name: alerts-secrets + + - name: alert-buffer + args: + - --storage-path=/alert-buffer/messages.db + image: "{{ openshift_prometheus_image_alertbuffer }}" + imagePullPolicy: IfNotPresent + resources: + requests: +{% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} + memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" +{% endif %} +{% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} + cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" +{% endif %} + limits: +{% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} + memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" +{% endif %} +{% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} + cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" +{% endif %} + volumeMounts: + - mountPath: /alert-buffer + name: alert-buffer-data + ports: + - containerPort: 9099 + name: alert-buf + + - name: alertmanager + args: + - -config.file=/etc/alertmanager/alertmanager.yml + image: "{{ openshift_prometheus_image_alertmanager }}" + imagePullPolicy: IfNotPresent + resources: + requests: +{% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} + memory: "{{openshift_prometheus_alertmanager_memory_requests}}" +{% endif %} +{% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} + cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" +{% endif %} + limits: +{% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} + memory: "{{openshift_prometheus_alertmanager_memory_limit}}" +{% endif %} +{% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} + cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" +{% endif %} + ports: + - containerPort: 9093 + name: web + volumeMounts: + - mountPath: /etc/alertmanager + name: alertmanager-config + - mountPath: /alertmanager + name: alertmanager-data + + restartPolicy: Always + volumes: + - name: prometheus-config + configMap: + defaultMode: 420 + name: prometheus + - name: prometheus-secrets + secret: + secretName: prometheus-proxy + - name: prometheus-tls + secret: + secretName: prometheus-tls + - name: prometheus-data +{% if openshift_prometheus_storage_type == 'pvc' %} + persistentVolumeClaim: + claimName: {{ openshift_prometheus_pvc_name }} +{% else %} + emptydir: {} +{% endif %} + - name: alertmanager-config + configMap: + defaultMode: 420 + name: prometheus-alerts + - name: alerts-secrets + secret: + secretName: alerts-proxy + - name: alerts-tls + secret: + secretName: prometheus-alerts-tls + - name: alertmanager-data +{% if openshift_prometheus_alertmanager_storage_type == 'pvc' %} + persistentVolumeClaim: + claimName: {{ openshift_prometheus_alertmanager_pvc_name }} +{% else %} + emptydir: {} +{% endif %} + - name: alert-buffer-data +{% if openshift_prometheus_alertbuffer_storage_type == 'pvc' %} + persistentVolumeClaim: + claimName: {{ openshift_prometheus_alertbuffer_pvc_name }} +{% else %} + emptydir: {} +{% endif %} diff --git a/roles/openshift_prometheus/templates/prometheus_deployment.j2 b/roles/openshift_prometheus/templates/prometheus_deployment.j2 deleted file mode 100644 index 66eab6df4..000000000 --- a/roles/openshift_prometheus/templates/prometheus_deployment.j2 +++ /dev/null @@ -1,240 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: prometheus - namespace: {{ namespace }} - labels: - app: prometheus -spec: - replicas: {{ prom_replicas|default(1) }} - selector: - provider: openshift - matchLabels: - app: prometheus - template: - metadata: - name: prometheus - labels: - app: prometheus - spec: - serviceAccountName: prometheus -{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} - nodeSelector: -{% for key, value in openshift_prometheus_node_selector.iteritems() %} - {{key}}: "{{value}}" -{% endfor %} -{% endif %} - containers: - # Deploy Prometheus behind an oauth proxy - - name: prom-proxy - image: "{{ openshift_prometheus_image_proxy }}" - imagePullPolicy: IfNotPresent - resources: - requests: -{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" -{% endif %} -{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" -{% endif %} - limits: -{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" -{% endif %} -{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" -{% endif %} - ports: - - containerPort: 8443 - name: web - args: - - -provider=openshift - - -https-address=:8443 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:9090 - - -client-id=system:serviceaccount:{{ namespace }}:prometheus - - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret-file=/etc/proxy/secrets/session_secret - - -skip-auth-regex=^/metrics - volumeMounts: - - mountPath: /etc/tls/private - name: prometheus-tls - - mountPath: /etc/proxy/secrets - name: prometheus-secrets - - mountPath: /prometheus - name: prometheus-data - - - name: prometheus - args: - - --storage.tsdb.retention=6h - - --config.file=/etc/prometheus/prometheus.yml - - --web.listen-address=localhost:9090 - image: "{{ openshift_prometheus_image_prometheus }}" - imagePullPolicy: IfNotPresent - resources: - requests: -{% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} - memory: "{{openshift_prometheus_memory_requests}}" -{% endif %} -{% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} - cpu: "{{openshift_prometheus_cpu_requests}}" -{% endif %} - limits: -{% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} - memory: "{{ openshift_prometheus_memory_limit }}" -{% endif %} -{% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} - cpu: "{{openshift_prometheus_cpu_limit}}" -{% endif %} - - volumeMounts: - - mountPath: /etc/prometheus - name: prometheus-config - - mountPath: /prometheus - name: prometheus-data - - # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy - - name: alerts-proxy - image: "{{ openshift_prometheus_image_proxy }}" - imagePullPolicy: IfNotPresent - resources: - requests: -{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" -{% endif %} -{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" -{% endif %} - limits: -{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" -{% endif %} -{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" -{% endif %} - ports: - - containerPort: 9443 - name: web - args: - - -provider=openshift - - -https-address=:9443 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:9099 - - -client-id=system:serviceaccount:{{ namespace }}:prometheus - - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret-file=/etc/proxy/secrets/session_secret - volumeMounts: - - mountPath: /etc/tls/private - name: alerts-tls - - mountPath: /etc/proxy/secrets - name: alerts-secrets - - - name: alert-buffer - args: - - --storage-path=/alert-buffer/messages.db - image: "{{ openshift_prometheus_image_alertbuffer }}" - imagePullPolicy: IfNotPresent - resources: - requests: -{% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" -{% endif %} -{% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" -{% endif %} - limits: -{% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" -{% endif %} -{% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" -{% endif %} - volumeMounts: - - mountPath: /alert-buffer - name: alert-buffer-data - ports: - - containerPort: 9099 - name: alert-buf - - - name: alertmanager - args: - - -config.file=/etc/alertmanager/alertmanager.yml - image: "{{ openshift_prometheus_image_alertmanager }}" - imagePullPolicy: IfNotPresent - resources: - requests: -{% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_requests}}" -{% endif %} -{% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" -{% endif %} - limits: -{% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_limit}}" -{% endif %} -{% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" -{% endif %} - ports: - - containerPort: 9093 - name: web - volumeMounts: - - mountPath: /etc/alertmanager - name: alertmanager-config - - mountPath: /alertmanager - name: alertmanager-data - - restartPolicy: Always - volumes: - - name: prometheus-config - configMap: - defaultMode: 420 - name: prometheus - - name: prometheus-secrets - secret: - secretName: prometheus-proxy - - name: prometheus-tls - secret: - secretName: prometheus-tls - - name: prometheus-data -{% if openshift_prometheus_storage_type == 'pvc' %} - persistentVolumeClaim: - claimName: {{ openshift_prometheus_pvc_name }} -{% else %} - emptydir: {} -{% endif %} - - name: alertmanager-config - configMap: - defaultMode: 420 - name: prometheus-alerts - - name: alerts-secrets - secret: - secretName: alerts-proxy - - name: alerts-tls - secret: - secretName: prometheus-alerts-tls - - name: alertmanager-data -{% if openshift_prometheus_alertmanager_storage_type == 'pvc' %} - persistentVolumeClaim: - claimName: {{ openshift_prometheus_alertmanager_pvc_name }} -{% else %} - emptydir: {} -{% endif %} - - name: alert-buffer-data -{% if openshift_prometheus_alertbuffer_storage_type == 'pvc' %} - persistentVolumeClaim: - claimName: {{ openshift_prometheus_alertbuffer_pvc_name }} -{% else %} - emptydir: {} -{% endif %} -- cgit v1.2.3