From 3792787d7e7cc3b8c44ccbbc83a3c2f9a9299f38 Mon Sep 17 00:00:00 2001
From: Zohar Galor <zgalor@redhat.com>
Date: Thu, 19 Oct 2017 11:11:32 +0300
Subject: Switch to stateful set in prometheus
Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
---
roles/openshift_prometheus/templates/prometheus.j2 | 247 +++++++++++++++++++++
.../templates/prometheus_deployment.j2 | 240 --------------------
2 files changed, 247 insertions(+), 240 deletions(-)
create mode 100644 roles/openshift_prometheus/templates/prometheus.j2
delete mode 100644 roles/openshift_prometheus/templates/prometheus_deployment.j2
(limited to 'roles/openshift_prometheus/templates')
diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2
new file mode 100644
index 000000000..81f043491
--- /dev/null
+++ b/roles/openshift_prometheus/templates/prometheus.j2
@@ -0,0 +1,247 @@
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: prometheus
+ namespace: {{ namespace }}
+ labels:
+ app: prometheus
+spec:
+ updateStrategy:
+ type: RollingUpdate
+ podManagementPolicy: Parallel
+ selector:
+ provider: openshift
+ matchLabels:
+ app: prometheus
+ template:
+ metadata:
+ name: prometheus
+ labels:
+ app: prometheus
+ spec:
+ serviceAccountName: prometheus
+{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %}
+ nodeSelector:
+{% for key, value in openshift_prometheus_node_selector.iteritems() %}
+ {{key}}: "{{value}}"
+{% endfor %}
+{% endif %}
+ containers:
+ # Deploy Prometheus behind an oauth proxy
+ - name: prom-proxy
+ image: "{{ openshift_prometheus_image_proxy }}"
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
+ memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
+{% endif %}
+{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
+ cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
+{% endif %}
+ limits:
+{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
+ memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
+{% endif %}
+{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
+ cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
+{% endif %}
+ ports:
+ - containerPort: 8443
+ name: web
+ args:
+ - -provider=openshift
+ - -https-address=:8443
+ - -http-address=
+ - -email-domain=*
+ - -upstream=http://localhost:9090
+ - -client-id=system:serviceaccount:{{ namespace }}:prometheus
+ - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}'
+ - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}'
+ - -tls-cert=/etc/tls/private/tls.crt
+ - -tls-key=/etc/tls/private/tls.key
+ - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+ - -cookie-secret-file=/etc/proxy/secrets/session_secret
+ - -openshift-ca=/etc/pki/tls/cert.pem
+ - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ - -skip-auth-regex=^/metrics
+ volumeMounts:
+ - mountPath: /etc/tls/private
+ name: prometheus-tls
+ - mountPath: /etc/proxy/secrets
+ name: prometheus-secrets
+ - mountPath: /prometheus
+ name: prometheus-data
+
+ - name: prometheus
+ args:
+ - --storage.tsdb.retention=6h
+ - --storage.tsdb.min-block-duration=2m
+ - --config.file=/etc/prometheus/prometheus.yml
+ - --web.listen-address=localhost:9090
+ image: "{{ openshift_prometheus_image_prometheus }}"
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+{% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %}
+ memory: "{{openshift_prometheus_memory_requests}}"
+{% endif %}
+{% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %}
+ cpu: "{{openshift_prometheus_cpu_requests}}"
+{% endif %}
+ limits:
+{% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %}
+ memory: "{{ openshift_prometheus_memory_limit }}"
+{% endif %}
+{% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %}
+ cpu: "{{openshift_prometheus_cpu_limit}}"
+{% endif %}
+
+ volumeMounts:
+ - mountPath: /etc/prometheus
+ name: prometheus-config
+ - mountPath: /prometheus
+ name: prometheus-data
+
+ # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy
+ - name: alerts-proxy
+ image: "{{ openshift_prometheus_image_proxy }}"
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
+ memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
+{% endif %}
+{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
+ cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
+{% endif %}
+ limits:
+{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
+ memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
+{% endif %}
+{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
+ cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
+{% endif %}
+ ports:
+ - containerPort: 9443
+ name: web
+ args:
+ - -provider=openshift
+ - -https-address=:9443
+ - -http-address=
+ - -email-domain=*
+ - -upstream=http://localhost:9099
+ - -client-id=system:serviceaccount:{{ namespace }}:prometheus
+ - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}'
+ - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}'
+ - -tls-cert=/etc/tls/private/tls.crt
+ - -tls-key=/etc/tls/private/tls.key
+ - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+ - -cookie-secret-file=/etc/proxy/secrets/session_secret
+ - -openshift-ca=/etc/pki/tls/cert.pem
+ - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ volumeMounts:
+ - mountPath: /etc/tls/private
+ name: alerts-tls
+ - mountPath: /etc/proxy/secrets
+ name: alerts-secrets
+
+ - name: alert-buffer
+ args:
+ - --storage-path=/alert-buffer/messages.db
+ image: "{{ openshift_prometheus_image_alertbuffer }}"
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+{% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %}
+ memory: "{{openshift_prometheus_alertbuffer_memory_requests}}"
+{% endif %}
+{% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %}
+ cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}"
+{% endif %}
+ limits:
+{% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %}
+ memory: "{{openshift_prometheus_alertbuffer_memory_limit}}"
+{% endif %}
+{% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %}
+ cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}"
+{% endif %}
+ volumeMounts:
+ - mountPath: /alert-buffer
+ name: alert-buffer-data
+ ports:
+ - containerPort: 9099
+ name: alert-buf
+
+ - name: alertmanager
+ args:
+ - -config.file=/etc/alertmanager/alertmanager.yml
+ image: "{{ openshift_prometheus_image_alertmanager }}"
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+{% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %}
+ memory: "{{openshift_prometheus_alertmanager_memory_requests}}"
+{% endif %}
+{% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %}
+ cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}"
+{% endif %}
+ limits:
+{% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %}
+ memory: "{{openshift_prometheus_alertmanager_memory_limit}}"
+{% endif %}
+{% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %}
+ cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}"
+{% endif %}
+ ports:
+ - containerPort: 9093
+ name: web
+ volumeMounts:
+ - mountPath: /etc/alertmanager
+ name: alertmanager-config
+ - mountPath: /alertmanager
+ name: alertmanager-data
+
+ restartPolicy: Always
+ volumes:
+ - name: prometheus-config
+ configMap:
+ defaultMode: 420
+ name: prometheus
+ - name: prometheus-secrets
+ secret:
+ secretName: prometheus-proxy
+ - name: prometheus-tls
+ secret:
+ secretName: prometheus-tls
+ - name: prometheus-data
+{% if openshift_prometheus_storage_type == 'pvc' %}
+ persistentVolumeClaim:
+ claimName: {{ openshift_prometheus_pvc_name }}
+{% else %}
+ emptydir: {}
+{% endif %}
+ - name: alertmanager-config
+ configMap:
+ defaultMode: 420
+ name: prometheus-alerts
+ - name: alerts-secrets
+ secret:
+ secretName: alerts-proxy
+ - name: alerts-tls
+ secret:
+ secretName: prometheus-alerts-tls
+ - name: alertmanager-data
+{% if openshift_prometheus_alertmanager_storage_type == 'pvc' %}
+ persistentVolumeClaim:
+ claimName: {{ openshift_prometheus_alertmanager_pvc_name }}
+{% else %}
+ emptydir: {}
+{% endif %}
+ - name: alert-buffer-data
+{% if openshift_prometheus_alertbuffer_storage_type == 'pvc' %}
+ persistentVolumeClaim:
+ claimName: {{ openshift_prometheus_alertbuffer_pvc_name }}
+{% else %}
+ emptydir: {}
+{% endif %}
diff --git a/roles/openshift_prometheus/templates/prometheus_deployment.j2 b/roles/openshift_prometheus/templates/prometheus_deployment.j2
deleted file mode 100644
index 66eab6df4..000000000
--- a/roles/openshift_prometheus/templates/prometheus_deployment.j2
+++ /dev/null
@@ -1,240 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: prometheus
- namespace: {{ namespace }}
- labels:
- app: prometheus
-spec:
- replicas: {{ prom_replicas|default(1) }}
- selector:
- provider: openshift
- matchLabels:
- app: prometheus
- template:
- metadata:
- name: prometheus
- labels:
- app: prometheus
- spec:
- serviceAccountName: prometheus
-{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %}
- nodeSelector:
-{% for key, value in openshift_prometheus_node_selector.iteritems() %}
- {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
- containers:
- # Deploy Prometheus behind an oauth proxy
- - name: prom-proxy
- image: "{{ openshift_prometheus_image_proxy }}"
- imagePullPolicy: IfNotPresent
- resources:
- requests:
-{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
-{% endif %}
-{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
-{% endif %}
- limits:
-{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
-{% endif %}
-{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
-{% endif %}
- ports:
- - containerPort: 8443
- name: web
- args:
- - -provider=openshift
- - -https-address=:8443
- - -http-address=
- - -email-domain=*
- - -upstream=http://localhost:9090
- - -client-id=system:serviceaccount:{{ namespace }}:prometheus
- - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}'
- - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}'
- - -tls-cert=/etc/tls/private/tls.crt
- - -tls-key=/etc/tls/private/tls.key
- - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- - -cookie-secret-file=/etc/proxy/secrets/session_secret
- - -skip-auth-regex=^/metrics
- volumeMounts:
- - mountPath: /etc/tls/private
- name: prometheus-tls
- - mountPath: /etc/proxy/secrets
- name: prometheus-secrets
- - mountPath: /prometheus
- name: prometheus-data
-
- - name: prometheus
- args:
- - --storage.tsdb.retention=6h
- - --config.file=/etc/prometheus/prometheus.yml
- - --web.listen-address=localhost:9090
- image: "{{ openshift_prometheus_image_prometheus }}"
- imagePullPolicy: IfNotPresent
- resources:
- requests:
-{% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %}
- memory: "{{openshift_prometheus_memory_requests}}"
-{% endif %}
-{% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_cpu_requests}}"
-{% endif %}
- limits:
-{% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %}
- memory: "{{ openshift_prometheus_memory_limit }}"
-{% endif %}
-{% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_cpu_limit}}"
-{% endif %}
-
- volumeMounts:
- - mountPath: /etc/prometheus
- name: prometheus-config
- - mountPath: /prometheus
- name: prometheus-data
-
- # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy
- - name: alerts-proxy
- image: "{{ openshift_prometheus_image_proxy }}"
- imagePullPolicy: IfNotPresent
- resources:
- requests:
-{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
-{% endif %}
-{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
-{% endif %}
- limits:
-{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
-{% endif %}
-{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
-{% endif %}
- ports:
- - containerPort: 9443
- name: web
- args:
- - -provider=openshift
- - -https-address=:9443
- - -http-address=
- - -email-domain=*
- - -upstream=http://localhost:9099
- - -client-id=system:serviceaccount:{{ namespace }}:prometheus
- - '-openshift-sar={"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}'
- - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "resourceName": "{{ namespace }}", "namespace": "{{ namespace }}"}}'
- - -tls-cert=/etc/tls/private/tls.crt
- - -tls-key=/etc/tls/private/tls.key
- - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- - -cookie-secret-file=/etc/proxy/secrets/session_secret
- volumeMounts:
- - mountPath: /etc/tls/private
- name: alerts-tls
- - mountPath: /etc/proxy/secrets
- name: alerts-secrets
-
- - name: alert-buffer
- args:
- - --storage-path=/alert-buffer/messages.db
- image: "{{ openshift_prometheus_image_alertbuffer }}"
- imagePullPolicy: IfNotPresent
- resources:
- requests:
-{% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %}
- memory: "{{openshift_prometheus_alertbuffer_memory_requests}}"
-{% endif %}
-{% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}"
-{% endif %}
- limits:
-{% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %}
- memory: "{{openshift_prometheus_alertbuffer_memory_limit}}"
-{% endif %}
-{% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}"
-{% endif %}
- volumeMounts:
- - mountPath: /alert-buffer
- name: alert-buffer-data
- ports:
- - containerPort: 9099
- name: alert-buf
-
- - name: alertmanager
- args:
- - -config.file=/etc/alertmanager/alertmanager.yml
- image: "{{ openshift_prometheus_image_alertmanager }}"
- imagePullPolicy: IfNotPresent
- resources:
- requests:
-{% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %}
- memory: "{{openshift_prometheus_alertmanager_memory_requests}}"
-{% endif %}
-{% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}"
-{% endif %}
- limits:
-{% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %}
- memory: "{{openshift_prometheus_alertmanager_memory_limit}}"
-{% endif %}
-{% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}"
-{% endif %}
- ports:
- - containerPort: 9093
- name: web
- volumeMounts:
- - mountPath: /etc/alertmanager
- name: alertmanager-config
- - mountPath: /alertmanager
- name: alertmanager-data
-
- restartPolicy: Always
- volumes:
- - name: prometheus-config
- configMap:
- defaultMode: 420
- name: prometheus
- - name: prometheus-secrets
- secret:
- secretName: prometheus-proxy
- - name: prometheus-tls
- secret:
- secretName: prometheus-tls
- - name: prometheus-data
-{% if openshift_prometheus_storage_type == 'pvc' %}
- persistentVolumeClaim:
- claimName: {{ openshift_prometheus_pvc_name }}
-{% else %}
- emptydir: {}
-{% endif %}
- - name: alertmanager-config
- configMap:
- defaultMode: 420
- name: prometheus-alerts
- - name: alerts-secrets
- secret:
- secretName: alerts-proxy
- - name: alerts-tls
- secret:
- secretName: prometheus-alerts-tls
- - name: alertmanager-data
-{% if openshift_prometheus_alertmanager_storage_type == 'pvc' %}
- persistentVolumeClaim:
- claimName: {{ openshift_prometheus_alertmanager_pvc_name }}
-{% else %}
- emptydir: {}
-{% endif %}
- - name: alert-buffer-data
-{% if openshift_prometheus_alertbuffer_storage_type == 'pvc' %}
- persistentVolumeClaim:
- claimName: {{ openshift_prometheus_alertbuffer_pvc_name }}
-{% else %}
- emptydir: {}
-{% endif %}
--
cgit v1.2.3