From fad4eba966e56c43da7c8c3f2e31591a2139fb57 Mon Sep 17 00:00:00 2001 From: Thomas Draebing Date: Thu, 16 Dec 2021 18:30:18 +0100 Subject: [PATCH] Support a federated Prometheus setup Gerrit instances that are loadbalanced cannot easily e scraped by an external Prometheus, since the request won't end up at a specified Gerrit instance. A typical setup to solve this issue, is to install a local Prometheus and scrape the local Prometheus from the central Prometheus. This is a so called federated setup. Now such a setup is supported and can be configured. Change-Id: I0119d3c1d846cd8e975e5732f4d59cf863c6d2b8 --- README.md | 12 ++++++++++ .../configuration/prometheus.secret.yaml | 4 ++++ charts/prometheus/prometheus.yaml | 22 +++++++++++++++++++ config.yaml | 5 +++++ 4 files changed, 43 insertions(+) diff --git a/README.md b/README.md index bc99c97..26138b8 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,18 @@ configuration parameters: | `gerritServers.kubernetes.[*].username` | Username of Gerrit user with 'View Metrics' capabilities | | `gerritServers.kubernetes.[*].password` | Password of Gerrit user with 'View Metrics' capabilities | +* Federated Prometheus \ + Load balanced Gerrit instances can't be scraped through the load balancer. For + this use cases typically a local Prometheus is installed and then scraped by + the central Prometheus in a federated setup. + +| option | description | +|--------------------------------------------------|---------------------------------------------------------------| +| `gerritServers.federatedPrometheus.[*].host` | Host running Gerrit and the Prometheus instance being scraped | +| `gerritServers.federatedPrometheus.[*].port` | Port used by Prometheus | +| `gerritServers.federatedPrometheus.[*].username` | Username for authenticating with Prometheus | +| `gerritServers.federatedPrometheus.[*].password` | Password for authenticating with Prometheus | + * Other \ Gerrit installations with just one replica that can run anywhere, where they are reachable via HTTP. diff --git a/charts/prometheus/configuration/prometheus.secret.yaml b/charts/prometheus/configuration/prometheus.secret.yaml index 18ec751..c7bf023 100644 --- a/charts/prometheus/configuration/prometheus.secret.yaml +++ b/charts/prometheus/configuration/prometheus.secret.yaml @@ -14,6 +14,10 @@ data: #@ for gerrit in data.values.gerritServers.other: .pwd_(@= gerrit.host @): #@ base64.encode(gerrit.password) #@ end + #@yaml/text-templated-strings + #@ for prometheus in data.values.gerritServers.federatedPrometheus: + .pwd_(@= prometheus.host @): #@ base64.encode(prometheus.password) + #@ end #@ if not data.values.tls.skipVerify: server.ca.crt: #@ base64.encode(data.values.tls.caCert) diff --git a/charts/prometheus/prometheus.yaml b/charts/prometheus/prometheus.yaml index e7f4045..94250bb 100644 --- a/charts/prometheus/prometheus.yaml +++ b/charts/prometheus/prometheus.yaml @@ -1298,6 +1298,28 @@ serverFiles: replacement: $1 action: replace #@ end + #@ for prometheus in data.values.gerritServers.federatedPrometheus: + - job_name: #@ "gerrit-{}".format(prometheus.host) + honor_labels: true + metrics_path: '/federate' + params: + 'match[]': + - #@ '{{instance=~"{}.*"}}'.format(prometheus.host) + scheme: https + tls_config: + insecure_skip_verify: #@ data.values.tls.skipVerify + #@ if not data.values.tls.skipVerify: + ca_file: /etc/secrets/server.ca.crt + cert_file: /etc/secrets/server.crt + key_file: /etc/secrets/server.key + #@ end + static_configs: + - targets: + - #@ '{}:{}'.format(prometheus.host, prometheus.port) + basic_auth: + username: #@ prometheus.username + password_file: #@ "/etc/secrets/.pwd_{}".format(prometheus.host) + #@ end #@ for gerrit in data.values.gerritServers.other: - job_name: #@ "gerrit-{}".format(gerrit.host) metrics_path: /a/plugins/metrics-reporter-prometheus/metrics diff --git a/config.yaml b/config.yaml index a59baa5..9a30f15 100644 --- a/config.yaml +++ b/config.yaml @@ -8,6 +8,11 @@ gerritServers: port: 8080 username: admin password: secret + federatedPrometheus: + - host: prometheus.example.com + port: 9090 + username: admin + password: secret other: - host: gerrit.example.com username: admin