-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Monitoring: Adding postgres exporter
- Loading branch information
Showing
7 changed files
with
338 additions
and
11 deletions.
There are no files selected for viewing
33 changes: 33 additions & 0 deletions
33
.github/workflows/kustomize-prometheus-postgres-exporter.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: Kustomize GitHub Actions for Prometheus PostgresSQL exporter | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- kustomize/prometheus-postgres-exporter/** | ||
- .github/workflows/kustomize-prometheus-postgres-exporter.yaml | ||
jobs: | ||
kustomize: | ||
name: Kustomize | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: azure/setup-helm@v3 | ||
with: | ||
version: latest | ||
token: "${{ secrets.GITHUB_TOKEN }}" | ||
id: helm | ||
- name: Kustomize Install | ||
working-directory: /usr/local/bin/ | ||
run: | | ||
if [ ! -f /usr/local/bin/kustomize ]; then | ||
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash | ||
fi | ||
- name: Run Kustomize Build | ||
run: | | ||
kustomize build kustomize/prometheus-postgres-exporter/ --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml | ||
- name: Return Kustomize Build | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: kustomize-prometheus-postgres-exporter-artifact | ||
path: /tmp/rendered.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# PostgresSQL Exporter | ||
|
||
PostgresSQL Exporter is used to expose metrics from a running PostgresSQL deployment. | ||
|
||
!!! note | ||
|
||
To deploy metric exporters you will first need to deploy the Prometheus Operator, see: ([Deploy Prometheus](prometheus.md)). | ||
|
||
## Installation | ||
|
||
Install the PostgresSQL Exporter | ||
|
||
``` shell | ||
kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-postgres-exporter | kubectl -n openstack apply -f - | ||
``` | ||
|
||
!!! success | ||
If the installation is successful, you should see the exporter pod in the openstack namespace. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
helmCharts: | ||
- name: prometheus-postgres-exporter | ||
repo: https://prometheus-community.github.io/helm-charts | ||
releaseName: prometheus-postgres-exporter | ||
version: 6.0.0 | ||
includeCRDs: true | ||
valuesFile: values.yaml | ||
|
||
patches: | ||
- target: | ||
kind: ServiceMonitor | ||
name: prometheus-postgres-exporter | ||
patch: | | ||
- op: add | ||
path: /spec/namespaceSelector/matchNames | ||
value: | ||
- openstack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,259 @@ | ||
replicaCount: 1 | ||
|
||
image: | ||
registry: quay.io | ||
repository: prometheuscommunity/postgres-exporter | ||
# if not set appVersion field from Chart.yaml is used | ||
tag: "" | ||
pullPolicy: IfNotPresent | ||
|
||
## Optionally specify an array of imagePullSecrets. | ||
## Secrets must be manually created in the namespace. | ||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | ||
## | ||
# pullSecrets: | ||
# - myRegistrKeySecretName | ||
|
||
command: [] | ||
|
||
service: | ||
type: ClusterIP | ||
port: 9187 | ||
targetPort: 9187 | ||
name: http | ||
labels: {} | ||
annotations: {} | ||
|
||
automountServiceAccountToken: false | ||
|
||
serviceMonitor: | ||
# When set true then use a ServiceMonitor to configure scraping | ||
enabled: true | ||
# Set the namespace the ServiceMonitor should be deployed | ||
namespace: openstack | ||
# Set how frequently Prometheus should scrape | ||
# interval: 30s | ||
# Set path to cloudwatch-exporter telemtery-path | ||
# telemetryPath: /metrics | ||
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | ||
# labels: | ||
# Set timeout for scrape | ||
# timeout: 10s | ||
# Set of labels to transfer from the Kubernetes Service onto the target | ||
# targetLabels: [] | ||
# MetricRelabelConfigs to apply to samples before ingestion | ||
# metricRelabelings: [] | ||
# Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | ||
# relabelings: [] | ||
|
||
prometheusRule: | ||
enabled: false | ||
additionalLabels: {} | ||
namespace: "" | ||
rules: [] | ||
## These are just examples rules, please adapt them to your needs. | ||
## Make sure to constraint the rules to the current prometheus-postgres-exporter service. | ||
# - alert: HugeReplicationLag | ||
# expr: pg_replication_lag{service="{{ template "prometheus-postgres-exporter.fullname" . }}"} / 3600 > 1 | ||
# for: 1m | ||
# labels: | ||
# severity: critical | ||
# annotations: | ||
# description: replication for {{ template "prometheus-postgres-exporter.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). | ||
# summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). | ||
|
||
priorityClassName: "" | ||
|
||
resources: {} | ||
# We usually recommend not to specify default resources and to leave this as a conscious | ||
# choice for the user. This also increases chances charts run on environments with little | ||
# resources, such as Minikube. If you do want to specify resources, uncomment the following | ||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'. | ||
# limits: | ||
# cpu: 100m | ||
# memory: 128Mi | ||
# requests: | ||
# cpu: 100m | ||
# memory: 128Mi | ||
|
||
rbac: | ||
# Specifies whether RBAC resources should be created | ||
create: true | ||
|
||
serviceAccount: | ||
# Specifies whether a ServiceAccount should be created | ||
create: true | ||
# The name of the ServiceAccount to use. | ||
# If not set and create is true, a name is generated using the fullname template | ||
name: | ||
# Add annotations to the ServiceAccount, useful for EKS IAM Roles for Service Accounts or Google Workload Identity. | ||
annotations: {} | ||
|
||
# Add a default ingress to allow namespace access to service.targetPort | ||
# Helpful if other NetworkPolicies are configured in the namespace | ||
networkPolicy: | ||
# Specifies whether a NetworkPolicy should be created | ||
enabled: false | ||
# Set labels for the NetworkPolicy | ||
labels: {} | ||
|
||
# The securityContext of the pod. | ||
# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. | ||
podSecurityContext: | ||
runAsGroup: 1001 | ||
runAsUser: 1001 | ||
runAsNonRoot: true | ||
seccompProfile: | ||
type: RuntimeDefault | ||
|
||
# The securityContext of the container. | ||
# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
privileged: false | ||
readOnlyRootFilesystem: true | ||
|
||
hostAliases: [] | ||
# Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ | ||
# - ip: "127.0.0.1" | ||
# hostnames: | ||
# - "foo.local" | ||
# - "bar.local" | ||
|
||
config: | ||
## The datasource properties on config are passed through helm tpl function. | ||
## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function | ||
datasource: | ||
# Specify one of both datasource or datasourceSecret | ||
host: postgresql | ||
user: postgres | ||
userSecret: {} | ||
# Secret name | ||
# name: | ||
# User key inside secret | ||
# key: | ||
# Only one of password, passwordFile, passwordSecret and pgpassfile can be specified | ||
password: | ||
# Specify passwordFile if DB password is stored in a file. | ||
# For example, to use with vault-injector from Hashicorp | ||
passwordFile: '' | ||
# Specify passwordSecret if DB password is stored in secret. | ||
passwordSecret: | ||
name: postgresql-db-admin | ||
key: password | ||
# Secret name | ||
# name: | ||
# Password key inside secret | ||
# key: | ||
pgpassfile: '' | ||
# If pgpassfile is set, it is used to initialize the PGPASSFILE environment variable. | ||
# See https://www.postgresql.org/docs/14/libpq-pgpass.html for more info. | ||
port: "5432" | ||
database: '' | ||
sslmode: disable | ||
extraParams: '' | ||
datasourceSecret: {} | ||
# Specifies if datasource should be sourced from secret value in format: postgresql://login:password@hostname:port/dbname?sslmode=disable | ||
# Multiple Postgres databases can be configured by comma separated postgres connection strings | ||
# Secret name | ||
# name: | ||
# Connection string key inside secret | ||
# key: | ||
disableCollectorDatabase: false | ||
disableCollectorBgwriter: false | ||
disableDefaultMetrics: false | ||
disableSettingsMetrics: false | ||
|
||
# possible values debug, info, warn, error, fatal | ||
logLevel: "" | ||
# possible values logfmt, json | ||
logFormat: "" | ||
extraArgs: [] | ||
|
||
# postgres_exporter.yml | ||
postgresExporter: "" | ||
# auth_modules: | ||
# first: | ||
# type: userpass | ||
# userpass: | ||
# username: first | ||
# password: firstpass | ||
# options: | ||
# sslmode: disable | ||
|
||
nodeSelector: {} | ||
|
||
tolerations: [] | ||
|
||
affinity: {} | ||
|
||
annotations: { | ||
prometheus.io/scrape: "true", | ||
prometheus.io/path: "/metrics", | ||
prometheus.io/port: "9187", | ||
} | ||
|
||
podLabels: {} | ||
|
||
# Configurable health checks | ||
livenessProbe: | ||
initialDelaySeconds: 0 | ||
timeoutSeconds: 3 | ||
|
||
readinessProbe: | ||
initialDelaySeconds: 0 | ||
timeoutSeconds: 1 | ||
|
||
# Labels and annotations to attach to the deployment resource | ||
deployment: | ||
labels: {} | ||
annotations: { | ||
prometheus.io/scrape: "true", | ||
prometheus.io/path: "/metrics", | ||
prometheus.io/port: "9187", | ||
} | ||
|
||
# ExtraEnvs | ||
extraEnvs: [] | ||
# - name: EXTRA_ENV | ||
# value: value | ||
# - name: POD_NAMESPACE | ||
# valueFrom: | ||
# fieldRef: | ||
# fieldPath: metadata.namespace | ||
|
||
# Init containers, e. g. for secrets creation before the exporter | ||
initContainers: [] | ||
# - name: | ||
# image: | ||
# volumeMounts: | ||
# - name: creds | ||
# mountPath: /creds | ||
|
||
# Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy | ||
extraContainers: [] | ||
|
||
# Additional volumes, e. g. for secrets used in an extraContainer | ||
extraVolumes: [] | ||
# Uncomment for mounting custom ca-certificates | ||
# - name: ssl-certs | ||
# secret: | ||
# defaultMode: 420 | ||
# items: | ||
# - key: ca-certificates.crt | ||
# path: ca-certificates.crt | ||
# secretName: ssl-certs | ||
|
||
# Additional volume mounts | ||
extraVolumeMounts: [] | ||
# Uncomment for mounting custom ca-certificates file into container | ||
# - name: ssl-certs | ||
# mountPath: /etc/ssl/certs/ca-certificates.crt | ||
# subPath: ca-certificates.crt | ||
|
||
podDisruptionBudget: | ||
enabled: false | ||
maxUnavailable: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters