From 1b26ab35551655a03dbb4e50e9bb2c205a5b89c2 Mon Sep 17 00:00:00 2001 From: phillip-toohill Date: Mon, 18 Mar 2024 09:16:48 -0500 Subject: [PATCH] Monitoring: Adding postgres exporter --- ...ustomize-prometheus-postgres-exporter.yaml | 33 +++ docs/prometheus-postgres-exporter.md | 18 ++ docs/prometheus-rabbitmq-exporter.md | 3 +- .../postgresql/postgresql-helm-overrides.yaml | 16 +- .../kustomization.yaml | 8 + .../prometheus-postgres-exporter/values.yaml | 259 ++++++++++++++++++ mkdocs.yml | 3 +- 7 files changed, 329 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/kustomize-prometheus-postgres-exporter.yaml create mode 100644 docs/prometheus-postgres-exporter.md create mode 100644 kustomize/prometheus-postgres-exporter/kustomization.yaml create mode 100644 kustomize/prometheus-postgres-exporter/values.yaml diff --git a/.github/workflows/kustomize-prometheus-postgres-exporter.yaml b/.github/workflows/kustomize-prometheus-postgres-exporter.yaml new file mode 100644 index 00000000..bb9d3025 --- /dev/null +++ b/.github/workflows/kustomize-prometheus-postgres-exporter.yaml @@ -0,0 +1,33 @@ +name: Kustomize GitHub Actions for Prometheus PostgresSQL exporter + +on: + pull_request: + paths: + - kustomize/prometheus-postgres-exporter/** + - .github/workflows/kustomize-prometheus-postgres-exporter.yaml +jobs: + kustomize: + name: Kustomize + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: azure/setup-helm@v3 + with: + version: latest + token: "${{ secrets.GITHUB_TOKEN }}" + id: helm + - name: Kustomize Install + working-directory: /usr/local/bin/ + run: | + if [ ! -f /usr/local/bin/kustomize ]; then + curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash + fi + - name: Run Kustomize Build + run: | + kustomize build kustomize/prometheus-postgres-exporter/ --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml + - name: Return Kustomize Build + uses: actions/upload-artifact@v2 + with: + name: kustomize-prometheus-postgres-exporter-artifact + path: /tmp/rendered.yaml diff --git a/docs/prometheus-postgres-exporter.md b/docs/prometheus-postgres-exporter.md new file mode 100644 index 00000000..d765821b --- /dev/null +++ b/docs/prometheus-postgres-exporter.md @@ -0,0 +1,18 @@ +# PostgresSQL Exporter + +PostgresSQL Exporter is used to expose metrics from a running PostgresSQL deployment. + +!!! note + + To deploy metric exporters you will first need to deploy the Prometheus Operator, see: ([Deploy Prometheus](prometheus.md)). + +## Installation + +Install the PostgresSQL Exporter + +``` shell +kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-postgres-exporter | kubectl -n openstack apply -f - +``` + +!!! success + If the installation is successful, you should see the exporter pod in the openstack namespace. diff --git a/docs/prometheus-rabbitmq-exporter.md b/docs/prometheus-rabbitmq-exporter.md index bcec5324..1c2479b5 100644 --- a/docs/prometheus-rabbitmq-exporter.md +++ b/docs/prometheus-rabbitmq-exporter.md @@ -11,8 +11,7 @@ RabbitMQ Exporter is used to expose metrics from a running RabbitMQ deployment. Install the RabbitMQ Exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | \ - kubectl -n openstack apply --server-side -f - +kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | kubectl -n openstack apply --server-side -f - ``` !!! success diff --git a/helm-configs/postgresql/postgresql-helm-overrides.yaml b/helm-configs/postgresql/postgresql-helm-overrides.yaml index 798aad04..679228c1 100644 --- a/helm-configs/postgresql/postgresql-helm-overrides.yaml +++ b/helm-configs/postgresql/postgresql-helm-overrides.yaml @@ -224,9 +224,9 @@ dependencies: monitoring: prometheus: - enabled: true + enabled: false postgresql_exporter: - scrape: true + scrape: false volume: backup: @@ -478,10 +478,10 @@ manifests: pvc_backup: false monitoring: prometheus: - configmap_bin: true - configmap_etc: true - deployment_exporter: true - job_user_create: true - secret_etc: true - service_exporter: true + configmap_bin: false + configmap_etc: false + deployment_exporter: false + job_user_create: false + secret_etc: false + service_exporter: false ... diff --git a/kustomize/prometheus-postgres-exporter/kustomization.yaml b/kustomize/prometheus-postgres-exporter/kustomization.yaml new file mode 100644 index 00000000..4461e2c4 --- /dev/null +++ b/kustomize/prometheus-postgres-exporter/kustomization.yaml @@ -0,0 +1,8 @@ +helmCharts: + - name: prometheus-postgres-exporter + repo: https://prometheus-community.github.io/helm-charts + releaseName: prometheus-postgres-exporter + namespace: openstack + version: 6.0.0 + includeCRDs: true + valuesFile: values.yaml diff --git a/kustomize/prometheus-postgres-exporter/values.yaml b/kustomize/prometheus-postgres-exporter/values.yaml new file mode 100644 index 00000000..01ebe1b9 --- /dev/null +++ b/kustomize/prometheus-postgres-exporter/values.yaml @@ -0,0 +1,259 @@ +replicaCount: 1 + +image: + registry: quay.io + repository: prometheuscommunity/postgres-exporter + # if not set appVersion field from Chart.yaml is used + tag: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +command: [] + +service: + type: ClusterIP + port: 9187 + targetPort: 9187 + name: http + labels: {} + annotations: {} + +automountServiceAccountToken: false + +serviceMonitor: + # When set true then use a ServiceMonitor to configure scraping + enabled: true + # Set the namespace the ServiceMonitor should be deployed + namespace: openstack + # Set how frequently Prometheus should scrape + # interval: 30s + # Set path to cloudwatch-exporter telemtery-path + # telemetryPath: /metrics + # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # labels: + # Set timeout for scrape + # timeout: 10s + # Set of labels to transfer from the Kubernetes Service onto the target + # targetLabels: [] + # MetricRelabelConfigs to apply to samples before ingestion + # metricRelabelings: [] + # Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + # relabelings: [] + +prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current prometheus-postgres-exporter service. + # - alert: HugeReplicationLag + # expr: pg_replication_lag{service="{{ template "prometheus-postgres-exporter.fullname" . }}"} / 3600 > 1 + # for: 1m + # labels: + # severity: critical + # annotations: + # description: replication for {{ template "prometheus-postgres-exporter.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + +priorityClassName: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m +# memory: 128Mi + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Add annotations to the ServiceAccount, useful for EKS IAM Roles for Service Accounts or Google Workload Identity. + annotations: {} + +# Add a default ingress to allow namespace access to service.targetPort +# Helpful if other NetworkPolicies are configured in the namespace +networkPolicy: + # Specifies whether a NetworkPolicy should be created + enabled: false + # Set labels for the NetworkPolicy + labels: {} + +# The securityContext of the pod. +# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. +podSecurityContext: + runAsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +# The securityContext of the container. +# See https://kubernetes.io/docs/concepts/policy/security-context/ for more. +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + +hostAliases: [] + # Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" +# - "bar.local" + +config: + ## The datasource properties on config are passed through helm tpl function. + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + datasource: + # Specify one of both datasource or datasourceSecret + host: postgresql + user: postgres + userSecret: {} + # Secret name + # name: + # User key inside secret + # key: + # Only one of password, passwordFile, passwordSecret and pgpassfile can be specified + password: + # Specify passwordFile if DB password is stored in a file. + # For example, to use with vault-injector from Hashicorp + passwordFile: '' + # Specify passwordSecret if DB password is stored in secret. + passwordSecret: + name: postgresql-db-admin + key: password + # Secret name + # name: + # Password key inside secret + # key: + pgpassfile: '' + # If pgpassfile is set, it is used to initialize the PGPASSFILE environment variable. + # See https://www.postgresql.org/docs/14/libpq-pgpass.html for more info. + port: "5432" + database: '' + sslmode: disable + extraParams: '' + datasourceSecret: {} + # Specifies if datasource should be sourced from secret value in format: postgresql://login:password@hostname:port/dbname?sslmode=disable + # Multiple Postgres databases can be configured by comma separated postgres connection strings + # Secret name + # name: + # Connection string key inside secret + # key: + disableCollectorDatabase: false + disableCollectorBgwriter: false + disableDefaultMetrics: false + disableSettingsMetrics: false + + # possible values debug, info, warn, error, fatal + logLevel: "" + # possible values logfmt, json + logFormat: "" + extraArgs: [] + + # postgres_exporter.yml + postgresExporter: "" + # auth_modules: + # first: + # type: userpass + # userpass: + # username: first + # password: firstpass + # options: + # sslmode: disable + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +annotations: { + prometheus.io/scrape: "true", + prometheus.io/path: "/metrics", + prometheus.io/port: "9187", +} + +podLabels: {} + +# Configurable health checks +livenessProbe: + initialDelaySeconds: 0 + timeoutSeconds: 3 + +readinessProbe: + initialDelaySeconds: 0 + timeoutSeconds: 1 + +# Labels and annotations to attach to the deployment resource +deployment: + labels: {} + annotations: { + prometheus.io/scrape: "true", + prometheus.io/path: "/metrics", + prometheus.io/port: "9187", + } + +# ExtraEnvs +extraEnvs: [] + # - name: EXTRA_ENV + # value: value + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: +# fieldPath: metadata.namespace + +# Init containers, e. g. for secrets creation before the exporter +initContainers: [] + # - name: + # image: + # volumeMounts: + # - name: creds +# mountPath: /creds + +# Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy +extraContainers: [] + +# Additional volumes, e. g. for secrets used in an extraContainer +extraVolumes: [] +# Uncomment for mounting custom ca-certificates +# - name: ssl-certs +# secret: +# defaultMode: 420 +# items: +# - key: ca-certificates.crt +# path: ca-certificates.crt +# secretName: ssl-certs + +# Additional volume mounts +extraVolumeMounts: [] +# Uncomment for mounting custom ca-certificates file into container +# - name: ssl-certs +# mountPath: /etc/ssl/certs/ca-certificates.crt +# subPath: ca-certificates.crt + +podDisruptionBudget: + enabled: false + maxUnavailable: 1 diff --git a/mkdocs.yml b/mkdocs.yml index 6c385096..a8f947b6 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -185,7 +185,8 @@ nav: - MySQL Exporter: prometheus-mysql-exporter.md - RabbitMQ Exporter: prometheus-rabbitmq-exporter.md - Memcached Exporter: prometheus-memcached-exporter.md - - Postgres Exporter: prometheus-openstack-metrics-exporter.md + - Postgres Exporter: prometheus-postgres-exporter.md + - Openstack Exporter: prometheus-openstack-metrics-exporter.md - Operational Guide: - Running Genestack Upgrade: genestack-upgrade.md - Running Kubespray Upgrade: k8s-kubespray-upgrade.md