Monitoring: Adding postgres exporter

.github/workflows/kustomize-prometheus-postgres-exporter.yaml

@@ -0,0 +1,33 @@
+name: Kustomize GitHub Actions for Prometheus PostgresSQL exporter
+
+on:
+  pull_request:
+    paths:
+      - kustomize/prometheus-postgres-exporter/**
+      - .github/workflows/kustomize-prometheus-postgres-exporter.yaml
+jobs:
+  kustomize:
+    name: Kustomize
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kustomize Install
+        working-directory: /usr/local/bin/
+        run: |
+          if [ ! -f /usr/local/bin/kustomize ]; then
+            curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash
+          fi
+      - name: Run Kustomize Build
+        run: |
+          kustomize build kustomize/prometheus-postgres-exporter/ --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml
+      - name: Return Kustomize Build
+        uses: actions/upload-artifact@v2
+        with:
+          name: kustomize-prometheus-postgres-exporter-artifact
+          path: /tmp/rendered.yaml

docs/prometheus-postgres-exporter.md

@@ -0,0 +1,18 @@
+# PostgresSQL Exporter
+
+PostgresSQL Exporter is used to expose metrics from a running PostgresSQL deployment.
+
+!!! note
+
+    To deploy metric exporters you will first need to deploy the Prometheus Operator, see: ([Deploy Prometheus](prometheus.md)).
+
+## Installation
+
+Install the PostgresSQL Exporter
+
+``` shell
+kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-postgres-exporter | kubectl -n openstack apply  -f -
+```
+
+!!! success
+    If the installation is successful, you should see the exporter pod in the openstack namespace.

docs/prometheus-rabbitmq-exporter.md

@@ -11,8 +11,7 @@ RabbitMQ Exporter is used to expose metrics from a running RabbitMQ deployment.
 Install the RabbitMQ Exporter
 
 ``` shell
-kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | \
-  kubectl -n openstack apply --server-side -f -
+kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | kubectl -n openstack apply --server-side -f -
 ```
 
 !!! success

helm-configs/postgresql/postgresql-helm-overrides.yaml

@@ -224,9 +224,9 @@ dependencies:
 
 monitoring:
   prometheus:
-    enabled: true
+    enabled: false
     postgresql_exporter:
-      scrape: true
+      scrape: false
 
 volume:
   backup:
@@ -478,10 +478,10 @@ manifests:
   pvc_backup: false
   monitoring:
     prometheus:
-      configmap_bin: true
-      configmap_etc: true
-      deployment_exporter: true
-      job_user_create: true
-      secret_etc: true
-      service_exporter: true
+      configmap_bin: false
+      configmap_etc: false
+      deployment_exporter: false
+      job_user_create: false
+      secret_etc: false
+      service_exporter: false
 ...

kustomize/prometheus-postgres-exporter/kustomization.yaml

@@ -0,0 +1,8 @@
+helmCharts:
+  - name: prometheus-postgres-exporter
+    repo: https://prometheus-community.github.io/helm-charts
+    releaseName: prometheus-postgres-exporter
+    namespace: openstack
+    version: 6.0.0
+    includeCRDs: true
+    valuesFile: values.yaml

kustomize/prometheus-postgres-exporter/values.yaml

@@ -0,0 +1,259 @@
+replicaCount: 1
+
+image:
+  registry: quay.io
+  repository: prometheuscommunity/postgres-exporter
+  # if not set appVersion field from Chart.yaml is used
+  tag: ""
+  pullPolicy: IfNotPresent
+
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistrKeySecretName
+
+command: []
+
+service:
+  type: ClusterIP
+  port: 9187
+  targetPort: 9187
+  name: http
+  labels: {}
+  annotations: {}
+
+automountServiceAccountToken: false
+
+serviceMonitor:
+  # When set true then use a ServiceMonitor to configure scraping
+  enabled: true
+  # Set the namespace the ServiceMonitor should be deployed
+  namespace: openstack
+  # Set how frequently Prometheus should scrape
+  # interval: 30s
+  # Set path to cloudwatch-exporter telemtery-path
+  # telemetryPath: /metrics
+  # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+  # labels:
+  # Set timeout for scrape
+  # timeout: 10s
+  # Set of labels to transfer from the Kubernetes Service onto the target
+  # targetLabels: []
+  # MetricRelabelConfigs to apply to samples before ingestion
+  # metricRelabelings: []
+  # Set relabel_configs as per https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+  # relabelings: []
+
+prometheusRule:
+  enabled: false
+  additionalLabels: {}
+  namespace: ""
+  rules: []
+    ## These are just examples rules, please adapt them to your needs.
+    ## Make sure to constraint the rules to the current prometheus-postgres-exporter service.
+    # - alert: HugeReplicationLag
+    #   expr: pg_replication_lag{service="{{ template "prometheus-postgres-exporter.fullname" . }}"} / 3600 > 1
+    #   for: 1m
+    #   labels:
+    #     severity: critical
+    #   annotations:
+    #     description: replication for {{ template "prometheus-postgres-exporter.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s).
+  #     summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s).
+
+priorityClassName: ""
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #    memory: 128Mi
+  # requests:
+  #   cpu: 100m
+#   memory: 128Mi
+
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+  # Add annotations to the ServiceAccount, useful for EKS IAM Roles for Service Accounts or Google Workload Identity.
+  annotations: {}
+
+# Add a default ingress to allow namespace access to service.targetPort
+# Helpful if other NetworkPolicies are configured in the namespace
+networkPolicy:
+  # Specifies whether a NetworkPolicy should be created
+  enabled: false
+  # Set labels for the NetworkPolicy
+  labels: {}
+
+# The securityContext of the pod.
+# See https://kubernetes.io/docs/concepts/policy/security-context/ for more.
+podSecurityContext:
+  runAsGroup: 1001
+  runAsUser: 1001
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
+
+# The securityContext of the container.
+# See https://kubernetes.io/docs/concepts/policy/security-context/ for more.
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  privileged: false
+  readOnlyRootFilesystem: true
+
+hostAliases: []
+  # Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+  # - ip: "127.0.0.1"
+  #   hostnames:
+  #   - "foo.local"
+#   - "bar.local"
+
+config:
+  ## The datasource properties on config are passed through helm tpl function.
+  ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
+  datasource:
+    # Specify one of both datasource or datasourceSecret
+    host: postgresql
+    user: postgres
+    userSecret: {}
+    # Secret name
+    #  name:
+    # User key inside secret
+    #  key:
+    # Only one of password, passwordFile, passwordSecret and pgpassfile can be specified
+    password:
+    # Specify passwordFile if DB password is stored in a file.
+    # For example, to use with vault-injector from Hashicorp
+    passwordFile: ''
+    # Specify passwordSecret if DB password is stored in secret.
+    passwordSecret:
+      name: postgresql-db-admin
+      key: password
+    # Secret name
+    #  name:
+    # Password key inside secret
+    #  key:
+    pgpassfile: ''
+    # If pgpassfile is set, it is used to initialize the PGPASSFILE environment variable.
+    # See https://www.postgresql.org/docs/14/libpq-pgpass.html for more info.
+    port: "5432"
+    database: ''
+    sslmode: disable
+    extraParams: ''
+  datasourceSecret: {}
+    # Specifies if datasource should be sourced from secret value in format: postgresql://login:password@hostname:port/dbname?sslmode=disable
+    # Multiple Postgres databases can be configured by comma separated postgres connection strings
+    # Secret name
+    #  name:
+    # Connection string key inside secret
+  #  key:
+  disableCollectorDatabase: false
+  disableCollectorBgwriter: false
+  disableDefaultMetrics: false
+  disableSettingsMetrics: false
+
+  # possible values debug, info, warn, error, fatal
+  logLevel: ""
+  # possible values logfmt, json
+  logFormat: ""
+  extraArgs: []
+
+  # postgres_exporter.yml
+  postgresExporter: ""
+    # auth_modules:
+    #   first:
+    #     type: userpass
+    #     userpass:
+    #       username: first
+    #       password: firstpass
+    #     options:
+  #       sslmode: disable
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+annotations: {
+  prometheus.io/scrape: "true",
+  prometheus.io/path: "/metrics",
+  prometheus.io/port: "9187",
+}
+
+podLabels: {}
+
+# Configurable health checks
+livenessProbe:
+  initialDelaySeconds: 0
+  timeoutSeconds: 3
+
+readinessProbe:
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+
+# Labels and annotations to attach to the deployment resource
+deployment:
+  labels: {}
+  annotations: {
+    prometheus.io/scrape: "true",
+    prometheus.io/path: "/metrics",
+    prometheus.io/port: "9187",
+  }
+
+# ExtraEnvs
+extraEnvs: []
+  # - name: EXTRA_ENV
+  #   value: value
+  # - name: POD_NAMESPACE
+  #   valueFrom:
+  #     fieldRef:
+#       fieldPath: metadata.namespace
+
+# Init containers, e. g. for secrets creation before the exporter
+initContainers: []
+  # - name:
+  #   image:
+  #   volumeMounts:
+  #     - name: creds
+#       mountPath: /creds
+
+# Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
+extraContainers: []
+
+# Additional volumes, e. g. for secrets used in an extraContainer
+extraVolumes: []
+# Uncomment for mounting custom ca-certificates
+#  - name: ssl-certs
+#    secret:
+#      defaultMode: 420
+#      items:
+#      - key: ca-certificates.crt
+#        path: ca-certificates.crt
+#      secretName: ssl-certs
+
+# Additional volume mounts
+extraVolumeMounts: []
+# Uncomment for mounting custom ca-certificates file into container
+#  - name: ssl-certs
+#    mountPath: /etc/ssl/certs/ca-certificates.crt
+#    subPath: ca-certificates.crt
+
+podDisruptionBudget:
+  enabled: false
+  maxUnavailable: 1

mkdocs.yml

@@ -185,7 +185,8 @@ nav:
               - MySQL Exporter: prometheus-mysql-exporter.md
               - RabbitMQ Exporter: prometheus-rabbitmq-exporter.md
               - Memcached Exporter: prometheus-memcached-exporter.md
-              - Postgres Exporter: prometheus-openstack-metrics-exporter.md
+              - Postgres Exporter: prometheus-postgres-exporter.md
+              - Openstack Exporter: prometheus-openstack-metrics-exporter.md
   - Operational Guide:
       - Running Genestack Upgrade: genestack-upgrade.md
       - Running Kubespray Upgrade: k8s-kubespray-upgrade.md