From 1811abf8f92dc98f76c2948fce3bee8fa8f67f21 Mon Sep 17 00:00:00 2001
From: Keshav Prasad <keshavprasadms@gmail.com>
Date: Mon, 17 Jan 2022 23:47:40 +0530
Subject: [PATCH] feat: TG-1172 prometheus metrics for opa and envoy (#3155)
---
.../core/analytics/templates/deployment.yaml | 12 ++++++-
.../analytics/templates/envoy-config.yaml | 21 ++++++++++++
.../analytics/templates/serviceMonitor.yaml | 14 ++++++++
.../certregistry/templates/deployment.yaml | 12 ++++++-
.../certregistry/templates/envoy-config.yaml | 21 ++++++++++++
.../templates/serviceMonitor.yaml | 34 +++++++++++++++++++
.../helm_charts/core/certregistry/values.j2 | 6 ++++
.../core/content/templates/deployment.yaml | 10 ++++++
.../core/content/templates/envoy-config.yaml | 21 ++++++++++++
.../content/templates/serviceMonitor.yaml | 34 +++++++++++++++++++
kubernetes/helm_charts/core/content/values.j2 | 6 ++++
.../knowledgemw/templates/deployment.yaml | 10 ++++++
.../knowledgemw/templates/envoy-config.yaml | 21 ++++++++++++
.../knowledgemw/templates/serviceMonitor.yaml | 34 +++++++++++++++++++
.../helm_charts/core/knowledgemw/values.j2 | 6 ++++
.../core/learner/templates/deployment.yaml | 10 ++++++
.../core/learner/templates/envoy-config.yaml | 21 ++++++++++++
.../learner/templates/serviceMonitor.yaml | 34 +++++++++++++++++++
kubernetes/helm_charts/core/learner/values.j2 | 6 ++++
.../core/lms/templates/deployment.yaml | 10 ++++++
.../core/lms/templates/envoy-config.yaml | 21 ++++++++++++
.../core/lms/templates/serviceMonitor.yaml | 34 +++++++++++++++++++
kubernetes/helm_charts/core/lms/values.j2 | 6 ++++
23 files changed, 402 insertions(+), 2 deletions(-)
create mode 100644 kubernetes/helm_charts/core/certregistry/templates/serviceMonitor.yaml
create mode 100644 kubernetes/helm_charts/core/content/templates/serviceMonitor.yaml
create mode 100644 kubernetes/helm_charts/core/knowledgemw/templates/serviceMonitor.yaml
create mode 100644 kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml
create mode 100644 kubernetes/helm_charts/core/lms/templates/serviceMonitor.yaml
diff --git a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml
index a23c754a5..8044dac08 100644
--- a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml
@@ -159,5 +159,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.analytics_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
- app: {{ .Chart.Name }}
+ app: {{ .Chart.Name }}
\ No newline at end of file
diff --git a/kubernetes/helm_charts/core/analytics/templates/envoy-config.yaml b/kubernetes/helm_charts/core/analytics/templates/envoy-config.yaml
index 4e37564d3..d7e86e500 100644
--- a/kubernetes/helm_charts/core/analytics/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/analytics/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/analytics/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/analytics/templates/serviceMonitor.yaml
index 16af0de8d..316a9a12c 100644
--- a/kubernetes/helm_charts/core/analytics/templates/serviceMonitor.yaml
+++ b/kubernetes/helm_charts/core/analytics/templates/serviceMonitor.yaml
@@ -15,6 +15,20 @@ spec:
port: http-{{ .Chart.Name }}
scheme: http
scrapeTimeout: 10s
+{{- if .Values.analytics_opa_enabled }}
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+{{- end }}
jobLabel: {{ .Chart.Name }}
namespaceSelector:
matchNames:
diff --git a/kubernetes/helm_charts/core/certregistry/templates/deployment.yaml b/kubernetes/helm_charts/core/certregistry/templates/deployment.yaml
index de6f165b4..691c5c338 100644
--- a/kubernetes/helm_charts/core/certregistry/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/certregistry/templates/deployment.yaml
@@ -147,5 +147,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.certregistry_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
- app: {{ .Chart.Name }}
+ app: {{ .Chart.Name }}
\ No newline at end of file
diff --git a/kubernetes/helm_charts/core/certregistry/templates/envoy-config.yaml b/kubernetes/helm_charts/core/certregistry/templates/envoy-config.yaml
index 9eb6517a6..0fb92bd8e 100644
--- a/kubernetes/helm_charts/core/certregistry/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/certregistry/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/certregistry/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/certregistry/templates/serviceMonitor.yaml
new file mode 100644
index 000000000..9964b1885
--- /dev/null
+++ b/kubernetes/helm_charts/core/certregistry/templates/serviceMonitor.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.certregistry_opa_enabled }}
+{{- if .Values.serviceMonitor.enabled }}
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Chart.Name }}-service
+ namespace: {{ .Values.namespace }}
+ labels:
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+spec:
+ endpoints:
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ jobLabel: {{ .Chart.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ default .Values.namespace .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm_charts/core/certregistry/values.j2 b/kubernetes/helm_charts/core/certregistry/values.j2
index f72e31d0a..dd1eddddd 100644
--- a/kubernetes/helm_charts/core/certregistry/values.j2
+++ b/kubernetes/helm_charts/core/certregistry/values.j2
@@ -56,6 +56,12 @@ initcontainer_resources:
cpu: "{{ certregistry_initcontainer_cpu_limit | default('100m') }}"
memory: "{{ certregistry_initcontainer_mem_limit | default('100Mi') }}"
+serviceMonitor:
+ enabled: true
+ labels: # labels with which the prometheus choose the serviceMonitor
+ app: prometheus-operator
+ release: prometheus-operator
+
autoscaling:
enabled: {{ certregistry_autoscaling_enabled | default('false') }}
minReplicas: {{ certregistry_autoscaling_minReplicas|default(1) }}
diff --git a/kubernetes/helm_charts/core/content/templates/deployment.yaml b/kubernetes/helm_charts/core/content/templates/deployment.yaml
index fb121ac7b..bb0433ee9 100644
--- a/kubernetes/helm_charts/core/content/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/content/templates/deployment.yaml
@@ -152,5 +152,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.content_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
app: {{ .Chart.Name }}
diff --git a/kubernetes/helm_charts/core/content/templates/envoy-config.yaml b/kubernetes/helm_charts/core/content/templates/envoy-config.yaml
index ad22424e3..6e1fe8d2b 100644
--- a/kubernetes/helm_charts/core/content/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/content/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/content/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/content/templates/serviceMonitor.yaml
new file mode 100644
index 000000000..e2e64108b
--- /dev/null
+++ b/kubernetes/helm_charts/core/content/templates/serviceMonitor.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.content_opa_enabled }}
+{{- if .Values.serviceMonitor.enabled }}
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Chart.Name }}-service
+ namespace: {{ .Values.namespace }}
+ labels:
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+spec:
+ endpoints:
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ jobLabel: {{ .Chart.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ default .Values.namespace .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm_charts/core/content/values.j2 b/kubernetes/helm_charts/core/content/values.j2
index 505a2b90d..9a1e65973 100644
--- a/kubernetes/helm_charts/core/content/values.j2
+++ b/kubernetes/helm_charts/core/content/values.j2
@@ -56,6 +56,12 @@ initcontainer_resources:
cpu: "{{ content_initcontainer_cpu_limit | default('100m') }}"
memory: "{{ content_initcontainer_mem_limit | default('100Mi') }}"
+serviceMonitor:
+ enabled: true
+ labels: # labels with which the prometheus choose the serviceMonitor
+ app: prometheus-operator
+ release: prometheus-operator
+
autoscaling:
enabled: {{ content_autoscaling_enabled | default('false') }}
minReplicas: {{ content_autoscaling_minReplicas|default(1) }}
diff --git a/kubernetes/helm_charts/core/knowledgemw/templates/deployment.yaml b/kubernetes/helm_charts/core/knowledgemw/templates/deployment.yaml
index 5432b2579..f81500830 100644
--- a/kubernetes/helm_charts/core/knowledgemw/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/knowledgemw/templates/deployment.yaml
@@ -143,5 +143,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.knowledgemw_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
app: {{ .Chart.Name }}
diff --git a/kubernetes/helm_charts/core/knowledgemw/templates/envoy-config.yaml b/kubernetes/helm_charts/core/knowledgemw/templates/envoy-config.yaml
index ec91a1127..32af75f2b 100644
--- a/kubernetes/helm_charts/core/knowledgemw/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/knowledgemw/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/knowledgemw/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/knowledgemw/templates/serviceMonitor.yaml
new file mode 100644
index 000000000..4749dec07
--- /dev/null
+++ b/kubernetes/helm_charts/core/knowledgemw/templates/serviceMonitor.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.knowledgemw_opa_enabled }}
+{{- if .Values.serviceMonitor.enabled }}
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Chart.Name }}-service
+ namespace: {{ .Values.namespace }}
+ labels:
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+spec:
+ endpoints:
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ jobLabel: {{ .Chart.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ default .Values.namespace .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm_charts/core/knowledgemw/values.j2 b/kubernetes/helm_charts/core/knowledgemw/values.j2
index a1dba6944..e7b32824e 100644
--- a/kubernetes/helm_charts/core/knowledgemw/values.j2
+++ b/kubernetes/helm_charts/core/knowledgemw/values.j2
@@ -55,6 +55,12 @@ initcontainer_resources:
knowledgemw_access_basepath: {{ knowledgemw_access_basepath | default('/home/sunbird/mw/content/keys/') }}
+serviceMonitor:
+ enabled: true
+ labels: # labels with which the prometheus choose the serviceMonitor
+ app: prometheus-operator
+ release: prometheus-operator
+
autoscaling:
enabled: {{ knowledgemw_autoscaling_enabled | default('false') }}
minReplicas: {{ knowledgemw_autoscaling_minReplicas|default(1) }}
diff --git a/kubernetes/helm_charts/core/learner/templates/deployment.yaml b/kubernetes/helm_charts/core/learner/templates/deployment.yaml
index fcf765e76..423297414 100644
--- a/kubernetes/helm_charts/core/learner/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/learner/templates/deployment.yaml
@@ -157,5 +157,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.learner_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
app: {{ .Chart.Name }}
diff --git a/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml b/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml
index 61f4338ff..5c70cfe9d 100644
--- a/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml
new file mode 100644
index 000000000..5d659175c
--- /dev/null
+++ b/kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.learner_opa_enabled }}
+{{- if .Values.serviceMonitor.enabled }}
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Chart.Name }}-service
+ namespace: {{ .Values.namespace }}
+ labels:
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+spec:
+ endpoints:
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ jobLabel: {{ .Chart.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ default .Values.namespace .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm_charts/core/learner/values.j2 b/kubernetes/helm_charts/core/learner/values.j2
index 9a463b202..7a0797b4d 100644
--- a/kubernetes/helm_charts/core/learner/values.j2
+++ b/kubernetes/helm_charts/core/learner/values.j2
@@ -59,6 +59,12 @@ initcontainer_resources:
learner_access_basepath: {{ learner_access_basepath | default('/keys/') }}
+serviceMonitor:
+ enabled: true
+ labels: # labels with which the prometheus choose the serviceMonitor
+ app: prometheus-operator
+ release: prometheus-operator
+
autoscaling:
enabled: {{ learner_autoscaling_enabled | default('false') }}
minReplicas: {{ learner_autoscaling_minReplicas|default(1) }}
diff --git a/kubernetes/helm_charts/core/lms/templates/deployment.yaml b/kubernetes/helm_charts/core/lms/templates/deployment.yaml
index d394b5f75..ccefa7062 100644
--- a/kubernetes/helm_charts/core/lms/templates/deployment.yaml
+++ b/kubernetes/helm_charts/core/lms/templates/deployment.yaml
@@ -162,5 +162,15 @@ spec:
- name: http-{{ .Chart.Name }}
protocol: TCP
port: {{ .Values.network.targetport }}
+{{- if .Values.lms_opa_enabled }}
+ - name: opa-metrics
+ port: 8181
+ protocol: TCP
+ targetPort: 8181
+ - name: envoy-metrics
+ port: 10000
+ protocol: TCP
+ targetPort: 10000
+{{- end }}
selector:
app: {{ .Chart.Name }}
diff --git a/kubernetes/helm_charts/core/lms/templates/envoy-config.yaml b/kubernetes/helm_charts/core/lms/templates/envoy-config.yaml
index 05961809e..5d08a0abb 100644
--- a/kubernetes/helm_charts/core/lms/templates/envoy-config.yaml
+++ b/kubernetes/helm_charts/core/lms/templates/envoy-config.yaml
@@ -29,6 +29,15 @@ data:
domains:
- "*"
routes:
+ - match:
+ prefix: "/opa/metrics"
+ route:
+ prefix_rewrite: "/metrics"
+ cluster: opa
+ typed_per_filter_config:
+ envoy.filters.http.ext_authz:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+ disabled: true
- match:
prefix: "{{ .Values.livenessProbe.httpGet.path }}"
route:
@@ -71,6 +80,18 @@ data:
socket_address:
address: 127.0.0.1
port_value: {{ .Values.network.targetport }}
+ - name: opa
+ connect_timeout: 5s
+ type: static
+ load_assignment:
+ cluster_name: opa
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8181
admin:
access_log_path: "/dev/stdout"
address:
diff --git a/kubernetes/helm_charts/core/lms/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/lms/templates/serviceMonitor.yaml
new file mode 100644
index 000000000..06b49f996
--- /dev/null
+++ b/kubernetes/helm_charts/core/lms/templates/serviceMonitor.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.lms_opa_enabled }}
+{{- if .Values.serviceMonitor.enabled }}
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Chart.Name }}-service
+ namespace: {{ .Values.namespace }}
+ labels:
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+spec:
+ endpoints:
+ - honorLabels: true
+ interval: 30s
+ path: /opa/metrics
+ port: opa-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ - honorLabels: true
+ interval: 30s
+ path: /stats/prometheus
+ port: envoy-metrics
+ scheme: http
+ scrapeTimeout: 10s
+ jobLabel: {{ .Chart.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ default .Values.namespace .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm_charts/core/lms/values.j2 b/kubernetes/helm_charts/core/lms/values.j2
index 519736aaa..43e51a287 100644
--- a/kubernetes/helm_charts/core/lms/values.j2
+++ b/kubernetes/helm_charts/core/lms/values.j2
@@ -58,6 +58,12 @@ initcontainer_resources:
lms_access_basepath: {{ lms_access_basepath | default('/keys/') }}
+serviceMonitor:
+ enabled: true
+ labels: # labels with which the prometheus choose the serviceMonitor
+ app: prometheus-operator
+ release: prometheus-operator
+
autoscaling:
enabled: {{ lms_autoscaling_enabled | default('false') }}
minReplicas: {{ lms_autoscaling_minReplicas|default(1) }}
--
GitLab