diff options
Diffstat (limited to 'roles/openshift_prometheus')
-rw-r--r-- | roles/openshift_prometheus/README.md | 35 | ||||
-rw-r--r-- | roles/openshift_prometheus/defaults/main.yaml | 18 | ||||
-rw-r--r-- | roles/openshift_prometheus/tasks/install_prometheus.yaml | 15 | ||||
-rw-r--r-- | roles/openshift_prometheus/tasks/main.yaml | 5 | ||||
-rw-r--r-- | roles/openshift_prometheus/templates/prometheus.j2 (renamed from roles/openshift_prometheus/templates/prometheus_deployment.j2) | 63 | ||||
-rw-r--r-- | roles/openshift_prometheus/vars/default_images.yml | 12 | ||||
-rw-r--r-- | roles/openshift_prometheus/vars/openshift-enterprise.yml | 12 |
7 files changed, 109 insertions, 51 deletions
diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index c5a44bffb..92f74928c 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -17,16 +17,16 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_namespace`: project (i.e. namespace) where the components will be deployed. -- `openshift_prometheus_replicas`: The number of replicas for prometheus deployment. - - `openshift_prometheus_node_selector`: Selector for the nodes prometheus will be deployed on. -- `openshift_prometheus_image_<COMPONENT>`: specify image for the component +- `openshift_prometheus_<COMPONENT>_image_prefix`: specify image prefix for the component + +- `openshift_prometheus_<COMPONENT>_image_version`: specify image version for the component -## Storage related variables -Each prometheus component (prometheus, alertmanager, alert-buffer, oauth-proxy) can set pv claim by setting corresponding role variable: +## PVC related variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set pv claim by setting corresponding role variable: ``` -openshift_prometheus_<COMPONENT>_storage_type: <VALUE> +openshift_prometheus_<COMPONENT>_storage_type: <VALUE> (pvc, emptydir) openshift_prometheus_<COMPONENT>_pvc_(name|size|access_modes|pv_selector): <VALUE> ``` e.g @@ -37,6 +37,29 @@ openshift_prometheus_alertbuffer_pvc_size: 10G openshift_prometheus_pvc_access_modes: [ReadWriteOnce] ``` +## NFS PV Storage variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set nfs pv by setting corresponding variable: +``` +openshift_prometheus_<COMPONENT>_storage_kind=<VALUE> +openshift_prometheus_<COMPONENT>_storage_(access_modes|host|labels)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_volume_(name|size)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_nfs_(directory|options)=<VALUE> +``` +e.g +``` +openshift_prometheus_storage_kind=nfs +openshift_prometheus_storage_access_modes=['ReadWriteOnce'] +openshift_prometheus_storage_host=nfs.example.com #for external host +openshift_prometheus_storage_nfs_directory=/exports +openshift_prometheus_storage_alertmanager_nfs_options='*(rw,root_squash)' +openshift_prometheus_storage_volume_name=prometheus +openshift_prometheus_storage_alertbuffer_volume_size=10Gi +openshift_prometheus_storage_labels={'storage': 'prometheus'} +``` + +NOTE: Setting `openshift_prometheus_<COMPONENT>_storage_labels` overrides `openshift_prometheus_<COMPONENT>_pvc_pv_selector` + + ## Additional Alert Rules file variable An external file with alert rules can be added by setting path to additional rules variable: ``` diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index c08bec4cb..4e2cea0b9 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -2,34 +2,30 @@ # defaults file for openshift_prometheus openshift_prometheus_state: present -openshift_prometheus_namespace: prometheus +openshift_prometheus_namespace: openshift-metrics -openshift_prometheus_replicas: 1 openshift_prometheus_node_selector: {"region":"infra"} -# images -openshift_prometheus_image_proxy: "openshift/oauth-proxy:v1.0.0" -openshift_prometheus_image_prometheus: "openshift/prometheus:v2.0.0-dev" -openshift_prometheus_image_alertmanager: "openshift/prometheus-alertmanager:v0.9.1" -openshift_prometheus_image_alertbuffer: "openshift/prometheus-alert-buffer:v0.0.1" - # additional prometheus rules file openshift_prometheus_additional_rules_file: null # storage -openshift_prometheus_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_storage_type: "emptydir" openshift_prometheus_pvc_name: prometheus openshift_prometheus_pvc_size: "{{ openshift_prometheus_storage_volume_size | default('10Gi') }}" openshift_prometheus_pvc_access_modes: [ReadWriteOnce] openshift_prometheus_pvc_pv_selector: "{{ openshift_prometheus_storage_labels | default({}) }}" -openshift_prometheus_alertmanager_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertmanager_storage_type: "emptydir" openshift_prometheus_alertmanager_pvc_name: prometheus-alertmanager openshift_prometheus_alertmanager_pvc_size: "{{ openshift_prometheus_alertmanager_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertmanager_pvc_access_modes: [ReadWriteOnce] openshift_prometheus_alertmanager_pvc_pv_selector: "{{ openshift_prometheus_alertmanager_storage_labels | default({}) }}" -openshift_prometheus_alertbuffer_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertbuffer_storage_type: "emptydir" openshift_prometheus_alertbuffer_pvc_name: prometheus-alertbuffer openshift_prometheus_alertbuffer_pvc_size: "{{ openshift_prometheus_alertbuffer_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertbuffer_pvc_access_modes: [ReadWriteOnce] diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index cb75eedca..00c3c1987 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -128,6 +128,7 @@ access_modes: "{{ openshift_prometheus_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_pvc_size }}" selector: "{{ openshift_prometheus_pvc_pv_selector }}" + when: openshift_prometheus_storage_type == 'pvc' - name: create alertmanager pvc oc_pvc: @@ -136,6 +137,7 @@ access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}" selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}" + when: openshift_prometheus_alertmanager_storage_type == 'pvc' - name: create alertbuffer pvc oc_pvc: @@ -144,22 +146,23 @@ access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}" selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" + when: openshift_prometheus_alertbuffer_storage_type == 'pvc' -# create prometheus deployment -- name: Set prometheus deployment template +# create prometheus stateful set +- name: Set prometheus template template: - src: prometheus_deployment.j2 + src: prometheus.j2 dest: "{{ tempdir }}/templates/prometheus.yaml" vars: namespace: "{{ openshift_prometheus_namespace }}" - prom_replicas: "{{ openshift_prometheus_replicas }}" +# prom_replicas: "{{ openshift_prometheus_replicas }}" -- name: Set prometheus deployment +- name: Set prometheus stateful set oc_obj: state: "{{ state }}" name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" - kind: deployment + kind: statefulset files: - "{{ tempdir }}/templates/prometheus.yaml" delete_after: true diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 523a64334..5cc9a67eb 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -1,4 +1,9 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type }}.yml" + - "default_images.yml" - name: Create temp directory for doing work in on target command: mktemp -td openshift-prometheus-ansible-XXXXXX diff --git a/roles/openshift_prometheus/templates/prometheus_deployment.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 66eab6df4..456db3a57 100644 --- a/roles/openshift_prometheus/templates/prometheus_deployment.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -1,12 +1,14 @@ -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: prometheus namespace: {{ namespace }} labels: app: prometheus spec: - replicas: {{ prom_replicas|default(1) }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel selector: provider: openshift matchLabels: @@ -21,28 +23,28 @@ spec: {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: {% for key, value in openshift_prometheus_node_selector.iteritems() %} - {{key}}: "{{value}}" + {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: # Deploy Prometheus behind an oauth proxy - name: prom-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 8443 @@ -60,6 +62,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -skip-auth-regex=^/metrics volumeMounts: - mountPath: /etc/tls/private @@ -72,24 +76,25 @@ spec: - name: prometheus args: - --storage.tsdb.retention=6h + - --storage.tsdb.min-block-duration=2m - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 - image: "{{ openshift_prometheus_image_prometheus }}" + image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} - memory: "{{openshift_prometheus_memory_requests}}" + memory: "{{ openshift_prometheus_memory_requests }}" {% endif %} {% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} - cpu: "{{openshift_prometheus_cpu_requests}}" + cpu: "{{ openshift_prometheus_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} memory: "{{ openshift_prometheus_memory_limit }}" {% endif %} {% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} - cpu: "{{openshift_prometheus_cpu_limit}}" + cpu: "{{ openshift_prometheus_cpu_limit }}" {% endif %} volumeMounts: @@ -100,22 +105,22 @@ spec: # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy - name: alerts-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 9443 @@ -133,6 +138,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt volumeMounts: - mountPath: /etc/tls/private name: alerts-tls @@ -142,22 +149,22 @@ spec: - name: alert-buffer args: - --storage-path=/alert-buffer/messages.db - image: "{{ openshift_prometheus_image_alertbuffer }}" + image: "{{ l_openshift_prometheus_alertbuffer_image_prefix }}prometheus-alert-buffer:{{ l_openshift_prometheus_alertbuffer_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_requests }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_limit }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_limit }}" {% endif %} volumeMounts: - mountPath: /alert-buffer @@ -169,22 +176,22 @@ spec: - name: alertmanager args: - -config.file=/etc/alertmanager/alertmanager.yml - image: "{{ openshift_prometheus_image_alertmanager }}" + image: "{{ l_openshift_prometheus_alertmanager_image_prefix }}prometheus-alertmanager:{{ l_openshift_prometheus_alertmanager_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_requests}}" + memory: "{{ openshift_prometheus_alertmanager_memory_requests }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_limit}}" + memory: "{{ openshift_prometheus_alertmanager_memory_limit }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_limit }}" {% endif %} ports: - containerPort: 9093 diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml new file mode 100644 index 000000000..ad52a3125 --- /dev/null +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('openshift/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_prometheus/vars/openshift-enterprise.yml b/roles/openshift_prometheus/vars/openshift-enterprise.yml new file mode 100644 index 000000000..9bb4c99bb --- /dev/null +++ b/roles/openshift_prometheus/vars/openshift-enterprise.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v3.7') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v3.7') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v3.7') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v3.7') }}" |