Skip to content

Commit bf80e85

Browse files
antoinedeschenesantoinedeschenes
authored
Add Prometheus server aliases and bearer token authentication support (#815)
Adds --prometheus-server-token-file flag to support authenticating to a prometheus server using a bearer token file. Adds --additional-prometheus-servers=<name>=<url>,... and --additional-prometheus-server-token-files=<name>=<url>,... to support additional servers through the new "prometheus-server-alias" HPA annotation Signed-off-by: Antoine Deschênes <[email protected]>
1 parent c5017c7 commit bf80e85

File tree

8 files changed

+155
-72
lines changed

8 files changed

+155
-72
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,10 @@ metadata:
243243
# If specified, then this prometheus server is used,
244244
# instead of the prometheus server specified as the CLI argument `--prometheus-server`.
245245
metric-config.external.processed-events-per-second.prometheus/prometheus-server: http://prometheus.my-namespace.svc
246+
# This annotation is optional.
247+
# If specified, this will use one of the additional prometheus servers configured via the
248+
# --additional-prometheus-server <name>=<url>,<name>=<url>,... CLI argument.
249+
metric-config.external.processed-events-per-second.prometheus/prometheus-server-alias: external-prometheus
246250
# metric-config.<metricType>.<metricName>.<collectorType>/<configKey>
247251
metric-config.external.processed-events-per-second.prometheus/query: |
248252
scalar(sum(rate(event-service_events_count{application="event-service",processed="true"}[1m])))

docs/helm/templates/deployment.yaml

Lines changed: 70 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -39,174 +39,189 @@ spec:
3939
args:
4040
{{- if .Values.addDirectoryHeader }}
4141
- --add_dir_header={{ .Values.addDirectoryHeader }}
42-
{{- end}}
42+
{{- end }}
4343
{{- if .Values.log.alsoToStderr }}
4444
- --alsologtostderr={{ .Values.log.alsoToStderr }}
45-
{{- end}}
45+
{{- end }}
4646
{{- if .Values.authentication.kubeConfig }}
4747
- --authentication-kubeconfig={{ .Values.authentication.kubeConfig }}
48-
{{- end}}
48+
{{- end }}
4949
{{- if .Values.authentication.skipLookup }}
5050
- --authentication-skip-lookup={{ .Values.authentication.skipLookup }}
51-
{{- end}}
51+
{{- end }}
5252
{{- if .Values.authentication.tokenWebhookCacheTtl }}
5353
- --authentication-token-webhook-cache-ttl={{ .Values.authentication.tokenWebhookCacheTtl }}
54-
{{- end}}
54+
{{- end }}
5555
{{- if .Values.authentication.tolerateLookupFailure }}
5656
- --authentication-tolerate-lookup-failure={{ .Values.authentication.tolerateLookupFailure }}
57-
{{- end}}
57+
{{- end }}
5858
{{- if .Values.authorization.alwaysAllowPaths }}
5959
- --authorization-always-allow-paths={{ .Values.authorization.alwaysAllowPaths }}
60-
{{- end}}
60+
{{- end }}
6161
{{- if .Values.authorization.kubeConfig }}
6262
- --authorization-kubeconfig={{ .Values.authorization.kubeConfig }}
63-
{{- end}}
63+
{{- end }}
6464
{{- if .Values.authorization.webhookCache.authorizedTtl }}
6565
- --authorization-webhook-cache-authorized-ttl={{ .Values.authorization.webhookCache.authorizedTtl }}
66-
{{- end}}
66+
{{- end }}
6767
{{- if .Values.authorization.webhookCache.unauthorizedTtl }}
6868
- --authorization-webhook-cache-unauthorized-ttl={{ .Values.authorization.webhookCache.unauthorizedTtl }}
69-
{{- end}}
69+
{{- end }}
7070
{{- if .Values.aws.externalMetrics }}
7171
- --aws-external-metrics={{ .Values.aws.externalMetrics }}
72-
{{- end}}
72+
{{- end }}
7373
{{- if .Values.aws.region }}
7474
- --aws-region={{ .Values.aws.region }}
75-
{{- end}}
75+
{{- end }}
7676
{{- if .Values.tls.certificateDirectory }}
7777
- --cert-dir={{ .Values.tls.certificateDirectory }}
78-
{{- end}}
78+
{{- end }}
7979
{{- if .Values.tls.clientCaFile }}
8080
- --client-ca-file={{ .Values.tls.clientCaFile }}
81-
{{- end}}
81+
{{- end }}
8282
{{- if .Values.contentionProfiling }}
8383
- --contention-profiling={{ .Values.contentionProfiling }}
84-
{{- end}}
84+
{{- end }}
8585
{{- if .Values.credentialsDirectory }}
8686
- --credentials-dir={{ .Values.credentialsDirectory }}
87-
{{- end}}
87+
{{- end }}
8888
{{- if .Values.disregardIncompatibleHPAs }}
8989
- --disregard-incompatible-hpas={{ .Values.disregardIncompatibleHPAs }}
90-
{{- end}}
90+
{{- end }}
9191
{{- if .Values.enableCustomMetricsApi }}
9292
- --enable-custom-metrics-api={{ .Values.enableCustomMetricsApi }}
93-
{{- end}}
93+
{{- end }}
9494
{{- if .Values.enableExternalMetricsApi }}
9595
- --enable-external-metrics-api={{ .Values.enableExternalMetricsApi }}
96-
{{- end}}
96+
{{- end }}
9797
{{- if .Values.http2MaxStreamsPerConnection }}
9898
- --http2-max-streams-per-connection={{ .Values.http2MaxStreamsPerConnection }}
99-
{{- end}}
99+
{{- end }}
100100
{{- if .Values.influxDB.address }}
101101
- --influxdb-address={{ .Values.influxDB.address }}
102-
{{- end}}
102+
{{- end }}
103103
{{- if .Values.influxDB.organization }}
104104
- --influxdb-org={{ .Values.influxDB.organization }}
105-
{{- end}}
105+
{{- end }}
106106
{{- if .Values.influxDB.token }}
107107
- --influxdb-token={{ .Values.influxDB.token }}
108-
{{- end}}
108+
{{- end }}
109109
{{- if .Values.listerKubeConfig }}
110110
- --lister-kubeconfig={{ .Values.listerKubeConfig }}
111-
{{- end}}
111+
{{- end }}
112112
{{- if .Values.log.flushFrequency }}
113113
- --log-flush-frequency={{ .Values.log.flushFrequency }}
114-
{{- end}}
114+
{{- end }}
115115
{{- if .Values.log.backtraceAtTraceLocation }}
116116
- --log_backtrace_at={{ .Values.log.backtraceAtTraceLocation }}
117-
{{- end}}
117+
{{- end }}
118118
{{- if .Values.log.directory }}
119119
- --log_dir={{ .Values.log.directory }}
120-
{{- end}}
120+
{{- end }}
121121
{{- if .Values.log.file }}
122122
- --log_file={{ .Values.log.file }}
123-
{{- end}}
123+
{{- end }}
124124
{{- if .Values.log.fileMaxSize }}
125125
- --log_file_max_size={{ .Values.log.fileMaxSize }}
126-
{{- end}}
126+
{{- end }}
127127
{{- if .Values.log.toStderr }}
128128
- --logtostderr={{ .Values.log.toStderr }}
129-
{{- end}}
129+
{{- end }}
130130
{{- if .Values.prometheus.metricsAddress }}
131131
- --metrics-address={{ .Values.prometheus.metricsAddress }}
132-
{{- end}}
132+
{{- end }}
133133
{{- if .Values.profiling }}
134134
- --profiling={{ .Values.profiling }}
135-
{{- end}}
135+
{{- end }}
136136
{{- if .Values.prometheus.server }}
137137
- --prometheus-server={{ .Values.prometheus.server }}
138-
{{- end}}
138+
{{- end }}
139+
{{- if .Values.prometheus.serverTokenFile }}
140+
- --prometheus-server-token-file={{ .Values.prometheus.serverTokenFile }}
141+
{{- end }}
142+
{{- range $name, $url := .Values.prometheus.additionalServers }}
143+
- --additional-prometheus-server={{ $name }}={{ $url }}
144+
{{- end }}
145+
{{- range $name, $path := .Values.prometheus.additionalServerTokenFiles }}
146+
- --additional-prometheus-server-token-file={{ $name }}={{ $path }}
147+
{{- end }}
139148
{{- if .Values.requestHeader.allowedNames }}
140149
- --requestheader-allowed-names={{ .Values.requestHeader.allowedNames }}
141-
{{- end}}
150+
{{- end }}
142151
{{- if .Values.requestHeader.clientCaFile }}
143152
- --requestheader-client-ca-file={{ .Values.requestHeader.clientCaFile }}
144-
{{- end}}
153+
{{- end }}
145154
{{- if .Values.requestHeader.extraHeadersPrefix }}
146155
- --requestheader-extra-headers-prefix={{ .Values.requestHeader.extraHeadersPrefix }}
147-
{{- end}}
156+
{{- end }}
148157
{{- if .Values.requestHeader.groupHeaders }}
149158
- --requestheader-group-headers={{ .Values.requestHeader.groupHeaders }}
150-
{{- end}}
159+
{{- end }}
151160
{{- if .Values.requestHeader.usernameHeaders }}
152161
- --requestheader-username-headers={{ .Values.requestHeader.usernameHeaders }}
153-
{{- end}}
162+
{{- end }}
154163
- --secure-port={{ .Values.service.internalPort }}
155164
{{- if .Values.log.skipHeaders }}
156165
- --skip_headers={{ .Values.log.skipHeaders }}
157-
{{- end}}
166+
{{- end }}
158167
{{- if .Values.log.skipLogHeaders }}
159168
- --skip_log_headers={{ .Values.log.skipLogHeaders }}
160-
{{- end}}
169+
{{- end }}
161170
{{- if .Values.skipperBackendsAnnotation }}
162171
- --skipper-backends-annotation={{ .Values.skipperBackendsAnnotation }}
163-
{{- end}}
172+
{{- end }}
164173
{{- if .Values.skipperIngressMetrics }}
165174
- --skipper-ingress-metrics={{ .Values.skipperIngressMetrics }}
166-
{{- end}}
175+
{{- end }}
167176
{{- if .Values.skipperRouteGroupMetrics }}
168177
- --skipper-routegroup-metrics={{ .Values.skipperRouteGroupMetrics }}
169-
{{- end}}
178+
{{- end }}
170179
{{- if .Values.log.stderrThreshold }}
171180
- --stderrthreshold={{ .Values.log.stderrThreshold }}
172-
{{- end}}
181+
{{- end }}
173182
{{- if .Values.tls.certFile }}
174183
- --tls-cert-file={{ .Values.tls.certFile }}
175-
{{- end}}
184+
{{- end }}
176185
{{- if .Values.tls.cipherSuites }}
177186
- --tls-cipher-suites={{ .Values.tls.cipherSuites }}
178-
{{- end}}
187+
{{- end }}
179188
{{- if .Values.tls.minVersion }}
180189
- --tls-min-version={{ .Values.tls.minVersion }}
181-
{{- end}}
190+
{{- end }}
182191
{{- if .Values.tls.privateKeyFile }}
183192
- --tls-private-key-file={{ .Values.tls.privateKeyFile }}
184-
{{- end}}
193+
{{- end }}
185194
{{- if .Values.tls.sniCertKey }}
186195
- --tls-sni-cert-key={{ .Values.tls.sniCertKey }}
187-
{{- end}}
196+
{{- end }}
188197
{{- if .Values.token }}
189198
- --token={{ .Values.token }}
190-
{{- end}}
199+
{{- end }}
191200
{{- if .Values.log.level }}
192201
- --v={{ .Values.log.level }}
193-
{{- end}}
202+
{{- end }}
194203
{{- if .Values.vmodule }}
195204
- --vmodule={{ .Values.vmodule }}
196-
{{- end}}
205+
{{- end }}
197206
{{- if .Values.zmon.kariosdbEndpoint }}
198207
- --zmon-kariosdb-endpoint={{ .Values.zmon.kariosdbEndpoint }}
199-
{{- end}}
208+
{{- end }}
200209
{{- if .Values.zmon.tokenName }}
201210
- --zmon-token-name={{ .Values.zmon.tokenName }}
202-
{{- end}}
211+
{{- end }}
203212
{{- if .Values.scalingSchedule.enabled }}
204213
- --scaling-schedule
205-
{{- end}}
214+
{{- end }}
206215
resources:
207216
limits:
208217
cpu: {{ .Values.resources.limits.cpu }}
209218
memory: {{ .Values.resources.limits.memory }}
210219
requests:
211220
cpu: {{ .Values.resources.requests.cpu }}
212221
memory: {{ .Values.resources.requests.memory }}
222+
{{- if .Values.volumeMounts }}
223+
volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }}
224+
{{- end }}
225+
{{- if .Values.volumes }}
226+
volumes: {{- toYaml .Values.volumes | nindent 8 }}
227+
{{- end }}

docs/helm/values.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@ log:
6363

6464
prometheus:
6565
server: http://prometheus.kube-system.svc.cluster.local
66+
serverTokenFile:
67+
additionalServers: {}
68+
additionalServerTokenFiles: {}
6669
metricsAddress:
6770

6871
requestHeader:
@@ -109,3 +112,7 @@ priorityClassName: ""
109112
podAnnotations: {}
110113

111114
serviceAccountAnnotations: {}
115+
116+
volumes: []
117+
118+
volumeMounts: []

go.mod

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ require (
105105
github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
106106
github.com/iris-contrib/schema v0.0.6 // indirect
107107
github.com/josharian/intern v1.0.0 // indirect
108+
github.com/jpillora/backoff v1.0.0 // indirect
108109
github.com/json-iterator/go v1.1.12 // indirect
109110
github.com/kataras/blocks v0.0.8 // indirect
110111
github.com/kataras/golog v0.1.12 // indirect
@@ -126,6 +127,7 @@ require (
126127
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
127128
github.com/modern-go/reflect2 v1.0.2 // indirect
128129
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
130+
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
129131
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
130132
github.com/pkg/errors v0.9.1 // indirect
131133
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect

pkg/collector/external_rps_collector_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -279,7 +279,7 @@ func TestExternalRPSPrometheusCollectorInteraction(t *testing.T) {
279279
}
280280

281281
factory := NewCollectorFactory()
282-
promPlugin, err := NewPrometheusCollectorPlugin(nil, "http://prometheus")
282+
promPlugin, err := NewPrometheusCollectorPlugin(nil, "http://prometheus", "", map[string]string{}, map[string]string{})
283283
require.NoError(t, err)
284284
factory.RegisterExternalCollector([]string{PrometheusMetricType, PrometheusMetricNameLegacy}, promPlugin)
285285
hostnamePlugin, err := NewExternalRPSCollectorPlugin(promPlugin, "a_metric")

0 commit comments

Comments
 (0)