From 2f744bef7b0b06af3a318333afa1580eb2ec9da5 Mon Sep 17 00:00:00 2001 From: Matus Jenca Date: Mon, 2 Dec 2024 15:25:21 +0100 Subject: [PATCH] Add openstack exporter subchart Signed-off-by: Matus Jenca --- chart/Chart.yaml | 6 +- chart/values.yaml | 7 +++ docs/iaas.md | 64 ++++++++++++++++++--- helpers/iaas/openstack-ca.yaml | 10 ++++ helpers/iaas/openstack-exporter-values.yaml | 48 +++++++++++----- 5 files changed, 111 insertions(+), 24 deletions(-) create mode 100644 helpers/iaas/openstack-ca.yaml diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 9fa69d5..e173b52 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 name: dnation-kubernetes-monitoring-stack -version: 3.6.2 +version: 3.6.3 appVersion: 2.7.1 # dnation-kubernetes-monitoring description: An umbrella helm chart for Kubernetes monitoring based on kube-prometheus-stack, thanos, loki, promtail and dnation-kubernetes-monitoring keywords: @@ -65,6 +65,10 @@ dependencies: version: "9.1.*" repository: https://prometheus-community.github.io/helm-charts condition: prometheus-blackbox-exporter.enabled +- name: prometheus-openstack-exporter + repository: oci://registry.scs.community/openstack-exporter + version: "0.4.5" + condition: prometheus-openstack-exporter.enabled icon: https://cdn.ifne.eu/public/icons/dnation_k8sm8g.png maintainers: - name: dNation diff --git a/chart/values.yaml b/chart/values.yaml index 0f54a14..3080e14 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -666,3 +666,10 @@ loki-distributed: aws: s3: "s3://access_key:secret_access_key@custom_endpoint/bucket_name" s3forcepathstyle: true # set to 'false' to enable virtual-hosted-style URLs + +prometheus-openstack-exporter: +## Disable OpenStack exporter multicloud mode +## + multicloud: + enabled: false + diff --git a/docs/iaas.md b/docs/iaas.md index dc04848..6e027fa 100644 --- a/docs/iaas.md +++ b/docs/iaas.md @@ -29,25 +29,71 @@ the [k3s guide](k3s.md). #### Prometheus metrics and alerts -The [OpenStack exporter for Prometheus](https://github.com/openstack-exporter) could be deployed using the [openstack-exporter-helm-chart](https://github.com/SovereignCloudStack/openstack-exporter-helm-charts). +The [OpenStack exporter for Prometheus](https://github.com/openstack-exporter) can be enabled as a subchart, see [openstack-exporter-helm-chart](https://github.com/SovereignCloudStack/openstack-exporter-helm-charts). + This exporter contains a bunch of [Prometheus alerts and rules](https://github.com/SovereignCloudStack/openstack-exporter-helm-charts/blob/master/charts/prometheus-openstack-exporter/templates/prometheusrule.yaml) that are deployed together with the exporter. Visit the `helpers/iaas/openstack-exporter-values.yaml` file to validate the Helm configuration options. Ensure valid OpenStack API credentials are set under the `clouds_yaml_config` section. This **MUST** be overridden! -```bash -helm upgrade --install prometheus-openstack-exporter oci://registry.scs.community/openstack-exporter/prometheus-openstack-exporter \ - --version 0.4.5 \ - -f helpers/iaas/openstack-exporter-values.yaml # --set "endpoint_type=public" --set "serviceMonitor.scrapeTimeout=1m" -``` - Tip: If you want to test the exporter basic functionality with **public** OpenStack API, configure `endpoint_type` -to `public` (`--set "endpoint_type=public"`). Note that configuring `endpoint_type` as `public` will result in +to `public`. Note that configuring `endpoint_type` as `public` will result in incomplete functionality for the Grafana dashboard. Tip: Requesting and collecting metrics from the OpenStack API can be time-consuming, especially if the API is not performing well. In such cases, you may observe timeouts on the Prometheus server when it tries to fetch OpenStack -metrics. To mitigate this, consider increasing the scrape interval to e.g. 1 minute (`--set "serviceMonitor.scrapeTimeout=1m"`). +metrics. To mitigate this, consider increasing the scrape interval to e.g. 1 minute. + +#### SSL Certificates +If you use a private CA to communicate with Openstack API, a secret containing certificates must be deployed in the same namespace +as dNation k8s Monitoring Stack. +```yaml +apiVersion: v1 +data: + ca.crt: + tls.crt: + tls.key: +kind: Secret +metadata: + name: openstack-ca + +``` +This secret must be then mounted by openstack exporter, see example values below. + +```yaml +# Example values.yaml for enabling openstack exporter +prometheus-openstack-exporter: + enabled: true + commonLabels: + release: monitoring + serviceMonitor: + scrapeTimeout: "1m" + # endpoint_type: "public" + clouds_yaml_config: | + clouds.yaml: | + clouds: + default: + auth: + auth_url: + application_credential_id: + application_credential_secret: + region_name: + identity_api_version: 3 + auth_type: "v3applicationcredential" + key: "/etc/ssl/certs/openstack-ca/tls.key" + cert: "/etc/ssl/certs/openstack-ca/tls.crt" + cacert: "/etc/ssl/certs/openstack-ca/ca.crt" +## Secret containg SSL certificates for internal openstack API + extraVolumes: + - name: openstack-ca + secret: + secretName: openstack-ca + + extraVolumeMounts: + - mountPath: /etc/ssl/certs/openstack-ca + name: openstack-ca +``` + #### Grafana dashboards diff --git a/helpers/iaas/openstack-ca.yaml b/helpers/iaas/openstack-ca.yaml new file mode 100644 index 0000000..f6b0555 --- /dev/null +++ b/helpers/iaas/openstack-ca.yaml @@ -0,0 +1,10 @@ +## An examplesecret for Openstack internal API certs +## deploy to the same namespace as k8s-monitoring-stack +apiVersion: v1 +data: + ca.crt: + tls.crt: + tls.key: +kind: Secret +metadata: + name: openstack-ca diff --git a/helpers/iaas/openstack-exporter-values.yaml b/helpers/iaas/openstack-exporter-values.yaml index be3b4da..19f90c5 100644 --- a/helpers/iaas/openstack-exporter-values.yaml +++ b/helpers/iaas/openstack-exporter-values.yaml @@ -1,26 +1,46 @@ --- -## Disable OpenStack exporter multicloud mode -## -multicloud: - enabled: false +prometheus-openstack-exporter: + enabled: true ## Label OpenStack exporter ServiceMonitor (and others) resource. ## This ensures that Kubernetes monitoring's Prometheus discovers the OpenStack exporter ServiceMonitor ## -commonLabels: - release: kubernetes-monitoring-servicemonitor + commonLabels: + release: monitoring + +## Optional: use public endpoint type e.g. if you want to test connectivity +## WARNING: if you use Grafana dashboard https://grafana.com/grafana/dashboards/21085. +## it will be incomplete +## +# endpoint_type: "public" +## Optional: Mittigate timeouts on Prometheus +# serviceMonitor: +# scrapeTimeout: "1m" ## OpenStack API access configuration ## Doc: https://github.com/openstack-exporter/openstack-exporter#openstack-configuration ## -clouds_yaml_config: | - clouds.yaml: | - clouds: - default: - auth: + + clouds_yaml_config: | + clouds.yaml: | + clouds: + default: + auth: auth_url: application_credential_id: application_credential_secret: - region_name: - identity_api_version: 3 - auth_type: "v3applicationcredential" + region_name: + identity_api_version: 3 + auth_type: "v3applicationcredential" + key: "/etc/ssl/certs/openstack-ca/tls.key" + cert: "/etc/ssl/certs/openstack-ca/tls.crt" + cacert: "/etc/ssl/certs/openstack-ca/ca.crt" +## Secret containg SSL certificates for internal openstack API + extraVolumes: + - name: openstack-ca + secret: + secretName: openstack-ca + + extraVolumeMounts: + - mountPath: /etc/ssl/certs/openstack-ca + name: openstack-ca