Skip to content

Commit

Permalink
fix prometheus scrape config while tls is enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@weekface
weekface committed Mar 12, 2020
1 parent c3ff1be commit b7485e3
Show file tree
Hide file tree
Showing 2 changed files with 215 additions and 18 deletions.
48 changes: 34 additions & 14 deletions pkg/monitor/monitor/template.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
package monitor

import (
"fmt"
"github.com/pingcap/tidb-operator/pkg/label"
"github.com/pingcap/tidb-operator/pkg/util"
"github.com/prometheus/common/model"
"github.com/prometheus/prometheus/config"
Expand Down Expand Up @@ -43,6 +45,7 @@ var (
tikvPattern config.Regexp
pdPattern config.Regexp
tidbPattern config.Regexp
addressPattern config.Regexp
dashBoardConfig = `{
"apiVersion": 1,
"providers": [
Expand Down Expand Up @@ -85,6 +88,10 @@ func init() {
if err != nil {
klog.Fatalf("monitor regex template parse error,%v", err)
}
addressPattern, err = config.NewRegexp("(.+);(.+);(.+)")
if err != nil {
klog.Fatalf("monitor regex template parse error,%v", err)
}
}

type MonitorConfigModel struct {
Expand Down Expand Up @@ -118,10 +125,35 @@ func newPrometheusConfig(cmodel *MonitorConfigModel) *config.Config {
}

func scrapeJob(name string, componentPattern config.Regexp, cmodel *MonitorConfigModel) *config.ScrapeConfig {

addressRelabelConfig := &config.RelabelConfig{
SourceLabels: model.LabelNames{
"__address__",
ioPortLabel,
},
Action: config.RelabelReplace,
Regex: portPattern,
Replacement: "$1:$2",
TargetLabel: "__address__",
}
if name == label.PDLabelVal || name == label.TiDBLabelVal {
addressRelabelConfig = &config.RelabelConfig{
SourceLabels: model.LabelNames{
podNameLabel,
instanceLabel,
ioPortLabel,
},
Action: config.RelabelReplace,
Regex: addressPattern,
Replacement: fmt.Sprintf("$1.$2-%s-peer:$3", name),
TargetLabel: "__address__",
}
}
return &config.ScrapeConfig{

JobName: name,
ScrapeInterval: model.Duration(15 * time.Second),
Scheme: "http",
HonorLabels: true,
ServiceDiscoveryConfig: config.ServiceDiscoveryConfig{
KubernetesSDConfigs: []*config.KubernetesSDConfig{
Expand All @@ -137,9 +169,6 @@ func scrapeJob(name string, componentPattern config.Regexp, cmodel *MonitorConfi
TLSConfig: config.TLSConfig{
InsecureSkipVerify: true,
},
XXX: map[string]interface{}{
"scheme": "http",
},
},
RelabelConfigs: []*config.RelabelConfig{
{
Expand Down Expand Up @@ -171,16 +200,7 @@ func scrapeJob(name string, componentPattern config.Regexp, cmodel *MonitorConfi
TargetLabel: "__metrics_path__",
Regex: allMatchPattern,
},
{
SourceLabels: model.LabelNames{
"__address__",
ioPortLabel,
},
Action: config.RelabelReplace,
Regex: portPattern,
Replacement: "$1:$2",
TargetLabel: "__address__",
},
addressRelabelConfig,
{
SourceLabels: model.LabelNames{
namespaceLabel,
Expand Down Expand Up @@ -253,7 +273,7 @@ func addTlsConfig(pc *config.Config) {
KeyFile: path.Join(util.ClusterClientTLSPath, corev1.TLSPrivateKeyKey),
}
pc.ScrapeConfigs[id] = sconfig
sconfig.HTTPClientConfig.XXX["scheme"] = "https"
sconfig.Scheme = "https"
}
}
}
Expand Down
185 changes: 181 additions & 4 deletions pkg/monitor/monitor/template_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ scrape_configs:
- job_name: pd
honor_labels: true
scrape_interval: 15s
scheme: http
kubernetes_sd_configs:
- api_server: null
role: pod
Expand All @@ -54,10 +55,11 @@ scrape_configs:
regex: (.+)
target_label: __metrics_path__
action: replace
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
regex: ([^:]+)(?::\d+)?;(\d+)
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_label_app_kubernetes_io_instance,
__meta_kubernetes_pod_annotation_prometheus_io_port]
regex: (.+);(.+);(.+)
target_label: __address__
replacement: $1:$2
replacement: $1.$2-pd-peer:$3
action: replace
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
Expand All @@ -77,6 +79,7 @@ scrape_configs:
- job_name: tidb
honor_labels: true
scrape_interval: 15s
scheme: http
kubernetes_sd_configs:
- api_server: null
role: pod
Expand All @@ -100,6 +103,54 @@ scrape_configs:
regex: (.+)
target_label: __metrics_path__
action: replace
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_label_app_kubernetes_io_instance,
__meta_kubernetes_pod_annotation_prometheus_io_port]
regex: (.+);(.+);(.+)
target_label: __address__
replacement: $1.$2-tidb-peer:$3
action: replace
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- job_name: tikv
honor_labels: true
scrape_interval: 15s
scheme: http
kubernetes_sd_configs:
- api_server: null
role: pod
namespaces:
names:
- ns1
- ns2
tls_config:
insecure_skip_verify: true
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
regex: target
action: keep
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
regex: tikv
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
regex: "true"
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
regex: (.+)
target_label: __metrics_path__
action: replace
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
regex: ([^:]+)(?::\d+)?;(\d+)
target_label: __address__
Expand All @@ -120,9 +171,135 @@ scrape_configs:
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
`
model := &MonitorConfigModel{
ReleaseTargetRegex: &target,
ReleaseNamespaces: []string{
"ns1",
"ns2",
},
EnableTLSCluster: false,
}
content, err := RenderPrometheusConfig(model)
g.Expect(err).NotTo(HaveOccurred())
g.Expect(content).Should(Equal(expectedContent))
}

func TestRenderPrometheusConfigTLSEnabled(t *testing.T) {
g := NewGomegaWithT(t)
target, _ := config.NewRegexp("target")
expectedContent := `global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
- /prometheus-rules/rules/*.rules.yml
scrape_configs:
- job_name: pd
honor_labels: true
scrape_interval: 15s
scheme: https
kubernetes_sd_configs:
- api_server: null
role: pod
namespaces:
names:
- ns1
- ns2
tls_config:
ca_file: /var/lib/cluster-client-tls/ca.crt
cert_file: /var/lib/cluster-client-tls/tls.crt
key_file: /var/lib/cluster-client-tls/tls.key
insecure_skip_verify: false
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
regex: target
action: keep
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
regex: pd
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
regex: "true"
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
regex: (.+)
target_label: __metrics_path__
action: replace
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_label_app_kubernetes_io_instance,
__meta_kubernetes_pod_annotation_prometheus_io_port]
regex: (.+);(.+);(.+)
target_label: __address__
replacement: $1.$2-pd-peer:$3
action: replace
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- job_name: tidb
honor_labels: true
scrape_interval: 15s
scheme: https
kubernetes_sd_configs:
- api_server: null
role: pod
namespaces:
names:
- ns1
- ns2
tls_config:
ca_file: /var/lib/cluster-client-tls/ca.crt
cert_file: /var/lib/cluster-client-tls/tls.crt
key_file: /var/lib/cluster-client-tls/tls.key
insecure_skip_verify: false
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
regex: target
action: keep
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
regex: tidb
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
regex: "true"
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
regex: (.+)
target_label: __metrics_path__
action: replace
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_label_app_kubernetes_io_instance,
__meta_kubernetes_pod_annotation_prometheus_io_port]
regex: (.+);(.+);(.+)
target_label: __address__
replacement: $1.$2-tidb-peer:$3
action: replace
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- source_labels: [__meta_kubernetes_pod_name]
target_label: instance
action: replace
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
target_label: cluster
action: replace
- job_name: tikv
honor_labels: true
scrape_interval: 15s
scheme: http
kubernetes_sd_configs:
- api_server: null
role: pod
Expand Down Expand Up @@ -173,7 +350,7 @@ scrape_configs:
"ns1",
"ns2",
},
EnableTLSCluster: false,
EnableTLSCluster: true,
}
content, err := RenderPrometheusConfig(model)
g.Expect(err).NotTo(HaveOccurred())
Expand Down

0 comments on commit b7485e3

Please sign in to comment.