From 69e4bb8c3f9c1d78a8697a9eaa15ea17d02565c3 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Fri, 22 Feb 2019 17:34:27 +0100 Subject: [PATCH] *: Auto enable etcd monitoring by populated cert secret --- pkg/manifests/config.go | 5 ++--- pkg/manifests/manifests.go | 3 --- pkg/manifests/manifests_test.go | 16 ++++++---------- pkg/operator/operator.go | 20 ++++++++++++++++++++ 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/pkg/manifests/config.go b/pkg/manifests/config.go index 3f913122ea..72ec6541f1 100644 --- a/pkg/manifests/config.go +++ b/pkg/manifests/config.go @@ -34,7 +34,7 @@ type Config struct { AlertmanagerMainConfig *AlertmanagerMainConfig `json:"alertmanagerMain"` KubeStateMetricsConfig *KubeStateMetricsConfig `json:"kubeStateMetrics"` GrafanaConfig *GrafanaConfig `json:"grafana"` - EtcdConfig *EtcdConfig `json:"etcd"` + EtcdConfig *EtcdConfig `json:"-"` HTTPConfig *HTTPConfig `json:"http"` TelemeterClientConfig *TelemeterClientConfig `json:"telemeterClient"` K8sPrometheusAdapter *K8sPrometheusAdapter `json:"k8sPrometheusAdapter"` @@ -96,8 +96,7 @@ type K8sPrometheusAdapter struct { } type EtcdConfig struct { - Enabled *bool `json:"enabled"` - ServerName string `json:"serverName"` + Enabled *bool `json:"-"` } // IsEnabled returns the underlying value of the `Enabled` boolean pointer. diff --git a/pkg/manifests/manifests.go b/pkg/manifests/manifests.go index 8a5999b27b..d741b8c0a0 100644 --- a/pkg/manifests/manifests.go +++ b/pkg/manifests/manifests.go @@ -631,9 +631,6 @@ func (f *Factory) PrometheusK8sEtcdServiceMonitor() (*monv1.ServiceMonitor, erro return nil, err } - if f.config.EtcdConfig.ServerName != "" { - s.Spec.Endpoints[0].TLSConfig.ServerName = f.config.EtcdConfig.ServerName - } s.Namespace = f.namespace return s, nil diff --git a/pkg/manifests/manifests_test.go b/pkg/manifests/manifests_test.go index effc5d7c05..68083e3c43 100644 --- a/pkg/manifests/manifests_test.go +++ b/pkg/manifests/manifests_test.go @@ -861,11 +861,9 @@ func TestPrometheusEtcdRulesFiltered(t *testing.T) { } func TestPrometheusEtcdRules(t *testing.T) { - c, err := NewConfigFromString(`etcd: {enabled: true}`) - if err != nil { - t.Fatal(err) - } - + enabled := true + c := NewDefaultConfig() + c.EtcdConfig.Enabled = &enabled f := NewFactory("openshift-monitoring", c) r, err := f.PrometheusK8sRules() @@ -903,11 +901,9 @@ func TestEtcdGrafanaDashboardFiltered(t *testing.T) { } func TestEtcdGrafanaDashboard(t *testing.T) { - c, err := NewConfigFromString(`etcd: {enabled: true}`) - if err != nil { - t.Fatal(err) - } - + enabled := true + c := NewDefaultConfig() + c.EtcdConfig.Enabled = &enabled f := NewFactory("openshift-monitoring", c) cms, err := f.GrafanaDashboardDefinitions() diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 78b5529965..f219373fa3 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -46,6 +46,8 @@ const ( apiAuthenticationConfigMap = "kube-system/extension-apiserver-authentication" kubeletServingCAConfigMap = "openshift-config-managed/kubelet-serving-ca" prometheusAdapterTLSSecret = "openshift-monitoring/prometheus-adapter-tls" + + prometheusEtcdCertSecretName = "kube-etcd-client-certs" ) type Operator struct { @@ -382,5 +384,23 @@ func (o *Operator) Config(key string) *manifests.Config { glog.Warningf("Error loading proxy from API. Proceeding without it: %v", err) } + s, err := o.client.GetSecret(o.namespace, prometheusEtcdCertSecretName) + if err != nil { + glog.Warningf("Error loading etcd certificates for Prometheus. Proceeding with etcd disabled. Error: %v", err) + } + if err == nil { + caContent, caFound := s.Data["etcd-client-ca.crt"] + certContent, certFound := s.Data["etcd-client.crt"] + keyContent, keyFound := s.Data["etcd-client.key"] + + if caFound && len(caContent) > 0 && + certFound && len(certContent) > 0 && + keyFound && len(keyContent) > 0 { + + trueBool := true + c.EtcdConfig.Enabled = &trueBool + } + } + return c }