Skip to content

*: Enable etcd monitoring by default #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Feb 28, 2019
Merged

*: Enable etcd monitoring by default #239

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions pkg/manifests/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ type Config struct {
AlertmanagerMainConfig *AlertmanagerMainConfig `json:"alertmanagerMain"`
KubeStateMetricsConfig *KubeStateMetricsConfig `json:"kubeStateMetrics"`
GrafanaConfig *GrafanaConfig `json:"grafana"`
EtcdConfig *EtcdConfig `json:"etcd"`
EtcdConfig *EtcdConfig `json:"-"`
HTTPConfig *HTTPConfig `json:"http"`
TelemeterClientConfig *TelemeterClientConfig `json:"telemeterClient"`
K8sPrometheusAdapter *K8sPrometheusAdapter `json:"k8sPrometheusAdapter"`
Expand Down Expand Up @@ -96,8 +96,7 @@ type K8sPrometheusAdapter struct {
}

type EtcdConfig struct {
Enabled *bool `json:"enabled"`
ServerName string `json:"serverName"`
Enabled *bool `json:"-"`

@mxinden mxinden Feb 25, 2019

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this still necessary, given that EtcdConfig in Config is disabled anyways?

@brancz brancz Feb 25, 2019

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I intentionally left this to modify the least amount of code, but also seems like a reasonable strategy to me. Essentially what's happening here is that when the right certificates are present in the Secret, then this field gets set to enabled.

}

// IsEnabled returns the underlying value of the `Enabled` boolean pointer.
Expand Down
3 changes: 0 additions & 3 deletions pkg/manifests/manifests.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -631,9 +631,6 @@ func (f *Factory) PrometheusK8sEtcdServiceMonitor() (*monv1.ServiceMonitor, erro
return nil, err
}

if f.config.EtcdConfig.ServerName != "" {
s.Spec.Endpoints[0].TLSConfig.ServerName = f.config.EtcdConfig.ServerName
}
s.Namespace = f.namespace

return s, nil
Expand Down
16 changes: 6 additions & 10 deletions pkg/manifests/manifests_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -861,11 +861,9 @@ func TestPrometheusEtcdRulesFiltered(t *testing.T) {
}

func TestPrometheusEtcdRules(t *testing.T) {
c, err := NewConfigFromString(`etcd: {enabled: true}`)
if err != nil {
t.Fatal(err)
}

enabled := true
c := NewDefaultConfig()
c.EtcdConfig.Enabled = &enabled
f := NewFactory("openshift-monitoring", c)

r, err := f.PrometheusK8sRules()
Expand Down Expand Up @@ -903,11 +901,9 @@ func TestEtcdGrafanaDashboardFiltered(t *testing.T) {
}

func TestEtcdGrafanaDashboard(t *testing.T) {
c, err := NewConfigFromString(`etcd: {enabled: true}`)
if err != nil {
t.Fatal(err)
}

enabled := true
c := NewDefaultConfig()
c.EtcdConfig.Enabled = &enabled
f := NewFactory("openshift-monitoring", c)

cms, err := f.GrafanaDashboardDefinitions()
Expand Down
20 changes: 20 additions & 0 deletions pkg/operator/operator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ const (
apiAuthenticationConfigMap = "kube-system/extension-apiserver-authentication"
kubeletServingCAConfigMap = "openshift-config-managed/kubelet-serving-ca"
prometheusAdapterTLSSecret = "openshift-monitoring/prometheus-adapter-tls"

prometheusEtcdCertSecretName = "kube-etcd-client-certs"
)

type Operator struct {
Expand Down Expand Up @@ -382,5 +384,23 @@ func (o *Operator) Config(key string) *manifests.Config {
glog.Warningf("Error loading proxy from API. Proceeding without it: %v", err)
}

s, err := o.client.GetSecret(o.namespace, prometheusEtcdCertSecretName)
if err != nil {
glog.Warningf("Error loading etcd certificates for Prometheus. Proceeding with etcd disabled. Error: %v", err)

@mxinden mxinden Feb 25, 2019

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we could do an early return here, but maybe this function grows in the future, so this is also fine with me.

@brancz brancz Feb 25, 2019

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, I think the early return would cause future problems.

}
if err == nil {
caContent, caFound := s.Data["etcd-client-ca.crt"]
certContent, certFound := s.Data["etcd-client.crt"]
keyContent, keyFound := s.Data["etcd-client.key"]

if caFound && len(caContent) > 0 &&
certFound && len(certContent) > 0 &&
keyFound && len(keyContent) > 0 {

trueBool := true
c.EtcdConfig.Enabled = &trueBool
}
}

return c
}