diff --git a/README.md b/README.md index dd5e48c..c7b84d2 100644 --- a/README.md +++ b/README.md @@ -139,6 +139,28 @@ following topics: | `containerPorts` | Map of all ports inside Cyral Sidecar container | `{}` | | `extraContainerPorts` | Array of additional container ports for the Cyral Sidecar container | `[]` | +### Prometheus metrics + +| Name | Description | Value | +| ------------------------------------------ | -------------------------------------------------------------------------------- | ------- | +| `metrics.enabled` | Enable exposing Cyral Sidecar metrics to be gathered by Prometheus | `false` | +| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | +| `metrics.serviceMonitor.annotations` | Extra annotations for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | +| `metrics.serviceMonitor.params` | Define the HTTP URL parameters used by ServiceMonitor | `{}` | +| `metrics.serviceMonitor.path` | Define the path used by ServiceMonitor to scrap metrics | `""` | +| `metrics.serviceMonitor.podTargetLabels` | Used to keep given pod's labels in target | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | +| `metrics.serviceMonitor.targetLabels` | Used to keep given service's labels in target | `{}` | + ### RBAC configuration | Name | Description | Value | diff --git a/templates/deployment.yaml b/templates/deployment.yaml index e4e1329..f699147 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -24,6 +24,9 @@ spec: {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} spec: {{- include "cyral.imagePullSecrets" . | nindent 6 }} serviceAccountName: {{ template "cyral.serviceAccountName" . }} diff --git a/templates/servicemonitor.yaml b/templates/servicemonitor.yaml new file mode 100644 index 0000000..3a4d60e --- /dev/null +++ b/templates/servicemonitor.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Cyral, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.path }} + path: {{ .Values.metrics.serviceMonitor.path }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.params }} + params: {{ toYaml .Values.metrics.serviceMonitor.params | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + {{- if .Values.metrics.serviceMonitor.podTargetLabels }} + podTargetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.podTargetLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.targetLabels }} + targetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.targetLabels "context" $) | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 146d367..7b8e29b 100644 --- a/values.yaml +++ b/values.yaml @@ -63,6 +63,25 @@ ## @param containerPorts [object] Map of all ports inside Cyral Sidecar container ## @param extraContainerPorts Array of additional container ports for the Cyral Sidecar container +## @section Prometheus metrics +## @param metrics.enabled Enable exposing Cyral Sidecar metrics to be gathered by Prometheus +## @param metrics.podAnnotations [object] Annotations for enabling prometheus to access the metrics endpoint +## @param metrics.serviceMonitor.annotations Extra annotations for the ServiceMonitor +## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator +## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels +## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped +## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus +## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor +## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion +## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created +## @param metrics.serviceMonitor.params Define the HTTP URL parameters used by ServiceMonitor +## @param metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics +## @param metrics.serviceMonitor.podTargetLabels Used to keep given pod's labels in target +## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping +## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended +## @param metrics.serviceMonitor.selector ServiceMonitor selector labels +## @param metrics.serviceMonitor.targetLabels Used to keep given service's labels in target + ## @section RBAC configuration ## @param rbac.create Create Role and RoleBinding ## @param rbac.rules Custom RBAC rules to set @@ -347,3 +366,49 @@ service: annotations: {} ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: Cluster + +## Prometheus Metrics +## +metrics: + enabled: false + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.service.ports.metrics }}" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + enabled: false + namespace: "" + interval: 30s + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + jobLabel: "" + relabelings: [] + metricRelabelings: [] + honorLabels: false + ## e.g: + ## - app.kubernetes.io/name + ## + targetLabels: {} + ## e.g: + ## - app.kubernetes.io/name + ## + podTargetLabels: {} + ## Could be /metrics for aggregated metrics or /metrics/per-object for more details + ## + path: "" + params: {} + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + labels: {} + annotations: {}