diff --git a/CHANGELOG.md b/CHANGELOG.md index 0930a995637326f8cb6b5248534b090b0e198d71..9e38589418f93d7e0e5780faa430794361bf7e95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [1.13.0-bb.1] +### Changed +- updated Service Monitor and added Pod Monitor for scraping metrics from Anchore components +- updated chart templates to automatically enable metrics for the Anchore Enterprise feeds service (until patched upstream) + ## [1.13.0-bb.0] ### Changed - Bumped appVersion and Anchore Engine image tag to 0.10.0 diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 48d8285f52fc0d27d2dab0c64774a76ce761ddb1..79e1cd1d39df955fa42fa60b151fba7e653968d3 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.13.0-bb.0 +version: 1.13.0-bb.1 appVersion: 0.10.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/chart/templates/bigbang/serviceMonitor.yaml b/chart/templates/bigbang/serviceMonitor.yaml index 68083070d8e8151c18387eb6c82a45eeee4dd674..81ab8f975402a7b8f3b3810e00a493692e2abfb9 100644 --- a/chart/templates/bigbang/serviceMonitor.yaml +++ b/chart/templates/bigbang/serviceMonitor.yaml @@ -4,7 +4,7 @@ kind: ServiceMonitor metadata: labels: prometheus: k8s - name: anchore-metrics + name: anchore-service-monitor namespace: {{ .Release.Namespace }} spec: selector: @@ -22,7 +22,16 @@ spec: port: anchore-external-api scheme: http #jobLabel: anchore-metrics-external-api - + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: anchore-rbac-manager + scheme: http + #jobLabel: anchore-metrics-rbac-manager + - interval: 30s path: /metrics params: @@ -49,4 +58,37 @@ spec: port: anchore-simplequeue-api scheme: http #jobLabel: anchore-metrics-simplequeue-api -{{- end }} + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: feeds-api + scheme: http + #jobLabel: anchore-metrics-feeds-api +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + prometheus: k8s + name: anchore-pod-monitor + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ template "anchore-engine.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: analyzer-api + scheme: http + #jobLabel: anchore-metrics-analyzer-api +{{- end }} \ No newline at end of file diff --git a/chart/templates/enterprise_feeds_configmap.yaml b/chart/templates/enterprise_feeds_configmap.yaml index 47a5f6a1390fcc5df481991d98700b6efef37a2f..00d2aba09d0261a8b575a65000fe950bef0ea00e 100644 --- a/chart/templates/enterprise_feeds_configmap.yaml +++ b/chart/templates/enterprise_feeds_configmap.yaml @@ -30,6 +30,7 @@ data: license_file: /home/anchore/license.yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. diff --git a/chart/templates/enterprise_feeds_deployment.yaml b/chart/templates/enterprise_feeds_deployment.yaml index 034430d407b6b46c16074a5688b1dc413236b0d0..0a5ceca4c578818cf10b89e5c0bb3d022714483b 100644 --- a/chart/templates/enterprise_feeds_deployment.yaml +++ b/chart/templates/enterprise_feeds_deployment.yaml @@ -113,6 +113,10 @@ spec: {{- with .Values.anchoreEnterpriseFeeds.extraEnv }} {{- toYaml . | nindent 8 }} {{- end }} + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} - name: ANCHORE_POD_NAME valueFrom: fieldRef: diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 82d274892415b25db9013c3411fea45246205a1a..6a949b97633ee05391cf9a105bdbbe6715b55371 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -180,11 +180,21 @@ Do the same in `chart/templates/enterprise_configmap.yaml`: auth_disabled: {{ .Values.monitoring.enabled }} ``` -In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines: +Do the same in `chart/templates/enterprise_feeds_configmap.yaml`: ```yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} +``` + +And set required environment variables in `chart/templates/enterprise_feed_deployment.yaml`: + +```yaml + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} ``` To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: