From 7b0d758e74a00fab158f8afe9ee0fc3f8095973e Mon Sep 17 00:00:00 2001 From: bhearn Date: Mon, 12 Jul 2021 19:32:03 +0000 Subject: [PATCH] Metrics testing --- CHANGELOG.md | 5 ++ chart/Chart.yaml | 2 +- chart/templates/bigbang/serviceMonitor.yaml | 48 +++++++++++++++++-- .../templates/enterprise_feeds_configmap.yaml | 1 + .../enterprise_feeds_deployment.yaml | 4 ++ docs/BBCHANGES.md | 12 ++++- 6 files changed, 67 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0930a99..9e38589 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [1.13.0-bb.1] +### Changed +- updated Service Monitor and added Pod Monitor for scraping metrics from Anchore components +- updated chart templates to automatically enable metrics for the Anchore Enterprise feeds service (until patched upstream) + ## [1.13.0-bb.0] ### Changed - Bumped appVersion and Anchore Engine image tag to 0.10.0 diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 48d8285..79e1cd1 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.13.0-bb.0 +version: 1.13.0-bb.1 appVersion: 0.10.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/chart/templates/bigbang/serviceMonitor.yaml b/chart/templates/bigbang/serviceMonitor.yaml index 6808307..81ab8f9 100644 --- a/chart/templates/bigbang/serviceMonitor.yaml +++ b/chart/templates/bigbang/serviceMonitor.yaml @@ -4,7 +4,7 @@ kind: ServiceMonitor metadata: labels: prometheus: k8s - name: anchore-metrics + name: anchore-service-monitor namespace: {{ .Release.Namespace }} spec: selector: @@ -22,7 +22,16 @@ spec: port: anchore-external-api scheme: http #jobLabel: anchore-metrics-external-api - + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: anchore-rbac-manager + scheme: http + #jobLabel: anchore-metrics-rbac-manager + - interval: 30s path: /metrics params: @@ -49,4 +58,37 @@ spec: port: anchore-simplequeue-api scheme: http #jobLabel: anchore-metrics-simplequeue-api -{{- end }} + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: feeds-api + scheme: http + #jobLabel: anchore-metrics-feeds-api +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + prometheus: k8s + name: anchore-pod-monitor + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ template "anchore-engine.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: analyzer-api + scheme: http + #jobLabel: anchore-metrics-analyzer-api +{{- end }} \ No newline at end of file diff --git a/chart/templates/enterprise_feeds_configmap.yaml b/chart/templates/enterprise_feeds_configmap.yaml index 47a5f6a..00d2aba 100644 --- a/chart/templates/enterprise_feeds_configmap.yaml +++ b/chart/templates/enterprise_feeds_configmap.yaml @@ -30,6 +30,7 @@ data: license_file: /home/anchore/license.yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. diff --git a/chart/templates/enterprise_feeds_deployment.yaml b/chart/templates/enterprise_feeds_deployment.yaml index 034430d..0a5ceca 100644 --- a/chart/templates/enterprise_feeds_deployment.yaml +++ b/chart/templates/enterprise_feeds_deployment.yaml @@ -113,6 +113,10 @@ spec: {{- with .Values.anchoreEnterpriseFeeds.extraEnv }} {{- toYaml . | nindent 8 }} {{- end }} + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} - name: ANCHORE_POD_NAME valueFrom: fieldRef: diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 82d2748..6a949b9 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -180,11 +180,21 @@ Do the same in `chart/templates/enterprise_configmap.yaml`: auth_disabled: {{ .Values.monitoring.enabled }} ``` -In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines: +Do the same in `chart/templates/enterprise_feeds_configmap.yaml`: ```yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} +``` + +And set required environment variables in `chart/templates/enterprise_feed_deployment.yaml`: + +```yaml + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} ``` To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: -- GitLab