Merge branch 'metrics-testing' into 'main'

Metrics testing See merge request !41

Merge branch 'metrics-testing' into 'main'
Metrics testing See merge request !41
7d5beaa6 · bhearn · 042ad009 · 7b0d758e · 7d5beaa6 · 7d5beaa6
Commit 7d5beaa6 authored Jul 12, 2021 by bhearn
6 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

 ---

+## [1.13.0-bb.1]
+### Changed
+- updated Service Monitor and added Pod Monitor for scraping metrics from Anchore components
+- updated chart templates to automatically enable metrics for the Anchore Enterprise feeds service (until patched upstream)
+ 
 ## [1.13.0-bb.0]
 ### Changed
 - Bumped appVersion and Anchore Engine image tag to 0.10.0

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: anchore-engine
-version: 1.13.0-bb.0
+version: 1.13.0-bb.1
 appVersion: 0.10.0
 description: Anchore container analysis and policy evaluation engine service
 keywords:

--- a/chart/templates/bigbang/serviceMonitor.yaml
+++ b/chart/templates/bigbang/serviceMonitor.yaml
@@ -4,7 +4,7 @@ kind: ServiceMonitor
 metadata:
  labels:
    prometheus: k8s
-  name: anchore-metrics
+  name: anchore-service-monitor
  namespace: {{ .Release.Namespace }}
 spec:
  selector:
@@ -23,6 +23,15 @@ spec:
      scheme: http
      #jobLabel: anchore-metrics-external-api
    
+    - interval: 30s
+      path: /metrics
+      params:
+        format:
+          - prometheus
+      port: anchore-rbac-manager
+      scheme: http
+      #jobLabel: anchore-metrics-rbac-manager
+    
    - interval: 30s
      path: /metrics
      params:
@@ -49,4 +58,37 @@ spec:
      port: anchore-simplequeue-api
      scheme: http
      #jobLabel: anchore-metrics-simplequeue-api
+
+    - interval: 30s
+      path: /metrics
+      params:
+        format:
+          - prometheus
+      port: feeds-api
+      scheme: http
+      #jobLabel: anchore-metrics-feeds-api
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  labels:
+    prometheus: k8s
+  name: anchore-pod-monitor
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "anchore-engine.fullname" . }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  podMetricsEndpoints:
+  - interval: 30s
+    path: /metrics
+    params:
+      format:
+        - prometheus
+    port: analyzer-api
+    scheme: http
+    #jobLabel: anchore-metrics-analyzer-api
 {{- end }}
\ No newline at end of file
--- a/chart/templates/enterprise_feeds_configmap.yaml
+++ b/chart/templates/enterprise_feeds_configmap.yaml
@@ -30,6 +30,7 @@ data:
    license_file: /home/anchore/license.yaml
    metrics:
      enabled: {{ .Values.monitoring.enabled }}
+      auth_disabled: {{ .Values.monitoring.enabled }}

    # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
    # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.

--- a/chart/templates/enterprise_feeds_deployment.yaml
+++ b/chart/templates/enterprise_feeds_deployment.yaml
@@ -113,6 +113,10 @@ spec:
        {{- with .Values.anchoreEnterpriseFeeds.extraEnv }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
+        - name: ANCHORE_ENABLE_METRICS
+          value: {{ .Values.monitoring.enabled | quote }}
+        - name: ANCHORE_DISABLE_METRICS_AUTH
+          value: {{ .Values.monitoring.enabled | quote }}
        - name: ANCHORE_POD_NAME
          valueFrom:
            fieldRef:

--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -180,11 +180,21 @@ Do the same in `chart/templates/enterprise_configmap.yaml`:
      auth_disabled: {{ .Values.monitoring.enabled }}
 ```

-In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines:
+Do the same in `chart/templates/enterprise_feeds_configmap.yaml`:

 ```yaml
    metrics:
      enabled: {{ .Values.monitoring.enabled }}
+      auth_disabled: {{ .Values.monitoring.enabled }}
+```
+
+And set required environment variables in `chart/templates/enterprise_feed_deployment.yaml`:
+
+```yaml
+    - name: ANCHORE_ENABLE_METRICS
+      value: {{ .Values.monitoring.enabled | quote }}
+    - name: ANCHORE_DISABLE_METRICS_AUTH
+      value: {{ .Values.monitoring.enabled | quote }}
 ```

 To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: