From b0119213b35ca9e47f5083ff7a9fc63f9ece8c2b Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 9 Jul 2021 10:52:56 -0400 Subject: [PATCH 1/9] add podmonitor --- chart/templates/bigbang/serviceMonitor.yaml | 81 ++++++++++++++++++++- 1 file changed, 78 insertions(+), 3 deletions(-) diff --git a/chart/templates/bigbang/serviceMonitor.yaml b/chart/templates/bigbang/serviceMonitor.yaml index 6808307..25f5d7d 100644 --- a/chart/templates/bigbang/serviceMonitor.yaml +++ b/chart/templates/bigbang/serviceMonitor.yaml @@ -4,7 +4,7 @@ kind: ServiceMonitor metadata: labels: prometheus: k8s - name: anchore-metrics + name: anchore-service-monitor namespace: {{ .Release.Namespace }} spec: selector: @@ -22,7 +22,34 @@ spec: port: anchore-external-api scheme: http #jobLabel: anchore-metrics-external-api - + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: anchore-rbac-manager + scheme: http + #jobLabel: anchore-metrics-rbac-manager + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: reports-api + scheme: http + #jobLabel: anchore-metrics-reports-api + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: notifi-api + scheme: http + #jobLabel: anchore-metrics-notifi-api + - interval: 30s path: /metrics params: @@ -49,4 +76,52 @@ spec: port: anchore-simplequeue-api scheme: http #jobLabel: anchore-metrics-simplequeue-api -{{- end }} + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: enterprise-ui + scheme: http + #jobLabel: anchore-metrics-enterprise-ui + + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: feeds-api + scheme: http + #jobLabel: anchore-metrics-feeds-api +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + prometheus: k8s + name: anchore-pod-monitor + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ template "anchore-engine.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: rbac-auth + scheme: http + - interval: 30s + path: /metrics + params: + format: + - prometheus + port: analyzer-api + scheme: http +{{- end }} \ No newline at end of file -- GitLab From e76d2a5f1a8de33951e81456f6c5c006883e75fa Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 9 Jul 2021 11:46:08 -0400 Subject: [PATCH 2/9] update pod monitor --- chart/templates/bigbang/serviceMonitor.yaml | 34 --------------------- 1 file changed, 34 deletions(-) diff --git a/chart/templates/bigbang/serviceMonitor.yaml b/chart/templates/bigbang/serviceMonitor.yaml index 25f5d7d..331ab7f 100644 --- a/chart/templates/bigbang/serviceMonitor.yaml +++ b/chart/templates/bigbang/serviceMonitor.yaml @@ -32,24 +32,6 @@ spec: scheme: http #jobLabel: anchore-metrics-rbac-manager - - interval: 30s - path: /metrics - params: - format: - - prometheus - port: reports-api - scheme: http - #jobLabel: anchore-metrics-reports-api - - - interval: 30s - path: /metrics - params: - format: - - prometheus - port: notifi-api - scheme: http - #jobLabel: anchore-metrics-notifi-api - - interval: 30s path: /metrics params: @@ -77,15 +59,6 @@ spec: scheme: http #jobLabel: anchore-metrics-simplequeue-api - - interval: 30s - path: /metrics - params: - format: - - prometheus - port: enterprise-ui - scheme: http - #jobLabel: anchore-metrics-enterprise-ui - - interval: 30s path: /metrics params: @@ -110,13 +83,6 @@ spec: matchNames: - {{ .Release.Namespace }} podMetricsEndpoints: - - interval: 30s - path: /metrics - params: - format: - - prometheus - port: rbac-auth - scheme: http - interval: 30s path: /metrics params: -- GitLab From 772fa6ba678c0b15c03ad2a70557f8b9ac0b78f5 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 9 Jul 2021 13:48:47 -0400 Subject: [PATCH 3/9] add metrics auth disabled config setting --- chart/templates/bigbang/serviceMonitor.yaml | 1 + chart/templates/enterprise_feeds_configmap.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/chart/templates/bigbang/serviceMonitor.yaml b/chart/templates/bigbang/serviceMonitor.yaml index 331ab7f..81ab8f9 100644 --- a/chart/templates/bigbang/serviceMonitor.yaml +++ b/chart/templates/bigbang/serviceMonitor.yaml @@ -90,4 +90,5 @@ spec: - prometheus port: analyzer-api scheme: http + #jobLabel: anchore-metrics-analyzer-api {{- end }} \ No newline at end of file diff --git a/chart/templates/enterprise_feeds_configmap.yaml b/chart/templates/enterprise_feeds_configmap.yaml index 47a5f6a..00d2aba 100644 --- a/chart/templates/enterprise_feeds_configmap.yaml +++ b/chart/templates/enterprise_feeds_configmap.yaml @@ -30,6 +30,7 @@ data: license_file: /home/anchore/license.yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. -- GitLab From 281c18b27cb95412205f8cd8a9e83d4f0b7f9654 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 9 Jul 2021 14:52:20 -0400 Subject: [PATCH 4/9] final metrics commit --- CHANGELOG.md | 5 +++++ chart/Chart.yaml | 2 +- chart/values.yaml | 8 +++++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0930a99..2481103 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [1.13.0-bb.1] +### Changed +- updated Service Monitor and added Pod Monitor for scraping metrics from Anchore components +- updated `.Values.anchoreEnterpriseFeeds.extraEnv` to automatically enable metrics for the Anchore Enterprise feeds service + ## [1.13.0-bb.0] ### Changed - Bumped appVersion and Anchore Engine image tag to 0.10.0 diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 48d8285..79e1cd1 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.13.0-bb.0 +version: 1.13.0-bb.1 appVersion: 0.10.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/chart/values.yaml b/chart/values.yaml index 77ccead..56f1f0f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -824,9 +824,11 @@ anchoreEnterpriseFeeds: # - 12345 # Set extra environment variables. These will be set on all feeds containers. - extraEnv: [] - # - name: foo - # value: bar + extraEnv: + - name: ANCHORE_ENABLE_METRICS + value: "true" + - name: ANCHORE_DISABLE_METRICS_AUTH + value: "true" # Time delay in seconds between consecutive driver runs for processing data cycleTimers: -- GitLab From 95f83d7831e89376660675faf1b72c43bce24724 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Mon, 12 Jul 2021 13:14:27 -0400 Subject: [PATCH 5/9] resolving threads --- chart/templates/enterprise_feeds_deployment.yaml | 4 ++++ chart/values.yaml | 8 +++----- docs/BBCHANGES.md | 14 +++++++++++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/chart/templates/enterprise_feeds_deployment.yaml b/chart/templates/enterprise_feeds_deployment.yaml index 034430d..0a5ceca 100644 --- a/chart/templates/enterprise_feeds_deployment.yaml +++ b/chart/templates/enterprise_feeds_deployment.yaml @@ -113,6 +113,10 @@ spec: {{- with .Values.anchoreEnterpriseFeeds.extraEnv }} {{- toYaml . | nindent 8 }} {{- end }} + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} - name: ANCHORE_POD_NAME valueFrom: fieldRef: diff --git a/chart/values.yaml b/chart/values.yaml index 56f1f0f..77ccead 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -824,11 +824,9 @@ anchoreEnterpriseFeeds: # - 12345 # Set extra environment variables. These will be set on all feeds containers. - extraEnv: - - name: ANCHORE_ENABLE_METRICS - value: "true" - - name: ANCHORE_DISABLE_METRICS_AUTH - value: "true" + extraEnv: [] + # - name: foo + # value: bar # Time delay in seconds between consecutive driver runs for processing data cycleTimers: diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 82d2748..62bc120 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -180,13 +180,25 @@ Do the same in `chart/templates/enterprise_configmap.yaml`: auth_disabled: {{ .Values.monitoring.enabled }} ``` -In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines: +Do the same in `chart/templates/enterprise_feeds_configmap.yaml` and set required environment variables: ```yaml metrics: enabled: {{ .Values.monitoring.enabled }} + auth_disabled: {{ .Values.monitoring.enabled }} +``` + +And set required environment variables int `chart/templates/enterprise_feed_deployment.yaml`: + +```yaml + - name: ANCHORE_ENABLE_METRICS + value: {{ .Values.monitoring.enabled | quote }} + - name: ANCHORE_DISABLE_METRICS_AUTH + value: {{ .Values.monitoring.enabled | quote }} ``` +And + To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: ```yaml -- GitLab From 3a5ab14c809526ae1a3ce12cb11b97f70c9f9e5d Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Mon, 12 Jul 2021 13:27:31 -0400 Subject: [PATCH 6/9] update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2481103..9e38589 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [1.13.0-bb.1] ### Changed - updated Service Monitor and added Pod Monitor for scraping metrics from Anchore components -- updated `.Values.anchoreEnterpriseFeeds.extraEnv` to automatically enable metrics for the Anchore Enterprise feeds service +- updated chart templates to automatically enable metrics for the Anchore Enterprise feeds service (until patched upstream) ## [1.13.0-bb.0] ### Changed -- GitLab From 57efe4932284962f986a304b61e67287aa7a3068 Mon Sep 17 00:00:00 2001 From: bhearn Date: Mon, 12 Jul 2021 19:15:40 +0000 Subject: [PATCH 7/9] Apply 1 suggestion(s) to 1 file(s) --- docs/BBCHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 62bc120..d726056 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -188,7 +188,7 @@ Do the same in `chart/templates/enterprise_feeds_configmap.yaml` and set require auth_disabled: {{ .Values.monitoring.enabled }} ``` -And set required environment variables int `chart/templates/enterprise_feed_deployment.yaml`: +And set required environment variables in `chart/templates/enterprise_feed_deployment.yaml`: ```yaml - name: ANCHORE_ENABLE_METRICS -- GitLab From bdbec80c3325f3e3ff0c60f2da9795a1f80095bc Mon Sep 17 00:00:00 2001 From: bhearn Date: Mon, 12 Jul 2021 19:15:52 +0000 Subject: [PATCH 8/9] Apply 1 suggestion(s) to 1 file(s) --- docs/BBCHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index d726056..9d6098e 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -180,7 +180,7 @@ Do the same in `chart/templates/enterprise_configmap.yaml`: auth_disabled: {{ .Values.monitoring.enabled }} ``` -Do the same in `chart/templates/enterprise_feeds_configmap.yaml` and set required environment variables: +Do the same in `chart/templates/enterprise_feeds_configmap.yaml`: ```yaml metrics: -- GitLab From 388f91750fb5cba80f77add9a84d9d76d0badc59 Mon Sep 17 00:00:00 2001 From: bhearn Date: Mon, 12 Jul 2021 19:16:08 +0000 Subject: [PATCH 9/9] Apply 1 suggestion(s) to 1 file(s) --- docs/BBCHANGES.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 9d6098e..6a949b9 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -197,8 +197,6 @@ And set required environment variables in `chart/templates/enterprise_feed_deplo value: {{ .Values.monitoring.enabled | quote }} ``` -And - To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: ```yaml -- GitLab