openstack/openstack-helm-infra
Code Issues Proposed changes

[mariadb] Deploy exporter as sidecar

Browse Source 
Deploy exporter as a sidecar to provide correct mysql metrics.

Co-Authored-By: Oleh Hryhorov <ohryhorov@mirantis.com>

Change-Id: I25cfeaf7f95f772d2b3c07a6a91220d0154b4eea
This commit is contained in:
Vasyl Saienko 2024-09-15 07:31:09 +00:00
parent 32b571ab2f
commit 2f2ce5f28f
13 changed files with 68 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mariadb/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.6.7
description: OpenStack-Helm MariaDB
name: mariadb
version: 0.2.46
version: 0.2.47
home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources:

4
mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl → mariadb/templates/bin/_prometheus-create-mysql-user.sh.tpl
View File

@ -33,7 +33,7 @@ set -e
# In case MariaDB version is 10.2.x-10.4.x - we use old privileges definitions
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
GRANT PROCESS, BINLOG MONITOR, SLAVE MONITOR, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
GRANT SLAVE MONITOR, PROCESS, BINLOG MONITOR, SLAVE MONITOR, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
FLUSH PRIVILEGES;" ; then
echo "ERROR: Could not create user: ${EXPORTER_USER}"
exit 1
@ -42,7 +42,7 @@ set -e
# here we use new MariaDB privileges definitions defines since version 10.5
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
GRANT SLAVE MONITOR, PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \
FLUSH PRIVILEGES;" ; then
echo "ERROR: Could not create user: ${EXPORTER_USER}"
exit 1

0
mariadb/templates/monitoring/prometheus/bin/_mysqld-exporter.sh.tpl → mariadb/templates/bin/_prometheus-mysqld-exporter.sh.tpl
View File

4
mariadb/templates/monitoring/prometheus/exporter-configmap-bin.yaml → mariadb/templates/exporter-configmap-bin.yaml
View File

@ -21,7 +21,7 @@ metadata:
name: mysql-exporter-bin
data:
create-mysql-user.sh: |
{{ tuple "bin/_create-mysql-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ tuple "bin/_prometheus-create-mysql-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
mysqld-exporter.sh: |
{{ tuple "bin/_mysqld-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{ tuple "bin/_prometheus-mysqld-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

10
mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml → mariadb/templates/exporter-job-create-user.yaml
View File

@ -15,21 +15,15 @@ limitations under the License.
{{- if and .Values.manifests.monitoring.prometheus.job_user_create .Values.monitoring.prometheus.enabled }}
{{- $envAll := . }}
{{- $serviceAccountName := "exporter-create-sql-user" }}
{{- $serviceAccountName := "mariadb-exporter-create-sql-user" }}
{{ tuple $envAll "prometheus_create_mysql_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: exporter-create-sql-user
name: mariadb-exporter-create-sql-user
labels:
{{ tuple $envAll "prometheus-mysql-exporter" "create-sql-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.helm3_hook }}
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "5"
"helm.sh/hook-delete-policy": "before-hook-creation"
{{- end }}
spec:
backoffLimit: {{ .Values.jobs.exporter_create_sql_user.backoffLimit }}
template:

4
mariadb/templates/monitoring/prometheus/exporter-secrets-etc.yaml → mariadb/templates/exporter-secrets-etc.yaml
View File

@ -17,7 +17,7 @@ limitations under the License.
{{- $exporter_user := .Values.endpoints.oslo_db.auth.exporter.username }}
{{- $exporter_password := .Values.endpoints.oslo_db.auth.exporter.password }}
{{- $db_host := tuple "oslo_db" "direct" "mysql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
{{- $db_host := "localhost" }}
{{- $data_source_name := printf "%s:%s@(%s)/" $exporter_user $exporter_password $db_host }}
---
apiVersion: v1
@ -29,5 +29,5 @@ data:
DATA_SOURCE_NAME: {{ $data_source_name | b64enc }}
EXPORTER_USER: {{ .Values.endpoints.oslo_db.auth.exporter.username | b64enc }}
EXPORTER_PASSWORD: {{ .Values.endpoints.oslo_db.auth.exporter.password | b64enc }}
mysql_user.cnf: {{ tuple "secrets/_exporter_user.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }}
mysql_user.cnf: {{ tuple "secrets/_prometheus-exporter_user.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }}
{{- end }}

104
mariadb/templates/monitoring/prometheus/exporter-deployment.yaml
View File

@ -1,104 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }}
{{- $envAll := . }}
{{- $serviceAccountName := "prometheus-mysql-exporter" }}
{{ tuple $envAll "prometheus_mysql_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-mysql-exporter
labels:
{{ tuple $envAll "prometheus-mysql-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.prometheus_mysql_exporter }}
selector:
matchLabels:
{{ tuple $envAll "prometheus-mysql-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "prometheus-mysql-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
namespace: {{ .Values.endpoints.prometheus_mysql_exporter.namespace }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "prometheus-mysql-exporter" "containerNames" (list "init" "mysql-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "mysql_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "prometheus_mysql_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.prometheus_mysql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_mysql_exporter.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_mysql_exporter.timeout | default "30" }}
initContainers:
{{ tuple $envAll "prometheus_mysql_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: mysql-exporter
{{ tuple $envAll "prometheus_mysql_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "prometheus_mysql_exporter" "container" "exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.prometheus_mysql_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/mysqld-exporter.sh
ports:
- name: metrics
containerPort: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- name: EXPORTER_USER
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: EXPORTER_USER
- name: EXPORTER_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: EXPORTER_PASSWORD
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: LISTEN_PORT
value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: TELEMETRY_PATH
value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" | quote }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: mysql-exporter-secrets
mountPath: /etc/mysql/mysql_user.cnf
subPath: mysql_user.cnf
readOnly: true
- name: mysql-exporter-bin
mountPath: /tmp/mysqld-exporter.sh
subPath: mysqld-exporter.sh
readOnly: true
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: mysql-exporter-secrets
secret:
secretName: mysql-exporter-secrets
defaultMode: 0444
- name: mysql-exporter-bin
configMap:
name: mysql-exporter-bin
defaultMode: 0555
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

18
mariadb/templates/monitoring/prometheus/exporter-network-policy.yaml
View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.monitoring.prometheus.network_policy_exporter .Values.monitoring.prometheus.enabled -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "prometheus-mysql-exporter" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

35
mariadb/templates/monitoring/prometheus/exporter-service.yaml
View File

@ -1,35 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.monitoring.prometheus.service_exporter .Values.monitoring.prometheus.enabled }}
{{- $envAll := . }}
{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.mysqld_exporter }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "prometheus_mysql_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
labels:
{{ tuple $envAll "prometheus-mysql-exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
{{- if .Values.monitoring.prometheus.enabled }}
{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }}
{{- end }}
spec:
ports:
- name: metrics
port: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
selector:
{{ tuple $envAll "prometheus-mysql-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

2
mariadb/templates/monitoring/prometheus/secrets/_exporter_user.cnf.tpl → mariadb/templates/secrets/_prometheus-exporter_user.cnf.tpl
View File

@ -15,7 +15,7 @@ limitations under the License.
[client]
user = {{ .Values.endpoints.oslo_db.auth.exporter.username }}
password = {{ .Values.endpoints.oslo_db.auth.exporter.password }}
host = {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
host = localhost
port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.manifests.certificates }}
ssl-ca = /etc/mysql/certs/ca.crt

57
mariadb/templates/statefulset.yaml
View File

@ -113,6 +113,7 @@ metadata:
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-bin-exporter-hash: {{ tuple "exporter-configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
@ -289,6 +290,52 @@ spec:
- name: mysql-data
mountPath: /var/lib/mysql
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- if .Values.monitoring.prometheus.enabled }}
- name: mysql-exporter
{{ tuple $envAll "prometheus_mysql_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.prometheus_mysql_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/mysqld-exporter.sh
ports:
- name: metrics
containerPort: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- name: EXPORTER_USER
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: EXPORTER_USER
- name: EXPORTER_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: EXPORTER_PASSWORD
- name: DATA_SOURCE_NAME
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: DATA_SOURCE_NAME
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: LISTEN_PORT
value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: TELEMETRY_PATH
value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" | quote }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: mysql-exporter-secrets
mountPath: /etc/mysql/mysql_user.cnf
subPath: mysql_user.cnf
readOnly: true
- name: mysql-exporter-bin
mountPath: /tmp/mysqld-exporter.sh
subPath: mysqld-exporter.sh
readOnly: true
{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
@ -319,6 +366,16 @@ spec:
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.monitoring.prometheus.enabled }}
- name: mysql-exporter-secrets
secret:
secretName: mysql-exporter-secrets
defaultMode: 0444
- name: mysql-exporter-bin
configMap:
name: mysql-exporter-bin
defaultMode: 0555
{{- end }}
{{- if .Values.volume.enabled }}
volumeClaimTemplates:
- metadata:

25
mariadb/values.yaml
View File

@ -174,7 +174,6 @@ pod:
server: 3
ingress: 2
error_page: 1
prometheus_mysql_exporter: 1
controller: 1
lifecycle:
upgrades:
@ -185,8 +184,6 @@ pod:
max_unavailable: 1
max_surge: 3
termination_grace_period:
prometheus_mysql_exporter:
timeout: 30
error_pages:
timeout: 10
disruption_budget:
@ -194,13 +191,6 @@ pod:
min_available: 0
resources:
enabled: false
prometheus_mysql_exporter:
limits:
memory: "1024Mi"
cpu: "2000m"
requests:
memory: "128Mi"
cpu: "500m"
server:
requests:
memory: "128Mi"
@ -279,18 +269,6 @@ dependencies:
services:
- endpoint: internal
service: oslo_db
prometheus_mysql_exporter:
jobs:
- exporter-create-sql-user
services:
- endpoint: internal
service: oslo_db
prometheus_mysql_exporter_tests:
services:
- endpoint: internal
service: prometheus_mysql_exporter
- endpoint: internal
service: monitoring
image_repo_sync:
services:
- endpoint: internal
@ -731,11 +709,8 @@ manifests:
monitoring:
prometheus:
configmap_bin: true
deployment_exporter: true
job_user_create: true
secret_etc: true
service_exporter: true
network_policy_exporter: false
pdb_server: true
network_policy: false
pod_test: true

1
releasenotes/notes/mariadb.yaml
View File

@ -62,4 +62,5 @@ mariadb:
- 0.2.44 Uplift ingress controller image to 1.11.2
- 0.2.45 Add mariadb controller support
- 0.2.46 Avoid using cluster endpoints
- 0.2.47 Deploy exporter as sidecar
...