openstack/openstack-helm-infra
Code Issues Proposed changes

fix(tls): addresses TLS issues with mariaDB exporter

Browse Source 
This patch fixes following issues:

1. The existing envvar DATA_SOURCE_NAME overrides the setting specified
in the mysql_user.cnf file, ignore setting placed there;

2. Version 0.10 of the exporter does not support TLS, moving this to
minimally 0.11; and

3. Changed the host to the internal long name rather than the short
name.

Change-Id: I7259d23391ed31c423d74a8d9dc002e597adfb95
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2020-08-28 12:39:10 -05:00
parent 818157dcbb
commit 303d5e3108
3 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mariadb/templates/monitoring/prometheus/exporter-deployment.yaml
View File

@ -69,11 +69,6 @@ spec:
secretKeyRef: secretKeyRef:
name: mysql-exporter-secrets name: mysql-exporter-secrets
key: EXPORTER_PASSWORD key: EXPORTER_PASSWORD
- name: DATA_SOURCE_NAME
valueFrom:
secretKeyRef:
name: mysql-exporter-secrets
key: DATA_SOURCE_NAME
- name: POD_IP - name: POD_IP
valueFrom: valueFrom:
fieldRef: fieldRef:

3
mariadb/templates/monitoring/prometheus/secrets/_exporter_user.cnf.tpl
View File

@ -15,11 +15,10 @@ limitations under the License.
[client] [client]
user = {{ .Values.endpoints.oslo_db.auth.exporter.username }} user = {{ .Values.endpoints.oslo_db.auth.exporter.username }}
password = {{ .Values.endpoints.oslo_db.auth.exporter.password }} password = {{ .Values.endpoints.oslo_db.auth.exporter.password }}
host = {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} host = {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.manifests.certificates }} {{- if .Values.manifests.certificates }}
ssl-ca = /etc/mysql/certs/ca.crt ssl-ca = /etc/mysql/certs/ca.crt
ssl-key = /etc/mysql/certs/tls.key ssl-key = /etc/mysql/certs/tls.key
ssl-cert = /etc/mysql/certs/tls.crt ssl-cert = /etc/mysql/certs/tls.crt
{{- end }} {{- end }}

2
mariadb/values.yaml
View File

@ -24,7 +24,7 @@ images:
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
error_pages: gcr.io/google_containers/defaultbackend:1.4 error_pages: gcr.io/google_containers/defaultbackend:1.4
prometheus_create_mysql_user: docker.io/mariadb:10.2.31 prometheus_create_mysql_user: docker.io/mariadb:10.2.31
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0 prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.11.0
prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:newton-ubuntu_xenial prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:newton-ubuntu_xenial
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0