openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Add east-west ingress network policy to Prometheus"

Browse Source
This commit is contained in:
Zuul 2019-03-07 04:44:10 +00:00 committed by Gerrit Code Review
commit e836707ad0
3 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
prometheus/values.yaml
View File

@ -211,6 +211,11 @@ network:
enabled: false enabled: false
port: 30900 port: 30900
network_policy:
prometheus:
ingress:
- {}
secrets: secrets:
tls: tls:
monitoring: monitoring:
@ -234,7 +239,7 @@ manifests:
ingress: true ingress: true
helm_tests: true helm_tests: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false network_policy: true
secret_ingress_tls: true secret_ingress_tls: true
secret_prometheus: true secret_prometheus: true
service_ingress: true service_ingress: true
@ -1195,7 +1200,7 @@ conf:
description: Prometheus failed to scrape API server(s), or all API servers have disappeared from service discovery. description: Prometheus failed to scrape API server(s), or all API servers have disappeared from service discovery.
summary: API server unreachable summary: API server unreachable
- alert: K8SApiServerLatency - alert: K8SApiServerLatency
expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket{verb!~"CONNECT|WATCHLIST|WATCH|PROXY|DELETECOLLECTION"}) WITHOUT (instance, resource)) / 1e+06 > 1 expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket{verb!~"CONNECT|WATCHLIST|WATCH|PROXY"}) WITHOUT (instance, resource)) / 1e+06 > 1
for: 10m for: 10m
labels: labels:
severity: warning severity: warning

13
tools/deployment/network-policy/050-prometheus.sh
View File

@ -19,7 +19,7 @@ set -xe
#NOTE: Lint and package chart #NOTE: Lint and package chart
make prometheus make prometheus
tee /tmp/prometheus.yaml <<EOF tee /tmp/prometheus.yaml << EOF
manifests: manifests:
network_policy: true network_policy: true
network_policy: network_policy:
@ -43,19 +43,20 @@ network_policy:
application: nagios application: nagios
- podSelector: - podSelector:
matchLabels: matchLabels:
application: fluentd-exporter application: ingress
- podSelector:
matchLabels:
application: fluentd
ports: ports:
- protocol: TCP - protocol: TCP
port: 9093 port: 9093
- protocol: TCP
port: 9090
- protocol: TCP - protocol: TCP
port: 6783 port: 6783
- protocol: TCP - protocol: TCP
port: 9108 port: 9108
- protocol: TCP - protocol: TCP
port: 80 port: 80
- protocol: TCP
port: 443
EOF EOF
#NOTE: Deploy command #NOTE: Deploy command
@ -67,4 +68,4 @@ helm upgrade --install prometheus ./prometheus \
./tools/deployment/common/wait-for-pods.sh osh-infra ./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info #NOTE: Validate Deployment info
helm status prometheus helm status prometheus

3
tools/deployment/network-policy/901-test-networkpolicy.sh
View File

@ -48,6 +48,7 @@ function test_netpol {
fi fi
fi fi
} }
# Doing negative tests # Doing negative tests
test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail
test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
@ -55,4 +56,4 @@ test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail
test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
# Doing positive tests # Doing positive tests
test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success