feat(prometheus): add podMonitor and serviceMonitor

This patch adds Prometheus podMonitor and serviceMonitor.

templates/_deployment.tpl

@@ -17,6 +17,20 @@
 {{- if .Values.persistentVolumeClaim.enabled }}
 {{- $env = concat $env (list (dict "name" "REPOSILITE_DATA" "value" .Values.persistentVolumeClaim.path )) }}
 {{- end }}
+
+{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
+{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.podMonitor.path )) }}
+{{- end }}
+
+{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
+{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PATH" "value" .Values.prometheus.metrics.serviceMonitor.path )) }}
+{{- end }}
+
+{{- if or (eq (include "reposilite.podMonitor.enabled" $ ) "true") (eq (include "reposilite.serviceMonitor.enabled" $ ) "true") -}}
+{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_USER" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "username")))) }}
+{{- $env = concat $env (list (dict "name" "REPOSILITE_PROMETHEUS_PASSWORD" "valueFrom" (dict "secretKeyRef" (dict "name" (include "reposilite.secrets.prometheusBasicAuth.name" $) "key" "password")))) }}
+{{- end }}
+
 {{ toYaml (dict "env" $env) }}
 {{- end -}}
 

templates/_pod.tpl

@@ -4,6 +4,9 @@
 
 {{- define "reposilite.pod.annotations" -}}
 {{ include "reposilite.annotations" . }}
+{{- if .Values.prometheus.metrics.enabled -}}
+{{- printf "checksum/secret-%s: %s" (include "reposilite.secrets.prometheusBasicAuth.name" $) (include (print $.Template.BasePath "/secretPrometheusBasicAuth.yaml") . | sha256sum) }}
+{{- end -}}
 {{- end }}
 
 {{/* labels */}}

templates/_podMonitors.tpl

@@ -0,0 +1,27 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+{{- define "reposilite.podMonitor.annotations" -}}
+{{ include "reposilite.annotations" . }}
+{{- if .Values.prometheus.metrics.podMonitor.annotations }}
+{{ toYaml .Values.prometheus.metrics.podMonitor.annotations }}
+{{- end }}
+{{- end }}
+
+{{/* enabled */}}
+{{- define "reposilite.podMonitor.enabled" -}}
+{{- if and .Values.prometheus.metrics.enabled .Values.prometheus.metrics.podMonitor.enabled (not .Values.prometheus.metrics.serviceMonitor.enabled) -}}
+true
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "reposilite.podMonitor.labels" -}}
+{{ include "reposilite.labels" . }}
+{{- if .Values.prometheus.metrics.podMonitor.labels }}
+{{ toYaml .Values.prometheus.metrics.podMonitor.labels }}
+{{- end }}
+{{- end }}

templates/_secrets.tpl

@@ -0,0 +1,19 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+
+{{- define "reposilite.secrets.prometheusBasicAuth.annotations" -}}
+{{ include "reposilite.annotations" . }}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "reposilite.secrets.prometheusBasicAuth.labels" -}}
+{{ include "reposilite.labels" . }}
+{{- end }}
+
+{{/* names */}}
+
+{{- define "reposilite.secrets.prometheusBasicAuth.name" -}}
+{{ include "reposilite.fullname" . }}-basic-auth-credentials
+{{- end -}}

templates/_serviceMonitors.tpl

@@ -0,0 +1,35 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* annotations */}}
+
+{{- define "reposilite.serviceMonitor.annotations" -}}
+{{ include "reposilite.annotations" . }}
+{{- if .Values.prometheus.metrics.serviceMonitor.annotations }}
+{{ toYaml .Values.prometheus.metrics.serviceMonitor.annotations }}
+{{- end }}
+{{- end }}
+
+{{/* enabled */}}
+
+{{- define "reposilite.serviceMonitor.enabled" -}}
+{{- if and .Values.prometheus.metrics.enabled (not .Values.prometheus.metrics.podMonitor.enabled) .Values.prometheus.metrics.serviceMonitor.enabled .Values.service.enabled -}}
+true
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{/* labels */}}
+
+{{- define "reposilite.serviceMonitor.labels" -}}
+{{ include "reposilite.labels" . }}
+{{- if .Values.prometheus.metrics.serviceMonitor.labels }}
+{{ toYaml .Values.prometheus.metrics.serviceMonitor.labels }}
+{{- end }}
+{{- end }}
+
+{{- define "reposilite.serviceMonitor.selectorLabels" -}}
+{{ include "reposilite.selectorLabels" . }}
+{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
+app.kubernetes.io/service-name: http
+{{- end }}

templates/_services.tpl

@@ -7,6 +7,8 @@
 {{- if .Values.service.annotations }}
 {{ toYaml .Values.service.annotations }}
 {{- end }}
+{{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}}
+app.kubernetes.io/service-name: http
 {{- end }}
 
 {{/* labels */}}

templates/deployment.yaml

@@ -68,7 +68,10 @@ spec:
         name: reposilite
         ports:
         - name: http
-          containerPort: {{ .Values.service.port }}
+          containerPort: 8080
+          protocol: TCP
+        - name: https
+          containerPort: 8443
           protocol: TCP
         readinessProbe:
           tcpSocket:

templates/podMonitor.yaml

@@ -0,0 +1,43 @@
+{{- if eq (include "reposilite.podMonitor.enabled" $) "true" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  {{- with (include "reposilite.podMonitor.annotations" . | fromYaml) }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "reposilite.podMonitor.labels" . | fromYaml) }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ include "reposilite.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  podMetricsEndpoints:
+  - basicAuth:
+      password:
+        key: password
+        name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
+      username:
+        key: username
+        name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
+    enableHttp2: {{ required "The enableHttp2 option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.enableHttp2 }}
+    followRedirects: {{ required "The followRedirects option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.followRedirects }}
+    honorLabels: {{ required "The honorLabels option of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.honorLabels }}
+    interval: {{ required "The scrape interval of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.interval }}
+    path: {{ required "The metric path of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.path }}
+    port: "8080"
+    {{- with .Values.prometheus.metrics.podMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    scrapeTimeout: {{ required "The scrape timeout of the podMonitor is not defined!" .Values.prometheus.metrics.podMonitor.scrapeTimeout }}
+    scheme: http
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "reposilite.pod.selectorLabels" . | nindent 6 }}
+{{- end }}

templates/secretPrometheusBasicAuth.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.prometheus.metrics.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- with (include "reposilite.secrets.prometheusBasicAuth.annotations" . | fromYaml) }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "reposilite.secrets.prometheusBasicAuth.labels" . | fromYaml) }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
+  namespace: {{ .Release.Namespace }}
+stringData:
+  password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthPassword }}
+  username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.basicAuthUsername }}
+{{- end }}

templates/service.yaml

@@ -43,7 +43,7 @@ spec:
   {{- end }}
   {{- end }}
   ports:
-  - name: http
+  - name: {{ required "No service name defined. Either 'http' or 'https' is allowed!" .Values.service.scheme }}
     protocol: TCP
     port: {{ required "No service port defined!" .Values.service.port }}
   selector:

templates/serviceMonitor.yaml

@@ -0,0 +1,43 @@
+{{- if eq (include "reposilite.serviceMonitor.enabled" $) "true" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  {{- with (include "reposilite.serviceMonitor.annotations" . | fromYaml) }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "reposilite.serviceMonitor.labels" . | fromYaml) }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ include "reposilite.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpoints:
+  - basicAuth:
+      password:
+        key: password
+        name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
+      username:
+        key: username
+        name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
+    enableHttp2: {{ required "The enableHttp2 option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.enableHttp2 }}
+    followRedirects: {{ required "The followRedirects option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.followRedirects }}
+    honorLabels: {{ required "The honorLabels option of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.honorLabels }}
+    interval: {{ required "The scrape interval of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.interval }}
+    path: {{ required "The metric path of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.path }}
+    {{- with .Values.prometheus.metrics.serviceMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    scrapeTimeout: {{ required "The scrape timeout of the serviceMonitor is not defined!" .Values.prometheus.metrics.serviceMonitor.scrapeTimeout }}
+    scheme: http
+    targetPort: 8080
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "reposilite.serviceMonitor.selectorLabels" . | nindent 6 }}
+{{- end }}