Merge "Prometheus: Allow input of TLS client creds in values.yaml"

This commit is contained in:
Zuul 2020-08-01 22:47:56 +00:00 committed by Gerrit Code Review
commit 3ce0170da8
3 changed files with 57 additions and 0 deletions

View File

@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.tls_configs }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-tls-configs
data:
{{- range $k, $v := .Values.tls_configs }}
{{- range $f, $c := $v }}
{{ $k }}.{{ $f }}: {{ $c | b64enc }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -204,6 +204,10 @@ spec:
readOnly: true readOnly: true
- name: storage - name: storage
mountPath: /var/lib/prometheus/data mountPath: /var/lib/prometheus/data
{{- if .Values.tls_configs }}
- name: tls-configs
mountPath: /tls_configs
{{- end }}
{{ if $mounts_prometheus.volumeMounts }}{{ toYaml $mounts_prometheus.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_prometheus.volumeMounts }}{{ toYaml $mounts_prometheus.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
@ -220,6 +224,12 @@ spec:
configMap: configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }}
defaultMode: 0555 defaultMode: 0555
{{- if .Values.tls_configs }}
- name: tls-configs
secret:
secretName: {{ printf "%s-%s" $envAll.Release.Name "tls-configs" | quote }}
defaultMode: 0444
{{- end }}
{{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }}
{{- if not .Values.storage.enabled }} {{- if not .Values.storage.enabled }}
- name: storage - name: storage

View File

@ -250,6 +250,26 @@ secrets:
prometheus: prometheus:
public: prometheus-tls-public public: prometheus-tls-public
tls_configs:
# If client certificates are required to connect to metrics endpoints, they
# can be configured here. They will be mounted in the pod under /tls_configs
# and can be referenced in scrape configs.
# The filenames will be the key and subkey concatenanted with a ".", e.g.:
# /tls_configs/kubernetes-etcd.ca.pem
# /tls_configs/kubernetes-etcd.crt.pem
# /tls_configs/kubernetes-etcd.key.pem
# From the following:
# kubernetes-etcd:
# ca.pem: |
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# crt.pem: |
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# key.pem: |
# -----BEGIN RSA PRIVATE KEY-----
# -----END RSA PRIVATE KEY-----
storage: storage:
enabled: true enabled: true
pvc: pvc: