Merge pull request #210 from openziti/mjtrangoni-add-controller-servi…

…cemonitor

Mjtrangoni add controller servicemonitor

charts/ziti-controller/README.md

@@ -182,6 +182,15 @@ edgeSignerPki:
     enabled: true
 ```
 
+## Prometheus Monitoring
+
+This chart provides a default disabled `ziti-controller-prometheus` k8s service for prometheus,
+which can be enabled with `prometheus.service.enabled`. Enabling it will create a prometheus ServiceMonitor
+for configuring the prometheus endpoint. It is also important that you enable
+`fabric.events.enabled` for getting a full set of metrics.
+
+For more information, please check [here](https://openziti.io/docs/learn/core-concepts/metrics/prometheus/).
+
 ## Values Reference
 
 | Key | Type | Default | Description |
@@ -280,8 +289,20 @@ edgeSignerPki:
 | prometheus.containerPort | int | `9090` | cluster service target port on the container |
 | prometheus.service.annotations | object | `{}` |  |
 | prometheus.service.enabled | bool | `false` | create a cluster service for the deployment |
-| prometheus.service.labels | object | `{}` |  |
+| prometheus.service.labels | object | `{"app":"prometheus"}` | extra labels for matching only this service, ie. serviceMonitor |
 | prometheus.service.type | string | `"ClusterIP"` | expose the service as a ClusterIP, NodePort, or LoadBalancer |
+| prometheus.serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations |
+| prometheus.serviceMonitor.enabled | bool | `true` | If enabled, and prometheus service is enabled, ServiceMonitor resources for Prometheus Operator are created |
+| prometheus.serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval |
+| prometheus.serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels |
+| prometheus.serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples as the last step before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines `metric_relabel_configs`) |
+| prometheus.serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources |
+| prometheus.serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources |
+| prometheus.serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines `relabel_configs`) |
+| prometheus.serviceMonitor.scheme | string | `"https"` | ServiceMonitor will use http by default, but you can pick https as well |
+| prometheus.serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) |
+| prometheus.serviceMonitor.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec |
+| prometheus.serviceMonitor.tlsConfig | string | `nil` | ServiceMonitor will use these tlsConfig settings to make the health check requests |
 | resources | object | `{}` | deployment container resources |
 | securityContext | object | `{}` | deployment container security context |
 | spireAgent.enabled | bool | `false` | if you are running a container with the spire-agent binary installed then this will allow you to add the hostpath necessary for connecting to the spire socket |

charts/ziti-controller/README.md.gotmpl

@@ -183,6 +183,15 @@ edgeSignerPki:
     enabled: true
 ```
 
+## Prometheus Monitoring
+
+This chart provides a default disabled `ziti-controller-prometheus` k8s service for prometheus,
+which can be enabled with `prometheus.service.enabled`. Enabling it will create a prometheus ServiceMonitor
+for configuring the prometheus endpoint. It is also important that you enable
+`fabric.events.enabled` for getting a full set of metrics.
+
+For more information, please check [here](https://openziti.io/docs/learn/core-concepts/metrics/prometheus/).
+
 ## Values Reference
 
 {{ template "chart.valuesTable" . }}

charts/ziti-controller/templates/servicemonitor.yaml

@@ -0,0 +1,61 @@
+{{- with .Values.prometheus }}
+{{- if and .service.enabled .serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "ziti-controller.fullname" $ }}
+  {{- with .serviceMonitor.namespace }}
+  namespace: {{ . }}
+  {{- end }}
+  {{- with .serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "ziti-controller.labels" $ | nindent 4 }}
+    {{- with .serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  {{- with .serviceMonitor.namespaceSelector }}
+  namespaceSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "ziti-controller.selectorLabels" $ | nindent 6 }}
+      {{- with .service.labels }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+  endpoints:
+    - port: prometheus
+      {{- with $.Values.httpPathPrefix }}
+      path: {{ printf "%s/metrics" . }}
+      {{- end }}
+      {{- with .serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
+      {{- with .serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ . }}
+      {{- end }}
+      {{- with .serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .serviceMonitor.scheme }}
+      scheme: {{ . }}
+      {{- end }}
+      {{- with .serviceMonitor.tlsConfig }}
+      tlsConfig:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  {{- with .serviceMonitor.targetLabels }}
+  targetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/ziti-controller/values.yaml

@@ -82,9 +82,44 @@ prometheus:
     enabled: false
     # -- expose the service as a ClusterIP, NodePort, or LoadBalancer
     type: ClusterIP
-    labels: {}
+    # -- extra labels for matching only this service, ie. serviceMonitor
+    labels:
+      app: "prometheus"
     annotations: {}
 
+  # ServiceMonitor configuration
+  serviceMonitor:
+    # -- If enabled, and prometheus service is enabled, ServiceMonitor resources for Prometheus Operator are created
+    enabled: true
+    # -- Alternative namespace for ServiceMonitor resources
+    namespace: null
+    # -- Namespace selector for ServiceMonitor resources
+    namespaceSelector: {}
+    # -- ServiceMonitor annotations
+    annotations: {}
+    # -- Additional ServiceMonitor labels
+    labels: {}
+    # -- ServiceMonitor scrape interval
+    interval: null
+    # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
+    scrapeTimeout: null
+    # -- ServiceMonitor relabel configs to apply to samples before scraping
+    # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+    # (defines `relabel_configs`)
+    relabelings: []
+    # -- ServiceMonitor relabel configs to apply to samples as the last
+    # step before ingestion
+    # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+    # (defines `metric_relabel_configs`)
+    metricRelabelings: []
+    # -- ServiceMonitor will add labels from the service to the Prometheus metric
+    # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
+    targetLabels: []
+    # -- ServiceMonitor will use http by default, but you can pick https as well
+    scheme: https
+    # -- ServiceMonitor will use these tlsConfig settings to make the health check requests
+    tlsConfig: null
+
 ca:
   # Note: The renewBefore and duration fields must be specified using a Go
   # time.Duration string format, which does not allow the d (days) suffix.