Monitoring of OLM, catalog, and marketplace operators by SYN stack (#12)

appuio · Jul 6, 2022 · d33ef0b · d33ef0b
1 parent 5c214d5
commit d33ef0b
Show file tree

Hide file tree

Showing 8 changed files with 387 additions and 5 deletions.
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -8,6 +8,10 @@ parameters:
     defaultInstallPlanApproval: Automatic
     defaultSourceNamespace: openshift-marketplace
 
+    monitoring:
+      enabled: true
+      instance: null
+
   openshift_operators:
     defaultSource: certified-operators
 

diff --git a/component/main.jsonnet b/component/main.jsonnet
@@ -28,4 +28,4 @@ local namespace = operatorlib.validateInstance(params.namespace);
       },
     },
   ],
-}
+} + (import 'monitoring.libsonnet')
diff --git a/component/monitoring.libsonnet b/component/monitoring.libsonnet
@@ -0,0 +1,118 @@
+/*
+This file adds ServiceMonitors in combination with the Prometheus component.
+
+Warning: The operators monitored are instance independent,
+         everything in this file must be instance independent.
+*/
+
+local kap = import 'lib/kapitan.libjsonnet';
+local kube = import 'lib/kube.libjsonnet';
+local prom = import 'lib/prometheus.libsonnet';
+local inv = kap.inventory();
+// The hiera parameters for the component
+local params = inv.parameters.openshift4_operators;
+
+local nsName = 'syn-monitoring-openshift4-operators';
+
+local promInstance =
+  if params.monitoring.instance != null then
+    params.monitoring.instance
+  else
+    inv.parameters.prometheus.defaultInstance;
+
+local endpoint = function(serverName)
+  prom.ServiceMonitorHttpsEndpoint(serverName) {
+    port: 'https-metrics',
+    metricRelabelings: [
+      {
+        action: 'drop',
+        regex: 'etcd_(debugging|disk|request|server).*',
+        sourceLabels: [
+          '__name__',
+        ],
+      },
+      prom.DropRuntimeMetrics,
+    ],
+  };
+
+local marketplaceOperatorMonitor = prom.ServiceMonitor('openshift-marketplace-operator') {
+  metadata+: {
+    namespace: nsName,
+  },
+  spec+: {
+    endpoints: [
+      endpoint('marketplace-operator-metrics.openshift-marketplace.svc'),
+    ],
+    namespaceSelector: {
+      matchNames: [
+        'openshift-marketplace',
+      ],
+    },
+    selector: {
+      matchLabels: {
+        name: 'marketplace-operator',
+      },
+    },
+  },
+};
+
+local olmOperatorMonitor = prom.ServiceMonitor('openshift-olm-operator') {
+  metadata+: {
+    namespace: nsName,
+  },
+  spec+: {
+    endpoints: [
+      endpoint('olm-operator-metrics.openshift-operator-lifecycle-manager.svc'),
+    ],
+    namespaceSelector: {
+      matchNames: [
+        'openshift-operator-lifecycle-manager',
+      ],
+    },
+    selector: {
+      matchLabels: {
+        app: 'olm-operator',
+      },
+    },
+  },
+};
+
+local catalogOperatorMonitor = prom.ServiceMonitor('openshift-catalog-operator') {
+  metadata+: {
+    namespace: nsName,
+  },
+  spec+: {
+    endpoints: [
+      endpoint('catalog-operator-metrics.openshift-operator-lifecycle-manager.svc'),
+    ],
+    namespaceSelector: {
+      matchNames: [
+        'openshift-operator-lifecycle-manager',
+      ],
+    },
+    selector: {
+      matchLabels: {
+        app: 'catalog-operator',
+      },
+    },
+  },
+};
+
+if params.monitoring.enabled && std.member(inv.applications, 'prometheus') then
+  {
+    monitoring: [
+      prom.RegisterNamespace(
+        kube.Namespace(nsName),
+        instance=promInstance
+      ),
+      marketplaceOperatorMonitor,
+      catalogOperatorMonitor,
+      olmOperatorMonitor,
+    ],
+  }
+else
+  std.trace(
+    'Monitoring disabled or component `prometheus` not present, '
+    + 'not deploying ServiceMonitors',
+    {}
+  )
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -62,3 +62,31 @@ This parameter configures the default value for the optional parameter `source`
 The component defaults to `certified-operators` for instance `openshift-operators`.
 This source provides community-maintained operators which are certified by RedHat.
 Alternatively, you can use `community-operators` for other community-maintained operators.
+
+== `monitoring`
+
+This parameter allows users to enable the component's monitoring configuration.
+Currently the component has support for deploying custom `ServiceMonitors` on clusters which use component `prometheus` to manage a custom monitoring stack.
+
+[WARNING]
+The monitoring configuration is instance independent. It must not be changed between instances of this component.
+
+=== `enabled`
+
+[horizontal]
+type:: boolean
+default:: `true`
+
+Whether to deploy monitoring configurations.
+If this parameter is set to `true`, the component will check whether component `prometheus` is present on the cluster.
+If the component is missing, no configurations will be deployed regardless of the value of this parameter.
+
+=== `instance`
+
+[horizontal]
+type:: string
+default:: `null`
+
+This parameter can be used to indicate which custom Prometheus instance should pick up the configurations managed by the component.
+
+If the parameter is set to the empty string, the default instance configured for component `prometheus` will be used.
diff --git a/...penshift-operators-redhat/openshift-operators-redhat/openshift4-operators/monitoring.yaml b/...penshift-operators-redhat/openshift-operators-redhat/openshift4-operators/monitoring.yaml
@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    monitoring.syn.tools/infra: 'true'
+    name: syn-monitoring-openshift4-operators
+  name: syn-monitoring-openshift4-operators
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-marketplace-operator
+  name: openshift-marketplace-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: marketplace-operator-metrics.openshift-marketplace.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-marketplace
+  selector:
+    matchLabels:
+      name: marketplace-operator
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-catalog-operator
+  name: openshift-catalog-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: catalog-operator-metrics.openshift-operator-lifecycle-manager.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-operator-lifecycle-manager
+  selector:
+    matchLabels:
+      app: catalog-operator
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-olm-operator
+  name: openshift-olm-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: olm-operator-metrics.openshift-operator-lifecycle-manager.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-operator-lifecycle-manager
+  selector:
+    matchLabels:
+      app: olm-operator
diff --git a/tests/golden/openshift-operators/openshift-operators/openshift4-operators/monitoring.yaml b/tests/golden/openshift-operators/openshift-operators/openshift4-operators/monitoring.yaml
@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    monitoring.syn.tools/infra: 'true'
+    name: syn-monitoring-openshift4-operators
+  name: syn-monitoring-openshift4-operators
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-marketplace-operator
+  name: openshift-marketplace-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: marketplace-operator-metrics.openshift-marketplace.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-marketplace
+  selector:
+    matchLabels:
+      name: marketplace-operator
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-catalog-operator
+  name: openshift-catalog-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: catalog-operator-metrics.openshift-operator-lifecycle-manager.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-operator-lifecycle-manager
+  selector:
+    matchLabels:
+      app: catalog-operator
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  annotations: {}
+  labels:
+    name: openshift-olm-operator
+  name: openshift-olm-operator
+  namespace: syn-monitoring-openshift4-operators
+spec:
+  endpoints:
+    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      interval: 30s
+      metricRelabelings:
+        - action: drop
+          regex: etcd_(debugging|disk|request|server).*
+          sourceLabels:
+            - __name__
+        - action: drop
+          regex: (go_.*|process_.*|promhttp_.*)
+          sourceLabels:
+            - __name__
+      port: https-metrics
+      scheme: https
+      tlsConfig:
+        caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+        serverName: olm-operator-metrics.openshift-operator-lifecycle-manager.svc
+  namespaceSelector:
+    matchNames:
+      - openshift-operator-lifecycle-manager
+  selector:
+    matchLabels:
+      app: olm-operator
diff --git a/tests/openshift-operators-redhat.yml b/tests/openshift-operators-redhat.yml
@@ -1,3 +1,12 @@
-# Overwrite parameters here
+applications:
+  - prometheus
 
-# parameters: {...}
+parameters:
+  kapitan:
+    dependencies:
+      - type: https
+        source: https://raw.githubusercontent.com/projectsyn/component-prometheus/master/lib/prometheus.libsonnet
+        output_path: vendor/lib/prometheus.libsonnet
+
+  prometheus:
+    defaultInstance: infra
-Original file line number
+Diff line change
@@ Expand Up @@
           },
         },
       ],
-    }
+    } + (import 'monitoring.libsonnet')