feat(metrics): building blocks for postgres exporter (#53)

## Description This PR enhances the package by introducing a metrics endpoint to the PostgreSQL cluster pods. The implementation involves adding a sidecar to the pods, which exposes a port for Prometheus to scrape using a configured PodMonitor. The changes avoid using the package CR to expose the metrics endpoint due to its complexity, particularly the need to exempt from uds/skip-mutate: "true" and to configure the PeerAuthentication CR to carve out a permissive mTLS port for the PodMonitor. Monitoring can be enabled, but defaults to false. ## Related Issue Relates to #51 ## Type of change - [ ] New feature (non-breaking change which adds functionality) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-postgres-operator/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
defenseunicorns · Jul 30, 2024 · c2a47bc · c2a47bc
1 parent 84d4c33
commit c2a47bc
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 0 deletions.
diff --git a/chart/templates/postgres-minimal.yaml b/chart/templates/postgres-minimal.yaml
@@ -15,4 +15,34 @@ spec:
     {{- toYaml .Values.postgresql.databases | nindent 4 }}
   postgresql:
     version: {{ .Values.postgresql.version | quote }}
+  sidecars:
+    - name: "exporter"
+      image: {{ .Values.metrics.image | quote }}
+      ports:
+        - name: exporter
+          containerPort: 9187
+          protocol: TCP
+      resources:
+        limits:
+          cpu: 500m
+          memory: 256M
+        requests:
+          cpu: 100m
+          memory: 200M
+      securityContext:
+        runAsUser: 37
+        runAsGroup: 37
+      env:
+        - name: "DATA_SOURCE_URI"
+          value: "$(POD_NAME)/postgres"
+        - name: "DATA_SOURCE_USER"
+          valueFrom:
+            secretKeyRef:
+              name: postgres.pg-cluster.credentials.postgresql.acid.zalan.do
+              key: username
+        - name: "DATA_SOURCE_PASS"
+          valueFrom:
+            secretKeyRef:
+              name: postgres.pg-cluster.credentials.postgresql.acid.zalan.do
+              key: password
 {{- end }}
diff --git a/chart/templates/postgres-monitor.yaml b/chart/templates/postgres-monitor.yaml
@@ -0,0 +1,19 @@
+{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: postgres-exporter
+  namespace: postgres
+spec:
+  scrapeClass: istio-certs
+  namespaceSelector:
+    matchNames:
+      - postgres
+  podMetricsEndpoints:
+    - port: exporter
+      scheme: https
+      enableHttp2: false
+  selector:
+    matchLabels:
+      application: spilo
+{{- end }}
diff --git a/chart/templates/uds-package-postgres.yaml b/chart/templates/uds-package-postgres.yaml
@@ -34,6 +34,15 @@ spec:
         remoteSelector:
           app.kubernetes.io/name: postgres-operator
 
+      - direction: Ingress
+        selector:
+          application: spilo
+        remoteNamespace: monitoring
+        remoteSelector:
+          app: prometheus
+        port: 9187
+        description: "Postgres Exporter Port"
+
       - direction: Egress
         selector:
           cluster-name: pg-cluster

diff --git a/values/registry1-config-values.yaml b/values/registry1-config-values.yaml
@@ -0,0 +1,2 @@
+metrics:
+  image: "registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter:v0.15.0"
diff --git a/values/upstream-config-values.yaml b/values/upstream-config-values.yaml
@@ -0,0 +1,2 @@
+metrics:
+  image: "quay.io/prometheuscommunity/postgres-exporter:v0.15.0"
diff --git a/zarf.yaml b/zarf.yaml
@@ -30,13 +30,18 @@ components:
       - name: postgres-operator
         valuesFiles:
           - ./values/registry1-values.yaml
+      - name: uds-postgres-config
+        valuesFiles:
+          - ./values/registry1-config-values.yaml
     images:
       # Iron Bank
       - registry1.dso.mil/ironbank/opensource/zalando/postgres-operator:v1.12.2
       - registry1.dso.mil/ironbank/opensource/zalando/logical-backup:v1.8.2
       - registry1.dso.mil/ironbank/opensource/zalando/pgbouncer:1.21.0
       # Docker image that provides PostgreSQL and Patroni bundled together for PostgreSQL HA
       - ghcr.io/zalando/spilo-15:3.2-p1
+      # Container iamge that provides the postgres-exporter sidecar to create a metrics endpoint
+      - registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter:v0.15.0
 
   - name: postgres-operator
     required: true
@@ -48,9 +53,14 @@ components:
       - name: postgres-operator
         valuesFiles:
           - ./values/upstream-values.yaml
+      - name: uds-postgres-config
+        valuesFiles:
+          - ./values/upstream-config-values.yaml
     images:
       - ghcr.io/zalando/postgres-operator:v1.12.2
       - ghcr.io/zalando/postgres-operator/logical-backup:v1.12.2
       - docker.io/bitnami/pgbouncer:1.23.0
       # Docker image that provides PostgreSQL and Patroni bundled together for PostgreSQL HA
       - ghcr.io/zalando/spilo-15:3.2-p1
+      # Container iamge that provides the postgres-exporter sidecar to create a metrics endpoint
+      - quay.io/prometheuscommunity/postgres-exporter:v0.15.0