From fe80f0044af2b40c5b58da782980ebc112d805ef Mon Sep 17 00:00:00 2001 From: zeritti <47476160+zeritti@users.noreply.github.com> Date: Thu, 25 Apr 2024 18:41:56 +0200 Subject: [PATCH] [prometheus] Add CI test cases (#4477) * [prometheus] Add CI values files Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com> * Use helper template setting labels in clusterrole Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com> --------- Signed-off-by: zeritti <47476160+zeritti@users.noreply.github.com> Co-authored-by: MH --- charts/prometheus/Chart.yaml | 2 +- .../ci/01-automount-sa-token-values.yaml | 5 + .../02-config-reloader-deployment-values.yaml | 25 ++++ .../ci/03-config-reloader-sts-values.yaml | 25 ++++ .../ci/04-extra-manifest-values.yaml | 22 ++++ .../ci/05-server-deployment-values.yaml | 43 +++++++ .../prometheus/ci/06-server-sts-values.yaml | 44 +++++++ .../prometheus/ci/07-meta-labels-values.yaml | 5 + .../08-sts-pvc-retention-policy-values.yaml | 13 ++ .../ci/09-standalone-deployment-values.yaml | 18 +++ .../ci/10-namespaced-sd-values.yaml | 114 ++++++++++++++++++ charts/prometheus/ci/11-default-values.yaml | 1 + 12 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 charts/prometheus/ci/01-automount-sa-token-values.yaml create mode 100644 charts/prometheus/ci/02-config-reloader-deployment-values.yaml create mode 100644 charts/prometheus/ci/03-config-reloader-sts-values.yaml create mode 100644 charts/prometheus/ci/04-extra-manifest-values.yaml create mode 100644 charts/prometheus/ci/05-server-deployment-values.yaml create mode 100644 charts/prometheus/ci/06-server-sts-values.yaml create mode 100644 charts/prometheus/ci/07-meta-labels-values.yaml create mode 100644 charts/prometheus/ci/08-sts-pvc-retention-policy-values.yaml create mode 100644 charts/prometheus/ci/09-standalone-deployment-values.yaml create mode 100644 charts/prometheus/ci/10-namespaced-sd-values.yaml create mode 100644 charts/prometheus/ci/11-default-values.yaml diff --git a/charts/prometheus/Chart.yaml b/charts/prometheus/Chart.yaml index b0777c17cf0..ea085281995 100644 --- a/charts/prometheus/Chart.yaml +++ b/charts/prometheus/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: prometheus appVersion: v2.51.2 -version: 25.20.0 +version: 25.20.1 kubeVersion: ">=1.19.0-0" description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/charts/prometheus/ci/01-automount-sa-token-values.yaml b/charts/prometheus/ci/01-automount-sa-token-values.yaml new file mode 100644 index 00000000000..52add690c40 --- /dev/null +++ b/charts/prometheus/ci/01-automount-sa-token-values.yaml @@ -0,0 +1,5 @@ +--- +## Test case: automount SA token +serviceAccounts: + server: + automountServiceAccountToken: true diff --git a/charts/prometheus/ci/02-config-reloader-deployment-values.yaml b/charts/prometheus/ci/02-config-reloader-deployment-values.yaml new file mode 100644 index 00000000000..0db060aa308 --- /dev/null +++ b/charts/prometheus/ci/02-config-reloader-deployment-values.yaml @@ -0,0 +1,25 @@ +--- +## Test case: test config-reloader in deployment +configmapReload: + env: + - name: APPNAME + value: "prometheus-config-reloader" + + prometheus: + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + + extraArgs: + log-level: debug + watch-interval: 1m + +server: + statefulSet: + enabled: false diff --git a/charts/prometheus/ci/03-config-reloader-sts-values.yaml b/charts/prometheus/ci/03-config-reloader-sts-values.yaml new file mode 100644 index 00000000000..f8510efc113 --- /dev/null +++ b/charts/prometheus/ci/03-config-reloader-sts-values.yaml @@ -0,0 +1,25 @@ +--- +## Test case: test config-reloader in statefulset +configmapReload: + env: + - name: APPNAME + value: "prometheus-config-reloader" + + prometheus: + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + + extraArgs: + log-level: debug + watch-interval: 1m + +server: + statefulSet: + enabled: true diff --git a/charts/prometheus/ci/04-extra-manifest-values.yaml b/charts/prometheus/ci/04-extra-manifest-values.yaml new file mode 100644 index 00000000000..3fb0f5a643d --- /dev/null +++ b/charts/prometheus/ci/04-extra-manifest-values.yaml @@ -0,0 +1,22 @@ +--- +## Test case: set extra manifests to deploy +extraManifests: + - | + apiVersion: v1 + kind: ConfigMap + metadata: + labels: + ci: "true" + name: prometheus-extra-cm-first + data: + GREETING: "hello" + - | + apiVersion: v1 + kind: ConfigMap + metadata: + labels: + ci: "true" + name: prometheus-extra-cm-second + data: + prometheus.txt: "{{ include "prometheus.server.fullname" . }}" + immutable: true diff --git a/charts/prometheus/ci/05-server-deployment-values.yaml b/charts/prometheus/ci/05-server-deployment-values.yaml new file mode 100644 index 00000000000..caf849ce413 --- /dev/null +++ b/charts/prometheus/ci/05-server-deployment-values.yaml @@ -0,0 +1,43 @@ +--- +## Test case: set various fields in deployment +server: + automountServiceAccountToken: true + + clusterRoleNameOverride: "ci-prometheus-server-cluster-role" + + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + env: + - name: APPNAME + value: prometheus + + extraArgs: + query.timeout: 1m + query.max-concurrency: 15 + + global: + external_labels: + cluster: "ci" + + persistentVolume: + enabled: true + size: 2Gi + + prefixURL: /prometheus + + retentionSize: 1GB + + startupProbe: + enabled: true + + statefulSet: + enabled: false + + tsdb: + out_of_order_time_window: 10s diff --git a/charts/prometheus/ci/06-server-sts-values.yaml b/charts/prometheus/ci/06-server-sts-values.yaml new file mode 100644 index 00000000000..97839953b14 --- /dev/null +++ b/charts/prometheus/ci/06-server-sts-values.yaml @@ -0,0 +1,44 @@ +--- +# Test case: set various fields in statefulset +server: + automountServiceAccountToken: true + + clusterRoleNameOverride: "ci-prometheus-server-cluster-role" + + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + env: + - name: APPNAME + value: prometheus + + extraArgs: + query.timeout: 1m + query.max-concurrency: 15 + + global: + external_labels: + cluster: "ci" + + persistentVolume: + enabled: true + statefulSetNameOverride: "ci-prometheus-server-pvc" + size: 2Gi + + prefixURL: /prometheus + + retentionSize: 1GB + + startupProbe: + enabled: true + + statefulSet: + enabled: true + + tsdb: + out_of_order_time_window: 10s diff --git a/charts/prometheus/ci/07-meta-labels-values.yaml b/charts/prometheus/ci/07-meta-labels-values.yaml new file mode 100644 index 00000000000..bc4e872e6dc --- /dev/null +++ b/charts/prometheus/ci/07-meta-labels-values.yaml @@ -0,0 +1,5 @@ +--- +# Test case: set meta labels +commonMetaLabels: + ci: "true" + env: "ci" diff --git a/charts/prometheus/ci/08-sts-pvc-retention-policy-values.yaml b/charts/prometheus/ci/08-sts-pvc-retention-policy-values.yaml new file mode 100644 index 00000000000..da65ab77e23 --- /dev/null +++ b/charts/prometheus/ci/08-sts-pvc-retention-policy-values.yaml @@ -0,0 +1,13 @@ +--- +## Test case: set PVC retention policy in statefulset +server: + automountServiceAccountToken: true + + statefulSet: + enabled: true + pvcDeleteOnStsDelete: true + pvcDeleteOnStsScale: true + + persistentVolume: + enabled: true + size: 2Gi diff --git a/charts/prometheus/ci/09-standalone-deployment-values.yaml b/charts/prometheus/ci/09-standalone-deployment-values.yaml new file mode 100644 index 00000000000..cbee5d9e1e1 --- /dev/null +++ b/charts/prometheus/ci/09-standalone-deployment-values.yaml @@ -0,0 +1,18 @@ +--- +## Test case: run standalone Prometheus deployment +alertmanager: + enabled: false + +kube-state-metrics: + enabled: false + +prometheus-node-exporter: + enabled: false + +prometheus-pushgateway: + enabled: false + +server: + automountServiceAccountToken: true + persistentVolume: + enabled: false diff --git a/charts/prometheus/ci/10-namespaced-sd-values.yaml b/charts/prometheus/ci/10-namespaced-sd-values.yaml new file mode 100644 index 00000000000..b62b48b8232 --- /dev/null +++ b/charts/prometheus/ci/10-namespaced-sd-values.yaml @@ -0,0 +1,114 @@ +--- +## Test case: Prometheus with namespaced SD +## Prometheus runs service discovery (SD) in its own namespace only. +## A custom cluster role is set up and bound to SA through a role binding +## in the given namespace. Prometheus *must* be told that its SD +## is namespaced by means of 'scrape_configs.kubernetes_sd_configs.namespaces'. +server: + automountServiceAccountToken: true + namespaces: [] + releaseNamespace: true + useExistingClusterRoleName: "prometheus-cluster-role" + + persistentVolume: + enabled: false + +alertmanager: + enabled: false + +kube-state-metrics: + enabled: true + +prometheus-node-exporter: + enabled: false + +prometheus-pushgateway: + enabled: false + +serverFiles: + prometheus.yml: + scrape_configs: + - job_name: "prometheus" + static_configs: + - targets: + - localhost:9090 + - job_name: "kubernetes-service-endpoints" + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + +extraManifests: + - | + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: prometheus-cluster-role + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/charts/prometheus/ci/11-default-values.yaml b/charts/prometheus/ci/11-default-values.yaml new file mode 100644 index 00000000000..ba5a5c1e259 --- /dev/null +++ b/charts/prometheus/ci/11-default-values.yaml @@ -0,0 +1 @@ +## Test case: use chart's default values