Document setting up prometheus with an operator created cluster #469
Assignees
Labels
documentation
Improvements or additions to documentation
Comments
|
@keith-mcclellan, @johnrk we should open another issue for moving the ca.crt in the ca secret |
|
@alinadonisa , can you create this new issue with the steps that you had in mind? |
|
the cockroach-ca secret is just for minting new certs as it has the private key, prometheus just needs the public key for the ca so it can connect to the prometheus endpoint since it's not an authenticated interaction. What we need to do is have the ca.crt live in it's own secret so it can be mounted independently of the node.crt it sounds like. Is that a correct summary @chrisseto ? |
|
An independent secret with the ca.crt would work just as well 👍 |
|
@johnrk, @keith-mcclellan, @chrisseto I added issue #491 for this implementation. |
|
@alinadonisa , thank you! |
This was referenced May 18, 2021
craig bot
pushed a commit
to cockroachdb/cockroach
that referenced
this issue
Jun 1, 2021
…65952 #65953 #65958 65397: cloud: add new stanza to specify custom certs for Prometheus r=taroface a=taroface Add a stanza to the Prometheus manifest that allows the user to specify custom certs. The `cockroach-node` specifies the default node secret used by the K8s Operator, as advised by @chrisseto. Relates to cockroachdb/cockroach-operator#469. A doc update to the Prometheus tutorial will refer to this change. 65871: sql: fix a bug which prevented self referencing NOT VALID foreign keys r=fqazi a=ajwerner This bug is due to both using the same object in descs.Txn (sort of) and the fact the fact that MakeMutationComplete does not remove the mutation any longer. I have a feeling, but have not checked, that we lost this back- reference in older versions. Release note (bug fix): Fixed a bug which prevented adding self-referencing FOREIGN KEY constraints in the NOT VALID state. 65938: sql: fix bug in column backfill with virtual NOT NULL columns r=mgartner a=ajwerner Prior to this change we'd inform the column backfiller that it needed to read the virtual columns. These virtual columns don't exist and thus won't be read. If the columns are marked as NOT NULL, then an assertion will fire from inside the row fetcher. This PR fixes the bug by not requesting the virtual columns. Fixes #65915. Release note (bug fix): Fixed a bug which prevented adding columns to tables which contain data and use NOT NULL virtual columns 65943: release: configure ssh key before using git r=rail a=rail In #65555 we added check to make sure we don't try to push the same tag twice. The `git ls-remote` command, which uses `ssh://` was missing a step that configures the SSH key. This patch configures SSH earlier in the process. Release note: None 65945: authors: add JeffSwenson to authors r=JeffSwenson a=JeffSwenson Release note: None 65946: authors: add adwittumuluri to authors r=adwittumuluri a=adwittumuluri Release note: None 65947: authors: add todd to authors r=matthewtodd a=matthewtodd Release note: None 65949: authors: add sarkesian to authors r=AlexTalks a=AlexTalks Release note: None 65950: Adding Toshi to Authors r=noguchitoshi a=noguchitoshi [title] 65952: authors: add "Duoc Nguyen" to authors r=duoclikebook a=duoclikebook Release note: None 65953: add nancy.vargas to authors r=nancy-vargas a=nancy-vargas 65958: authors: add <livlobo> to authors r=livlobo a=livlobo Release note: None Co-authored-by: taroface <[email protected]> Co-authored-by: Andrew Werner <[email protected]> Co-authored-by: Rail Aliiev <[email protected]> Co-authored-by: Jeff Swenson <[email protected]> Co-authored-by: Adwit Tumuluri <[email protected]> Co-authored-by: Matthew Todd <[email protected]> Co-authored-by: Alex Sarkesian <[email protected]> Co-authored-by: Toshi Noguchi <[email protected]> Co-authored-by: Duoc Nguyen <[email protected]> Co-authored-by: Nancy Vargas Balderas <[email protected]> Co-authored-by: Liv Lobo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've created an CockroachDB cluster via the operator and stumbled through settings up prometheus monitoring by following the tutorial in the CockroachDB repo.
The link to the prometheus operator manifest in the above tutorial appears to have expired. I tracked down the bundle in the prometheus operator repo.
Everything else appears to work just fine with the exception of the
ServiceMonitorwhich points at an incorrect CA.I was able to get it working by swapping the
tlsConfigto the below value. The config needs access to theca.crtwhich is not present in thecockroachdb-casecret so I fell back to using thecockroachdb-nodesecret. We should likely include theca.crtincockroachdb-caor in a separate secret for ease of use before fully documenting this.cc @chudro
The text was updated successfully, but these errors were encountered: