From dfbcdaa9795f8ac1d2b54419c8fe338716660743 Mon Sep 17 00:00:00 2001 From: Charlton Austin Date: Fri, 26 May 2017 14:57:48 -0400 Subject: [PATCH] fix(helm): add restriction to prom metrics this removes the cluster level configuration it also adds in restrictions to prom metrics Issue: https://coreosdev.atlassian.net/browse/QUAY-598 - [ ] It works! - [ ] Comments provide sufficient explanations for the next contributor - [ ] Tests cover changes and corner cases - [ ] Follows Quay syntax patterns and format --- .../extra/apostille-monitoring.yaml | 30 ------------------- helm/apostille-app/extra/namespaces.yaml | 9 ------ .../apostille-ingress-prometheus.yaml | 22 ++++++++++++++ 3 files changed, 22 insertions(+), 39 deletions(-) delete mode 100644 helm/apostille-app/extra/apostille-monitoring.yaml delete mode 100644 helm/apostille-app/extra/namespaces.yaml create mode 100644 helm/apostille-app/templates/apostille-ingress-prometheus.yaml diff --git a/helm/apostille-app/extra/apostille-monitoring.yaml b/helm/apostille-app/extra/apostille-monitoring.yaml deleted file mode 100644 index 72118f9..0000000 --- a/helm/apostille-app/extra/apostille-monitoring.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: monitoring.coreos.com/v1alpha1 -kind: ServiceMonitor -metadata: - name: apostille - namespace: apostille - labels: - app: apostille -spec: - selector: - matchLabels: - app: apostille - endpoints: - - port: default # works for different port numbers as long as the name matches - interval: 10s # scrape the endpoint every 10 seconds ---- -apiVersion: monitoring.coreos.com/v1alpha1 -kind: Prometheus -metadata: - name: apostille - namespace: apostille - labels: - prometheus: apostille -spec: - version: v1.3.0 - # Define that all ServiceMonitor TPRs with the label `app = apostille` should be included - # into the server's configuration. - serviceMonitors: - - selector: - matchLabels: - app: apostille diff --git a/helm/apostille-app/extra/namespaces.yaml b/helm/apostille-app/extra/namespaces.yaml deleted file mode 100644 index 2f00d9b..0000000 --- a/helm/apostille-app/extra/namespaces.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: nginx-ingress ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kube-lego diff --git a/helm/apostille-app/templates/apostille-ingress-prometheus.yaml b/helm/apostille-app/templates/apostille-ingress-prometheus.yaml new file mode 100644 index 0000000..4c2ffa2 --- /dev/null +++ b/helm/apostille-app/templates/apostille-ingress-prometheus.yaml @@ -0,0 +1,22 @@ +kind: Ingress +apiVersion: extensions/v1beta1 +metadata: + name: {{.Values.service}} + namespace: {{.Values.apostille_namespace}} + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/whitelist-source-range: "207.251.72.138/32,50.250.250.40/29,195.226.171.114/32" +spec: + tls: + - hosts: + - {{.Values.service_subdomain}}.quay.io + secretName: {{.Values.service}}-apostille-tls + rules: + - host: {{.Values.service_subdomain}}.quay.io + http: + paths: + - path: /metrics + backend: + serviceName: {{.Values.service}} + servicePort: 4443