@@ -110,8 +110,8 @@ def __init__(self, *args):
110110 self .grafana_dashboards = GrafanaDashboardProvider (self )
111111 self .metrics_endpoint = MetricsEndpointProvider (
112112 self ,
113- refresh_event = self .on .start ,
114- jobs = [{ "static_configs" : [{ "targets" : [ f"*: { METRICS_PORT } " ]}]}] ,
113+ refresh_event = [ self .on .start ] ,
114+ jobs = self . _generate_metrics_jobs ( self . is_tls_enabled ) ,
115115 )
116116 self .loki_push = LogProxyConsumer (
117117 self ,
@@ -124,6 +124,19 @@ def __init__(self, *args):
124124 patroni_api_port = ServicePort (8008 , name = "api" )
125125 self .service_patcher = KubernetesServicePatch (self , [postgresql_db_port , patroni_api_port ])
126126
127+ def _generate_metrics_jobs (self , enable_tls : bool ) -> Dict :
128+ """Generate spec for Prometheus scraping."""
129+ return [
130+ {"static_configs" : [{"targets" : [f"*:{ METRICS_PORT } ]}]},
131+ {
132+ "static_configs" : [
133+ {"targets" : [f"{ self .get_hostname_by_unit (self .unit .name )} ]}
134+ ],
135+ "scheme" : "https" if enable_tls else "http" ,
136+ "tls_config" : {"insecure_skip_verify" : True },
137+ },
138+ ]
139+
127140 @property
128141 def app_peer_data (self ) -> Dict :
129142 """Application peer relation data object."""
@@ -1095,12 +1108,10 @@ def _restart(self, event: RunWithLock) -> None:
10951108
10961109 def update_config (self ) -> None :
10971110 """Updates Patroni config file based on the existence of the TLS files."""
1098- enable_tls = all (self .tls .get_tls_files ())
1099-
11001111 # Update and reload configuration based on TLS files availability.
11011112 self ._patroni .render_patroni_yml_file (
11021113 connectivity = self .unit_peer_data .get ("connectivity" , "on" ) == "on" ,
1103- enable_tls = enable_tls ,
1114+ enable_tls = self . is_tls_enabled ,
11041115 backup_id = self .app_peer_data .get ("restoring-backup" ),
11051116 stanza = self .app_peer_data .get ("stanza" ),
11061117 restore_stanza = self .app_peer_data .get ("restore-stanza" ),
@@ -1110,17 +1121,20 @@ def update_config(self) -> None:
11101121 # then mark TLS as enabled. This commonly happens when the charm is deployed
11111122 # in a bundle together with the TLS certificates operator. This flag is used to
11121123 # know when to call the Patroni API using HTTP or HTTPS.
1113- self .unit_peer_data .update ({"tls" : "enabled" if enable_tls else "" })
1124+ self .unit_peer_data .update ({"tls" : "enabled" if self . is_tls_enabled else "" })
11141125 logger .debug ("Early exit update_config: Patroni not started yet" )
11151126 return
11161127
1117- restart_postgresql = enable_tls != self .postgresql .is_tls_enabled ()
1128+ restart_postgresql = self . is_tls_enabled != self .postgresql .is_tls_enabled ()
11181129 self ._patroni .reload_patroni_configuration ()
1119- self .unit_peer_data .update ({"tls" : "enabled" if enable_tls else "" })
1130+ self .unit_peer_data .update ({"tls" : "enabled" if self . is_tls_enabled else "" })
11201131
11211132 # Restart PostgreSQL if TLS configuration has changed
11221133 # (so the both old and new connections use the configuration).
11231134 if restart_postgresql :
1135+ self .metrics_endpoint .update_scrape_job_spec (
1136+ self ._generate_metrics_jobs (self .is_tls_enabled )
1137+ )
11241138 self .on [self .restart_manager .name ].acquire_lock .emit ()
11251139
11261140 def _update_pebble_layers (self ) -> None :
0 commit comments