diff --git a/charts/feature-integrations/docs/integrations/mysql.md b/charts/feature-integrations/docs/integrations/mysql.md index 51ff281971..e27b3c77c1 100644 --- a/charts/feature-integrations/docs/integrations/mysql.md +++ b/charts/feature-integrations/docs/integrations/mysql.md @@ -2,6 +2,23 @@ ## Values +### Exporter Settings + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| exporter.collectors | list | `["heartbeat","mysql.user"]` | The list of collectors to enable for the MySQL Exporter ([Documentation](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.exporter.mysql/#supported-collectors)). | +| exporter.dataSource | object | `{"auth":{"password":"","passwordFrom":"","passwordKey":"password","username":"","usernameFrom":"","usernameKey":"username"},"host":"","port":3306}` | The data source to use for the MySQL Exporter. | +| exporter.dataSource.auth.password | string | `""` | The password to use for the MySQL connection. | +| exporter.dataSource.auth.passwordFrom | string | `""` | Raw config for accessing the password. | +| exporter.dataSource.auth.passwordKey | string | `"password"` | The key for storing the password in the secret. | +| exporter.dataSource.auth.username | string | `""` | The username to use for the MySQL connection. | +| exporter.dataSource.auth.usernameFrom | string | `""` | Raw config for accessing the username. | +| exporter.dataSource.auth.usernameKey | string | `"username"` | The key for storing the username in the secret. | +| exporter.dataSource.host | string | `""` | The MySQL host to connect to. | +| exporter.dataSource.port | int | `3306` | The MySQL port to connect to. | +| exporter.dataSourceName | string | `""` | The data source string to use for the MySQL Exporter. | +| exporter.enabled | bool | `true` | Whether to enable the Alloy-embedded MySQL Exporter. | + ### Discovery Settings | Key | Type | Default | Description | @@ -28,15 +45,11 @@ |-----|------|---------|-------------| | scrapeInterval | string | `60s` | How frequently to scrape metrics from MySQL Exporter. | -### Other Values +### Secret | Key | Type | Default | Description | |-----|------|---------|-------------| -| exporter.collectors[0] | string | `"heartbeat"` | | -| exporter.collectors[1] | string | `"mysql.user"` | | -| exporter.dataSource.host | string | `""` | | -| exporter.dataSource.password | string | `""` | | -| exporter.dataSource.port | int | `3306` | | -| exporter.dataSource.username | string | `""` | | -| exporter.dataSourceName | string | `""` | | -| exporter.enabled | bool | `true` | | +| secret.create | bool | `true` | Whether to create a secret to store credentials for this MySQL integration instance. | +| secret.embed | bool | `false` | If true, skip secret creation and embed the credentials directly into the configuration. | +| secret.name | string | `""` | The name of the secret to create. | +| secret.namespace | string | `""` | The namespace for the secret. | diff --git a/charts/feature-integrations/integrations/mysql-values.yaml b/charts/feature-integrations/integrations/mysql-values.yaml index 1d1c306d39..59ca12c5bb 100644 --- a/charts/feature-integrations/integrations/mysql-values.yaml +++ b/charts/feature-integrations/integrations/mysql-values.yaml @@ -3,41 +3,66 @@ # @section -- General Settings name: "" +# Settings for the Alloy embedded MySQL Exporter exporter: + # -- Whether to enable the Alloy-embedded MySQL Exporter. + # @section -- Exporter Settings enabled: true - # TODO: Utilize the secret functions to use from + # -- The data source string to use for the MySQL Exporter. + # @section -- Exporter Settings dataSourceName: "" + + # -- The data source to use for the MySQL Exporter. + # @section -- Exporter Settings dataSource: + # -- The MySQL host to connect to. + # @section -- Exporter Settings host: "" + # -- The MySQL port to connect to. + # @section -- Exporter Settings port: 3306 auth: + # -- The username to use for the MySQL connection. + # @section -- Exporter Settings username: "" - usernameKey: "" + # -- The key for storing the username in the secret. + # @section -- Exporter Settings + usernameKey: "username" + # -- Raw config for accessing the username. + # @section -- Exporter Settings usernameFrom: "" + # -- The password to use for the MySQL connection. + # @section -- Exporter Settings password: "" - passwordKey: "" + # -- The key for storing the password in the secret. + # @section -- Exporter Settings + passwordKey: "password" + # -- Raw config for accessing the password. + # @section -- Exporter Settings passwordFrom: "" - secret: - # -- (bool) Whether to create a secret for this MySQL integration instance. - # @default -- `true` - # @section -- Secret - create: - # -- If true, skip secret creation and embed the credentials directly into the configuration. - # @section -- Secret - embed: false - # -- The name of the secret to create. - # @section -- Secret - name: "" - # -- The namespace for the secret. - # @section -- Secret - namespace: "" - + # -- The list of collectors to enable for the MySQL Exporter ([Documentation](https://grafana.com/docs/alloy/latest/reference/components/prometheus/prometheus.exporter.mysql/#supported-collectors)). + # @section -- Exporter Settings collectors: - heartbeat - mysql.user +secret: + # -- (bool) Whether to create a secret to store credentials for this MySQL integration instance. + # @default -- `true` + # @section -- Secret + create: + # -- If true, skip secret creation and embed the credentials directly into the configuration. + # @section -- Secret + embed: false + # -- The name of the secret to create. + # @section -- Secret + name: "" + # -- The namespace for the secret. + # @section -- Secret + namespace: "" + # -- Discover MySQL Exporter instances based on label selectors, if not using the exporter # @section -- Discovery Settings labelSelectors: {} diff --git a/charts/feature-integrations/schema-mods/definitions/mysql-integration.schema.json b/charts/feature-integrations/schema-mods/definitions/mysql-integration.schema.json index 96e6963527..512548329e 100644 --- a/charts/feature-integrations/schema-mods/definitions/mysql-integration.schema.json +++ b/charts/feature-integrations/schema-mods/definitions/mysql-integration.schema.json @@ -13,17 +13,34 @@ "dataSource": { "type": "object", "properties": { - "host": { - "type": "string" + "auth": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "passwordFrom": { + "type": "string" + }, + "passwordKey": { + "type": "string" + }, + "username": { + "type": "string" + }, + "usernameFrom": { + "type": "string" + }, + "usernameKey": { + "type": "string" + } + } }, - "password": { + "host": { "type": "string" }, "port": { "type": "integer" - }, - "username": { - "type": "string" } } }, @@ -58,6 +75,23 @@ "scrapeInterval": { "type": "null" }, + "secret": { + "type": "object", + "properties": { + "create": { + "type": "null" + }, + "embed": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + } + }, "type": { "type": "string", "const": "mysql" diff --git a/charts/feature-integrations/templates/_integration_mysql.tpl b/charts/feature-integrations/templates/_integration_mysql.tpl index a09503aa0c..7b9e5a7f5a 100644 --- a/charts/feature-integrations/templates/_integration_mysql.tpl +++ b/charts/feature-integrations/templates/_integration_mysql.tpl @@ -6,22 +6,41 @@ declare "mysql_integration" { argument "metrics_destinations" { comment = "Must be a list of metric destinations where collected metrics should be forwarded to" } - {{- range $instance := $.Values.mysql.instances }} - {{- include "integrations.mysql.include.metrics" (deepCopy $ | merge (dict "integration" $instance)) | nindent 2 }} + {{- include "integrations.mysql.include.metrics" (deepCopy $ | merge (dict "instance" $instance)) | nindent 2 }} {{- end }} } {{- end }} {{- define "integrations.mysql.include.metrics" }} {{- $defaultValues := "integrations/mysql-values.yaml" | .Files.Get | fromYaml }} -{{- with deepCopy .integration | merge $defaultValues }} +{{- with merge .instance $defaultValues (dict "type" "integration.mysql") }} {{- if .exporter.enabled }} +{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + {{- include "secret.alloy" (deepCopy $ | merge (dict "object" .)) | nindent 0 }} +{{- end }} prometheus.exporter.mysql {{ include "helper.alloy_name" .name | quote }} { {{- if .exporter.dataSourceName }} - data_source_name = {{ .exporter.dataSourceName }} + data_source_name = {{ .exporter.dataSourceName | quote }} {{- else }} - data_source_name = {{ printf "%s:%s@%s:%d/" .exporter.dataSource.username .exporter.dataSource.password .exporter.dataSource.host (.exporter.dataSource.port | int) | quote }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "exporter.dataSource.auth.username")) "true" }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "exporter.dataSource.auth.password")) "true" }} + data_source_name = string.format("%s:%s@(%s:%d)/", + {{ include "secrets.read" (dict "object" . "key" "exporter.dataSource.auth.username" "nonsensitive" true) }}, + {{ include "secrets.read" (dict "object" . "key" "exporter.dataSource.auth.password") }}, + {{ .exporter.dataSource.host | quote }}, + {{ .exporter.dataSource.port | int }}, + ) + {{- else }} + data_source_name = string.format("%s@(%s:%d)/", + {{ include "secrets.read" (dict "object" . "key" "exporter.dataSource.auth.username" "nonsensitive" true) }}, + {{ .exporter.dataSource.host | quote }}, + {{ .exporter.dataSource.port | int }}, + ) + {{- end }} + {{- else }} + data_source_name = string.format("%s:%d/", {{ .exporter.dataSource.host | quote }}, {{ .exporter.dataSource.port | int }}) + {{- end }} {{- end }} enable_collectors = {{ .exporter.collectors | toJson }} } @@ -60,13 +79,13 @@ promtheus.relabel {{ include "helper.alloy_name" .name | quote }} { {{- define "integrations.mysql.validate" }} {{- range $instance := $.Values.mysql.instances }} - {{- include "integrations.mysql.instance.validate" (merge $ (dict "integration" $instance)) | nindent 2 }} + {{- include "integrations.mysql.instance.validate" (merge $ (dict "instance" $instance)) | nindent 2 }} {{- end }} {{- end }} {{- define "integrations.mysql.instance.validate" }} {{- $defaultValues := "integrations/mysql-values.yaml" | .Files.Get | fromYaml }} -{{- with merge .integration $defaultValues }} +{{- with merge .instance $defaultValues }} {{- if .exporter.enabled }} {{- if and (not .exporter.dataSourceName) (not (and .exporter.dataSource.username .exporter.dataSource.password .exporter.dataSource.host)) }} {{- $msg := list "" "Missing data source details for MySQL exporter." }} @@ -89,3 +108,8 @@ promtheus.relabel {{ include "helper.alloy_name" .name | quote }} { {{- end }} {{- end }} {{- end }} + +{{- define "secrets.list.integration.mysql" }} +- exporter.dataSource.auth.username +- exporter.dataSource.auth.password +{{- end }} diff --git a/charts/feature-integrations/templates/configmap.yaml b/charts/feature-integrations/templates/configmap.yaml index 9a042761f0..eee71e2843 100644 --- a/charts/feature-integrations/templates/configmap.yaml +++ b/charts/feature-integrations/templates/configmap.yaml @@ -9,7 +9,7 @@ data: metrics.alloy: |- {{- range $type := (include "integrations.types" . | fromYamlArray) }} {{- if (index $.Values $type).instances }} - {{- include (printf "integrations.%s.module.metrics" $type) (dict "Values" $.Values "Files" $.Files) | indent 4 }} + {{- include (printf "integrations.%s.module.metrics" $type) $ | indent 4 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/feature-integrations/templates/mysql-secret.yaml b/charts/feature-integrations/templates/mysql-secret.yaml new file mode 100644 index 0000000000..6a425fc182 --- /dev/null +++ b/charts/feature-integrations/templates/mysql-secret.yaml @@ -0,0 +1,19 @@ +{{- range $instance := .Values.mysql.instances }} + {{- $instance = merge $instance (dict "type" "integration.mysql") }} + {{- if eq (include "secrets.shouldCreateKubernetesSecret" $instance ) "true" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "secrets.kubernetesSecretName" (deepCopy $ | merge (dict "object" $instance)) | quote }} + namespace: {{ include "secrets.kubernetesSecretNamespace" (deepCopy $ | merge (dict "object" $instance)) | quote }} +stringData: +{{- $secrets := include "secrets.list.integration.mysql" $instance | fromYamlArray }} +{{- range $secret := $secrets }} + {{- $value := include "secrets.getSecretValue" (dict "object" $instance "key" $secret) -}} + {{- if $value }} + {{ include "secrets.getSecretKey" (dict "object" $instance "key" $secret) }}: {{ $value | quote }} + {{- end }} +{{- end }} + {{- end -}} +{{- end -}} diff --git a/charts/feature-integrations/templates/secrets/_helpers.tpl b/charts/feature-integrations/templates/secrets/_helpers.tpl new file mode 100644 index 0000000000..49188bcd2d --- /dev/null +++ b/charts/feature-integrations/templates/secrets/_helpers.tpl @@ -0,0 +1,143 @@ +{{/* Helper function to return the auth type, defaulting to none */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.authType" }} +{{- if hasKey . "auth" }}{{ .auth.type | default "none" }}{{ else }}none{{ end }} +{{- end }} + +{{/* Helper function to determine the secret type */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.secretType" }} +{{- if hasKey . "secret" }} + {{- if .secret.embed -}}embedded + {{- else if eq .secret.create false -}}external + {{- end }} +{{- else -}} +create +{{- end }} +{{- end }} + +{{/* Determine if a ___From field has been defined for a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretFromRef" -}} +{{- $value := .object -}} +{{- range $pathPart := (regexSplit "\\." (printf "%sFrom" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordFrom"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = "" -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end -}} + +{{/*Determine the key to access a secret value within a secret component*/}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretKey" -}} +{{- $value := .object -}} +{{- $defaultKey := (( regexSplit "\\." .key -1) | last) -}} {{/* "path.to.auth.password" --> "password" */}} +{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = $defaultKey -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end -}} + +{{/*Determine the path to the secret value*/}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}} +{{- define "secrets.getSecretValue" }} +{{- $value := .object -}} +{{- range $pathPart := (regexSplit "\\." .key -1) -}} {{/* "path.to.auth.password" --> ["path", "to", "auth" "password"] */}} +{{- if hasKey $value $pathPart -}} + {{- $value = (index $value $pathPart) -}} +{{- else -}} + {{- $value = "" -}} + {{- break -}} +{{- end -}} +{{- end -}} +{{- $value -}} +{{- end }} + +{{/* Build the alloy command to read a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}} +{{- define "secrets.read" }} +{{- $credRef := include "secrets.getSecretFromRef" . -}} +{{- if $credRef -}} +{{ $credRef }} +{{- else if eq (include "secrets.secretType" .object) "embedded" -}} +{{ include "secrets.getSecretValue" (dict "object" .object "key" .key) | quote }} +{{- else if eq (include "secrets.usesKubernetesSecret" .object) "true" -}} +{{- $credKey := include "secrets.getSecretKey" (dict "object" .object "key" .key) -}} +{{- if .nonsensitive -}} +nonsensitive(remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}]) +{{- else -}} +remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ $credKey | quote }}] +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Determines if the object will reference a secret value */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}} +{{- define "secrets.usesSecret" -}} +{{- if eq (include "secrets.read" .) "" }}false{{- else -}}true{{- end -}} +{{- end -}} + +{{/* Determines if the object will reference a Kubernetes secret */}} +{{/* Inputs: . (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.usesKubernetesSecret" -}} +{{- $secretType := (include "secrets.secretType" .) }} +{{- if eq $secretType "embedded" -}}false +{{- else -}} + {{- $usesK8sSecret := false }} + {{- range $secret := include (printf "secrets.list.%s" .type) . | fromYamlArray }} + {{- $ref := include "secrets.getSecretFromRef" (dict "object" $ "key" $secret) -}} + {{- $key := include "secrets.getSecretKey" (dict "object" $ "key" $secret) -}} + {{- $value := include "secrets.getSecretValue" (dict "object" $ "key" $secret) -}} + {{- if or (and (eq $secretType "external") $key) (and $value (not $ref)) }} + {{- $usesK8sSecret = true }} + {{- end }} + {{- end }} +{{- $usesK8sSecret -}} +{{- end -}} +{{- end -}} + +{{/* Determines if the object will need to create a Kubernetes secret. NOTE that this object should be before merging with default values */}} +{{/* Inputs: object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.shouldCreateKubernetesSecret" -}} +{{- if eq (include "secrets.usesKubernetesSecret" .) "false" }}false +{{- else if and (hasKey . "secret") (hasKey .secret "create") -}} +{{ .secret.create }} +{{- else -}} +true +{{- end -}} +{{- end -}} + +{{/* This returns the Kubernetes Secret name for this destination */}} +{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.kubernetesSecretName" -}} +{{- if and (hasKey .object "secret") (hasKey .object.secret "name") (not (empty .object.secret.name)) -}} +{{ .object.secret.name }} +{{- else -}} + +{{- if contains .Chart.Name .Release.Name }} +{{- printf "%s-%s" .object.name .Release.Name | trunc 63 | trimSuffix "-" | lower -}} +{{- else }} +{{- printf "%s-%s-%s" .object.name .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" | lower -}} +{{- end }} + +{{- end }} +{{- end }} + +{{/* This returns the Kubernetes Secret namespace for this destination */}} +{{/* Inputs: $ (top level helm data) object (user of the secret, needs name, secret, auth) */}} +{{- define "secrets.kubernetesSecretNamespace" -}} +{{- if and (hasKey .object "secret") (hasKey .object.secret "namespace") (not (empty .object.secret.namespace)) -}} +{{- .object.secret.namespace -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end }} +{{- end }} diff --git a/charts/feature-integrations/templates/secrets/_secret.alloy.tpl b/charts/feature-integrations/templates/secrets/_secret.alloy.tpl new file mode 100644 index 0000000000..6a002fe445 --- /dev/null +++ b/charts/feature-integrations/templates/secrets/_secret.alloy.tpl @@ -0,0 +1,8 @@ +{{/* This builds the remote.kubernetes.secret component for this destination */}} +{{/* Inputs: $ (top level object) object (user of the secret, needs name, secret, auth) */}} +{{ define "secret.alloy" }} +remote.kubernetes.secret {{ include "helper.alloy_name" .object.name | quote }} { + name = {{ include "secrets.kubernetesSecretName" . | quote }} + namespace = {{ include "secrets.kubernetesSecretNamespace" . | quote }} +} +{{ end }} diff --git a/charts/feature-integrations/test-values.yaml b/charts/feature-integrations/test-values.yaml new file mode 100644 index 0000000000..9dabf58e06 --- /dev/null +++ b/charts/feature-integrations/test-values.yaml @@ -0,0 +1,17 @@ +#deployAsConfigMap: true +mysql: + instances: + - name: test-db + exporter: + dataSource: + host: database.test.svc + - name: staging-db + exporter: + dataSourceName: "root:password@database.staging.svc:3306/" + - name: prod-db + exporter: + dataSource: + host: database.prod.svc + auth: + username: db-admin + password: db-password diff --git a/charts/feature-integrations/tests/mysql_test.yaml b/charts/feature-integrations/tests/mysql_test.yaml index 584c9e4b51..ee7c71aac2 100644 --- a/charts/feature-integrations/tests/mysql_test.yaml +++ b/charts/feature-integrations/tests/mysql_test.yaml @@ -2,6 +2,7 @@ suite: Test MySQL integration templates: - configmap.yaml + - mysql-secret.yaml tests: - it: should create the MySQL config set: @@ -11,13 +12,16 @@ tests: - name: my-database exporter: dataSource: - username: db-admin - password: db-password host: my-db.mysql.svc + auth: + username: db-admin + password: db-password asserts: - - isKind: + - template: configmap.yaml + isKind: of: ConfigMap - - equal: + - template: configmap.yaml + equal: path: data["metrics.alloy"] value: |- declare "mysql_integration" { @@ -25,8 +29,19 @@ tests: comment = "Must be a list of metric destinations where collected metrics should be forwarded to" } + + remote.kubernetes.secret "my_database" { + name = "my-database-release-name-k8s-monitoring-feature-integrations" + namespace = "NAMESPACE" + } + prometheus.exporter.mysql "my_database" { - data_source_name = "db-admin:db-password@my-db.mysql.svc:3306/" + data_source_name = string.format("%s:%s@(%s:%d)/", + nonsensitive(remote.kubernetes.secret.my_database.data["username"]), + remote.kubernetes.secret.my_database.data["password"], + "my-db.mysql.svc", + 3306, + ) enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "my_database" { @@ -35,3 +50,164 @@ tests: forward_to = argument.metrics_destinations.value } } + - template: mysql-secret.yaml + documentIndex: 0 + containsDocument: + apiVersion: v1 + kind: Secret + name: my-database-release-name-k8s-monitoring-feature-integrations + namespace: NAMESPACE + - template: mysql-secret.yaml + equal: + path: stringData.username + value: db-admin + - template: mysql-secret.yaml + equal: + path: stringData.password + value: db-password + + - it: works with multiple MySQL Instances + set: + deployAsConfigMap: true + mysql: + instances: + - name: test-db + exporter: + dataSource: + host: database.test.svc + - name: staging-db + exporter: + dataSourceName: "root:password@database.staging.svc:3306/" + - name: prod-db + exporter: + dataSource: + host: database.prod.svc + auth: + username: db-admin + password: db-password + asserts: + - template: configmap.yaml + isKind: + of: ConfigMap + - template: configmap.yaml + equal: + path: data["metrics.alloy"] + value: |- + declare "mysql_integration" { + argument "metrics_destinations" { + comment = "Must be a list of metric destinations where collected metrics should be forwarded to" + } + + prometheus.exporter.mysql "test_db" { + data_source_name = string.format("%s:%d/", "database.test.svc", 3306) + enable_collectors = ["heartbeat","mysql.user"] + } + prometheus.scrape "test_db" { + targets = prometheus.exporter.mysql.test_db.targets + job_name = "integration/mysql" + forward_to = argument.metrics_destinations.value + } + + prometheus.exporter.mysql "staging_db" { + data_source_name = "root:password@database.staging.svc:3306/" + enable_collectors = ["heartbeat","mysql.user"] + } + prometheus.scrape "staging_db" { + targets = prometheus.exporter.mysql.staging_db.targets + job_name = "integration/mysql" + forward_to = argument.metrics_destinations.value + } + + + remote.kubernetes.secret "prod_db" { + name = "prod-db-release-name-k8s-monitoring-feature-integrations" + namespace = "NAMESPACE" + } + + prometheus.exporter.mysql "prod_db" { + data_source_name = string.format("%s:%s@(%s:%d)/", + nonsensitive(remote.kubernetes.secret.prod_db.data["username"]), + remote.kubernetes.secret.prod_db.data["password"], + "database.prod.svc", + 3306, + ) + enable_collectors = ["heartbeat","mysql.user"] + } + prometheus.scrape "prod_db" { + targets = prometheus.exporter.mysql.prod_db.targets + job_name = "integration/mysql" + forward_to = argument.metrics_destinations.value + } + } + - template: mysql-secret.yaml + hasDocuments: + count: 1 # Only one secret should be created + - template: mysql-secret.yaml + documentIndex: 0 + containsDocument: + apiVersion: v1 + kind: Secret + name: prod-db-release-name-k8s-monitoring-feature-integrations + namespace: NAMESPACE + - template: mysql-secret.yaml + equal: + path: stringData.username + value: db-admin + - template: mysql-secret.yaml + equal: + path: stringData.password + value: db-password + + - it: works when referencing the MySQL Secret + set: + deployAsConfigMap: true + mysql: + instances: + - name: test-database + exporter: + dataSource: + host: test-database-mysql.mysql.svc + auth: + usernameFrom: "\"root\"" + passwordKey: mysql-root-password + secret: + create: false + name: test-database-mysql + namespace: mysql + asserts: + - template: configmap.yaml + isKind: + of: ConfigMap + - template: configmap.yaml + equal: + path: data["metrics.alloy"] + value: |- + declare "mysql_integration" { + argument "metrics_destinations" { + comment = "Must be a list of metric destinations where collected metrics should be forwarded to" + } + + + remote.kubernetes.secret "test_database" { + name = "test-database-mysql" + namespace = "mysql" + } + + prometheus.exporter.mysql "test_database" { + data_source_name = string.format("%s:%s@(%s:%d)/", + "root", + remote.kubernetes.secret.test_database.data["mysql-root-password"], + "test-database-mysql.mysql.svc", + 3306, + ) + enable_collectors = ["heartbeat","mysql.user"] + } + prometheus.scrape "test_database" { + targets = prometheus.exporter.mysql.test_database.targets + job_name = "integration/mysql" + forward_to = argument.metrics_destinations.value + } + } + - template: mysql-secret.yaml + hasDocuments: + count: 0 # No secret should be created diff --git a/charts/feature-integrations/values.schema.json b/charts/feature-integrations/values.schema.json index 8950bf3d05..c445be234c 100644 --- a/charts/feature-integrations/values.schema.json +++ b/charts/feature-integrations/values.schema.json @@ -209,17 +209,34 @@ "dataSource": { "type": "object", "properties": { - "host": { - "type": "string" + "auth": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "passwordFrom": { + "type": "string" + }, + "passwordKey": { + "type": "string" + }, + "username": { + "type": "string" + }, + "usernameFrom": { + "type": "string" + }, + "usernameKey": { + "type": "string" + } + } }, - "password": { + "host": { "type": "string" }, "port": { "type": "integer" - }, - "username": { - "type": "string" } } }, @@ -254,6 +271,23 @@ "scrapeInterval": { "type": "null" }, + "secret": { + "type": "object", + "properties": { + "create": { + "type": "null" + }, + "embed": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + } + }, "type": { "type": "string", "const": "mysql" diff --git a/charts/k8s-monitoring/Chart.lock b/charts/k8s-monitoring/Chart.lock index c844ee54c9..a6e94fffce 100644 --- a/charts/k8s-monitoring/Chart.lock +++ b/charts/k8s-monitoring/Chart.lock @@ -39,4 +39,4 @@ dependencies: repository: https://grafana.github.io/helm-charts version: 0.9.1 digest: sha256:4cac24fb5b4c8dba5508a79980ae781c65da75bcf2a279967bc8c5d7f9e4fad4 -generated: "2024-10-29T13:42:45.469635-05:00" +generated: "2024-10-29T18:29:37.858499-05:00" diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz index 775340e51b..a76577f839 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz index ee0aba7b02..63ee2516c4 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz index 867c139fbd..a2a1f50e80 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz index c1344ce45f..ed50287c9e 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz index c8f65b32ec..034ecaa725 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz index 11303abd80..907bf18984 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz index 61dad0140b..5542c650f8 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz index 38d71f8674..22c45b44d4 100644 Binary files a/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz and b/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz differ diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy index d5cf3788e6..8d6c45a355 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy @@ -15,6 +15,7 @@ prometheus.remote_write "prometheus" { } tls_config { insecure_skip_verify = false + ca_pem = "" } send_native_histograms = false queue_config { diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy index 625f0d0faa..9417dc415d 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy @@ -15,6 +15,7 @@ prometheus.remote_write "prometheus" { } tls_config { insecure_skip_verify = false + ca_pem = "" } send_native_histograms = false queue_config { diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml index adb2ad836d..d4b18906af 100644 --- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml +++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml @@ -72,6 +72,7 @@ data: } tls_config { insecure_skip_verify = false + ca_pem = "" } send_native_histograms = false queue_config { @@ -357,6 +358,7 @@ data: } tls_config { insecure_skip_verify = false + ca_pem = "" } send_native_histograms = false queue_config { diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/alloy-metrics.alloy index 8d1aa341a2..95240c7fc5 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/alloy-metrics.alloy +++ b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/alloy-metrics.alloy @@ -311,7 +311,7 @@ declare "alloy_integration" { alloy_integration_discovery "alloy_metrics" { port_name = "http-metrics" - label_selectors = ["app.kubernetes.io/name=alloy-metrics"] + label_selectors = ["app.kubernetes.io/name=alloy"] } alloy_integration_scrape "alloy_metrics" { diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml index 085593bee6..be5804b6b9 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml @@ -336,7 +336,7 @@ data: alloy_integration_discovery "alloy_metrics" { port_name = "http-metrics" - label_selectors = ["app.kubernetes.io/name=alloy-metrics"] + label_selectors = ["app.kubernetes.io/name=alloy"] } alloy_integration_scrape "alloy_metrics" { diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/README.md b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/README.md index 878caf66bd..ac4539e0ee 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/README.md +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/README.md @@ -22,16 +22,17 @@ integrations: - name: test-db exporter: dataSource: - username: db-admin - password: db-password host: database.test.svc - name: staging-db exporter: - dataSourceName: "root:password@database.staging.svc:3306" + dataSourceName: "root:password@database.staging.svc:3306/" - name: prod-db exporter: dataSource: - host: database.test.svc + host: database.prod.svc + auth: + username: db-admin + password: db-password alloy-metrics: enabled: true diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-metrics.alloy index a2ef9de41a..ee44ccebc0 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-metrics.alloy +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/alloy-metrics.alloy @@ -44,7 +44,7 @@ declare "mysql_integration" { } prometheus.exporter.mysql "test_db" { - data_source_name = "db-admin:db-password@database.test.svc:3306/" + data_source_name = string.format("%s:%d/", "database.test.svc", 3306) enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "test_db" { @@ -54,7 +54,7 @@ declare "mysql_integration" { } prometheus.exporter.mysql "staging_db" { - data_source_name = root:password@database.staging.svc:3306 + data_source_name = "root:password@database.staging.svc:3306/" enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "staging_db" { @@ -63,8 +63,19 @@ declare "mysql_integration" { forward_to = argument.metrics_destinations.value } + + remote.kubernetes.secret "prod_db" { + name = "prod-db-ko-integrations" + namespace = "default" + } + prometheus.exporter.mysql "prod_db" { - data_source_name = ":@database.test.svc:3306/" + data_source_name = string.format("%s:%s@(%s:%d)/", + nonsensitive(remote.kubernetes.secret.prod_db.data["username"]), + remote.kubernetes.secret.prod_db.data["password"], + "database.prod.svc", + 3306, + ) enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "prod_db" { diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml index 8b4c1625c3..891437ad80 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml @@ -15,6 +15,16 @@ metadata: app.kubernetes.io/part-of: alloy app.kubernetes.io/component: rbac --- +# Source: k8s-monitoring/charts/integrations/templates/mysql-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "prod-db-ko-integrations" + namespace: "default" +stringData: + username: "db-admin" + password: "db-password" +--- # Source: k8s-monitoring/templates/alloy-config.yaml apiVersion: v1 kind: ConfigMap @@ -69,7 +79,7 @@ data: } prometheus.exporter.mysql "test_db" { - data_source_name = "db-admin:db-password@database.test.svc:3306/" + data_source_name = string.format("%s:%d/", "database.test.svc", 3306) enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "test_db" { @@ -79,7 +89,7 @@ data: } prometheus.exporter.mysql "staging_db" { - data_source_name = root:password@database.staging.svc:3306 + data_source_name = "root:password@database.staging.svc:3306/" enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "staging_db" { @@ -88,8 +98,19 @@ data: forward_to = argument.metrics_destinations.value } + + remote.kubernetes.secret "prod_db" { + name = "prod-db-ko-integrations" + namespace = "default" + } + prometheus.exporter.mysql "prod_db" { - data_source_name = ":@database.test.svc:3306/" + data_source_name = string.format("%s:%s@(%s:%d)/", + nonsensitive(remote.kubernetes.secret.prod_db.data["username"]), + remote.kubernetes.secret.prod_db.data["password"], + "database.prod.svc", + 3306, + ) enable_collectors = ["heartbeat","mysql.user"] } prometheus.scrape "prod_db" { @@ -139,6 +160,8 @@ data: } + + self-reporting-metric.prom: | # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart # TYPE grafana_kubernetes_monitoring_build_info gauge diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/values.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/values.yaml index 05f4f912a5..22c055ea36 100644 --- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/values.yaml +++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/values.yaml @@ -13,16 +13,17 @@ integrations: - name: test-db exporter: dataSource: - username: db-admin - password: db-password host: database.test.svc - name: staging-db exporter: - dataSourceName: "root:password@database.staging.svc:3306" + dataSourceName: "root:password@database.staging.svc:3306/" - name: prod-db exporter: dataSource: - host: database.test.svc + host: database.prod.svc + auth: + username: db-admin + password: db-password alloy-metrics: enabled: true diff --git a/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy index 0ff8aa1c23..ee1c2ff65d 100644 --- a/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy +++ b/charts/k8s-monitoring/docs/examples/remote-config/alloy-metrics.alloy @@ -1,6 +1,11 @@ +remote.kubernetes.secret "alloy_metrics_remote_cfg" { + name = "alloy-metrics-remote-cfg-ko-k8s-monitoring" + namespace = "default" +} + remotecfg { url = "https://remote-config.example.com/alloy" basic_auth { diff --git a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml index 2974d7166f..38b5e931e5 100644 --- a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml +++ b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml @@ -37,6 +37,11 @@ data: + remote.kubernetes.secret "alloy_metrics_remote_cfg" { + name = "alloy-metrics-remote-cfg-ko-k8s-monitoring" + namespace = "default" + } + remotecfg { url = "https://remote-config.example.com/alloy" basic_auth { @@ -341,3 +346,6 @@ spec: - name: config configMap: name: ko-alloy-metrics +--- +# Source: k8s-monitoring/templates/remote_config_secret.yaml +# create: true diff --git a/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl b/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl index 686fda2b7a..fbf38dfa42 100644 --- a/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl +++ b/charts/k8s-monitoring/templates/collectors/_collector_remoteConfig.tpl @@ -2,6 +2,9 @@ {{- $remoteConfigValues := (index .Values .collectorName).remoteConfig }} {{- with merge $remoteConfigValues (dict "type" "remoteConfig" "name" (printf "%s-remote-cfg" .collectorName)) }} {{- if .enabled }} +{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + {{- include "secret.alloy" (deepCopy $ | merge (dict "object" .)) | nindent 0 }} +{{- end }} remotecfg { url = {{ .url | quote }} {{- if eq (include "secrets.authType" .) "basic" }} diff --git a/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl b/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl index 0e11bb8623..78c22dfa03 100644 --- a/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl +++ b/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl @@ -54,7 +54,7 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} { {{- if .tls }} tls_config { insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }} - {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} + {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.ca")) "true" }} ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }} {{- end }} {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }} diff --git a/charts/k8s-monitoring/templates/features/_feature_integrations.tpl b/charts/k8s-monitoring/templates/features/_feature_integrations.tpl index ab8a979fa9..6152fc94fa 100644 --- a/charts/k8s-monitoring/templates/features/_feature_integrations.tpl +++ b/charts/k8s-monitoring/templates/features/_feature_integrations.tpl @@ -19,7 +19,7 @@ {{- $destinations := include "features.integrations.destinations.metrics" . | fromYamlArray }} {{- $integrations := include "feature.integrations.configured.metrics" (dict "Values" .Values.integrations) | fromYamlArray }} {{- range $integrationType := $integrations }} - {{- include (printf "integrations.%s.module.metrics" $integrationType) (dict "Values" $.Values.integrations "Files" $.Subcharts.integrations.Files) | indent 0 }} + {{- include (printf "integrations.%s.module.metrics" $integrationType) (dict "Chart" $.Subcharts.integrations.Chart "Values" $.Values.integrations "Files" $.Subcharts.integrations.Files "Release" $.Release) | indent 0 }} {{ include "helper.alloy_name" $integrationType }}_integration "integration" { metrics_destinations = [ {{ include "destinations.alloy.targets" (dict "destinations" $.Values.destinations "names" $destinations "type" "metrics" "ecosystem" "prometheus") | indent 4 | trim }} diff --git a/charts/k8s-monitoring/templates/remote_config_secret.yaml b/charts/k8s-monitoring/templates/remote_config_secret.yaml index 5ed0d2766d..ab2dc733f6 100644 --- a/charts/k8s-monitoring/templates/remote_config_secret.yaml +++ b/charts/k8s-monitoring/templates/remote_config_secret.yaml @@ -2,6 +2,7 @@ {{- $remoteConfigValues := merge ((index $.Values $collector).remoteConfig) (dict "type" "remoteConfig" "name" (printf "%s-remote-cfg" $collector)) }} {{- with $remoteConfigValues }} {{- if .enabled }} +# create: {{ (include "secrets.shouldCreateKubernetesSecret" . ) }} {{- if eq (include "secrets.shouldCreateKubernetesSecret" . ) "true" }} --- apiVersion: v1 diff --git a/charts/k8s-monitoring/templates/secrets/_helpers.tpl b/charts/k8s-monitoring/templates/secrets/_helpers.tpl index 9c91967464..49188bcd2d 100644 --- a/charts/k8s-monitoring/templates/secrets/_helpers.tpl +++ b/charts/k8s-monitoring/templates/secrets/_helpers.tpl @@ -105,7 +105,7 @@ remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{ {{- end -}} {{- end -}} -{{/* Determines if the object will need to create a Kubernetes secret */}} +{{/* Determines if the object will need to create a Kubernetes secret. NOTE that this object should be before merging with default values */}} {{/* Inputs: object (user of the secret, needs name, secret, auth) */}} {{- define "secrets.shouldCreateKubernetesSecret" -}} {{- if eq (include "secrets.usesKubernetesSecret" .) "false" }}false diff --git a/charts/k8s-monitoring/tests/integration/integration-mysql/test-values.yaml b/charts/k8s-monitoring/tests/integration/integration-mysql/test-values.yaml index 3d1c1c4725..1778ba376f 100644 --- a/charts/k8s-monitoring/tests/integration/integration-mysql/test-values.yaml +++ b/charts/k8s-monitoring/tests/integration/integration-mysql/test-values.yaml @@ -4,12 +4,12 @@ tests: PROMETHEUS_URL: http://prometheus-server.prometheus.svc:9090/api/v1/query queries: - # Cert Manager metrics - - query: certmanager_clock_time_seconds{cluster="cert-manager-integration-test"} + # MySQL metrics + - query: mysqld_exporter_build_info{cluster="mysql-integration-test"} type: promql # DPM check - - query: avg(count_over_time(scrape_samples_scraped{cluster="cert-manager-integration-test"}[1m])) + - query: avg(count_over_time(scrape_samples_scraped{cluster="mysql-integration-test"}[1m])) type: promql expect: value: 1 diff --git a/charts/k8s-monitoring/tests/integration/integration-mysql/values.yaml b/charts/k8s-monitoring/tests/integration/integration-mysql/values.yaml index 0d1792b7a0..5fcf4c0bc4 100644 --- a/charts/k8s-monitoring/tests/integration/integration-mysql/values.yaml +++ b/charts/k8s-monitoring/tests/integration/integration-mysql/values.yaml @@ -13,8 +13,14 @@ integrations: - name: test-database exporter: dataSource: - host: test-database.mysql.svc - username: + host: test-database-mysql.mysql.svc + auth: + usernameFrom: "\"root\"" + passwordKey: mysql-root-password + secret: + create: false + name: test-database-mysql + namespace: mysql alloy-metrics: enabled: true diff --git a/scripts/lint-alloy.sh b/scripts/lint-alloy.sh index 750fbfa0a2..d80afb01d1 100755 --- a/scripts/lint-alloy.sh +++ b/scripts/lint-alloy.sh @@ -45,9 +45,12 @@ k8sDiscovery='discovery.kubernetes "lint_config_component" { role = "nodes" }' for file in "$@"; do - if [[ "${file}" == "--public-preview" ]]; then + if grep "${file}" -e "remotecfg {" >/dev/null; then STABILITY_LEVEL=public-preview fi + if grep "${file}" -e "livedebugging {" >/dev/null; then + STABILITY_LEVEL=experimental + fi # if the file doesn't exist skip it if [[ ! -f "${file}" ]]; then @@ -120,10 +123,10 @@ do fi checkstyle="${checkstyle}" - fi - # only override the statusCode if it is 0 - if [[ "${statusCode}" == 0 ]]; then - statusCode="${fmtCode}" + + if [[ "${statusCode}" == 0 ]]; then + statusCode=1 + fi fi done diff --git a/scripts/run-integration-test.sh b/scripts/run-integration-test.sh index 57f3c82930..59bb8f11d3 100755 --- a/scripts/run-integration-test.sh +++ b/scripts/run-integration-test.sh @@ -47,18 +47,17 @@ set -eo pipefail # Exit immediately if a command fails. clusterName=$(yq -r .cluster.name "${valuesFile}") DEPLOY_GRAFANA=${DEPLOY_GRAFANA:-true} -DELETE_CLUSTER=${DELETE_CLUSTER:-true} -CREATE_CLUSTER=${CREATE_CLUSTER:-true} +DELETE_CLUSTER=${DELETE_CLUSTER:-false} cleanup() { helm ls -A || true - if [ "${CREATE_CLUSTER}" == "true" ] && [ "${DELETE_CLUSTER}" == "true" ]; then + if [ "${DELETE_CLUSTER}" == "true" ]; then kind delete cluster --name "${clusterName}" || true fi } trap cleanup EXIT -if [ "${CREATE_CLUSTER}" == "true" ]; then +if ! kind get clusters | grep -q "${clusterName}"; then echo "Creating cluster..." if [ ! -f "${clusterConfig}" ]; then kind create cluster --name "${clusterName}"