Annotate nginx-ingress addon for Prometheus auto-discovery

* Add Google Cloud firewall rule to allow worker to worker access to health and metrics
2018-05-19 13:05:50 -07:00 · 2018-05-19 13:05:50 -07:00 · 28d0891729
parent 2ae126bf68
commit 28d0891729
6 changed files with 38 additions and 0 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -40,6 +40,7 @@ Notable changes between versions.
 * Update Grafana from v5.04 to v5.1.3 ([#208](https://github.com/poseidon/typhoon/pull/208))
  * Disable Grafana Google Analytics by default ([#214](https://github.com/poseidon/typhoon/issues/214))
 * Update nginx-ingress from 0.14.0 to 0.15.0
+* Annotate nginx-ingress service so Prometheus auto-discovers and scrapes service endpoints ([#222](https://github.com/poseidon/typhoon/pull/222))

 ## v1.10.2

--- a/addons/nginx-ingress/aws/service.yaml
+++ b/addons/nginx-ingress/aws/service.yaml
@ -3,6 +3,9 @@ kind: Service
 metadata:
  name: nginx-ingress-controller
  namespace: ingress
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '10254'
 spec:
  type: ClusterIP
  selector:
--- a/addons/nginx-ingress/digital-ocean/service.yaml
+++ b/addons/nginx-ingress/digital-ocean/service.yaml
@ -3,6 +3,9 @@ kind: Service
 metadata:
  name: nginx-ingress-controller
  namespace: ingress
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '10254'
 spec:
  type: ClusterIP
  selector:
--- a/addons/nginx-ingress/google-cloud/service.yaml
+++ b/addons/nginx-ingress/google-cloud/service.yaml
@ -3,6 +3,9 @@ kind: Service
 metadata:
  name: nginx-ingress-controller
  namespace: ingress
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '10254'
 spec:
  type: ClusterIP
  selector:
--- a/google-cloud/container-linux/kubernetes/network.tf
+++ b/google-cloud/container-linux/kubernetes/network.tf
@ -135,6 +135,20 @@ resource "google_compute_firewall" "internal-kubelet" {
  target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
 }

+# Allow Prometheus to scrape ingress-controller
+resource "google_compute_firewall" "ingress-health" {
+  name    = "${var.cluster_name}-ingress-health"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = [10254]
+  }
+
+  source_tags = ["${var.cluster_name}-worker"]
+  target_tags = ["${var.cluster_name}-worker"]
+}
+
 resource "google_compute_firewall" "internal-kubelet-readonly" {
  name    = "${var.cluster_name}-internal-kubelet-readonly"
  network = "${google_compute_network.network.name}"
--- a/google-cloud/fedora-atomic/kubernetes/network.tf
+++ b/google-cloud/fedora-atomic/kubernetes/network.tf
@ -135,6 +135,20 @@ resource "google_compute_firewall" "internal-kubelet" {
  target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"]
 }

+# Allow Prometheus to scrape ingress-controller
+resource "google_compute_firewall" "ingress-health" {
+  name    = "${var.cluster_name}-ingress-health"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = [10254]
+  }
+
+  source_tags = ["${var.cluster_name}-worker"]
+  target_tags = ["${var.cluster_name}-worker"]
+}
+
 resource "google_compute_firewall" "internal-kubelet-readonly" {
  name    = "${var.cluster_name}-internal-kubelet-readonly"
  network = "${google_compute_network.network.name}"