Skip to content

[WIP] Add external Prometheus E2Es #2980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 14 commits into from
Closed

[WIP] Add external Prometheus E2Es #2980

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
8db475e
Extend ScyllaDBMonitoring with externally-managed Prometheus support
czeslavo Aug 27, 2025
bdc3ef2
Handle externally-managed Prometheus mode
czeslavo Aug 27, 2025
57291f9
Handle custom Grafana Prometheus datasource
czeslavo Sep 2, 2025
17d005d
Handle ScyllaDBMonitoring validation in admission webhook server
czeslavo Sep 4, 2025
83e7a17
Add ScyllaDBMonitoring to webhook server CR and VWC
czeslavo Sep 9, 2025
7b29e26
Update generated
czeslavo Aug 27, 2025
c54eace
Add E2E test covering ScyllaDBMonitoring validating webhook
czeslavo Sep 9, 2025
09150d2
Enqueue ScyllaDBMonitoring on referenced Secret/CM changes
czeslavo Sep 9, 2025
60990a1
Rollout Grafana deployment on referenced Secret/ConfigMap changes
czeslavo Sep 11, 2025
3c3f1a9
Add example ScyllaDBMonitoring configured with external Prometheus
czeslavo Sep 4, 2025
6d0ce52
Add implementation history entries for 2490 enhancement proposal
czeslavo Sep 15, 2025
176c1ad
Add external Prometheus E2Es
czeslavo Sep 24, 2025
ddd390d
Enable UWM in OpenShift test clusters
czeslavo Sep 25, 2025
b8c7431
Add external Prometheus on OpenShift E2E
czeslavo Sep 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions assets/monitoring/grafana/v1alpha1/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,10 +121,18 @@ spec:
mountPath: /var/run/secrets/grafana-admin-credentials
- name: grafana-serving-certs
mountPath: /var/run/secrets/grafana-serving-certs
{{- if and .prometheusTLSSpec .prometheusTLSSpec.ClientTLSKeyPairSecretRef }}
- name: prometheus-client-certs
mountPath: /var/run/secrets/prometheus-client-certs
{{- end }}
{{- if and .prometheusTLSSpec .prometheusTLSSpec.ServingCAConfigMapRef }}
- name: prometheus-serving-ca
mountPath: /var/run/configmaps/prometheus-serving-ca
{{- end }}
{{- if and .prometheusAuthSpec .prometheusAuthSpec.BearerTokenSecretRef }}
- name: prometheus-bearer-token
mountPath: /var/run/secrets/prometheus-bearer-token
{{- end }}
- name: grafana-storage
mountPath: /var/lib/grafana
securityContext:
Expand Down Expand Up @@ -159,12 +167,21 @@ spec:
- name: grafana-serving-certs
secret:
secretName: "{{ .servingCertSecretName }}"
{{- if and .prometheusTLSSpec .prometheusTLSSpec.ClientTLSKeyPairSecretRef }}
- name: prometheus-client-certs
secret:
secretName: "{{ .scyllaDBMonitoringName }}-prometheus-client-grafana"
secretName: "{{ .prometheusTLSSpec.ClientTLSKeyPairSecretRef.Name }}"
{{- end }}
{{- if and .prometheusTLSSpec .prometheusTLSSpec.ServingCAConfigMapRef }}
- name: prometheus-serving-ca
configMap:
name: "{{ .scyllaDBMonitoringName }}-prometheus-serving-ca"
name: "{{ .prometheusTLSSpec.ServingCAConfigMapRef.Name }}"
{{- end }}
{{- if and .prometheusAuthSpec .prometheusAuthSpec.BearerTokenSecretRef }}
- name: prometheus-bearer-token
secret:
secretName: "{{ .prometheusAuthSpec.BearerTokenSecretRef.Name }}"
{{- end }}
- name: grafana-storage
emptyDir:
sizeLimit: 100Mi
Expand Down
26 changes: 23 additions & 3 deletions assets/monitoring/grafana/v1alpha1/provisioning.cm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,36 @@ data:
- name: prometheus
type: prometheus
access: proxy
url: "https://{{ .scyllaDBMonitoringName }}-prometheus:9090"
url: "{{ .prometheusDatasource.URL }}"
isDefault: true
version: 1
editable: false
jsonData:
timeInterval: "5s"
{{- if and .prometheusDatasource.TLS .prometheusDatasource.TLS.InsecureSkipVerify }}
tlsSkipVerify: true
{{- end }}
{{- if and .prometheusDatasource.TLS .prometheusDatasource.TLS.ServingCAConfigMapRef }}
tlsAuthWithCACert: true
{{- end }}
{{- if and .prometheusDatasource.Auth .prometheusDatasource.Auth.BearerTokenSecretRef }}
httpHeaderName1: "Authorization"
{{- end }}
{{- $hasCACert := and .prometheusDatasource.TLS .prometheusDatasource.TLS.ServingCAConfigMapRef -}}
{{- $hasClientPair := and .prometheusDatasource.TLS .prometheusDatasource.TLS.ClientTLSKeyPairSecretRef -}}
{{- $hasBearer := and .prometheusDatasource.Auth .prometheusDatasource.Auth.BearerTokenSecretRef -}}
{{- if or $hasCACert $hasClientPair $hasBearer }}
secureJsonData:
tlsCACert: "$__file{/var/run/configmaps/prometheus-serving-ca/ca-bundle.crt}"
tlsClientCert: "$__file{/var/run/secrets/prometheus-client-certs/tls.crt}"
{{- if $hasCACert }}
tlsCACert: "$__file{/var/run/configmaps/prometheus-serving-ca/{{ .prometheusDatasource.TLS.ServingCAConfigMapRef.Key }}}"
{{- end }}
{{- if $hasClientPair }}
tlsClientCert: "$__file{/var/run/secrets/prometheus-client-certs/tls.crt}"
tlsClientKey: "$__file{/var/run/secrets/prometheus-client-certs/tls.key}"
{{- end }}
{{- if $hasBearer }}
httpHeaderValue1: "Bearer $__file{/var/run/secrets/prometheus-bearer-token/{{ .prometheusDatasource.Auth.BearerTokenSecretRef.Key }}}"
{{- end }}
{{- end }}
notifiers.yaml: ""
plugins.yaml: ""
1 change: 1 addition & 0 deletions bundle/manifests/scylla-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -544,6 +544,7 @@ spec:
- scylladbclusters
- scylladbmanagerclusterregistrations
- scylladbmanagertasks
- scylladbmonitorings
sideEffects: None
targetPort: 5000
type: ValidatingAdmissionWebhook
Expand Down
107 changes: 107 additions & 0 deletions bundle/manifests/scylla.scylladb.com_scylladbmonitorings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,106 @@ spec:
to Grafana without authentication.
type: boolean
type: object
datasources:
description: |-
datasources is a list of Grafana datasources to configure.
It's expected to be set when using Prometheus component in `External` mode.
At most one datasource is allowed for now (only Prometheus is supported).
items:
properties:
name:
default: prometheus
description: |-
name is the name of the datasource as it will appear in Grafana.
Only "prometheus" is supported as that's the datasource name expected by the ScyllaDB monitoring stack dashboards.
enum:
- prometheus
type: string
prometheusOptions:
description: prometheusOptions defines Prometheus-specific
options.
properties:
auth:
description: auth holds authentication options for
connecting to Prometheus.
properties:
bearerTokenOptions:
description: bearerToken holds options for Bearer
token authentication.
properties:
secretRef:
description: secretRef is a reference to
a key in a Secret holding a Bearer token
to use to authenticate with Prometheus.
properties:
key:
description: key within the selected
object.
minLength: 1
type: string
name:
description: name of the selected object.
minLength: 1
type: string
type: object
type: object
type:
default: NoAuthentication
description: type is the type of authentication
to use.
type: string
type: object
tls:
description: tls holds TLS configuration for connecting
to Prometheus over HTTPS.
properties:
caCertConfigMapRef:
description: |-
caCert is a reference to a key within the CA bundle ConfigMap. The key should hold the CA cert in PEM format.
When not specified, system CAs are used.
properties:
key:
description: key within the selected object.
minLength: 1
type: string
name:
description: name of the selected object.
minLength: 1
type: string
type: object
clientTLSKeyPairSecretRef:
description: |-
clientTLSKeyPairSecretRef is a reference to a Secret holding client TLS certificate and key for mTLS authentication.
It's expected to be a standard Kubernetes TLS Secret with `tls.crt` and `tls.key` keys.
properties:
name:
description: Name of the referent.
type: string
type: object
insecureSkipVerify:
default: false
description: insecureSkipVerify controls whether
to skip server certificate verification.
type: boolean
type: object
type: object
type:
allOf:
- enum:
- Prometheus
- enum:
- Prometheus
default: Prometheus
description: type is the type of the datasource. Only
"prometheus" is supported.
type: string
url:
description: url is the URL of the datasource.
minLength: 1
type: string
type: object
maxItems: 1
type: array
exposeOptions:
description: exposeOptions specifies options for exposing
Grafana UI.
Expand Down Expand Up @@ -1172,6 +1272,13 @@ spec:
type: object
type: object
type: object
mode:
default: Managed
description: mode defines the mode of the Prometheus instance.
enum:
- Managed
- External
type: string
placement:
description: placement describes restrictions for the nodes
Prometheus is scheduled on.
Expand Down
1 change: 1 addition & 0 deletions bundle/manifests/scyllacluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ rules:
- scylladbclusters
- scylladbmanagerclusterregistrations
- scylladbmanagertasks
- scylladbmonitorings
verbs:
- get
- list
Expand Down
99 changes: 99 additions & 0 deletions deploy/operator.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions deploy/operator/00_scyllacluster_clusterrole_view.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions deploy/operator/10_validatingwebhook.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading