summaryrefslogtreecommitdiffstats
path: root/roles/openshift_prometheus/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_prometheus/tasks')
-rw-r--r--roles/openshift_prometheus/tasks/facts.yaml10
-rw-r--r--roles/openshift_prometheus/tasks/install_prometheus.yaml119
-rw-r--r--roles/openshift_prometheus/tasks/main.yaml4
-rw-r--r--roles/openshift_prometheus/tasks/uninstall.yaml (renamed from roles/openshift_prometheus/tasks/uninstall_prometheus.yaml)0
4 files changed, 66 insertions, 67 deletions
diff --git a/roles/openshift_prometheus/tasks/facts.yaml b/roles/openshift_prometheus/tasks/facts.yaml
new file mode 100644
index 000000000..214089732
--- /dev/null
+++ b/roles/openshift_prometheus/tasks/facts.yaml
@@ -0,0 +1,10 @@
+---
+# The kubernetes version impacts the prometheus scraping endpoint
+# so gathering it before constructing the configmap
+- name: get oc version
+ oc_version:
+ register: oc_version
+
+- set_fact:
+ kubernetes_version: "{{ oc_version.results.kubernetes_short | float }}"
+ openshift_prometheus_serviceaccount_annotations: "{{ l_openshift_prometheus_serviceaccount_annotations + openshift_prometheus_serviceaccount_annotations|list }}"
diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml
index 749df5152..0b565502f 100644
--- a/roles/openshift_prometheus/tasks/install_prometheus.yaml
+++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml
@@ -1,4 +1,6 @@
---
+# set facts
+- include_tasks: facts.yaml
# namespace
- name: Add prometheus project
@@ -9,7 +11,7 @@
description: Prometheus
# secrets
-- name: Set alert and prometheus secrets
+- name: Set alert, alertmanager and prometheus secrets
oc_secret:
state: present
name: "{{ item }}-proxy"
@@ -20,30 +22,24 @@
with_items:
- prometheus
- alerts
+ - alertmanager
# serviceaccount
- name: create prometheus serviceaccount
oc_serviceaccount:
state: present
- name: prometheus
+ name: "{{ openshift_prometheus_service_name }}"
namespace: "{{ openshift_prometheus_namespace }}"
- # TODO add annotations when supproted
- # annotations:
- # serviceaccounts.openshift.io/oauth-redirectreference.prom: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}'
- # serviceaccounts.openshift.io/oauth-redirectreference.alerts: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}'
-
- secrets:
- - prometheus-secrets
changed_when: no
+
# TODO remove this when annotations are supported by oc_serviceaccount
- name: annotate serviceaccount
command: >
{{ openshift_client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }}
- serviceaccount prometheus
- serviceaccounts.openshift.io/oauth-redirectreference.prom='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}'
- serviceaccounts.openshift.io/oauth-redirectreference.alerts='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}'
-
+ serviceaccount {{ openshift_prometheus_service_name }} {{ item }}
+ with_items:
+ "{{ openshift_prometheus_serviceaccount_annotations }}"
# create clusterrolebinding for prometheus serviceaccount
- name: Set cluster-reader permissions for prometheus
@@ -52,63 +48,61 @@
namespace: "{{ openshift_prometheus_namespace }}"
resource_kind: cluster-role
resource_name: cluster-reader
- user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:prometheus"
+ user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:{{ openshift_prometheus_service_name }}"
+
-# create prometheus and alerts services
-# TODO join into 1 task with loop
-- name: Create prometheus service
+- name: create services for prometheus
oc_service:
- state: present
- name: "{{ item.name }}"
+ name: "{{ openshift_prometheus_service_name }}"
namespace: "{{ openshift_prometheus_namespace }}"
- selector:
- app: prometheus
labels:
- name: "{{ item.name }}"
- # TODO add annotations when supported
- # annotations:
- # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls"
+ name: prometheus
+ annotations:
+ oprometheus.io/scrape: 'true'
+ oprometheus.io/scheme: https
+ service.alpha.openshift.io/serving-cert-secret-name: prometheus-tls
ports:
- - port: 443
- targetPort: 8443
- with_items:
- - name: prometheus
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_service_targetport }}"
+ protocol: TCP
+ selector:
+ app: prometheus
-- name: Create alerts service
+- name: create services for alert buffer
oc_service:
- state: present
- name: "{{ item.name }}"
+ name: "{{ openshift_prometheus_alerts_service_name }}"
namespace: "{{ openshift_prometheus_namespace }}"
+ labels:
+ name: prometheus
+ annotations:
+ service.alpha.openshift.io/serving-cert-secret-name: alerts-tls
+ ports:
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_alerts_service_targetport }}"
+ protocol: TCP
selector:
app: prometheus
+
+- name: create services for alertmanager
+ oc_service:
+ name: "{{ openshift_prometheus_alertmanager_service_name }}"
+ namespace: "{{ openshift_prometheus_namespace }}"
labels:
- name: "{{ item.name }}"
- # TODO add annotations when supported
- # annotations:
- # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls"
+ name: prometheus
+ annotations:
+ service.alpha.openshift.io/serving-cert-secret-name: alertmanager-tls
ports:
- - port: 443
- targetPort: 9443
- with_items:
- - name: alerts
-
-
-# Annotate services with secret name
-# TODO remove this when annotations are supported by oc_service
-- name: annotate prometheus service
- command: >
- {{ openshift_client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }}
- service prometheus
- prometheus.io/scrape='true'
- prometheus.io/scheme=https
- service.alpha.openshift.io/serving-cert-secret-name=prometheus-tls
-
-- name: annotate alerts service
- command: >
- {{ openshift_client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }}
- service alerts 'service.alpha.openshift.io/serving-cert-secret-name=prometheus-alerts-tls'
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_alertmanager_service_targetport }}"
+ protocol: TCP
+ selector:
+ app: prometheus
# create prometheus and alerts routes
+# TODO: oc_route module should support insecureEdgeTerminationPolicy: Redirect
- name: create prometheus and alerts routes
oc_route:
state: present
@@ -122,6 +116,8 @@
host: "{{ openshift_prometheus_hostname }}"
- name: alerts
host: "{{ openshift_prometheus_alerts_hostname }}"
+ - name: alertmanager
+ host: "{{ openshift_prometheus_alertmanager_hostname }}"
# Storage
- name: create prometheus pvc
@@ -169,15 +165,6 @@
path: "{{ tempdir }}/prometheus.additional.rules"
register: additional_rules_stat
-# The kubernetes version impacts the prometheus scraping endpoint
-# so gathering it before constructing the configmap
-- name: get oc version
- oc_version:
- register: oc_version
-
-- set_fact:
- kubernetes_version: "{{ oc_version.results.kubernetes_short | float }}"
-
- template:
src: prometheus.yml.j2
dest: "{{ tempdir }}/prometheus.yml"
@@ -219,7 +206,7 @@
- name: Set alertmanager configmap
oc_configmap:
state: present
- name: "prometheus-alerts"
+ name: "alertmanager"
namespace: "{{ openshift_prometheus_namespace }}"
from_file:
alertmanager.yml: "{{ tempdir }}/alertmanager.yml"
diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml
index b859eb111..66d65a3f2 100644
--- a/roles/openshift_prometheus/tasks/main.yaml
+++ b/roles/openshift_prometheus/tasks/main.yaml
@@ -16,9 +16,11 @@
- name: Create templates subdirectory
file:
state: directory
- path: "{{ tempdir }}/templates"
+ path: "{{ tempdir }}/{{ item }}"
mode: 0755
changed_when: False
+ with_items:
+ - templates
- include_tasks: install_prometheus.yaml
when: openshift_prometheus_state == 'present'
diff --git a/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml b/roles/openshift_prometheus/tasks/uninstall.yaml
index d746402db..d746402db 100644
--- a/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml
+++ b/roles/openshift_prometheus/tasks/uninstall.yaml