diff --git a/changelogs/unreleased/sh-add-gitlab-monitor.yml b/changelogs/unreleased/sh-add-gitlab-monitor.yml new file mode 100644 index 0000000000000000000000000000000000000000..0ce854160173705517b7f99584a0913a1248fbd0 --- /dev/null +++ b/changelogs/unreleased/sh-add-gitlab-monitor.yml @@ -0,0 +1,5 @@ +--- +title: Add gitlab-monitor to Helm Chart +merge_request: 787 +author: +type: added diff --git a/charts/gitlab/charts/gitlab-monitor/Chart.yaml b/charts/gitlab/charts/gitlab-monitor/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..36f51b0a944a4a931a3520bd2cca91b5bcf56bcc --- /dev/null +++ b/charts/gitlab/charts/gitlab-monitor/Chart.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +name: gitlab-monitor +version: 4.0.0 +appVersion: master +description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) +keywords: +- gitlab +- gitlab-monitor +home: https://about.gitlab.com/ +icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg +sources: +- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-monitor +- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-monitor +- https://gitlab.com/gitlab-org/gitlab-monitor +maintainers: +- name: GitLab Inc. + email: support@gitlab.com diff --git a/charts/gitlab/charts/gitlab-monitor/templates/configmap.yaml b/charts/gitlab/charts/gitlab-monitor/templates/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5e60785823e85edd44be7f29d14c798ba558f426 --- /dev/null +++ b/charts/gitlab/charts/gitlab-monitor/templates/configmap.yaml @@ -0,0 +1,61 @@ +{{- if .Values.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +data: + gitlab-monitor.yml.erb: | + server: + listen_address: 0.0.0.0 + listen_port: {{ .Values.service.internalPort }} + + probes: + db_common: &db_common + methods: + - probe_db + opts: + connection_string: dbname={{ template "gitlab.psql.database" . }} user={{ template "gitlab.psql.username" . }} host={{ template "gitlab.psql.host" . }} port={{ template "gitlab.psql.port" . }} password='<%= File.read("/etc/gitlab/postgres/psql-password") %>' + database: + multiple: true + ci_builds: + class_name: Database::CiBuildsProber + <<: *db_common + tuple_stats: + class_name: Database::TuplesProber + <<: *db_common + rows_count: + class_name: Database::RowCountProber + <<: *db_common + + sidekiq: &sidekiq + methods: + - probe_queues + - probe_jobs + - probe_workers + - probe_retries + - probe_dead + opts: + redis_url: {{ template "gitlab.redis.url" . }} + redis_enable_client: false + + metrics: + multiple: true + sidekiq: + <<: *sidekiq + ci_builds: + class_name: Database::CiBuildsProber + <<: *db_common + tuple_stats: + class_name: Database::TuplesProber + <<: *db_common + rows_count: + class_name: Database::RowCountProber + <<: *db_common + + configure: | + {{- include "gitlab.scripts.configure.secrets" (dict "required" "postgres" "optional" "redis") | nindent 4 }} +# Leave this here - This line denotes end of block to the parser. +{{- end }} diff --git a/charts/gitlab/charts/gitlab-monitor/templates/deployment.yaml b/charts/gitlab/charts/gitlab-monitor/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ee75548a98f85421b068462ecac44c9cf7babe32 --- /dev/null +++ b/charts/gitlab/charts/gitlab-monitor/templates/deployment.yaml @@ -0,0 +1,140 @@ +{{- if .Values.enabled }} +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.metrics.enabled }} +{{ toYaml .Values.metrics.annotations | indent 8 }} +{{- end }} + spec: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + {{- if eq (default .Values.global.antiAffinity .antiAffinity) "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + {{- else if eq (default .Values.global.antiAffinity .antiAffinity) "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + {{- end }} + initContainers: +{{ include "gitlab.extraInitContainers" . | indent 8 }} +{{ include "gitlab.certificates.initContainer" . | indent 8 }} + - name: configure + command: ['sh', '/config/configure'] + image: {{ .Values.init.image }}:{{ .Values.init.tag }} + volumeMounts: +{{ include "gitlab.extraVolumeMounts" . | indent 10 }} +{{ include "gitlab.psql.ssl.volumeMount" . | indent 10 }} + - name: gitlab-monitor-config + mountPath: /config + readOnly: true + - name: init-gitlab-monitor-secrets + mountPath: /init-config + readOnly: true + - name: gitlab-monitor-secrets + mountPath: /init-secrets + readOnly: false + resources: +{{ toYaml .Values.init.resources | indent 12 }} +{{ include "pullsecrets" .Values.image | indent 6}} + containers: +{{ include "gitlab.extraContainers" . | indent 8 }} + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}" + {{ template "gitlab.imagePullPolicy" . }} + env: + - name: CONFIG_TEMPLATE_DIRECTORY + value: '/var/opt/gitlab-monitor/templates' + - name: CONFIG_DIRECTORY + value: '/etc/gitlab-monitor' + ports: + - containerPort: {{ .Values.service.internalPort }} + name: gitlab-monitor + volumeMounts: + - name: gitlab-monitor-config + mountPath: /var/opt/gitlab-monitor/templates/gitlab-monitor.yml.erb + subPath: gitlab-monitor.yml.erb + - name: gitlab-monitor-secrets + mountPath: '/etc/gitlab' + readOnly: true +{{ include "gitlab.extraVolumeMounts" . | indent 12 }} +{{ include "gitlab.certificates.volumeMount" . | indent 12 }} + livenessProbe: + exec: + command: + - pgrep + - -f + - gitlab-mon + readinessProbe: + exec: + command: + - pgrep + - -f + - gitlab-mon + lifecycle: + preStop: + exec: + command: ["/bin/bash", "-c", "pkill -f 'gitlab-mon'"] + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: +{{ include "gitlab.extraVolumes" . | indent 6 }} + - name: gitlab-monitor-config + configMap: + name: {{ template "fullname" . }} + - name: init-gitlab-monitor-secrets + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ template "gitlab.psql.password.secret" . }} + items: + - key: {{ template "gitlab.psql.password.key" . }} + path: postgres/psql-password + {{- if .Values.global.redis.password.enabled }} + - secret: + name: {{ template "gitlab.redis.password.secret" . }} + items: + - key: {{ template "gitlab.redis.password.key" . }} + path: redis/password + {{- end }} + - name: gitlab-monitor-secrets + emptyDir: + medium: "Memory" +{{ include "gitlab.certificates.volumes" . | indent 6 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/charts/gitlab-monitor/templates/service.yaml b/charts/gitlab/charts/gitlab-monitor/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..41d547a3220d5c867a59d0197fd7360d174dba98 --- /dev/null +++ b/charts/gitlab/charts/gitlab-monitor/templates/service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: +{{ include "gitlab.serviceAnnotations" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + protocol: TCP + name: gitlab-monitor + selector: + app: {{ template "name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/gitlab/charts/gitlab-monitor/values.yaml b/charts/gitlab/charts/gitlab-monitor/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2c3d4daa7228062ebaccfbff547a92eb5472eba7 --- /dev/null +++ b/charts/gitlab/charts/gitlab-monitor/values.yaml @@ -0,0 +1,47 @@ +# Default values for gitlab-monitor. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-monitor + pullSecrets: [] + # pullPolicy: IfNotPresent + # tag: latest + +service: + name: gitlab-monitor + type: ClusterIP + externalPort: 9168 + internalPort: 9168 + +metrics: + enabled: true + port: 9168 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9168" + prometheus.io/path: "/metrics" + +enabled: true + +init: + image: busybox + tag: latest + resources: + requests: + cpu: 50m + +global: + # imagePullPolicy: IfNotPresent + redis: + password: {} + +redis: + password: {} + +resources: + # limits: + # cpu: 1 + # memory: 2G + requests: + cpu: 50m + memory: 100M diff --git a/doc/charts/gitlab/gitlab-monitor/index.md b/doc/charts/gitlab/gitlab-monitor/index.md new file mode 100644 index 0000000000000000000000000000000000000000..887258104109d54aaf3a17b38b71f52e67917a22 --- /dev/null +++ b/doc/charts/gitlab/gitlab-monitor/index.md @@ -0,0 +1,90 @@ +# Using the GitLab-Monitor Chart + +The `gitlab-monitor` sub-chart provides Prometheus metrics for GitLab +application-specific data. It talks to PostgreSQL directly to perform +queries to retrieve data for CI builds, pull mirrors, etc. In addition, +it uses the Sidekiq API, which talks to Redis to gather different +metrics around the state of the Sidekiq queues (e.g. number of jobs). + +## Requirements + +This chart depends on Redis and PostgreSQL services, either as part of +the complete GitLab chart or provided as external services reachable +from the Kubernetes cluster on which this chart is deployed. + +## Configuration + +The `gitlab-monitor` chart is configured as follows: [Global +Settings](#global-settings) and [Chart Settings](#chart-settings). + +## Installation command line options + +The table below contains all the possible chart configurations that can be supplied +to the `helm install` command using the `--set` flags. + +| Parameter | Default | Description | +| -------------------------------- | --------------------- | ---------------------------------------------- | +| `annotations` | | Pod annotations | +| `enabled` | `true` | gitlab-monitor enabled flag | +| `extraContainers` | | List of extra containers to include | +| `extraInitContainers` | | List of extra init containers to include | +| `extraVolumeMounts` | | List of extra volumes mountes to do | +| `extraVolumes` | | List of extra volumes to create | +| `image.pullPolicy` | `IfNotPresent` | GitLab image pull policy | +| `image.pullSecrets` | | Secrets for the image repository | +| `image.repository` | `registry.gitlab.com/gitlab-org/build/cng/gitlab-monitor` | gitlab-monitor image repository | +| `image.tag` | | Unicorn image tag | +| `init.image` | `busybox` | initContainer image | +| `init.tag` | `latest` | initContainer image tag | +| `metrics.enabled` | `true` | Toggle Prometheus metrics exporter | +| `metrics.port` | `9168` | Listen port for the Prometheus metrics exporter | +| `resources.requests.cpu` | `50m` | gitlab-monitor minimum cpu | +| `resources.requests.memory` | `100M` | gitlab-monitor minimum memory | +| `service.externalPort` | `9168` | gitlab-monitor exposed port | +| `service.internalPort` | `9168` | gitlab-monitor internal port | +| `service.name` | `gitlab-monitor` | gitlab-monitor service name | +| `service.type` | `ClusterIP` | gitlab-monitor service type | + +## Chart configuration examples + +### image.pullSecrets + +`pullSecrets` allows you to authenticate to a private registry to pull images for a pod. + +Additional details about private registries and their authentication methods can be +found in [the Kubernetes documentation](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). + +Below is an example use of `pullSecrets`: + +```YAML +image: + repository: my.unicorn.repository + pullPolicy: Always + pullSecrets: + - name: my-secret-name + - name: my-secondary-secret-name +``` + +### annotations + +`annotations` allows you to add annotations to the gitlab-monitor pods. For example: + +```YAML +annotations: + kubernetes.io/example-annotation: annotation-value +``` + +## Global Settings + +We share some common global settings among our charts. See the [Globals Documentation](../../globals.md) +for common configuration options, such as GitLab and Registry hostnames. + +## Chart Settings + +The following values are used to configure the gitlab-monitor pod. + +### metrics.enabled + +By default, the pod exposes a metrics endpoint at `/metrics`. When +metrics are enabled, annotations are added to each pod allowing a +Prometheus server to discover and scrape the exposed metrics. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5bb1bd6b0d667a9900561c7242489d39a7e2fa7d..c4094d7e66b37464daee620d84fb3554c327d853 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -144,7 +144,7 @@ Alias of gitlab.psql.host Return the db database name */}} {{- define "gitlab.psql.database" -}} -{{- coalesce .Values.global.psql.database "gitlabhq_production" | quote -}} +{{- coalesce .Values.global.psql.database "gitlabhq_production" -}} {{- end -}} {{/*