Add Prometheus Exports to Mongodb Replicaset (helm#5874)

* Replicaset Prometheus Metrics export * bugfix: Fix TLS issues 1. Moves context of ssl configuration script into /work-dir where certain files are expected to be created. 2. Specifies the --sslMode=requireSSL flag on the container command when using TLS as specified by mongo docs. https://docs.mongodb.com/manual/tutorial/configure-ssl/ * Documentation on metrics options * Bump Chart Version
dysnix · Jun 18, 2018 · 4fa2cd3 · 4fa2cd3
1 parent 4d795c9
commit 4fa2cd3
Show file tree

Hide file tree

Showing 8 changed files with 155 additions and 3 deletions.
diff --git a/stable/mongodb-replicaset/Chart.yaml b/stable/mongodb-replicaset/Chart.yaml
@@ -1,12 +1,13 @@
 name: mongodb-replicaset
 home: https://github.com/mongodb/mongo
-version: 3.4.1
+version: 3.5.0
 appVersion: 3.6
 description: NoSQL document-oriented database that stores JSON-like documents with
   dynamic schemas, simplifying the integration of data in content-driven applications.
 icon: https://webassets.mongodb.com/_com_assets/cms/mongodb-logo-rgb-j6w271g1xn.jpg
 sources:
   - https://github.com/mongodb/mongo
+  - https://github.com/percona/mongodb_exporter
 maintainers:
   - name: foxish
     email: ramanathana@google.com

diff --git a/stable/mongodb-replicaset/README.md b/stable/mongodb-replicaset/README.md
@@ -51,6 +51,7 @@ The following table lists the configurable parameters of the mongodb chart and t
 | `tls.enabled`                       | Enable MongoDB TLS support including authentication                       | `false`                                             |
 | `tls.cacert`                        | The CA certificate used for the members                                   | Our self signed CA certificate                      |
 | `tls.cakey`                         | The CA key used for the members                                           | Our key for the self signed CA certificate          |
+| `metrics.enabled`                   | Enable Prometheus compatible metrics for pods and replicasets             | `false`                                             |
 | `auth.enabled`                      | If `true`, keyfile access control is enabled                              | `false`                                             |
 | `auth.key`                          | Key for internal authentication                                           | ``                                                  |
 | `auth.existingKeySecret`            | If set, an existing secret with this name for the key is used             | ``                                                  |
@@ -160,6 +161,26 @@ mongodb with your `mongo.pem` certificate:
 ```console
 $ mongo --ssl --sslCAFile=ca.crt --sslPEMKeyFile=mongo.pem --eval "db.adminCommand('ping')"
 ```
+
+## Promethus metrics
+Enabling the metrics as follows will allow for each replicaset pod to export Prometheus compatible metrics
+on server status, individual replicaset information, replication oplogs, and storage engine.
+
+```yaml
+metrics:
+  enabled: true
+  image: ssalaues/mongodb-exporter
+  imageTag: 0.5
+  imagePullPolicy: IfNotPresent
+  resources: {}
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9216"
+    prometheus.io/path: "/metrics"
+```
+
+More information on [MongoDB Exporter](https://github.com/percona/mongodb_exporter) metrics available.
+
 ## Readiness probe
 The default values for the readiness probe are:
 

diff --git a/stable/mongodb-replicaset/init/on-start.sh b/stable/mongodb-replicaset/init/on-start.sh
@@ -61,6 +61,9 @@ if [ -f "$ca_crt"  ]; then
     pem=/work-dir/mongo.pem
     ssl_args=(--ssl --sslCAFile "$ca_crt" --sslPEMKeyFile "$pem")
 
+# Move into /work-dir
+pushd /work-dir
+
 cat >openssl.cnf <<EOL
 [req]
 req_extensions = v3_req

diff --git a/stable/mongodb-replicaset/metrics/Dockerfile b/stable/mongodb-replicaset/metrics/Dockerfile
@@ -0,0 +1,13 @@
+FROM golang:alpine
+
+RUN apk update && apk --no-cache add --virtual .build-dep git make gcc \
+    && go get github.com/percona/mongodb_exporter \
+    && cd $GOPATH/src/github.com/percona/mongodb_exporter \
+    && make build \
+    && mv mongodb_exporter /bin \
+    && rm -rf $GOPATH/src/* \
+    && apk del .build-dep --purge
+
+EXPOSE 9216
+
+CMD  [ "/bin/mongodb_exporter" ]
diff --git a/stable/mongodb-replicaset/metrics/Makefile b/stable/mongodb-replicaset/metrics/Makefile
@@ -0,0 +1,27 @@
+# Copyright 2016 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+all: push
+
+TAG = 0.1
+PREFIX = staging-k8s.gcr.io/mongodb-metrics
+
+container:
+	docker build -t $(PREFIX):$(TAG) .
+
+push: container
+	gcloud docker -- push $(PREFIX):$(TAG)
+
+clean:
+	docker rmi $(PREFIX):$(TAG)
diff --git a/stable/mongodb-replicaset/templates/mongodb-service.yaml b/stable/mongodb-replicaset/templates/mongodb-service.yaml
@@ -4,6 +4,9 @@ kind: Service
 metadata:
   annotations:
     service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  {{- if .Values.metrics.enabled }}
+{{ toYaml .Values.metrics.annotations | indent 4 }}
+  {{- end }}
   {{- if .Values.serviceAnnotations }}
 {{ toYaml .Values.serviceAnnotations | indent 4 }}
   {{- end }}
@@ -22,6 +25,11 @@ spec:
   ports:
     - name: peer
       port: {{ .Values.port }}
+    {{- if .Values.metrics.enabled }}
+    - name: metrics
+      port: {{ index .Values "metrics" "annotations" "prometheus.io/port" }}
+      targetPort: metrics
+    {{- end }}
   selector:
     app: {{ template "mongodb-replicaset.name" . }}
     release: {{ .Release.Name }}
diff --git a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml
@@ -142,7 +142,7 @@ spec:
             - --keyFile=/data/configdb/key.txt
           {{- end }}
           {{- if .Values.tls.enabled }}
-            - --ssl
+            - --sslMode=requireSSL
             - --sslCAFile=/data/configdb/tls.crt
             - --sslPEMKeyFile=/work-dir/mongo.pem
           {{- end }}
@@ -185,7 +185,74 @@ spec:
               mountPath: /data/configdb
             - name: workdir
               mountPath: /work-dir
-    {{- with .Values.nodeSelector }}
+{{ if .Values.metrics.enabled }}
+        - name: metrics
+          image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
+          imagePullPolicy: {{ .Values.metrics.imagePullPolicy | quote }}
+          command:
+            - sh
+            - -ec
+            - |
+            {{- if .Values.auth.enabled }}
+              export MONGODB_URL=mongodb://$METRICS_USER:$METRICS_PASSWORD@localhost:{{ .Values.port }}
+            {{- else }}
+              export MONGODB_URL=mongodb://localhost:{{ .Values.port }}
+            {{- end }}
+              /bin/mongodb_exporter \
+            {{- if .Values.tls.enabled }}
+               -mongodb.tls \
+               -mongodb.tls-ca=/ca/tls.crt \
+               -mongodb.tls-cert=/work-dir/mongo.pem \
+            {{- end }}
+               -web.metrics-path={{ index .Values "metrics" "annotations" "prometheus.io/path" }} \
+               -web.listen-address=:{{ index .Values "metrics" "annotations" "prometheus.io/port" }}
+          volumeMounts:
+          {{- if and (.Values.tls.enabled) }}
+            - name: ca
+              mountPath: /ca
+              readOnly: true
+          {{- end }}
+            - name: workdir
+              mountPath: /work-dir
+              readOnly: true
+          env:
+          {{- if .Values.auth.enabled }}
+            - name: METRICS_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ template "mongodb-replicaset.adminSecret" . }}"
+                  key: user
+            - name: METRICS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ template "mongodb-replicaset.adminSecret" . }}"
+                  key: password
+          {{- end }}
+          ports:
+            - name: metrics
+              containerPort: {{ .Values.port }}
+          resources: {{ toYaml .Values.metrics.resources | indent 12 }}
+          livenessProbe:
+            exec:
+              command:
+                - sh
+                - -ec
+                {{- if .Values.auth.enabled }}
+                - export MONGODB_URL=mongodb://$METRICS_USER:$METRICS_PASSWORD@localhost:{{ .Values.port }};
+                {{- else }}
+                - export MONGODB_URL=mongodb://localhost:{{ .Values.port }}
+                {{- end }}
+                - /bin/mongodb_exporter
+                {{- if .Values.tls.enabled }}
+                - -mongodb.tls
+                - -mongodb.tls-ca=/ca/tls.crt
+                - -mongodb.tls-cert=/work-dir/mongo.pem
+                {{- end }}
+                - -test
+              initialDelaySeconds: 30
+              periodSeconds: 10
+{{ end }}
+   {{- with .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml . | indent 8 }}
     {{- end }}

diff --git a/stable/mongodb-replicaset/values.yaml b/stable/mongodb-replicaset/values.yaml
@@ -32,6 +32,18 @@ extraVars: {}
 # - name: TCMALLOC_AGGRESSIVE_DECOMMIT
 #   value: "true"
 
+# Prometheus Metrics Exporter
+metrics:
+  enabled: false
+  image: ssalaues/mongodb-exporter
+  imageTag: 0.5
+  imagePullPolicy: IfNotPresent
+  resources: {}
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9216"
+    prometheus.io/path: "/metrics"
+
 # Annotations to be added to MongoDB pods
 podAnnotations: {}