prometheus: add externalPrometheus configuration

Author: apetruhin

api/v1/coroot_types.go

@@ -87,11 +87,33 @@ type PrometheusSpec struct {
 	// Annotations for prometheus pods.
 	PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
 	// Metrics retention time (e.g. 4h, 3d, 2w, 1y; default 2d)
-	// +kubebuilder:validation:Pattern=^\d+[mhdwy]$
+	// +kubebuilder:validation:Pattern="^[0-9]+[mhdwy]$"
 	Retention string    `json:"retention,omitempty"`
 	Image     ImageSpec `json:"image,omitempty"`
 }
 
+type ExternalPrometheusSpec struct {
+	// http(s)://IP:Port or http(s)://Domain:Port or http(s)://Service Name:Port
+	// +kubebuilder:validation:Pattern="^https?://.+$"
+	URL string `json:"url,omitempty"`
+	// Whether to skip verification of the Prometheus server's TLS certificate.
+	TLSSkipVerify bool `json:"tlsSkipVerify,omitempty"`
+	// Basic auth credentials.
+	BasicAuth *BasicAuthSpec `json:"basicAuth,omitempty"`
+	// Custom headers to include in requests to the Prometheus server.
+	CustomHeaders map[string]string `json:"customHeaders,omitempty"`
+	// The URL for metric ingestion though the Prometheus Remote Write protocol (optional).
+	// +kubebuilder:validation:Pattern="^https?://.+$"
+	RemoteWriteUrl string `json:"remoteWriteURL,omitempty"`
+}
+
+type BasicAuthSpec struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	// Secret containing password. If specified, this takes precedence over the Password field.
+	PasswordSecret *corev1.SecretKeySelector `json:"passwordSecret,omitempty"`
+}
+
 type ClickhouseSpec struct {
 	Shards   int `json:"shards,omitempty"`
 	Replicas int `json:"replicas,omitempty"`
@@ -233,6 +255,8 @@ type CorootSpec struct {
 
 	// Prometheus configuration.
 	Prometheus PrometheusSpec `json:"prometheus,omitempty"`
+	// Use an external Prometheus instance instead of deploying one.
+	ExternalPrometheus *ExternalPrometheusSpec `json:"externalPrometheus,omitempty"`
 
 	// Clickhouse configuration.
 	Clickhouse ClickhouseSpec `json:"clickhouse,omitempty"`

api/v1/zz_generated.deepcopy.go

@@ -4640,6 +4640,64 @@ spec:
                     description: Username for accessing the external ClickHouse.
                     type: string
                 type: object
+              externalPrometheus:
+                description: Use an external Prometheus instance instead of deploying
+                  one.
+                properties:
+                  basicAuth:
+                    description: Basic auth credentials.
+                    properties:
+                      password:
+                        type: string
+                      passwordSecret:
+                        description: Secret containing password. If specified, this
+                          takes precedence over the Password field.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must
+                              be a valid secret key.
+                            type: string
+                          name:
+                            default: ""
+                            description: |-
+                              Name of the referent.
+                              This field is effectively required, but due to backwards compatibility is
+                              allowed to be empty. Instances of this type with an empty value here are
+                              almost certainly wrong.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                            type: string
+                          optional:
+                            description: Specify whether the Secret or its key must
+                              be defined
+                            type: boolean
+                        required:
+                        - key
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      username:
+                        type: string
+                    type: object
+                  customHeaders:
+                    additionalProperties:
+                      type: string
+                    description: Custom headers to include in requests to the Prometheus
+                      server.
+                    type: object
+                  remoteWriteURL:
+                    description: The URL for metric ingestion though the Prometheus
+                      Remote Write protocol (optional).
+                    pattern: ^https?://.+$
+                    type: string
+                  tlsSkipVerify:
+                    description: Whether to skip verification of the Prometheus server's
+                      TLS certificate.
+                    type: boolean
+                  url:
+                    description: http(s)://IP:Port or http(s)://Domain:Port or http(s)://Service
+                      Name:Port
+                    pattern: ^https?://.+$
+                    type: string
+                type: object
               ingress:
                 description: Ingress configuration for Coroot.
                 properties:

config/crd/coroot.com_coroots.yaml

@@ -139,10 +139,14 @@ func (r *CorootReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	}
 	r.CreateOrUpdateIngress(ctx, cr, r.corootIngress(cr), cr.Spec.Ingress == nil)
 
-	r.CreateOrUpdateServiceAccount(ctx, cr, "prometheus", sccNonroot)
-	r.CreateOrUpdatePVC(ctx, cr, r.prometheusPVC(cr), cr.Spec.Prometheus.Storage.ReclaimPolicy)
-	r.CreateOrUpdateDeployment(ctx, cr, r.prometheusDeployment(cr))
-	r.CreateOrUpdateService(ctx, cr, r.prometheusService(cr))
+	if cr.Spec.ExternalPrometheus == nil {
+		r.CreateOrUpdateServiceAccount(ctx, cr, "prometheus", sccNonroot)
+		r.CreateOrUpdatePVC(ctx, cr, r.prometheusPVC(cr), cr.Spec.Prometheus.Storage.ReclaimPolicy)
+		r.CreateOrUpdateDeployment(ctx, cr, r.prometheusDeployment(cr))
+		r.CreateOrUpdateService(ctx, cr, r.prometheusService(cr))
+	} else {
+		// TODO: delete
+	}
 
 	if cr.Spec.ExternalClickhouse == nil {
 		r.CreateSecret(ctx, cr, r.clickhouseSecret(cr))

controller/controller.go

@@ -157,7 +157,6 @@ func (r *CorootReconciler) corootStatefulSet(cr *corootv1.Coroot) *appsv1.Statef
 
 	env := []corev1.EnvVar{
 		{Name: "GLOBAL_REFRESH_INTERVAL", Value: refreshInterval},
-		{Name: "GLOBAL_PROMETHEUS_URL", Value: fmt.Sprintf("http://%s-prometheus.%s:9090", cr.Name, cr.Namespace)},
 		{Name: "INSTALLATION_TYPE", Value: "k8s-operator"},
 	}
 	if cr.Spec.CacheTTL.Duration > 0 {
@@ -179,6 +178,39 @@ func (r *CorootReconciler) corootStatefulSet(cr *corootv1.Coroot) *appsv1.Statef
 		env = append(env, corev1.EnvVar{Name: "LICENSE_KEY", Value: cr.Spec.EnterpriseEdition.LicenseKey})
 	}
 
+	if ep := cr.Spec.ExternalPrometheus; ep != nil {
+		env = append(env,
+			corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_URL", Value: ep.URL},
+		)
+		if ep.TLSSkipVerify {
+			env = append(env, corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_TLS_SKIP_VERIFY", Value: "true"})
+		}
+		if customHeaders := ep.CustomHeaders; len(customHeaders) > 0 {
+			var headers []string
+			for name, value := range customHeaders {
+				headers = append(headers, fmt.Sprintf("%s=%s", name, value))
+			}
+			env = append(env, corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_CUSTOM_HEADERS", Value: strings.Join(headers, "\n")})
+		}
+		if basicAuth := ep.BasicAuth; basicAuth != nil {
+			env = append(env, corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_USER", Value: basicAuth.Username})
+			password := corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_PASSWORD"}
+			if basicAuth.PasswordSecret != nil {
+				password.ValueFrom = &corev1.EnvVarSource{SecretKeyRef: basicAuth.PasswordSecret}
+			} else {
+				password.Value = basicAuth.Password
+			}
+			env = append(env, password)
+		}
+		if ep.RemoteWriteUrl != "" {
+			env = append(env, corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_REMOTE_WRITE_URL", Value: ep.RemoteWriteUrl})
+		}
+	} else {
+		env = append(env,
+			corev1.EnvVar{Name: "GLOBAL_PROMETHEUS_URL", Value: fmt.Sprintf("http://%s-prometheus.%s:9090", cr.Name, cr.Namespace)},
+		)
+	}
+
 	if ec := cr.Spec.ExternalClickhouse; ec != nil {
 		env = append(env,
 			corev1.EnvVar{Name: "GLOBAL_CLICKHOUSE_ADDRESS", Value: ec.Address},