Configure Prometheus data source in WatcherAPI controller

amoralej · amoralej · commit caec74434952 · 2025-01-17T16:26:39.000+01:00
This patch is configuring prometheus data source in the watcherapi deployment based on the config values coming from the SubCrs secret and the values of TLS and PrometheusTLSCaCertSecret in the Spec. Note that the config parameters in the config file is taken from a watcher patch which is not merged yet although the config parameters seems to be already agreed [1]. [1] https://review.opendev.org/c/openstack/watcher/+/934423
diff --git a/controllers/watcherapi_controller.go b/controllers/watcherapi_controller.go
@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"time"
 
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -155,6 +156,9 @@ func (r *WatcherAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		[]string{
 			instance.Spec.PasswordSelectors.Service,
 			TransportURLSelector,
+			PrometheusHostKey,
+			PrometheusPortKey,
+			PrometheusTLSKey,
 		},
 		helper.GetClient(),
 		&instance.Status.Conditions,
@@ -268,6 +272,7 @@ func (r *WatcherAPIReconciler) generateServiceConfigs(
 	databaseUsername := string(secret.Data[DatabaseUsername])
 	databaseHostname := string(secret.Data[DatabaseHostname])
 	databasePassword := string(secret.Data[DatabasePassword])
+	prometheusTLS, _ := strconv.ParseBool(string(secret.Data[PrometheusTLSKey]))
 	templateParameters := map[string]interface{}{
 		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?charset=utf8",
 			databaseUsername,
@@ -282,6 +287,10 @@ func (r *WatcherAPIReconciler) generateServiceConfigs(
 		"MemcachedServers": memcachedInstance.GetMemcachedServerListString(),
 		"LogFile":          fmt.Sprintf("%s%s.log", watcher.WatcherLogPath, instance.Name),
 		"APIPublicPort":    fmt.Sprintf("%d", watcher.WatcherPublicPort),
+		"PrometheusHost":   string(secret.Data[PrometheusHostKey]),
+		"PrometheusPort":   string(secret.Data[PrometheusPortKey]),
+		"PrometheusTLS":    prometheusTLS,
+		"PrometheusCaCert": string(secret.Data[PrometheusCaCertKey]),
 	}
 
 	// create httpd  vhost template parameters
diff --git a/pkg/watcher/volumes.go b/pkg/watcher/volumes.go
@@ -110,3 +110,25 @@ func GetKollaConfigVolumeMount(serviceName string) corev1.VolumeMount {
 		ReadOnly:  true,
 	}
 }
+
+// getCustomPrometheusCaVolume - Volume for CA certificate of user deployed Prometheus
+func GetCustomPrometheusCaVolume(secretName string) corev1.Volume {
+	return corev1.Volume{
+		Name: "custom-prometheus-ca",
+		VolumeSource: corev1.VolumeSource{
+			Secret: &corev1.SecretVolumeSource{
+				SecretName: secretName,
+			},
+		},
+	}
+}
+
+// getCustomPrometheusCaVolumeMount - VolumeMount for CA certificate of user deployed Prometheus
+func GetCustomPrometheusCaVolumeMount(fileName string) corev1.VolumeMount {
+	return corev1.VolumeMount{
+		Name:      "custom-prometheus-ca",
+		MountPath: CustomPrometheusCaCertFolderPath + fileName,
+		SubPath:   fileName,
+		ReadOnly:  true,
+	}
+}
diff --git a/pkg/watcherapi/deployment.go b/pkg/watcherapi/deployment.go
@@ -67,6 +67,18 @@ func Deployment(
 	}
 	apiVolumeMounts = append(apiVolumeMounts, watcher.GetLogVolumeMount()...)
 
+	// Create mount for bundle CA if defined in TLS.CaBundleSecretName
+	if instance.Spec.TLS.CaBundleSecretName != "" {
+		apiVolumes = append(apiVolumes, instance.Spec.TLS.CreateVolume())
+		apiVolumeMounts = append(apiVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
+	}
+
+	// add prometheus CA cert if defined
+	if instance.Spec.PrometheusTLSCaCertSecret != nil {
+		apiVolumes = append(apiVolumes, watcher.GetCustomPrometheusCaVolume(instance.Spec.PrometheusTLSCaCertSecret.Name))
+		apiVolumeMounts = append(apiVolumeMounts, watcher.GetCustomPrometheusCaVolumeMount(instance.Spec.PrometheusTLSCaCertSecret.Key))
+	}
+
 	deployment := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      fmt.Sprintf("%s-api", instance.Name),
diff --git a/templates/watcher/config/00-default.conf b/templates/watcher/config/00-default.conf
@@ -59,3 +59,13 @@ datasources = ceilometer
 [cache]
 memcached_servers = {{ .MemcachedServers }}
 {{ end }}
+
+{{ if (index . "PrometheusHost") }}
+[prometheus_client]
+host = {{ .PrometheusHost }}
+port = {{ .PrometheusPort }}
+fqdn_label = fqdn
+{{ if (index . "PrometheusTLS") }}
+cafile = {{ .PrometheusCaCert }}
+{{ end }}
+{{ end }}
diff --git a/tests/functional/watcher_controller_test.go b/tests/functional/watcher_controller_test.go
@@ -860,7 +860,7 @@ var _ = Describe("Watcher controller", func() {
 			deployment := th.GetDeployment(watcherTest.WatcherAPIDeployment)
 			Expect(deployment.Spec.Template.Spec.ServiceAccountName).To(Equal("watcher-watcher"))
 			Expect(int(*deployment.Spec.Replicas)).To(Equal(2))
-			Expect(deployment.Spec.Template.Spec.Volumes).To(HaveLen(3))
+			Expect(deployment.Spec.Template.Spec.Volumes).To(HaveLen(5))
 			Expect(deployment.Spec.Template.Spec.Containers).To(HaveLen(2))
 			Expect(deployment.Spec.Selector.MatchLabels).To(Equal(map[string]string{"service": "watcher-api"}))
 
diff --git a/tests/functional/watcherapi_controller_test.go b/tests/functional/watcherapi_controller_test.go
@@ -34,6 +34,8 @@ var _ = Describe("WatcherAPI controller with minimal spec values", func() {
 			Expect(WatcherAPI.Spec.Secret).Should(Equal("osp-secret"))
 			Expect(WatcherAPI.Spec.MemcachedInstance).Should(Equal("memcached"))
 			Expect(WatcherAPI.Spec.PasswordSelectors).Should(Equal(watcherv1beta1.PasswordSelector{Service: "WatcherPassword"}))
+			Expect(WatcherAPI.Spec.TLS.CaBundleSecretName).Should(Equal(""))
+			Expect(WatcherAPI.Spec.PrometheusTLSCaCertSecret).Should(BeNil())
 		})
 
 		It("should have the Status fields initialized", func() {
@@ -111,6 +113,9 @@ var _ = Describe("WatcherAPI controller", func() {
 				map[string][]byte{
 					"WatcherPassword": []byte("service-password"),
 					"transport_url":   []byte("url"),
+					"prometheus_host": []byte("prometheus.example.com"),
+					"prometheus_port": []byte("1234"),
+					"prometheus_tls":  []byte("false"),
 				},
 			)
 			DeferCleanup(k8sClient.Delete, ctx, secret)
@@ -249,6 +254,9 @@ var _ = Describe("WatcherAPI controller", func() {
 					"database_username": []byte("username"),
 					"database_password": []byte("password"),
 					"database_hostname": []byte("hostname"),
+					"prometheus_host":   []byte("prometheus.example.com"),
+					"prometheus_port":   []byte("1234"),
+					"prometheus_tls":    []byte("false"),
 				},
 			)
 			DeferCleanup(k8sClient.Delete, ctx, secret)
@@ -291,6 +299,9 @@ var _ = Describe("WatcherAPI controller", func() {
 					"database_username": []byte("username"),
 					"database_password": []byte("password"),
 					"database_hostname": []byte("hostname"),
+					"prometheus_host":   []byte("prometheus.example.com"),
+					"prometheus_port":   []byte("1234"),
+					"prometheus_tls":    []byte("false"),
 				},
 			)
 			DeferCleanup(k8sClient.Delete, ctx, secret)
