Add ServiceMonitor support to gateway chart

- Add ServiceMonitor template for Prometheus Operator integration
- Add serviceMonitor configuration in values.yaml:
  - enabled: false (default)
  - labels for Prometheus selector
  - scrape interval
- Add ServiceMonitor test to verify Prometheus discovers the target
- Update test.sh to install Prometheus for complete_values test
- Disable ServiceMonitor in nodeport/https tests (no Prometheus)
- Update README.md with new configuration options

Author: RatulDawar

charts/gateway/README.md

@@ -205,6 +205,15 @@ A Helm chart for Trino Gateway
 * `strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}`  
 
   The deployment strategy to use to replace existing pods with new ones.
+* `serviceMonitor.enabled` - bool, default: `false`  
+
+  Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator).
+* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}`  
+
+  Labels for serviceMonitor, so that Prometheus can select it
+* `serviceMonitor.interval` - string, default: `"30s"`  
+
+  The serviceMonitor web endpoint interval
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/gateway/templates/servicemonitor.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "trino-gateway.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "trino-gateway.labels" . | nindent 4 }}
+    {{- if .Values.serviceMonitor.labels }}
+    {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "trino-gateway.selectorLabels" . | nindent 6 }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  endpoints:
+    - port: gateway
+      interval: {{ .Values.serviceMonitor.interval }}
+{{- end }}

charts/gateway/templates/tests/test-servicemonitor.yaml

@@ -0,0 +1,123 @@
+{{- if .Values.serviceMonitor.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "trino-gateway.fullname" . }}-test-servicemonitor
+  labels:
+    {{- include "trino-gateway.labels" . | nindent 4 }}
+    app.kubernetes.io/component: test
+    test: servicemonitor
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  containers:
+    - name: service-monitor
+      image: python:3-slim
+      command: ["python", "/tests/test.py"]
+      args: ["{{ include "trino-gateway.fullname" . }}", "{{ .Values.serviceName }}"]
+      volumeMounts:
+        - name: tests
+          mountPath: /tests
+  volumes:
+    - name: tests
+      configMap:
+        name: {{ include "trino-gateway.fullname" . }}-test-servicemonitor
+  restartPolicy: Never
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "trino-gateway.fullname" . }}-test-servicemonitor
+  labels:
+    {{- include "trino-gateway.labels" . | nindent 4 }}
+    app.kubernetes.io/component: test
+    test: servicemonitor
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": hook-succeeded
+data:
+  test.py: |
+    from urllib.request import urlopen
+    from urllib.error import URLError, HTTPError
+    import json
+    import logging
+    import sys
+    import time
+
+    logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s')
+    logger = logging.getLogger(__name__)
+
+    servicemonitor_name = sys.argv[1]
+    expected_service = sys.argv[2]
+    namespace = "{{ .Release.Namespace }}"
+    url = f"http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets?scrapePool=serviceMonitor/{namespace}/{servicemonitor_name}/0&state=active"
+    all_targets_url = "http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets"
+
+    max_retries = 90  # 3 minutes max (90 * 2 seconds)
+    retry_count = 0
+
+    logger.info(f"Looking for ServiceMonitor '{servicemonitor_name}' in namespace '{namespace}'")
+    logger.info(f"Expected service name: '{expected_service}'")
+
+    while retry_count < max_retries:
+      try:
+        with urlopen(url, timeout=10) as response:
+          data = json.load(response)
+      except (URLError, HTTPError) as e:
+          retry_count += 1
+          logger.warning(f"Error fetching targets (attempt {retry_count}/{max_retries}), Prometheus service might not be ready: {e}")
+          if retry_count >= max_retries:
+              logger.error(f"Failed to connect to Prometheus after {max_retries} attempts")
+              sys.exit(1)
+          time.sleep(2)  # Retry after 2 seconds
+          continue
+
+      try:
+        active_targets = data.get("data", {}).get("activeTargets", [])
+        if not active_targets:
+            retry_count += 1
+            # Log diagnostic info every 10 attempts
+            if retry_count % 10 == 0:
+                try:
+                    with urlopen(all_targets_url, timeout=10) as all_response:
+                        all_data = json.load(all_response)
+                        all_active = all_data.get("data", {}).get("activeTargets", [])
+                        logger.info(f"Prometheus has {len(all_active)} total active targets")
+                        # Find ServiceMonitor scrape pools
+                        servicemonitor_pools = [t.get("scrapePool", "") for t in all_active if "serviceMonitor" in t.get("scrapePool", "")]
+                        if servicemonitor_pools:
+                            logger.info(f"Found ServiceMonitor scrape pools: {servicemonitor_pools[:5]}")  # Show first 5
+                except Exception as e:
+                    logger.debug(f"Could not fetch all targets for diagnostics: {e}")
+            logger.warning(f"No active targets found (attempt {retry_count}/{max_retries}), waiting for ServiceMonitor to be discovered...")
+            if retry_count >= max_retries:
+                logger.error(f"No active targets found after {max_retries} attempts")
+                logger.error(f"ServiceMonitor '{servicemonitor_name}' was not discovered by Prometheus")
+                sys.exit(1)
+            time.sleep(2)  # Retry after 2 seconds
+            continue
+        service_name = active_targets[0]["discoveredLabels"]["__meta_kubernetes_service_name"]
+      except (KeyError, IndexError) as e:
+        retry_count += 1
+        logger.warning(f"Invalid Prometheus response (attempt {retry_count}/{max_retries}): {e}")
+        if retry_count >= max_retries:
+            logger.error(f"Invalid Prometheus response after {max_retries} attempts")
+            sys.exit(1)
+        time.sleep(2)  # Retry after 2 seconds
+        continue
+
+      if service_name == expected_service:
+        logger.info(f"Found expected service '{service_name}' in Prometheus targets!")
+        sys.exit(0)
+      else:
+        retry_count += 1
+        logger.warning(f"Service name mismatch: expected '{expected_service}', got '{service_name}' (attempt {retry_count}/{max_retries})")
+        if retry_count >= max_retries:
+            logger.error(f"Service name mismatch after {max_retries} attempts")
+            sys.exit(1)
+        time.sleep(2)
+
+    logger.error(f"Test failed after {max_retries} attempts")
+    sys.exit(1)
+{{- end }}

charts/gateway/values.yaml

@@ -265,3 +265,13 @@ strategy:
   rollingUpdate:
     maxSurge: 25%
     maxUnavailable: 25%
+
+serviceMonitor:
+  # -- Set to true to create resources for the
+  # [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator).
+  enabled: false
+  # -- Labels for serviceMonitor, so that Prometheus can select it
+  labels:
+    prometheus: kube-prometheus
+  # -- The serviceMonitor web endpoint interval
+  interval: "30s"

tests/gateway/test-https.yaml

@@ -5,6 +5,10 @@ command:
     cat /etc/certificates/tls.crt /etc/certificates/tls.key > /etc/scratch/tls.pem && \
     java -XX:MinRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0 -jar /usr/lib/trino-gateway/gateway-ha-jar-with-dependencies.jar /etc/trino-gateway/config.yaml
 
+# Disable ServiceMonitor - Prometheus is only installed for complete_values test
+serviceMonitor:
+  enabled: false
+
 config:
   serverConfig:
     http-server.http.enabled: false

tests/gateway/test-nodeport.yaml

@@ -6,6 +6,10 @@ config:
     http-server.https.port: 8443
     http-server.https.keystore.path: /etc/scratch/tls.pem
 
+# Disable ServiceMonitor - Prometheus is only installed for complete_values test
+serviceMonitor:
+  enabled: false
+
 service:
   type: NodePort
   ports:

tests/gateway/test-values.yaml

@@ -34,3 +34,9 @@ resources:
   requests:
     cpu: 250m
     memory: 256Mi
+
+serviceMonitor:
+  enabled: true
+  labels:
+    prometheus: default
+  interval: "1s"

tests/gateway/test.sh

@@ -31,6 +31,38 @@ DB_NAMESPACE=postgres-gateway
 kubectl create namespace "${NAMESPACE}" --dry-run=client --output yaml | kubectl apply --filename -
 kubectl create namespace "${DB_NAMESPACE}" --dry-run=client --output yaml | kubectl apply --filename -
 
+# install the Prometheus Helm chart when running the `complete_values` test
+if printf '%s\0' "${TEST_NAMES[@]}" | grep -qwz complete_values; then
+    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+    helm upgrade --install prometheus-operator prometheus-community/kube-prometheus-stack -n "$NAMESPACE" \
+        --version "68.2.1" \
+        --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false \
+        --set prometheus.prometheusSpec.serviceMonitorSelector.matchLabels.prometheus=default \
+        --set grafana.enabled=false \
+        --set alertmanager.enabled=false \
+        --set kubeApiServer.enabled=false \
+        --set kubelet.enabled=false \
+        --set kubeControllerManager.enabled=false \
+        --set coreDns.enabled=false \
+        --set kubeEtcd.enabled=false \
+        --set kubeScheduler.enabled=false \
+        --set kubeProxy.enabled=false \
+        --set kubeStateMetrics.enabled=false \
+        --set nodeExporter.enabled=false \
+        --set prometheusOperator.admissionWebhooks.enabled=false \
+        --set prometheusOperator.kubeletService.enabled=false \
+        --set prometheusOperator.tls.enabled=false \
+        --set prometheusOperator.serviceMonitor.selfMonitor=false \
+        --set prometheus.serviceMonitor.selfMonitor=false
+    kubectl rollout status --watch deployments -l release=prometheus-operator -n "$NAMESPACE"
+    # Wait for Prometheus pod to be ready and give it time to discover ServiceMonitors
+    echo 1>&2 "Waiting for Prometheus to be ready..."
+    kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=prometheus -n "$NAMESPACE" --timeout=300s || true
+    # Give Prometheus Operator time to reconcile and discover ServiceMonitors
+    echo 1>&2 "Waiting for Prometheus to discover ServiceMonitors..."
+    sleep 10
+fi
+
 echo 1>&2 "Generating a self-signed TLS certificate"
 NODE_IP=$(kubectl get nodes -o json  -o jsonpath='{.items[0].status.addresses[0].address}')
 openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
@@ -121,7 +153,7 @@ for test_name in "${TEST_NAMES[@]}"; do
         echo 1>&2 "✅ Test $test_name completed"
     fi
     if [ "$CLEANUP_NAMESPACE" == "true" ]; then
-        for release in $(helm --namespace "$NAMESPACE" ls --all --short | grep -v 'prometheus-operator'); do
+        for release in $(helm --namespace "$NAMESPACE" ls --short | grep -v 'prometheus-operator'); do
             echo 1>&2 "Cleaning up Helm release $release"
             helm --namespace "$NAMESPACE" delete "$release"
         done
@@ -131,6 +163,7 @@ done
 if [ "$CLEANUP_NAMESPACE" == "true" ]; then
     helm -n "$DB_NAMESPACE" uninstall gateway-backend-db --ignore-not-found
     kubectl delete namespace "$DB_NAMESPACE" --ignore-not-found
+    helm -n "$NAMESPACE" uninstall prometheus-operator --ignore-not-found
     kubectl delete namespace "$NAMESPACE" --ignore-not-found
     mapfile -t crds < <(kubectl api-resources --api-group=monitoring.coreos.com --output name)
     if [ ${#crds[@]} -ne 0 ]; then