From b5519f40ffcd24de146ce2eed3ee05b6a96e8d4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Tue, 15 Aug 2023 11:49:33 +0200 Subject: [PATCH] update / template labels / use appVersion as tag (#3692) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- .../prometheus-postgres-exporter/Chart.yaml | 4 +- charts/prometheus-postgres-exporter/README.md | 10 + .../templates/_helpers.tpl | 39 +-- .../templates/configmap.yaml | 12 +- .../templates/deployment.yaml | 70 ++-- .../templates/networkpolicy.yaml | 4 +- .../templates/pdb.yaml | 10 +- .../templates/podsecuritypolicy.yaml | 39 --- .../templates/prometheusrule.yaml | 5 +- .../templates/role.yaml | 14 +- .../templates/rolebinding.yaml | 7 +- .../templates/secrets.yaml | 5 +- .../templates/service.yaml | 8 +- .../templates/serviceaccount.yaml | 5 +- .../templates/servicemonitor.yaml | 4 +- .../prometheus-postgres-exporter/values.yaml | 328 ++---------------- 16 files changed, 103 insertions(+), 461 deletions(-) delete mode 100644 charts/prometheus-postgres-exporter/templates/podsecuritypolicy.yaml diff --git a/charts/prometheus-postgres-exporter/Chart.yaml b/charts/prometheus-postgres-exporter/Chart.yaml index c02430abe67d..f71cd028b7a4 100644 --- a/charts/prometheus-postgres-exporter/Chart.yaml +++ b/charts/prometheus-postgres-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "0.13.1" +appVersion: "v0.13.2" description: A Helm chart for prometheus postgres-exporter name: prometheus-postgres-exporter -version: 4.8.0 +version: 5.0.0 home: https://github.com/prometheus-community/postgres_exporter sources: - https://github.com/prometheus-community/postgres_exporter diff --git a/charts/prometheus-postgres-exporter/README.md b/charts/prometheus-postgres-exporter/README.md index 7374ea2c6be2..17d91d1cd0cb 100644 --- a/charts/prometheus-postgres-exporter/README.md +++ b/charts/prometheus-postgres-exporter/README.md @@ -40,6 +40,16 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## Upgrading +### To 5.0.0 + +Deprecated options `auto-discover-databases`, `constantLabels`, `exclude-databases` & `include-databases` has been removed. +Deprecated custom query config has been removed. +Deprecated PodSecurityPolicy and K8S beta API versions have been removed. +Chart.yaml appVersion field is used as default image tag. +Labels are templated now. +Add default securityContext and PodSecurityContext. +LivenessProbe timeout has been raised to 3. + ### To 4.6.0 This release adds functionality to template the variables inside `config.datasource` by means of allowing the `tpl` function in the resources that make use of it. This functionality is useful when you want to do sub-charting (e.g. in a postgres chart) and you want to avoid the duplication of variables inside `config.datasource`. diff --git a/charts/prometheus-postgres-exporter/templates/_helpers.tpl b/charts/prometheus-postgres-exporter/templates/_helpers.tpl index 1efcd99189f3..53e0f15a6ce4 100644 --- a/charts/prometheus-postgres-exporter/templates/_helpers.tpl +++ b/charts/prometheus-postgres-exporter/templates/_helpers.tpl @@ -31,6 +31,25 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Common labels +*/}} +{{- define "prometheus-postgres-exporter.labels" -}} +chart: {{ include "prometheus-postgres-exporter.chart" . }} +{{ include "prometheus-postgres-exporter.selectorLabels" . }} +heritage: {{ .Release.Service }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "prometheus-postgres-exporter.selectorLabels" -}} +app: {{ include "prometheus-postgres-exporter.name" . }} +release: {{ .Release.Name }} +{{- end }} {{/* Create the name of the service account to use @@ -50,23 +69,3 @@ Set DATA_SOURCE_URI environment variable {{- define "prometheus-postgres-exporter.data_source_uri" -}} {{ printf "%s:%d/%s?sslmode=%s&%s" (tpl .Values.config.datasource.host .) (tpl .Values.config.datasource.port . | int) (tpl .Values.config.datasource.database .) (tpl .Values.config.datasource.sslmode .) (tpl .Values.config.datasource.extraParams .) | trimSuffix "&" | quote }} {{- end }} - -{{/* -Return the appropriate apiVersion for rbac. -*/}} -{{- define "rbac.apiVersion" -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* Get Policy API Version */}} -{{- define "prometheus-postgres-exporter.pdb.apiVersion" -}} -{{- if .Capabilities.APIVersions.Has "policy/v1" }} -{{- print "policy/v1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/prometheus-postgres-exporter/templates/configmap.yaml b/charts/prometheus-postgres-exporter/templates/configmap.yaml index acc588eafbc8..17960c22491e 100644 --- a/charts/prometheus-postgres-exporter/templates/configmap.yaml +++ b/charts/prometheus-postgres-exporter/templates/configmap.yaml @@ -1,15 +1,11 @@ -{{- if not .Values.config.externalQueries.enabled }} +{{- if .Values.config.postgresExporter }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} data: - allow-snippet-annotations: "false" - config.yaml: | - {{- tpl (mergeOverwrite (tpl .Values.config.queries . | fromYaml) (tpl .Values.config.userQueries . | fromYaml) | toYaml) . | nindent 4 }} + postgres_exporter.yml: | + {{ tpl .Values.config.postgresExporter . | nindent 4 }} {{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/deployment.yaml b/charts/prometheus-postgres-exporter/templates/deployment.yaml index 91d700a536bd..8635e9237ec1 100644 --- a/charts/prometheus-postgres-exporter/templates/deployment.yaml +++ b/charts/prometheus-postgres-exporter/templates/deployment.yaml @@ -6,10 +6,7 @@ kind: Deployment metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- with .Values.deployment.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -21,21 +18,19 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | trim | indent 8 }} -{{- end }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.annotations }} -{{ toYaml .Values.annotations | indent 8 }} -{{- end }} + {{- with .Values.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} serviceAccountName: {{ template "prometheus-postgres-exporter.serviceAccountName" . }} @@ -56,7 +51,7 @@ spec: containers: - name: {{ .Chart.Name }} args: - - "--extend.query-path=/etc/config.yaml" + - "--config.file=/etc/postgres_exporter.yml" - "--web.listen-address=:{{ .Values.service.targetPort }}" {{- if .Values.config.disableCollectorDatabase }} - "--no-collector.database" @@ -70,21 +65,6 @@ spec: {{- if .Values.config.disableSettingsMetrics }} - "--disable-settings-metrics" {{- end }} - {{- if .Values.config.autoDiscoverDatabases }} - - "--auto-discover-databases" - {{- if .Values.config.excludeDatabases }} - - "--exclude-databases" - - {{ .Values.config.excludeDatabases | join "," }} - {{- end }} - {{- if .Values.config.includeDatabases }} - - "--include-databases" - - {{ .Values.config.includeDatabases | join "," }} - {{- end }} - {{- end }} - {{- if .Values.config.constantLabels }} - {{ $firstLabel := true -}} - - "--constantLabels={{- range $k, $v := .Values.config.constantLabels }}{{- if not $firstLabel -}},{{ end -}}{{ $firstLabel = false -}}{{ $k }}={{ $v }}{{- end }}" - {{- end }} {{- if .Values.config.logLevel }} - "--log.level={{ .Values.config.logLevel }}" {{- end}} @@ -148,7 +128,7 @@ spec: {{ toYaml . | nindent 10 }} {{- end }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.command }} command: @@ -177,12 +157,14 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - - name: queries - mountPath: /etc/config.yaml - subPath: config.yaml -{{- with .Values.extraVolumeMounts }} -{{ toYaml . | indent 12 }} -{{- end }} + {{- if .Values.config.postgresExporter }} + - name: postgres-exporter + mountPath: /etc/postgres_exporter.yml + subPath: postgres_exporter.yml + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{ toYaml . | nindent 12 }} + {{- end }} {{- with .Values.extraContainers }} {{ toYaml . | indent 8 }} {{- end }} @@ -203,14 +185,12 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: + {{- if .Values.config.postgresExporter }} - configMap: defaultMode: 420 - {{- if not .Values.config.externalQueries.enabled }} name: {{ template "prometheus-postgres-exporter.fullname" . }} - {{- else }} - name: {{ .Values.config.externalQueries.configmap }} - {{- end }} - name: queries -{{- with .Values.extraVolumes }} -{{ toYaml . | indent 6 }} -{{- end }} + name: postgres-exporter + {{- end }} + {{- with .Values.extraVolumes }} + {{ toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/networkpolicy.yaml b/charts/prometheus-postgres-exporter/templates/networkpolicy.yaml index 38a802c0417a..ee4c9129524d 100644 --- a/charts/prometheus-postgres-exporter/templates/networkpolicy.yaml +++ b/charts/prometheus-postgres-exporter/templates/networkpolicy.yaml @@ -4,14 +4,14 @@ kind: NetworkPolicy metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- if .Values.networkPolicy.labels }} {{ toYaml .Values.networkPolicy.labels | indent 4 }} {{- end }} spec: podSelector: matchLabels: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} policyTypes: - Ingress ingress: diff --git a/charts/prometheus-postgres-exporter/templates/pdb.yaml b/charts/prometheus-postgres-exporter/templates/pdb.yaml index d44300fcaaf6..135a9457c6a7 100644 --- a/charts/prometheus-postgres-exporter/templates/pdb.yaml +++ b/charts/prometheus-postgres-exporter/templates/pdb.yaml @@ -1,17 +1,13 @@ {{- if .Values.podDisruptionBudget.enabled }} -apiVersion: {{ include "prometheus-postgres-exporter.pdb.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} spec: maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} selector: matchLabels: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/podsecuritypolicy.yaml b/charts/prometheus-postgres-exporter/templates/podsecuritypolicy.yaml deleted file mode 100644 index a5c464610c00..000000000000 --- a/charts/prometheus-postgres-exporter/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus-postgres-exporter.fullname" . }} - labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' - apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'RunAsAny' - fsGroup: - rule: 'RunAsAny' - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/prometheusrule.yaml b/charts/prometheus-postgres-exporter/templates/prometheusrule.yaml index f974b76300ac..facea6567322 100644 --- a/charts/prometheus-postgres-exporter/templates/prometheusrule.yaml +++ b/charts/prometheus-postgres-exporter/templates/prometheusrule.yaml @@ -7,10 +7,7 @@ metadata: namespace: {{ . }} {{- end }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- with .Values.prometheusRule.additionalLabels }} {{ toYaml . | indent 4 }} {{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/role.yaml b/charts/prometheus-postgres-exporter/templates/role.yaml index a26045ea2fba..944bf67f97e7 100644 --- a/charts/prometheus-postgres-exporter/templates/role.yaml +++ b/charts/prometheus-postgres-exporter/templates/role.yaml @@ -1,18 +1,8 @@ {{- if .Values.rbac.create }} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "prometheus-postgres-exporter.fullname" . }}] -{{- end }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- end }} diff --git a/charts/prometheus-postgres-exporter/templates/rolebinding.yaml b/charts/prometheus-postgres-exporter/templates/rolebinding.yaml index c8f62645cd88..226995183206 100644 --- a/charts/prometheus-postgres-exporter/templates/rolebinding.yaml +++ b/charts/prometheus-postgres-exporter/templates/rolebinding.yaml @@ -1,13 +1,10 @@ {{- if .Values.rbac.create -}} -apiVersion: {{ template "rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/prometheus-postgres-exporter/templates/secrets.yaml b/charts/prometheus-postgres-exporter/templates/secrets.yaml index 8c6b2e139e32..0c0b758bb796 100644 --- a/charts/prometheus-postgres-exporter/templates/secrets.yaml +++ b/charts/prometheus-postgres-exporter/templates/secrets.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "prometheus-postgres-exporter.fullname" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} type: Opaque data: data_source_password: {{ tpl (.Values.config.datasource.password | default "somepaswword") . | b64enc }} diff --git a/charts/prometheus-postgres-exporter/templates/service.yaml b/charts/prometheus-postgres-exporter/templates/service.yaml index 55aaad5a4ab4..1978b383167b 100644 --- a/charts/prometheus-postgres-exporter/templates/service.yaml +++ b/charts/prometheus-postgres-exporter/templates/service.yaml @@ -7,10 +7,7 @@ metadata: {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- if .Values.service.labels }} {{ toYaml .Values.service.labels | trim | indent 4 }} {{- end }} @@ -22,5 +19,4 @@ spec: protocol: TCP name: {{ .Values.service.name }} selector: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 4 }} diff --git a/charts/prometheus-postgres-exporter/templates/serviceaccount.yaml b/charts/prometheus-postgres-exporter/templates/serviceaccount.yaml index 650c0cf74cac..9263040c7de5 100644 --- a/charts/prometheus-postgres-exporter/templates/serviceaccount.yaml +++ b/charts/prometheus-postgres-exporter/templates/serviceaccount.yaml @@ -5,10 +5,7 @@ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} metadata: name: {{ template "prometheus-postgres-exporter.serviceAccountName" . }} labels: - app: {{ template "prometheus-postgres-exporter.name" . }} - chart: {{ template "prometheus-postgres-exporter.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{- if .Values.serviceAccount.annotations }} annotations: {{ toYaml .Values.serviceAccount.annotations }} diff --git a/charts/prometheus-postgres-exporter/templates/servicemonitor.yaml b/charts/prometheus-postgres-exporter/templates/servicemonitor.yaml index 112581143730..5cc41c4be8a5 100644 --- a/charts/prometheus-postgres-exporter/templates/servicemonitor.yaml +++ b/charts/prometheus-postgres-exporter/templates/servicemonitor.yaml @@ -4,6 +4,7 @@ kind: ServiceMonitor metadata: {{- if .Values.serviceMonitor.labels }} labels: + {{- include "prometheus-postgres-exporter.labels" . | nindent 4 }} {{ toYaml .Values.serviceMonitor.labels | indent 4}} {{- end }} name: {{ template "prometheus-postgres-exporter.fullname" . }} @@ -36,8 +37,7 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - app: {{ template "prometheus-postgres-exporter.name" . }} - release: {{ .Release.Name }} + {{- include "prometheus-postgres-exporter.selectorLabels" . | nindent 6 }} {{- if .Values.serviceMonitor.targetLabels }} targetLabels: {{- range .Values.serviceMonitor.targetLabels }} diff --git a/charts/prometheus-postgres-exporter/values.yaml b/charts/prometheus-postgres-exporter/values.yaml index add817c740d4..678574154bca 100644 --- a/charts/prometheus-postgres-exporter/values.yaml +++ b/charts/prometheus-postgres-exporter/values.yaml @@ -1,12 +1,9 @@ -# Default values for prometheus-postgres-exporter. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - replicaCount: 1 image: repository: quay.io/prometheuscommunity/postgres-exporter - tag: v0.13.1 + # if not set appVersion field from Chart.yaml is used + tag: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -79,8 +76,6 @@ resources: {} rbac: # Specifies whether RBAC resources should be created create: true - # Specifies whether a PodSecurityPolicy should be created - pspEnabled: true serviceAccount: # Specifies whether a ServiceAccount should be created @@ -101,25 +96,22 @@ networkPolicy: # The securityContext of the pod. # See https://kubernetes.io/docs/concepts/policy/security-context/ for more. -podSecurityContext: {} - # runAsUser: 1001 - # runAsGroup: 1001 - # runAsNonRoot: true - # seccompProfile: - # type: RuntimeDefault +podSecurityContext: + runAsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault # The securityContext of the container. # See https://kubernetes.io/docs/concepts/policy/security-context/ for more. -securityContext: {} - # runAsUser: 1001 - # runAsGroup: 1001 - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # allowPrivilegeEscalation: false - # capabilities: - # drop: ["ALL"] - # seccompProfile: - # type: RuntimeDefault +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true hostAliases: [] # Set Host Aliases as per https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ @@ -169,289 +161,23 @@ config: disableCollectorBgwriter: false disableDefaultMetrics: false disableSettingsMetrics: false - autoDiscoverDatabases: false - excludeDatabases: [] - # autoDiscoverDatabases must be true for excludeDatabases to be considered - includeDatabases: [] - # autoDiscoverDatabases must be true for includeDatabases to be considered - constantLabels: {} + # possible values debug, info, warn, error, fatal logLevel: "" # possible values logfmt, json logFormat: "" extraArgs: [] - # Enable queries from an external configmap, enable it will disable inline queries below - externalQueries: - enabled: false - configmap: postgresql-common-exporter-queries - # These are the default queries that the exporter will run, extracted from: https://github.com/prometheus-community/postgres_exporter/blob/master/queries.yaml - queries: |- - pg_replication: - query: "SELECT CASE WHEN NOT pg_is_in_recovery() THEN 0 ELSE GREATEST (0, EXTRACT(EPOCH FROM (now() - pg_last_xact_replay_timestamp()))) END AS lag" - master: true - metrics: - - lag: - usage: "GAUGE" - description: "Replication lag behind master in seconds" - - pg_postmaster: - query: "SELECT pg_postmaster_start_time as start_time_seconds from pg_postmaster_start_time()" - master: true - metrics: - - start_time_seconds: - usage: "GAUGE" - description: "Time at which postmaster started" - - pg_stat_user_tables: - query: | - SELECT - current_database() datname, - schemaname, - relname, - seq_scan, - seq_tup_read, - idx_scan, - idx_tup_fetch, - n_tup_ins, - n_tup_upd, - n_tup_del, - n_tup_hot_upd, - n_live_tup, - n_dead_tup, - n_mod_since_analyze, - COALESCE(last_vacuum, '1970-01-01Z') as last_vacuum, - COALESCE(last_autovacuum, '1970-01-01Z') as last_autovacuum, - COALESCE(last_analyze, '1970-01-01Z') as last_analyze, - COALESCE(last_autoanalyze, '1970-01-01Z') as last_autoanalyze, - vacuum_count, - autovacuum_count, - analyze_count, - autoanalyze_count - FROM - pg_stat_user_tables - metrics: - - datname: - usage: "LABEL" - description: "Name of current database" - - schemaname: - usage: "LABEL" - description: "Name of the schema that this table is in" - - relname: - usage: "LABEL" - description: "Name of this table" - - seq_scan: - usage: "COUNTER" - description: "Number of sequential scans initiated on this table" - - seq_tup_read: - usage: "COUNTER" - description: "Number of live rows fetched by sequential scans" - - idx_scan: - usage: "COUNTER" - description: "Number of index scans initiated on this table" - - idx_tup_fetch: - usage: "COUNTER" - description: "Number of live rows fetched by index scans" - - n_tup_ins: - usage: "COUNTER" - description: "Number of rows inserted" - - n_tup_upd: - usage: "COUNTER" - description: "Number of rows updated" - - n_tup_del: - usage: "COUNTER" - description: "Number of rows deleted" - - n_tup_hot_upd: - usage: "COUNTER" - description: "Number of rows HOT updated (i.e., with no separate index update required)" - - n_live_tup: - usage: "GAUGE" - description: "Estimated number of live rows" - - n_dead_tup: - usage: "GAUGE" - description: "Estimated number of dead rows" - - n_mod_since_analyze: - usage: "GAUGE" - description: "Estimated number of rows changed since last analyze" - - last_vacuum: - usage: "GAUGE" - description: "Last time at which this table was manually vacuumed (not counting VACUUM FULL)" - - last_autovacuum: - usage: "GAUGE" - description: "Last time at which this table was vacuumed by the autovacuum daemon" - - last_analyze: - usage: "GAUGE" - description: "Last time at which this table was manually analyzed" - - last_autoanalyze: - usage: "GAUGE" - description: "Last time at which this table was analyzed by the autovacuum daemon" - - vacuum_count: - usage: "COUNTER" - description: "Number of times this table has been manually vacuumed (not counting VACUUM FULL)" - - autovacuum_count: - usage: "COUNTER" - description: "Number of times this table has been vacuumed by the autovacuum daemon" - - analyze_count: - usage: "COUNTER" - description: "Number of times this table has been manually analyzed" - - autoanalyze_count: - usage: "COUNTER" - description: "Number of times this table has been analyzed by the autovacuum daemon" - pg_statio_user_tables: - query: "SELECT current_database() datname, schemaname, relname, heap_blks_read, heap_blks_hit, idx_blks_read, idx_blks_hit, toast_blks_read, toast_blks_hit, tidx_blks_read, tidx_blks_hit FROM pg_statio_user_tables" - metrics: - - datname: - usage: "LABEL" - description: "Name of current database" - - schemaname: - usage: "LABEL" - description: "Name of the schema that this table is in" - - relname: - usage: "LABEL" - description: "Name of this table" - - heap_blks_read: - usage: "COUNTER" - description: "Number of disk blocks read from this table" - - heap_blks_hit: - usage: "COUNTER" - description: "Number of buffer hits in this table" - - idx_blks_read: - usage: "COUNTER" - description: "Number of disk blocks read from all indexes on this table" - - idx_blks_hit: - usage: "COUNTER" - description: "Number of buffer hits in all indexes on this table" - - toast_blks_read: - usage: "COUNTER" - description: "Number of disk blocks read from this table's TOAST table (if any)" - - toast_blks_hit: - usage: "COUNTER" - description: "Number of buffer hits in this table's TOAST table (if any)" - - tidx_blks_read: - usage: "COUNTER" - description: "Number of disk blocks read from this table's TOAST table indexes (if any)" - - tidx_blks_hit: - usage: "COUNTER" - description: "Number of buffer hits in this table's TOAST table indexes (if any)" - - # WARNING: This set of metrics can be very expensive on a busy server as every unique query executed will create an additional time series - pg_stat_statements: - query: "SELECT t2.rolname, t3.datname, queryid, calls, ( total_plan_time + total_exec_time ) / 1000 as total_time_seconds, ( min_plan_time + min_exec_time ) / 1000 as min_time_seconds, ( max_plan_time + max_exec_time ) / 1000 as max_time_seconds, ( mean_plan_time + mean_exec_time ) / 1000 as mean_time_seconds, ( stddev_plan_time + stddev_exec_time ) / 1000 as stddev_time_seconds, rows, shared_blks_hit, shared_blks_read, shared_blks_dirtied, shared_blks_written, local_blks_hit, local_blks_read, local_blks_dirtied, local_blks_written, temp_blks_read, temp_blks_written, blk_read_time / 1000 as blk_read_time_seconds, blk_write_time / 1000 as blk_write_time_seconds FROM pg_stat_statements t1 JOIN pg_roles t2 ON (t1.userid=t2.oid) JOIN pg_database t3 ON (t1.dbid=t3.oid) WHERE t2.rolname != 'rdsadmin' AND queryid IS NOT NULL" - master: true - metrics: - - rolname: - usage: "LABEL" - description: "Name of user" - - datname: - usage: "LABEL" - description: "Name of database" - - queryid: - usage: "LABEL" - description: "Query ID" - - calls: - usage: "COUNTER" - description: "Number of times executed" - - total_time_seconds: - usage: "COUNTER" - description: "Total time spent in the statement, in milliseconds" - - min_time_seconds: - usage: "GAUGE" - description: "Minimum time spent in the statement, in milliseconds" - - max_time_seconds: - usage: "GAUGE" - description: "Maximum time spent in the statement, in milliseconds" - - mean_time_seconds: - usage: "GAUGE" - description: "Mean time spent in the statement, in milliseconds" - - stddev_time_seconds: - usage: "GAUGE" - description: "Population standard deviation of time spent in the statement, in milliseconds" - - rows: - usage: "COUNTER" - description: "Total number of rows retrieved or affected by the statement" - - shared_blks_hit: - usage: "COUNTER" - description: "Total number of shared block cache hits by the statement" - - shared_blks_read: - usage: "COUNTER" - description: "Total number of shared blocks read by the statement" - - shared_blks_dirtied: - usage: "COUNTER" - description: "Total number of shared blocks dirtied by the statement" - - shared_blks_written: - usage: "COUNTER" - description: "Total number of shared blocks written by the statement" - - local_blks_hit: - usage: "COUNTER" - description: "Total number of local block cache hits by the statement" - - local_blks_read: - usage: "COUNTER" - description: "Total number of local blocks read by the statement" - - local_blks_dirtied: - usage: "COUNTER" - description: "Total number of local blocks dirtied by the statement" - - local_blks_written: - usage: "COUNTER" - description: "Total number of local blocks written by the statement" - - temp_blks_read: - usage: "COUNTER" - description: "Total number of temp blocks read by the statement" - - temp_blks_written: - usage: "COUNTER" - description: "Total number of temp blocks written by the statement" - - blk_read_time_seconds: - usage: "COUNTER" - description: "Total time the statement spent reading blocks, in milliseconds (if track_io_timing is enabled, otherwise zero)" - - blk_write_time_seconds: - usage: "COUNTER" - description: "Total time the statement spent writing blocks, in milliseconds (if track_io_timing is enabled, otherwise zero)" - - pg_stat_activity_idle: - query: | - WITH - metrics AS ( - SELECT - application_name, - SUM(EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - state_change))::bigint)::float AS process_seconds_sum, - COUNT(*) AS process_seconds_count - FROM pg_stat_activity - WHERE state = 'idle' - GROUP BY application_name - ), - buckets AS ( - SELECT - application_name, - le, - SUM( - CASE WHEN EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - state_change)) <= le - THEN 1 - ELSE 0 - END - )::bigint AS bucket - FROM - pg_stat_activity, - UNNEST(ARRAY[1, 2, 5, 15, 30, 60, 90, 120, 300]) AS le - GROUP BY application_name, le - ORDER BY application_name, le - ) - SELECT - application_name, - process_seconds_sum, - process_seconds_count, - ARRAY_AGG(le) AS process_seconds, - ARRAY_AGG(bucket) AS process_seconds_bucket - FROM metrics JOIN buckets USING (application_name) - GROUP BY 1, 2, 3 - metrics: - - application_name: - usage: "LABEL" - description: "Application Name" - - process_seconds: - usage: "HISTOGRAM" - description: "Idle time of server processes" - - # These are user-specified queries that are deep merged with the queries above - userQueries: "" + # postgres_exporter.yml + postgresExporter: "" + # auth_modules: + # first: + # type: userpass + # userpass: + # username: first + # password: firstpass + # options: + # sslmode: disable nodeSelector: {} @@ -466,7 +192,7 @@ podLabels: {} # Configurable health checks livenessProbe: initialDelaySeconds: 0 - timeoutSeconds: 1 + timeoutSeconds: 3 readinessProbe: initialDelaySeconds: 0