Skip to content

Commit

Permalink
feat: Add insecure option for Prometheus
Browse files Browse the repository at this point in the history
Signed-off-by: Guillaume Doussin <[email protected]>
  • Loading branch information
OpenGuidou committed Jul 28, 2023
1 parent 8d293d4 commit 62d3dc6
Show file tree
Hide file tree
Showing 13 changed files with 625 additions and 513 deletions.
20 changes: 19 additions & 1 deletion docs/analysis/prometheus.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,27 @@ provider:
roleArn: $ROLEARN
```

# Additional Metadata
## Additional Metadata

Any additional metadata from the Prometheus controller, like the resolved queries after substituting the template's
arguments, etc. will appear under the `Metadata` map in the `MetricsResult` object of `AnalysisRun`.



## Skip TLS verification

You can skip the TLS verification of the prometheus host provided by setting the options `insecure: true`.

```yaml
provider:
prometheus:
address: https://prometheus.example.com
insecure: true
query: |
sum(irate(
istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
)) /
sum(irate(
istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
))
```
18 changes: 18 additions & 0 deletions docs/analysis/web.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,4 +94,22 @@ It is possible to use a POST or PUT requests, by specifying the `method` and eit
nestedObj: nested value
key3: "{{ args.service-name }}"
jsonPath: "{$.data.ok}"
```

### Skip TLS verification

You can skip the TLS verification of the web host provided by setting the options `insecure: true`.

```yaml
metrics:
- name: webmetric
successCondition: "result.ok && result.successPercent >= 0.90"
provider:
web:
url: "https://my-server.com/api/v1/measurement?service={{ args.service-name }}"
insecure: true
headers:
- key: Authorization
value: "Bearer {{ args.api-token }}"
jsonPath: "{$.data}"
```
9 changes: 9 additions & 0 deletions docs/features/kustomize/rollout_cr_schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -4278,6 +4278,9 @@
},
"type": "object"
},
"insecure": {
"type": "boolean"
},
"query": {
"type": "string"
},
Expand Down Expand Up @@ -8672,6 +8675,9 @@
},
"type": "object"
},
"insecure": {
"type": "boolean"
},
"query": {
"type": "string"
},
Expand Down Expand Up @@ -13066,6 +13072,9 @@
},
"type": "object"
},
"insecure": {
"type": "boolean"
},
"query": {
"type": "string"
},
Expand Down
2 changes: 2 additions & 0 deletions manifests/crds/analysis-run-crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2777,6 +2777,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down
2 changes: 2 additions & 0 deletions manifests/crds/analysis-template-crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2773,6 +2773,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down
2 changes: 2 additions & 0 deletions manifests/crds/cluster-analysis-template-crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2773,6 +2773,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down
6 changes: 6 additions & 0 deletions manifests/install.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2778,6 +2778,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down Expand Up @@ -5740,6 +5742,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down Expand Up @@ -8588,6 +8592,8 @@ spec:
type: string
type: object
type: object
insecure:
type: boolean
query:
type: string
timeout:
Expand Down
12 changes: 12 additions & 0 deletions metricproviders/prometheus/prometheus.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@ package prometheus

import (
"context"
"crypto/tls"
"errors"
"fmt"
"net"
"net/http"
"net/url"
"os"
Expand Down Expand Up @@ -183,7 +185,17 @@ func NewPrometheusAPI(metric v1alpha1.Metric) (v1.API, error) {

prometheusApiConfig := api.Config{
Address: metric.Provider.Prometheus.Address,
RoundTripper: &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: metric.Provider.Prometheus.Insecure},
},
}

//Check if using Amazon Managed Prometheus if true build sigv4 client
if strings.Contains(metric.Provider.Prometheus.Address, "aps-workspaces") {
cfg := sigv4.SigV4Config{
Expand Down
1 change: 1 addition & 0 deletions metricproviders/prometheus/prometheus_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,7 @@ func TestNewPrometheusAPI(t *testing.T) {
log.Infof("api:%v", api)

metric.Provider.Prometheus.Address = "https://www.example.com"
metric.Provider.Prometheus.Insecure = true
_, err = NewPrometheusAPI(metric)
assert.Nil(t, err)
}
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/rollouts/v1alpha1/analysis_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,8 @@ type PrometheusMetric struct {
// Timeout represents the duration within which a prometheus query should complete. It is expressed in seconds.
// +optional
Timeout *int64 `json:"timeout,omitempty" protobuf:"bytes,4,opt,name=timeout"`
// Insecure skips host TLS verification
Insecure bool `json:"insecure,omitempty" protobuf:"varint,7,opt,name=insecure"`
}

// PrometheusMetric defines the prometheus query to perform canary analysis
Expand Down
Loading

0 comments on commit 62d3dc6

Please sign in to comment.