[stable/concourse] Segregate Prometheus service from Web service #10881

cirocosta · 2019-01-24T19:06:06Z

Hey,

With the addition of the Prometheus port to web-svc in #6338, an operator exposing the web service publicly using the service type LoadBalancer ends up exposing their metrics out there.

For instance:

web:
  service:
    type: LoadBalancer
    loadBalancerIP: 1.2.3.4
concourse:
  web:
    prometheus:
      enabled: true

produces:

# Source: concourse/templates/web-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: release-name-web
  labels:
    app: release-name-web
    chart: "concourse-3.6.2"
    release: "release-name"
    heritage: "Tiller"
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9391"
spec:
  type: LoadBalancer
  loadBalancerIP: 1.2.3.4
  ports:
    - name: atc
      port: 8080
      targetPort: atc
    - name: tsa
      port: 2222
      targetPort: tsa
    - name: prometheus
      port: 9391
      targetPort: prometheus
  selector:
    app: release-name-web

It seems to me that to solve that while still supporting the use case described in the PR mentioned above, we could have a separate Prometheus service.

Maybe that is something that we could enable by default to be backward compatible, but leave that configurable under a separate field.

For instance:

web:
  service:
    type: LoadBalancer
    loadBalancerIP: 1.2.3.4
concourse:
  web:
    prometheus:
      enabled: true

prometheus:
  service:
    enabled: true
    # some additional properties ...

With such configuration, the following scenarios could exist:

web service w/ Prometheus scraping the pods directly (from user-configured additional pod annotations);
web service w/ Prometheus scraping the separate service (private); and
web service w/ Prometheus scraping the separate service (public).

Wdyt?

Thanks!

cc @william-tran

The text was updated successfully, but these errors were encountered:

stale · 2019-02-23T19:21:53Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

cirocosta · 2019-02-23T20:03:08Z

#11289 (comment) 🙌

stale · 2019-03-25T20:37:05Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale · 2019-04-08T20:39:27Z

This issue is being automatically closed due to inactivity.

ghost mentioned this issue Feb 8, 2019

[stable/concourse]: Add ServiceMonitor #11289

Closed

3 tasks

stale bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 23, 2019

stale bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 23, 2019

stale bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 25, 2019

stale bot closed this as completed Apr 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable/concourse] Segregate Prometheus service from Web service #10881

[stable/concourse] Segregate Prometheus service from Web service #10881

cirocosta commented Jan 24, 2019

stale bot commented Feb 23, 2019

cirocosta commented Feb 23, 2019

stale bot commented Mar 25, 2019

stale bot commented Apr 8, 2019

[stable/concourse] Segregate Prometheus service from Web service #10881

[stable/concourse] Segregate Prometheus service from Web service #10881

Comments

cirocosta commented Jan 24, 2019

stale bot commented Feb 23, 2019

cirocosta commented Feb 23, 2019

stale bot commented Mar 25, 2019

stale bot commented Apr 8, 2019