search

curityio / idsvr-helm

This repository contains the Curity Identity Server helm chart source code.
Apache License 2.0
10 stars 21 forks source link

Added a role label to services as required by service monitor for aut… #24

Closed gary-archer closed 3 years ago

gary-archer commented 3 years ago

Prometheus comes with a custom Kubernetes resource called service monitor. This can be used to feed metrics from the metrics endpoint of the Curity Identity Server into Prometheus. By default I would specify this:

kind: ServiceMonitor
apiVersion: monitoring.coreos.com/v1
metadata:
  name: curity-idsvr-runtime
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: idsvr
  endpoints:
    - port: metrics

But this matches both Admin and Runtime services for each pod, causing metrics entries to be duplicated, and the data is wrong:

nodes-in-prometheus

It feels like the only good way to solve this problem is via labels, which is the only option service monitors support:

kind: ServiceMonitor
apiVersion: monitoring.coreos.com/v1
metadata:
  name: curity-idsvr-runtime
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: idsvr
      role: curity-idsvr-runtime
  endpoints:
    - port: metrics

Writing an extra service label for all customers is what I've done so far, though I could change what I've done to derive from a new custom labels setting in the values file if reviewers prefer that option.