Use exporter's TLS support and remove metrics_proxy
This commit is contained in:
parent
594cae279d
commit
a36c1ac6b7
|
@ -177,8 +177,6 @@ _EOT
|
|||
[[- if conv.ToBool $c.prometheus.enabled ]]
|
||||
[[- $e := merge .elasticsearch.exporter .elasticsearch . ]]
|
||||
|
||||
[[ template "common/task.metrics_proxy" $e ]]
|
||||
|
||||
# Prometheus exporter
|
||||
task "exporter" {
|
||||
driver = "[[ $e.nomad.driver ]]"
|
||||
|
@ -193,12 +191,26 @@ _EOT
|
|||
pids_limit = 100
|
||||
command = "elasticsearch_exporter"
|
||||
args = [
|
||||
"--web.listen-address=127.0.0.1:9114"
|
||||
"--web.listen-address=0.0.0.0:${NOMAD_ALLOC_PORT_metrics}",
|
||||
"--web.config.file=/local/web_tls.yml"
|
||||
]
|
||||
}
|
||||
|
||||
[[ template "common/vault.policies" $e ]]
|
||||
[[ template "common/file_env" $e ]]
|
||||
[[ template "common/metrics_cert" $c ]]
|
||||
|
||||
template {
|
||||
data = <<_EOT
|
||||
tls_server_config:
|
||||
cert_file: /secrets/metrics.bundle.pem
|
||||
key_file: /secrets/metrics.bundle.pem
|
||||
client_auth_type: RequireAndVerifyClientCert
|
||||
client_ca_file: /local/monitoring.ca.pem
|
||||
_EOT
|
||||
destination = "local/web_tls.yml"
|
||||
}
|
||||
|
||||
[[ template "common/resources" $e ]]
|
||||
}
|
||||
|
||||
|
|
|
@ -111,6 +111,12 @@ elasticsearch:
|
|||
ES_USERNAME: exporter
|
||||
ES_PASSWORD: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.exporter_pwd }}{{ end }}'
|
||||
|
||||
vault:
|
||||
# Vault policies to attach to the task
|
||||
policies:
|
||||
- '[[ .instance ]][[ .consul.suffix ]]'
|
||||
- metrics
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
cpu: 50
|
||||
|
|
Loading…
Reference in New Issue