Use exporter's TLS support and remove metrics_proxy
This commit is contained in:
parent
594cae279d
commit
a36c1ac6b7
|
@ -177,8 +177,6 @@ _EOT
|
||||||
[[- if conv.ToBool $c.prometheus.enabled ]]
|
[[- if conv.ToBool $c.prometheus.enabled ]]
|
||||||
[[- $e := merge .elasticsearch.exporter .elasticsearch . ]]
|
[[- $e := merge .elasticsearch.exporter .elasticsearch . ]]
|
||||||
|
|
||||||
[[ template "common/task.metrics_proxy" $e ]]
|
|
||||||
|
|
||||||
# Prometheus exporter
|
# Prometheus exporter
|
||||||
task "exporter" {
|
task "exporter" {
|
||||||
driver = "[[ $e.nomad.driver ]]"
|
driver = "[[ $e.nomad.driver ]]"
|
||||||
|
@ -193,12 +191,26 @@ _EOT
|
||||||
pids_limit = 100
|
pids_limit = 100
|
||||||
command = "elasticsearch_exporter"
|
command = "elasticsearch_exporter"
|
||||||
args = [
|
args = [
|
||||||
"--web.listen-address=127.0.0.1:9114"
|
"--web.listen-address=0.0.0.0:${NOMAD_ALLOC_PORT_metrics}",
|
||||||
|
"--web.config.file=/local/web_tls.yml"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/vault.policies" $e ]]
|
[[ template "common/vault.policies" $e ]]
|
||||||
[[ template "common/file_env" $e ]]
|
[[ template "common/file_env" $e ]]
|
||||||
|
[[ template "common/metrics_cert" $c ]]
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<_EOT
|
||||||
|
tls_server_config:
|
||||||
|
cert_file: /secrets/metrics.bundle.pem
|
||||||
|
key_file: /secrets/metrics.bundle.pem
|
||||||
|
client_auth_type: RequireAndVerifyClientCert
|
||||||
|
client_ca_file: /local/monitoring.ca.pem
|
||||||
|
_EOT
|
||||||
|
destination = "local/web_tls.yml"
|
||||||
|
}
|
||||||
|
|
||||||
[[ template "common/resources" $e ]]
|
[[ template "common/resources" $e ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -111,6 +111,12 @@ elasticsearch:
|
||||||
ES_USERNAME: exporter
|
ES_USERNAME: exporter
|
||||||
ES_PASSWORD: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.exporter_pwd }}{{ end }}'
|
ES_PASSWORD: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.exporter_pwd }}{{ end }}'
|
||||||
|
|
||||||
|
vault:
|
||||||
|
# Vault policies to attach to the task
|
||||||
|
policies:
|
||||||
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
||||||
|
- metrics
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
cpu: 50
|
cpu: 50
|
||||||
|
|
Loading…
Reference in New Issue