Remove metrics_proxy as the exporter supports mTLS
This commit is contained in:
parent
42c72e7de8
commit
ab9572dd2f
|
@ -95,9 +95,8 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
}
|
||||
|
||||
[[ template "common/task.metrics_proxy" $c ]]
|
||||
[[- if conv.ToBool $c.prometheus.enabled ]]
|
||||
|
||||
[[- if $c.prometheus.enabled ]]
|
||||
task "exporter" {
|
||||
|
||||
[[- $e := merge $c.exporter $c ]]
|
||||
|
@ -106,14 +105,14 @@ job "[[ .instance ]]" {
|
|||
user = "9216"
|
||||
|
||||
config {
|
||||
image = "[[ $e.image ]]"
|
||||
[[ template "common/image" $e ]]
|
||||
args = [
|
||||
"--mongodb.uri=mongodb://127.0.0.1:${NOMAD_ALLOC_PORT_mongo}/%24external?replicaSet=[[ .mongo.replica_set ]]&authMechanism=MONGODB-X509&tls=true&tlsCertificateKeyFile=%2Fsecrets%2Fmongo.bundle.pem&tlsCAFile=%2Fsecrets%2Fmongo.ca.pem",
|
||||
"--web.listen-address=127.0.0.1:9216",
|
||||
"--web.listen-address=:${NOMAD_ALLOC_PORT_metrics}",
|
||||
"--web.config=/local/web_tls.yml",
|
||||
"--collect-all"
|
||||
]
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
}
|
||||
|
||||
lifecycle {
|
||||
|
@ -122,6 +121,15 @@ job "[[ .instance ]]" {
|
|||
}
|
||||
|
||||
[[ template "common/vault.policies" $e ]]
|
||||
[[ template "common/metrics_cert" $e ]]
|
||||
|
||||
# TLS config for the exporter
|
||||
template {
|
||||
data = <<_EOT
|
||||
[[ template "mongodb/exporter_tls.yml" $e ]]
|
||||
_EOT
|
||||
destination = "local/web_tls.yml"
|
||||
}
|
||||
|
||||
# Get a certificate with monitoring capabilities
|
||||
template {
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
tls_server_config:
|
||||
cert_file: /secrets/metrics.bundle.pem
|
||||
key_file: /secrets/metrics.bundle.pem
|
||||
client_auth_type: RequireAndVerifyClientCert
|
||||
client_ca_file: /local/monitoring.ca.pem
|
|
@ -66,10 +66,15 @@ mongo:
|
|||
exporter:
|
||||
version: 0.40.0
|
||||
image: percona/mongodb_exporter:[[ .mongo.exporter.version ]]
|
||||
vault:
|
||||
policies:
|
||||
- '[[ .instance ]]-mongod[[ .consul.suffix ]]'
|
||||
- metrics[[ .consul.suffix ]]
|
||||
resources:
|
||||
cpu: 10
|
||||
memory: 50
|
||||
|
||||
prometheus:
|
||||
enabled: '[[ .prometheus.available ]]'
|
||||
# URL where prometheus metrics are exposed (from inside the container PoV)
|
||||
metrics_url: http://127.0.0.1:9216/metrics
|
||||
|
|
|
@ -10,7 +10,7 @@ path "[[ $c.vault.pki.path ]]/issue/mongod" {
|
|||
capabilities = ["update"]
|
||||
}
|
||||
|
||||
[[- if .prometheus.enabled ]]
|
||||
[[- if conv.ToBool $c.prometheus.enabled ]]
|
||||
# Issue client cert for the exporter
|
||||
path "[[ $c.vault.pki.path ]]/issue/mongo-monitor" {
|
||||
capabilities = ["update"]
|
||||
|
|
Loading…
Reference in New Issue