More cleanups

2024-03-26 11:47:03 +01:00 · 2024-03-26 11:47:03 +01:00 · eff89d7281
parent 348aa7cbf6
commit eff89d7281
4 changed files with 9 additions and 17 deletions
--- a/example/images/ping-exporter/Dockerfile
+++ b/example/images/ping-exporter/Dockerfile
@ -1,7 +1,7 @@
 FROM danielberteaud/alpine:24.3-1 AS builder
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>

-ARG PING_EXPORTER_VERSION=1.1.0
+ARG PING_EXPORTER_VERSION=1.1.1

 ADD https://github.com/czerwonk/ping_exporter/releases/download/${PING_EXPORTER_VERSION}/ping_exporter_${PING_EXPORTER_VERSION}_linux_amd64.tar.gz /tmp
 ADD https://github.com/czerwonk/ping_exporter/releases/download/${PING_EXPORTER_VERSION}/ping_exporter_${PING_EXPORTER_VERSION}_checksums.txt /tmp
--- a/example/services.nomad.hcl
+++ b/example/services.nomad.hcl
@ -2327,7 +2327,7 @@ _EOT
        "traefik.enable=true",
        "traefik.http.routers.monitoring-grafana.entrypoints=https",
        "traefik.http.routers.monitoring-grafana.rule=Host(`grafana.example.org`)",
-        "traefik.http.middlewares.csp-monitoring-grafana.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
+        "traefik.http.middlewares.csp-monitoring-grafana.headers.contentsecuritypolicy=connect-src 'self' https://grafana.com;default-src 'self';font-src 'self' data:;img-src 'self' data: blob: https://grafana.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
        "traefik.http.routers.monitoring-grafana.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-monitoring-grafana",

      ]
--- a/templates/prometheus/prometheus.yml
+++ b/templates/prometheus/prometheus.yml
@ -97,20 +97,6 @@ scrape_configs:
 {{- end }}
 [[- end ]]

-[[- if gt (len .exporters.ping.probes) 0 ]]
-  # Ping exporter
-  - job_name: ping
-    scheme: https
-    tls_config:
-      ca_file: /local/monitoring.ca.pem
-      cert_file: /secrets/prometheus.bundle.pem
-      key_file: /secrets/prometheus.bundle.pem
-    static_configs:
-  {{- range $idx, $instance := service "ping-exporter[[ .consul.suffix ]]" }}
-      - targets: ["{{ $instance.Address }}:{{ $instance.Port }}"]
-  {{- end }}
-[[- end ]]
-
  # Cluster services
  - job_name: cluster-services
    scheme: https
--- a/variables.yml
+++ b/variables.yml
@ -37,7 +37,7 @@ monitoring:
    # Ping exporter can ping external hosts and expose stats to prometheus
    ping:
      # Version of the exporter to use
-      version: 1.1.0
+      version: 1.1.1
      # Docker image to use
      image: '[[ .docker.repo ]]ping-exporter:[[ .monitoring.exporters.ping.version ]]-1'
      # Custom env var to set in the container
@ -334,6 +334,9 @@ monitoring:
    resources:
      cpu: 100
      memory: 256
+    # If proxy is used
+    proxy:
+      address: http://grafana[[ .consul.suffix ]]:grafana[[ .consul.suffix ]]@127.0.0.1:3128
    # URL where Grafana is reachable
    public_url: https://grafana.example.org
    # List of plugins to install. Note : plugins are installed at image build time, so you need to rebuild
@ -351,6 +354,9 @@ monitoring:
    traefik:
      enabled: true
      router: grafana
+      csp:
+        img-src: "'self' data: blob: https://grafana.com"
+        connect-src: "'self' https://grafana.com"
      # No need to strip prefix as Grafana will be configured to handle it correctly
      strip_prefix: false
    consul: