diff options
| author | Jeff Cantrill <jcantril@redhat.com> | 2017-09-26 09:39:37 -0400 |
|---|---|---|
| committer | Jeff Cantrill <jcantril@redhat.com> | 2017-10-03 16:03:30 -0400 |
| commit | 76e00ca0b6900c6c405f0fd9ca3e12b032498e22 (patch) | |
| tree | bf1ab0512271351e9189659f1c51375aa06c2e91 /roles/openshift_logging_elasticsearch/templates/es.j2 | |
| parent | 49b352634febe78a3cf15e4d4971b69032dd0d4c (diff) | |
| download | openshift-76e00ca0b6900c6c405f0fd9ca3e12b032498e22.tar.gz openshift-76e00ca0b6900c6c405f0fd9ca3e12b032498e22.tar.bz2 openshift-76e00ca0b6900c6c405f0fd9ca3e12b032498e22.tar.xz openshift-76e00ca0b6900c6c405f0fd9ca3e12b032498e22.zip | |
Add logging es prometheus endpoint
Diffstat (limited to 'roles/openshift_logging_elasticsearch/templates/es.j2')
| -rw-r--r-- | roles/openshift_logging_elasticsearch/templates/es.j2 | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 3c8f390c4..cca5bf8a3 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -37,6 +37,40 @@ spec: {% endfor %} {% endif %} containers: + - name: proxy + image: {{openshift_logging_elasticsearch_proxy_image_prefix}}:{{openshift_logging_elasticsearch_proxy_image_version}} + imagePullPolicy: Always + args: + - --upstream-ca=/etc/elasticsearch/secret/admin-ca + - --https-address=:4443 + - -provider=openshift + - -client-id={{openshift_logging_elasticsearch_prometheus_sa}} + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret={{ 16 | oo_random_word | b64encode }} + - -upstream=https://localhost:9200 + - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}' + - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}' + - --tls-cert=/etc/tls/private/tls.crt + - --tls-key=/etc/tls/private/tls.key + - -pass-access-token + - -pass-user-headers + ports: + - containerPort: 4443 + name: proxy + protocol: TCP + volumeMounts: + - mountPath: /etc/tls/private + name: proxy-tls + readOnly: true + - mountPath: /etc/elasticsearch/secret + name: elasticsearch + readOnly: true + resources: + limits: + cpu: "{{openshift_logging_elasticsearch_proxy_cpu_limit }}" + memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" + requests: + memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" - name: "elasticsearch" image: {{image}} @@ -94,7 +128,7 @@ spec: value: "30" - name: "POD_LABEL" - value: "component={{component}}" + value: "component={{component}}" - name: "IS_MASTER" value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}" @@ -102,6 +136,9 @@ spec: - name: "HAS_DATA" value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}" + - + name: "PROMETHEUS_USER" + value: "{{openshift_logging_elasticsearch_prometheus_sa}}" volumeMounts: - name: elasticsearch @@ -120,6 +157,9 @@ spec: timeoutSeconds: 30 periodSeconds: 5 volumes: + - name: proxy-tls + secret: + secretName: prometheus-tls - name: elasticsearch secret: secretName: logging-elasticsearch |