From 76e00ca0b6900c6c405f0fd9ca3e12b032498e22 Mon Sep 17 00:00:00 2001
From: Jeff Cantrill <jcantril@redhat.com>
Date: Tue, 26 Sep 2017 09:39:37 -0400
Subject: Add logging es prometheus endpoint

---
 .../templates/es.j2                                | 42 +++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

(limited to 'roles/openshift_logging_elasticsearch/templates/es.j2')

diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2
index 3c8f390c4..cca5bf8a3 100644
--- a/roles/openshift_logging_elasticsearch/templates/es.j2
+++ b/roles/openshift_logging_elasticsearch/templates/es.j2
@@ -37,6 +37,40 @@ spec:
 {% endfor %}
 {% endif %}
       containers:
+        - name: proxy
+          image: {{openshift_logging_elasticsearch_proxy_image_prefix}}:{{openshift_logging_elasticsearch_proxy_image_version}}
+          imagePullPolicy: Always
+          args:
+           - --upstream-ca=/etc/elasticsearch/secret/admin-ca
+           - --https-address=:4443
+           - -provider=openshift
+           - -client-id={{openshift_logging_elasticsearch_prometheus_sa}}
+           - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+           - -cookie-secret={{ 16 | oo_random_word | b64encode }}
+           - -upstream=https://localhost:9200
+           - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}'
+           - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}'
+           - --tls-cert=/etc/tls/private/tls.crt
+           - --tls-key=/etc/tls/private/tls.key
+           - -pass-access-token
+           - -pass-user-headers
+          ports:
+          - containerPort: 4443
+            name: proxy
+            protocol: TCP
+          volumeMounts:
+          - mountPath: /etc/tls/private
+            name: proxy-tls
+            readOnly: true
+          - mountPath: /etc/elasticsearch/secret
+            name: elasticsearch
+            readOnly: true
+          resources:
+            limits:
+              cpu: "{{openshift_logging_elasticsearch_proxy_cpu_limit }}"
+              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
+            requests:
+              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
         -
           name: "elasticsearch"
           image: {{image}}
@@ -94,7 +128,7 @@ spec:
               value: "30"
             -
               name: "POD_LABEL"
-              value: "component={{component}}" 
+              value: "component={{component}}"
             -
               name: "IS_MASTER"
               value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}"
@@ -102,6 +136,9 @@ spec:
             -
               name: "HAS_DATA"
               value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}"
+            -
+              name: "PROMETHEUS_USER"
+              value: "{{openshift_logging_elasticsearch_prometheus_sa}}"
 
           volumeMounts:
             - name: elasticsearch
@@ -120,6 +157,9 @@ spec:
             timeoutSeconds: 30
             periodSeconds: 5
       volumes:
+        - name: proxy-tls
+          secret:
+            secretName: prometheus-tls
         - name: elasticsearch
           secret:
             secretName: logging-elasticsearch
-- 
cgit v1.2.1