--- # namespace - name: Add prometheus project oc_project: state: "{{ state }}" name: "{{ openshift_prometheus_namespace }}" node_selector: "{{ openshift_prometheus_node_selector | oo_selector_to_string_list() }}" description: Prometheus # secrets - name: Set alert and prometheus secrets oc_secret: state: "{{ state }}" name: "{{ item }}-proxy" namespace: "{{ openshift_prometheus_namespace }}" contents: - path: session_secret data: "{{ 43 | oo_random_word }}=" with_items: - prometheus - alerts # serviceaccount - name: create prometheus serviceaccount oc_serviceaccount: state: "{{ state }}" name: prometheus namespace: "{{ openshift_prometheus_namespace }}" # TODO add annotations when supproted # annotations: # serviceaccounts.openshift.io/oauth-redirectreference.prom: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}' # serviceaccounts.openshift.io/oauth-redirectreference.alerts: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}' secrets: - prometheus-secrets changed_when: no # TODO remove this when annotations are supported by oc_serviceaccount - name: annotate serviceaccount command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} serviceaccount prometheus serviceaccounts.openshift.io/oauth-redirectreference.prom='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}' serviceaccounts.openshift.io/oauth-redirectreference.alerts='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}' # create clusterrolebinding for prometheus serviceaccount - name: Set cluster-reader permissions for prometheus oc_adm_policy_user: state: "{{ state }}" namespace: "{{ openshift_prometheus_namespace }}" resource_kind: cluster-role resource_name: cluster-reader user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:prometheus" ###################################################################### # NFS # In the case that we are not running on a cloud provider, volumes must be statically provisioned - include: nfs.yaml when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) # create prometheus and alerts services # TODO join into 1 task with loop - name: Create prometheus service oc_service: state: "{{ state }}" name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: app: prometheus labels: name: "{{ item.name }}" # TODO add annotations when supported # annotations: # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls" ports: - port: 443 targetPort: 8443 with_items: - name: prometheus - name: Create alerts service oc_service: state: "{{ state }}" name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: app: prometheus labels: name: "{{ item.name }}" # TODO add annotations when supported # annotations: # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls" ports: - port: 443 targetPort: 9443 with_items: - name: alerts # Annotate services with secret name # TODO remove this when annotations are supported by oc_service - name: annotate prometheus service command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} service prometheus prometheus.io/scrape='true' prometheus.io/scheme=https service.alpha.openshift.io/serving-cert-secret-name=prometheus-tls - name: annotate alerts service command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} service alerts 'service.alpha.openshift.io/serving-cert-secret-name=prometheus-alerts-tls' # create prometheus and alerts routes - name: create prometheus and alerts routes oc_route: state: "{{ state }}" name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" service_name: "{{ item.name }}" tls_termination: reencrypt with_items: - name: prometheus - name: alerts # Storage - name: create prometheus pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_pvc_name }}" access_modes: "{{ openshift_prometheus_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_pvc_size }}" selector: "{{ openshift_prometheus_pvc_pv_selector }}" - name: create alertmanager pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_alertmanager_pvc_name }}" access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}" selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}" - name: create alertbuffer pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_alertbuffer_pvc_name }}" access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}" selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" # create prometheus deployment - name: Set prometheus deployment template template: src: prometheus_deployment.j2 dest: "{{ tempdir }}/templates/prometheus.yaml" vars: namespace: "{{ openshift_prometheus_namespace }}" prom_replicas: "{{ openshift_prometheus_replicas }}" - name: Set prometheus deployment oc_obj: state: "{{ state }}" name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" kind: deployment files: - "{{ tempdir }}/templates/prometheus.yaml" delete_after: true # prometheus configmap # Copy the additional rules file if it is defined - name: Copy additional rules file to host copy: src: "{{ openshift_prometheus_additional_rules_file }}" dest: "{{ tempdir }}/prometheus.additional.rules" when: - openshift_prometheus_additional_rules_file is defined - openshift_prometheus_additional_rules_file is not none - openshift_prometheus_additional_rules_file | trim | length > 0 - stat: path: "{{ tempdir }}/prometheus.additional.rules" register: additional_rules_stat # The kubernetes version impacts the prometheus scraping endpoint # so gathering it before constructing the configmap - name: get oc version oc_version: register: oc_version - set_fact: kubernetes_version: "{{ oc_version.results.kubernetes_short | float }}" - template: src: prometheus.yml.j2 dest: "{{ tempdir }}/prometheus.yml" changed_when: no - template: src: prometheus.rules.j2 dest: "{{ tempdir }}/prometheus.rules" changed_when: no # In prometheus configmap create "additional.rules" section if file exists - name: Set prometheus configmap oc_configmap: state: "{{ state }}" name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: prometheus.rules: "{{ tempdir }}/prometheus.rules" prometheus.additional.rules: "{{ tempdir }}/prometheus.additional.rules" prometheus.yml: "{{ tempdir }}/prometheus.yml" when: additional_rules_stat.stat.exists == True - name: Set prometheus configmap oc_configmap: state: "{{ state }}" name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: prometheus.rules: "{{ tempdir }}/prometheus.rules" prometheus.yml: "{{ tempdir }}/prometheus.yml" when: additional_rules_stat.stat.exists == False # alertmanager configmap - template: src: alertmanager.yml.j2 dest: "{{ tempdir }}/alertmanager.yml" changed_when: no - name: Set alertmanager configmap oc_configmap: state: "{{ state }}" name: "prometheus-alerts" namespace: "{{ openshift_prometheus_namespace }}" from_file: alertmanager.yml: "{{ tempdir }}/alertmanager.yml"