--- # namespace - name: Add prometheus project oc_project: state: present name: "{{ openshift_prometheus_namespace }}" node_selector: "{{ openshift_prometheus_node_selector | oo_selector_to_string_list() }}" description: Prometheus # secrets - name: Set alert and prometheus secrets oc_secret: state: present name: "{{ item }}-proxy" namespace: "{{ openshift_prometheus_namespace }}" contents: - path: session_secret data: "{{ 43 | oo_random_word }}=" with_items: - prometheus - alerts # serviceaccount - name: create prometheus serviceaccount oc_serviceaccount: state: present name: prometheus namespace: "{{ openshift_prometheus_namespace }}" # TODO add annotations when supproted # annotations: # serviceaccounts.openshift.io/oauth-redirectreference.prom: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}' # serviceaccounts.openshift.io/oauth-redirectreference.alerts: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}' secrets: - prometheus-secrets changed_when: no # TODO remove this when annotations are supported by oc_serviceaccount - name: annotate serviceaccount command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} serviceaccount prometheus serviceaccounts.openshift.io/oauth-redirectreference.prom='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus"}}' serviceaccounts.openshift.io/oauth-redirectreference.alerts='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alerts"}}' # create clusterrolebinding for prometheus serviceaccount - name: Set cluster-reader permissions for prometheus oc_adm_policy_user: state: present namespace: "{{ openshift_prometheus_namespace }}" resource_kind: cluster-role resource_name: cluster-reader user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:prometheus" # create prometheus and alerts services # TODO join into 1 task with loop - name: Create prometheus service oc_service: state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: app: prometheus labels: name: "{{ item.name }}" # TODO add annotations when supported # annotations: # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls" ports: - port: 443 targetPort: 8443 with_items: - name: prometheus - name: Create alerts service oc_service: state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: app: prometheus labels: name: "{{ item.name }}" # TODO add annotations when supported # annotations: # service.alpha.openshift.io/serving-cert-secret-name: "{{item.name}}-tls" ports: - port: 443 targetPort: 9443 with_items: - name: alerts # Annotate services with secret name # TODO remove this when annotations are supported by oc_service - name: annotate prometheus service command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} service prometheus prometheus.io/scrape='true' prometheus.io/scheme=https service.alpha.openshift.io/serving-cert-secret-name=prometheus-tls - name: annotate alerts service command: > {{ openshift.common.client_binary }} annotate --overwrite -n {{ openshift_prometheus_namespace }} service alerts 'service.alpha.openshift.io/serving-cert-secret-name=prometheus-alerts-tls' # create prometheus and alerts routes - name: create prometheus and alerts routes oc_route: state: present name: "{{ item.name }}" host: "{{ item.host }}" namespace: "{{ openshift_prometheus_namespace }}" service_name: "{{ item.name }}" tls_termination: reencrypt with_items: - name: prometheus host: "{{ openshift_prometheus_hostname }}" - name: alerts host: "{{ openshift_prometheus_alerts_hostname }}" # Storage - name: create prometheus pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_pvc_name }}" access_modes: "{{ openshift_prometheus_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_pvc_size }}" selector: "{{ openshift_prometheus_pvc_pv_selector }}" storage_class_name: "{{ openshift_prometheus_sc_name }}" when: openshift_prometheus_storage_type == 'pvc' - name: create alertmanager pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_alertmanager_pvc_name }}" access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}" selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}" storage_class_name: "{{ openshift_prometheus_alertmanager_sc_name }}" when: openshift_prometheus_alertmanager_storage_type == 'pvc' - name: create alertbuffer pvc oc_pvc: namespace: "{{ openshift_prometheus_namespace }}" name: "{{ openshift_prometheus_alertbuffer_pvc_name }}" access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}" selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" storage_class_name: "{{ openshift_prometheus_alertbuffer_sc_name }}" when: openshift_prometheus_alertbuffer_storage_type == 'pvc' # prometheus configmap # Copy the additional rules file if it is defined - name: Copy additional rules file to host copy: src: "{{ openshift_prometheus_additional_rules_file }}" dest: "{{ tempdir }}/prometheus.additional.rules" when: - openshift_prometheus_additional_rules_file is defined - openshift_prometheus_additional_rules_file is not none - openshift_prometheus_additional_rules_file | trim | length > 0 - stat: path: "{{ tempdir }}/prometheus.additional.rules" register: additional_rules_stat # The kubernetes version impacts the prometheus scraping endpoint # so gathering it before constructing the configmap - name: get oc version oc_version: register: oc_version - set_fact: kubernetes_version: "{{ oc_version.results.kubernetes_short | float }}" - template: src: prometheus.yml.j2 dest: "{{ tempdir }}/prometheus.yml" changed_when: no - template: src: prometheus.rules.j2 dest: "{{ tempdir }}/prometheus.rules" changed_when: no # In prometheus configmap create "additional.rules" section if file exists - name: Set prometheus configmap oc_configmap: state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: prometheus.rules: "{{ tempdir }}/prometheus.rules" prometheus.additional.rules: "{{ tempdir }}/prometheus.additional.rules" prometheus.yml: "{{ tempdir }}/prometheus.yml" when: additional_rules_stat.stat.exists == True - name: Set prometheus configmap oc_configmap: state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: prometheus.rules: "{{ tempdir }}/prometheus.rules" prometheus.yml: "{{ tempdir }}/prometheus.yml" when: additional_rules_stat.stat.exists == False # alertmanager configmap - template: src: alertmanager.yml.j2 dest: "{{ tempdir }}/alertmanager.yml" changed_when: no - name: Set alertmanager configmap oc_configmap: state: present name: "prometheus-alerts" namespace: "{{ openshift_prometheus_namespace }}" from_file: alertmanager.yml: "{{ tempdir }}/alertmanager.yml" # create prometheus stateful set - name: Set prometheus template template: src: prometheus.j2 dest: "{{ tempdir }}/templates/prometheus.yaml" vars: namespace: "{{ openshift_prometheus_namespace }}" # prom_replicas: "{{ openshift_prometheus_replicas }}" - name: Set prometheus stateful set oc_obj: state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" kind: statefulset files: - "{{ tempdir }}/templates/prometheus.yaml" delete_after: true