bokysan/docker-postfix
1
1
Fork 0
mirror of https://github.com/bokysan/docker-postfix.git synced 2024-09-20 06:46:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Create metrics service

Browse source
This commit is contained in:
Jonathon Beauregard II 2022-11-30 09:21:48 -08:00 committed by Bojan Čekrlić
parent 8b6a6acfae
commit ab1cca7286
17 changed files with 19687 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
.github/workflows/master.yml vendored
View file

@ -37,6 +37,54 @@ jobs:
- uses: ./.github/actions/helm-chart-tests
Build_PostfixExporter:
runs-on: ubuntu-latest
needs:
- Helm_chart_Tests
steps:
# Checkout
- name: Checkout
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@v4
with:
repository: kumina/postfix_exporter
path: 'postfix_exporter'
# Buildkit setup
- uses: ./.github/actions/buildx-setup
# Docker hub login
- uses: ./.github/actions/docker-hub-login
with:
DOCKER_ACCESS_TOKEN: '${{ secrets.DOCKER_ACCESS_TOKEN }}'
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-postfix-exporter-${{ github.sha }}
restore-keys: |
${{ runner.os }}-postfix-exporter-
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
boky/postfix-exporter:latest
boky/postfix-exporter:latest
platforms: "linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le"
cache-from: type=local,src=/tmp/.buildx-cache/postfix-exporter,mode=max,compression=estargz
cache-to: type=local,dest=/tmp/.buildx-cache-new/postfix-exporter
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
Build_Alpine:
runs-on: ubuntu-latest
needs:

48
.github/workflows/tags.yml vendored
View file

@ -37,6 +37,54 @@ jobs:
- uses: ./.github/actions/helm-chart-tests
Build_PostfixExporter:
runs-on: ubuntu-latest
needs:
- Helm_chart_Tests
steps:
# Checkout
- name: Checkout
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@v4
with:
repository: kumina/postfix_exporter
path: 'postfix_exporter'
# Buildkit setup
- uses: ./.github/actions/buildx-setup
# Docker hub login
- uses: ./.github/actions/docker-hub-login
with:
DOCKER_ACCESS_TOKEN: '${{ secrets.DOCKER_ACCESS_TOKEN }}'
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-postfix-exporter-${{ github.sha }}
restore-keys: |
${{ runner.os }}-postfix-exporter-
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
boky/postfix-exporter:${{ env.RELEASE_VERSION }}
boky/postfix-exporter:${{ env.RELEASE_VERSION }}
platforms: "linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le"
cache-from: type=local,src=/tmp/.buildx-cache/postfix-exporter,mode=max,compression=estargz
cache-to: type=local,dest=/tmp/.buildx-cache-new/postfix-exporter
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
Build_Alpine:
runs-on: ubuntu-latest
needs:

1
.gitignore vendored
View file

@ -4,3 +4,4 @@ public
gh-pages
.env
cache
postfix_exporter

90
README.md
View file

@ -6,45 +6,57 @@ Simple postfix relay host ("postfix null client") for your Docker containers. Ba
## Table of contents
* [Table of contents](#table-of-contents)
* [Description](#description)
* [TL;DR](#tldr)
* [Updates](#updates)
* [Architectures](#architectures)
* [Configuration options](#configuration-options)
* [General options](#general-options)
* [Inbound debugging](#inbound-debugging)
* [ALLOWED_SENDER_DOMAINS and ALLOW_EMPTY_SENDER_DOMAINS](#allowed_sender_domains-and-allow_empty_sender_domains)
* [Log format](#log-format)
* [Postfix-specific options](#postfix-specific-options)
* [RELAYHOST, RELAYHOST_USERNAME and RELAYHOST_PASSWORD](#relayhost-relayhost_username-and-relayhost_password)
* [POSTFIX_smtp_tls_security_level](#postfix_smtp_tls_security_level)
* [XOAUTH2_CLIENT_ID, XOAUTH2_SECRET, XOAUTH2_INITIAL_ACCESS_TOKEN, XOAUTH2_INITIAL_REFRESH_TOKEN and XOAUTH2_TOKEN_ENDPOINT ](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-xoauth2_initial_refresh_token-and-xoauth2_token_endpoint)
* [MASQUERADED_DOMAINS](#masqueraded_domains)
* [SMTP_HEADER_CHECKS](#smtp_header_checks)
* [POSTFIX_myhostname](#postfix_myhostname)
* [POSTFIX_mynetworks](#postfix_mynetworks)
* [POSTFIX_message_size_limit](#postfix_message_size_limit)
* [Overriding specific postfix settings](#overriding-specific-postfix-settings)
* [ANONYMIZE_EMAILS](#anonymize_emails)
* [SKIP_ROOT_SPOOL_CHOWN](#skip_root_spool_chown)
* [DKIM / DomainKeys](#dkim--domainkeys)
* [Supplying your own DKIM keys](#supplying-your-own-dkim-keys)
* [Auto-generating the DKIM selectors through the image](#auto-generating-the-dkim-selectors-through-the-image)
* [Changing the DKIM selector](#changing-the-dkim-selector)
* [Overriding specific OpenDKIM settings](#overriding-specific-opendkim-settings)
* [Verifying your DKIM setup](#verifying-your-dkim-setup)
* [Docker Secrets](#docker-secrets)
* [Helm chart](#helm-chart)
* [Extending the image](#extending-the-image)
* [Using custom init scripts](#using-custom-init-scripts)
* [Security](#security)
* [Quick how-tos](#quick-how-tos)
* [Relaying messages through your Gmail account](#relaying-messages-through-your-gmail-account)
* [Relaying messages through Google Apps account](#relaying-messages-through-google-apps-account)
* [Sending messages directly](#sending-messages-directly)
* [Similar projects](#similar-projects)
* [License check](#license-check)
- [docker-postfix](#docker-postfix)
- [Table of contents](#table-of-contents)
- [Description](#description)
- [TL;DR](#tldr)
- [Updates](#updates)
- [v3.0.0](#v300)
- [Architectures](#architectures)
- [Configuration options](#configuration-options)
- [General options](#general-options)
- [Inbound debugging](#inbound-debugging)
- [`ALLOWED_SENDER_DOMAINS` and `ALLOW_EMPTY_SENDER_DOMAINS`](#allowed_sender_domains-and-allow_empty_sender_domains)
- [Log format](#log-format)
- [Postfix-specific options](#postfix-specific-options)
- [`RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD`](#relayhost-relayhost_username-and-relayhost_password)
- [`POSTFIX_smtp_tls_security_level`](#postfix_smtp_tls_security_level)
- [`XOAUTH2_CLIENT_ID`, `XOAUTH2_SECRET`, `XOAUTH2_INITIAL_ACCESS_TOKEN`, `XOAUTH2_INITIAL_REFRESH_TOKEN` and `XOAUTH2_TOKEN_ENDPOINT`](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-xoauth2_initial_refresh_token-and-xoauth2_token_endpoint)
- [OAuth2 Client Credentials (GMail)](#oauth2-client-credentials-gmail)
- [Obtain Initial Access Token (GMail)](#obtain-initial-access-token-gmail)
- [Debug XOAuth2 issues](#debug-xoauth2-issues)
- [`MASQUERADED_DOMAINS`](#masqueraded_domains)
- [`SMTP_HEADER_CHECKS`](#smtp_header_checks)
- [`POSTFIX_myhostname`](#postfix_myhostname)
- [`POSTFIX_mynetworks`](#postfix_mynetworks)
- [`POSTFIX_message_size_limit`](#postfix_message_size_limit)
- [Overriding specific postfix settings](#overriding-specific-postfix-settings)
- [`SKIP_ROOT_SPOOL_CHOWN`](#skip_root_spool_chown)
- [`ANONYMIZE_EMAILS`](#anonymize_emails)
- [The `default` (`smart`) filter](#the-default-smart-filter)
- [The `paranoid` filter](#the-paranoid-filter)
- [The `hash` filter](#the-hash-filter)
- [The `noop` filter](#the-noop-filter)
- [Writting your own filters](#writting-your-own-filters)
- [DKIM / DomainKeys](#dkim--domainkeys)
- [Supplying your own DKIM keys](#supplying-your-own-dkim-keys)
- [Auto-generating the DKIM selectors through the image](#auto-generating-the-dkim-selectors-through-the-image)
- [Changing the DKIM selector](#changing-the-dkim-selector)
- [Overriding specific OpenDKIM settings](#overriding-specific-opendkim-settings)
- [Verifying your DKIM setup](#verifying-your-dkim-setup)
- [Docker Secrets / Kubernetes secrets](#docker-secrets--kubernetes-secrets)
- [Helm chart](#helm-chart)
- [Extending the image](#extending-the-image)
- [Using custom init scripts](#using-custom-init-scripts)
- [Security](#security)
- [Quick how-tos](#quick-how-tos)
- [Relaying messages through your Gmail account](#relaying-messages-through-your-gmail-account)
- [Relaying messages through Google Apps account](#relaying-messages-through-google-apps-account)
- [Relaying messages through Amazon's SES](#relaying-messages-through-amazons-ses)
- [Sending messages directly](#sending-messages-directly)
- [Careful](#careful)
- [Similar projects](#similar-projects)
- [License check](#license-check)
## Description

4
configs/rsyslog.conf
View file

@ -8,7 +8,7 @@ $FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
template (name="devicelog" type="string" string="/dev/stdout")
template(name="devicelog" type="string" string="/dev/stdout")
template(name="json" type="list") {
constant(value="{")
@ -55,9 +55,9 @@ if $syslogseverity <= '6' then {
#</email-anonymizer>
action(type="omfile" DynaFile="devicelog" template="<log-format>" DirCreateMode="0755" FileCreateMode="0644")
# enable below to stop processing further this log
stop
}
include(file="/etc/rsyslog.d-metrics/*.conf" mode="optional")
include(file="/etc/rsyslog.d/*.conf" mode="optional")
stop

17
helm/mail/templates/configmap-metrics.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if .Values.metrics.enabled }}
{{- $chart := "mail" -}}
{{- $fullName := include (print $chart ".fullname") . -}}
{{- $labels := include (print $chart ".labels") . -}}
{{- $files := .Files -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ print $fullName "-metrics" | quote }}
labels:
{{- $labels | nindent 4 }}
data:
logrotate.conf: | {{- index .Values.metrics.logrotate "logrotate.conf" | nindent 4 }}
maillog.conf: |
template(name="metricslog" type="string" string={{ .Values.metrics.path | quote }})
action(type="omfile" DynaFile="metricslog" template="plain" DirCreateMode="0755" FileCreateMode="0644")
{{- end }}

3
helm/mail/templates/configmap.yaml
View file

@ -13,6 +13,9 @@ data:
{{- range $key, $value := .Values.config.postfix }}
POSTFIX_{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if .Values.metrics.enabled }}
POSTFIX_maillog_file: {{ .Values.metrics.maillog }}
{{- end }}
{{- range $key, $value := .Values.config.opendkim }}
OPENDKIM_{{ $key }}: {{ $value | quote }}
{{- end }}

25
helm/mail/templates/service-metrics.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if .Values.metrics.enabled -}}
{{- $chart := "mail" -}}
{{- $fullName := include (print $chart ".fullname") . -}}
{{- $labels := include (print $chart ".labels") . -}}
{{- $selectorLabels := include (print $chart ".selectorLabels") . -}}
apiVersion: v1
kind: Service
metadata:
name: {{ print $fullName "-metrics" | quote }}
labels:
{{- $labels | nindent 4 }}
{{- with .Values.metrics.service.labels }}{{ toYaml . | nindent 4 }}{{ end }}
{{ with .Values.metrics.service.annotations }}annotations:
{{ toYaml . | nindent 4 }}
{{ end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.metrics.port }}
targetPort: metrics
protocol: TCP
name: metrics
selector:
{{- $selectorLabels | nindent 4 }}
{{- end -}}

29
helm/mail/templates/service-monitor.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- if .Values.metrics.enabled -}}
{{- if .Values.metrics.serviceMonitor.enabled -}}
{{- $chart := "mail" -}}
{{- $fullName := include (print $chart ".fullname") . -}}
{{- $labels := include (print $chart ".labels") . -}}
{{- $selectorLabels := include (print $chart ".selectorLabels") . -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ print $fullName "-metrics" | quote }}
labels:
{{- $labels | nindent 4 }}
{{- with .Values.metrics.serviceMonitor.labels }}{{ toYaml . | nindent 4 }}{{ end }}
{{ with .Values.metrics.serviceMonitor.annotations }}annotations:
{{ toYaml . | nindent 4 }}
{{ end }}
spec:
endpoints:
- interval: 15s
port: metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ $chart }}
prometheus: unknown
{{- end -}}
{{- end -}}

89
helm/mail/templates/statefulset.yaml
View file

@ -95,11 +95,17 @@ spec:
{{ with .Values.extraEnv }}env: {{- toYaml . | nindent 12 }}{{ end }}
volumeMounts:
- mountPath: /var/spool/postfix
name: {{ $fullName }}
- mountPath: /var/spool/postfix/private
name: private
- mountPath: /var/spool/postfix/public
name: public
name: {{ $fullName | quote }}
subPath: spool
{{- if .Values.metrics.enabled }}
- name: metrics-config
mountPath: /etc/rsyslog.d-metrics/maillog.conf
subPath: maillog.conf
- name: {{ $fullName }}
mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }}
readOnly: false
subPath: logs
{{- end }}
{{- if .Values.certs.create }}
- name: certs
mountPath: /var/run/certs
@ -116,16 +122,71 @@ spec:
{{- end }}
{{- if .Values.extraVolumeMounts }}{{- toYaml .Values.extraVolumeMounts | nindent 12 }}{{ end }}
resources: {{ toYaml .Values.resources | nindent 12 }}
{{- if .Values.metrics.enabled }}
- name: exporter
imagePullPolicy: Always
image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag | default .Chart.AppVersion }}"
ports:
- containerPort: {{ .Values.metrics.port }}
name: metrics
protocol: TCP
command:
- sh
- -c
args:
- |-
/bin/postfix_exporter
--web.listen-address {{ .Values.metrics.port }}
--web.telemetry-path {{ .Values.metrics.path | quote }}
--postfix.logfile_path {{ .Values.metrics.maillog | quote }}
--postfix.showq_path /var/spool/postfix/public/showq
volumeMounts:
- name: {{ $fullName | quote }}
mountPath: /var/spool/postfix
subPath: spool
- name: {{ $fullName | quote }}
mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }}
subPath: logs
startupProbe:
exec:
command:
- sh
- -c
- >-
[ -f {{ .Values.metrics.maillog | quote }} ] && grep -qi "starting the Postfix mail system" {{ .Values.metrics.maillog | quote }}
failureThreshold: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: {{ .Values.metrics.path | quote }}
port: {{ .Values.metrics.port }}
initialDelaySeconds: 5
{{- if .Values.metrics.logrotate.enabled }}
- name: logrotate
image: "{{ .Values.metrics.logrotate.image.repository }}:{{ .Values.metrics.logrotate.image.tag | default "latest" }}"
startupProbe:
exec:
command:
- sh
- -c
- >-
[ -f {{ .Values.metrics.maillog | quote }} ] && grep -qi "starting the Postfix mail system" {{ .Values.metrics.maillog | quote }}
failureThreshold: 30
periodSeconds: 10
volumeMounts:
- name: {{ $fullName | quote }}
mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }}
subPath: logs
- mountPath: /etc/logrotate.d/logrotate.conf
name: metrics-config
subPath: logrotate.conf
{{- end }}
{{- end }}
{{- if .Values.extraContainers }}
{{- tpl .Values.extraContainers $root | nindent 8 }}
{{- end }}
volumes:
# Socket directories
- name: public
emptyDir: {}
- name: private
emptyDir: {}
{{- if .Values.certs.create }}
{{- if .Values.certs.create }}
- name: certs-init
configMap:
name: {{ $fullName }}
@ -134,6 +195,7 @@ spec:
secret:
secretName: {{ $fullName }}-certs
{{- end }}
# Socket directories
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: {{ $fullName }}
persistentVolumeClaim:
@ -149,6 +211,11 @@ spec:
secret:
secretName: {{ $fullName }}-mount
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics-config
configMap:
name: metrics-config
{{- end }}
{{- if .Values.extraVolumes }}{{- toYaml .Values.extraVolumes | nindent 8 }}{{ end }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:

44
helm/mail/values.yaml
View file

@ -21,6 +21,45 @@ service:
annotations: {}
# nodePort:
metrics:
enabled: false
service:
labels: {}
annotations: {}
serviceMonitor:
enabled: false
labels: {}
annotations: {}
port: 9154
path: /metrics
image:
repository: "boky/postfix-exporter"
tag: "latest"
# Warning: Metrics needs a file to work. If you're using this DO NOT override POSTFIX_maillog_file.
# If you do, metrics *will not work*. If you need to log to file:
# - use this file
# - add another file to /etc/rsyslog.d/*.conf
maillog: /var/log/mail.log
logrotate:
enabled: true
image:
repository: "blacklabelops/logrotate"
tag: "latest"
logrotate.conf: |
/var/log/mail.log {
rotate 1
monthly
minsize 1M
compress
missingok
notifempty
dateext
olddir /var/log/old
maxage 90
}
# Tell helm to restart (recreate) pods on every deploy. Setting this to true will inject
# `date/deploy-date: <timestamp>` annotation into pod specification for StateFulset. This
# ensures that the Pod is recreated with the new changes.
@ -80,9 +119,11 @@ container:
postfix:
securityContext: {}
# Auto-generate certificates for the server and mount them into Postfix volume
certs:
# Auto-generate certificates for the server and mount them into Postfix volume
create: false
# Provide existing cert
existing: false
# Define data which should be stored in a Secret
# (and shared with the pod as environment variables)
@ -161,7 +202,6 @@ livenessProbe:
- >-
ps axf | fgrep -v grep | egrep -q '\{supervisord\}|/usr/bin/supervisord' &&
ps axf | fgrep -v grep | egrep -q '(/usr/lib/postfix/sbin/|/usr/libexec/postfix/)master'
startupProbe:
initialDelaySeconds: 5
periodSeconds: 5

18662
helm/schemas/master-standalone/_definitions.json Normal file
View file

File diff suppressed because it is too large Load diff

627
helm/schemas/master-standalone/servicemonitor-monitoring-v1.json Normal file
View file

@ -0,0 +1,627 @@
{
"description": "ServiceMonitor defines monitoring for a set of services.",
"type": "object",
"required": [
"spec"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
"$ref": "_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
},
"spec": {
"description": "Specification of desired Service selection for target discovery by Prometheus.",
"type": "object",
"required": [
"endpoints",
"selector"
],
"properties": {
"endpoints": {
"description": "A list of endpoints allowed as part of this ServiceMonitor.",
"type": "array",
"items": {
"description": "Endpoint defines a scrapeable endpoint serving Prometheus metrics.",
"type": "object",
"properties": {
"authorization": {
"description": "Authorization section for this endpoint",
"type": "object",
"properties": {
"credentials": {
"description": "The secret's key that contains the credentials of the request",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
},
"type": {
"description": "Set the authentication type. Defaults to Bearer, Basic will cause an error",
"type": "string"
}
}
},
"basicAuth": {
"description": "BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints",
"type": "object",
"properties": {
"password": {
"description": "The secret in the service monitor namespace that contains the password for authentication.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
},
"username": {
"description": "The secret in the service monitor namespace that contains the username for authentication.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
}
}
},
"bearerTokenFile": {
"description": "File to read bearer token for scraping targets.",
"type": "string"
},
"bearerTokenSecret": {
"description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
},
"honorLabels": {
"description": "HonorLabels chooses the metric's labels on collisions with target labels.",
"type": "boolean"
},
"honorTimestamps": {
"description": "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.",
"type": "boolean"
},
"interval": {
"description": "Interval at which metrics should be scraped",
"type": "string"
},
"metricRelabelings": {
"description": "MetricRelabelConfigs to apply to samples before ingestion.",
"type": "array",
"items": {
"description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs",
"type": "object",
"properties": {
"action": {
"description": "Action to perform based on regex matching. Default is 'replace'",
"type": "string"
},
"modulus": {
"description": "Modulus to take of the hash of the source label values.",
"type": "integer",
"format": "int64"
},
"regex": {
"description": "Regular expression against which the extracted value is matched. Default is '(.*)'",
"type": "string"
},
"replacement": {
"description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'",
"type": "string"
},
"separator": {
"description": "Separator placed between concatenated source label values. default is ';'.",
"type": "string"
},
"sourceLabels": {
"description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.",
"type": "array",
"items": {
"type": "string"
}
},
"targetLabel": {
"description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
"type": "string"
}
}
}
},
"oauth2": {
"description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.",
"type": "object",
"required": [
"clientId",
"clientSecret",
"tokenUrl"
],
"properties": {
"clientId": {
"description": "The secret or configmap containing the OAuth2 client id",
"type": "object",
"properties": {
"configMap": {
"description": "ConfigMap containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key to select.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap or its key must be defined",
"type": "boolean"
}
}
},
"secret": {
"description": "Secret containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
}
}
},
"clientSecret": {
"description": "The secret containing the OAuth2 client secret",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
},
"endpointParams": {
"description": "Parameters to append to the token URL",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"scopes": {
"description": "OAuth2 scopes used for the token request",
"type": "array",
"items": {
"type": "string"
}
},
"tokenUrl": {
"description": "The URL to fetch the token from",
"type": "string",
"minLength": 1
}
}
},
"params": {
"description": "Optional HTTP URL parameters",
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"type": "string"
}
}
},
"path": {
"description": "HTTP path to scrape for metrics.",
"type": "string"
},
"port": {
"description": "Name of the service port this endpoint refers to. Mutually exclusive with targetPort.",
"type": "string"
},
"proxyUrl": {
"description": "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.",
"type": "string"
},
"relabelings": {
"description": "RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config",
"type": "array",
"items": {
"description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs",
"type": "object",
"properties": {
"action": {
"description": "Action to perform based on regex matching. Default is 'replace'",
"type": "string"
},
"modulus": {
"description": "Modulus to take of the hash of the source label values.",
"type": "integer",
"format": "int64"
},
"regex": {
"description": "Regular expression against which the extracted value is matched. Default is '(.*)'",
"type": "string"
},
"replacement": {
"description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'",
"type": "string"
},
"separator": {
"description": "Separator placed between concatenated source label values. default is ';'.",
"type": "string"
},
"sourceLabels": {
"description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.",
"type": "array",
"items": {
"type": "string"
}
},
"targetLabel": {
"description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.",
"type": "string"
}
}
}
},
"scheme": {
"description": "HTTP scheme to use for scraping.",
"type": "string"
},
"scrapeTimeout": {
"description": "Timeout after which the scrape is ended",
"type": "string"
},
"targetPort": {
"description": "Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port.",
"x-kubernetes-int-or-string": true
},
"tlsConfig": {
"description": "TLS configuration to use when scraping the endpoint",
"type": "object",
"properties": {
"ca": {
"description": "Struct containing the CA cert to use for the targets.",
"type": "object",
"properties": {
"configMap": {
"description": "ConfigMap containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key to select.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap or its key must be defined",
"type": "boolean"
}
}
},
"secret": {
"description": "Secret containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
}
}
},
"caFile": {
"description": "Path to the CA cert in the Prometheus container to use for the targets.",
"type": "string"
},
"cert": {
"description": "Struct containing the client cert file for the targets.",
"type": "object",
"properties": {
"configMap": {
"description": "ConfigMap containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key to select.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap or its key must be defined",
"type": "boolean"
}
}
},
"secret": {
"description": "Secret containing data to use for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
}
}
},
"certFile": {
"description": "Path to the client cert file in the Prometheus container for the targets.",
"type": "string"
},
"insecureSkipVerify": {
"description": "Disable target certificate validation.",
"type": "boolean"
},
"keyFile": {
"description": "Path to the client key file in the Prometheus container for the targets.",
"type": "string"
},
"keySecret": {
"description": "Secret containing the client key file for the targets.",
"type": "object",
"required": [
"key"
],
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
}
},
"serverName": {
"description": "Used to verify the hostname for the targets.",
"type": "string"
}
}
}
}
}
},
"jobLabel": {
"description": "Chooses the label of the Kubernetes `Endpoints`. Its value will be used for the `job`-label's value of the created metrics. \n Default & fallback value: the name of the respective Kubernetes `Endpoint`.",
"type": "string"
},
"labelLimit": {
"description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.",
"type": "integer",
"format": "int64"
},
"labelNameLengthLimit": {
"description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.",
"type": "integer",
"format": "int64"
},
"labelValueLengthLimit": {
"description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.",
"type": "integer",
"format": "int64"
},
"namespaceSelector": {
"description": "Selector to select which namespaces the Kubernetes Endpoints objects are discovered from.",
"type": "object",
"properties": {
"any": {
"description": "Boolean describing whether all namespaces are selected in contrast to a list restricting them.",
"type": "boolean"
},
"matchNames": {
"description": "List of namespace names.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"podTargetLabels": {
"description": "PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics.",
"type": "array",
"items": {
"type": "string"
}
},
"sampleLimit": {
"description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.",
"type": "integer",
"format": "int64"
},
"selector": {
"description": "Selector to select Endpoints objects.",
"type": "object",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"type": "array",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
"type": "object",
"required": [
"key",
"operator"
],
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
},
"matchLabels": {
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object",
"additionalProperties": {
"type": "string"
}
}
}
},
"targetLabels": {
"description": "TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. All labels set in `selector.matchLabels` are automatically transferred.",
"type": "array",
"items": {
"type": "string"
}
},
"targetLimit": {
"description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.",
"type": "integer",
"format": "int64"
}
}
}
},
"x-kubernetes-group-version-kind": [
{
"group": "monitoring.coreos.com",
"kind": "ServiceMonitor",
"version": "v1"
}
],
"$schema": "http://json-schema.org/schema#"
}

36
helm/schemas/master-standalone/servicemonitorlist-monitoring-v1.json Normal file
View file

@ -0,0 +1,36 @@
{
"description": "ServiceMonitorList is a list of ServiceMonitor",
"required": [
"items"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of servicemonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md",
"type": "array",
"items": {
"$ref": "_definitions.json#/definitions/com.coreos.monitoring.v1.ServiceMonitor"
}
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"$ref": "_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
},
"x-kubernetes-group-version-kind": [
{
"group": "monitoring.coreos.com",
"kind": "ServiceMonitorList",
"version": "v1"
}
],
"$schema": "http://json-schema.org/schema#",
"type": "object"
}

4
helm/test_13_test_metrics.yml Normal file
View file

@ -0,0 +1,4 @@
metrics:
enabled: true
serviceMonitor:
enabled: true

10
helm/tests.sh
View file

@ -2,6 +2,7 @@
set -e
mkdir -p fixtures
SCRIPT_DIR="$( pwd; )/$( dirname -- $0; )"
FIND="find"
# Brew installs GNU find as "gfind" by default
if command -v gfind >/dev/null 2>&2; then
@ -11,5 +12,12 @@ fi
for i in `${FIND} -maxdepth 1 -type f -name test\*yml | sort`; do
echo "☆☆☆☆☆☆☆☆☆☆ $i ☆☆☆☆☆☆☆☆☆☆"
helm template -f $i --dry-run mail > fixtures/demo.yaml
docker run -it -v `pwd`/fixtures:/fixtures garethr/kubeval fixtures/demo.yaml
docker run \
-it \
-v "${SCRIPT_DIR}/fixtures:/fixtures" \
-v "${SCRIPT_DIR}/schemas:/schemas" \
garethr/kubeval \
--force-color \
--additional-schema-locations file:///schemas \
fixtures/demo.yaml
done

5
scripts/common-run.sh
View file

@ -608,6 +608,11 @@ postfix_custom_commands() {
value="${!setting}"
if [ -n "${value}" ]; then
info "Applying custom postfix setting: ${emphasis}${key}=${value}${reset}"
if [ "${key}" == "maillog_dir" ]; then
warn "You're overriding ${emphasis}${key}${reset}. This image has a lot of assumptions about logs going to syslog."
warn "Make sure you know what you're doing. Most likely you will want to add an additional file to ${emphasis}/etc/rsyslog.d/${reset}."
fi
do_postconf -e "${key}=${value}"
else
info "Deleting custom postfix setting: ${emphasis}${key}${reset}"