diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index a9b0391f1f..62bb770c56 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -52,21 +52,94 @@ spec: {{ .Values.labels.openstack_exporter.node_selector_key }}: {{ .Values.labels.openstack_exporter.node_selector_value | quote }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_openstack_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll "prometheus_openstack_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{ tuple $envAll "prometheus_openstack_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 | trim }} + - name: clouds-yaml-gen + {{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | nindent 10 }} + {{ tuple $envAll $envAll.Values.pod.resources.clouds_yaml_gen | include "helm-toolkit.snippets.kubernetes_resources" | nindent 10 }} + {{ dict "envAll" $envAll "application" "clouds_yaml_gen" "container" "clouds_yaml_gen" | include "helm-toolkit.snippets.kubernetes_container_security_context" | nindent 10 }} + command: + - /bin/sh + - -c + - | + cat < /etc/openstack/clouds.yaml + clouds: + default: + auth: + auth_url: "$OS_AUTH_URL" + username: "$OS_USERNAME" + password: "$OS_PASSWORD" + project_name: "$OS_PROJECT_NAME" + user_domain_name: "$OS_USER_DOMAIN_NAME" + project_domain_name: "$OS_PROJECT_DOMAIN_NAME" + region_name: "$OS_REGION_NAME" + interface: "$OS_INTERFACE" + identity_api_version: "$OS_IDENTITY_API_VERSION" + {{- if .Values.manifests.certificates }} + cacert: "/etc/ssl/certs/openstack-helm.crt" + {{- end }} + EOF + env: + - name: OS_AUTH_URL + valueFrom: + secretKeyRef: + key: OS_AUTH_URL + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_USERNAME + valueFrom: + secretKeyRef: + key: OS_USERNAME + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_PASSWORD + valueFrom: + secretKeyRef: + key: OS_PASSWORD + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_PROJECT_NAME + valueFrom: + secretKeyRef: + key: OS_PROJECT_NAME + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_USER_DOMAIN_NAME + valueFrom: + secretKeyRef: + key: OS_USER_DOMAIN_NAME + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_PROJECT_DOMAIN_NAME + valueFrom: + secretKeyRef: + key: OS_PROJECT_DOMAIN_NAME + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_REGION_NAME + valueFrom: + secretKeyRef: + key: OS_REGION_NAME + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_INTERFACE + valueFrom: + secretKeyRef: + key: OS_INTERFACE + name: {{ .Values.secrets.identity.user | quote }} + - name: OS_IDENTITY_API_VERSION + value: "3" + volumeMounts: + - name: clouds-yaml + mountPath: /etc/openstack +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 65534 containers: - name: openstack-metrics-exporter {{ tuple $envAll "prometheus_openstack_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.prometheus_openstack_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ dict "envAll" $envAll "application" "exporter" "container" "openstack_metrics_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - - /tmp/prometheus-openstack-exporter.sh - - start - lifecycle: - preStop: - exec: - command: - - /tmp/prometheus-openstack-exporter.sh - - stop + - /bin/openstack-exporter + args: + - --web.listen-address=:{{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - --os-client-config=/etc/openstack/clouds.yaml + - default ports: - name: metrics containerPort: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} @@ -76,33 +149,37 @@ spec: port: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 180 periodSeconds: 60 + timeoutSeconds: 30 readinessProbe: httpGet: path: /metrics port: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - initialDelaySeconds: 20 + initialDelaySeconds: 30 periodSeconds: 30 + timeoutSeconds: 30 env: - name: LISTEN_PORT value: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} -{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.prometheus_openstack_exporter | indent 12 }} -{{- with $env := dict "ksUserSecret" $ksUserSecret "useCA" .Values.manifests.certificates }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} + - name: OS_POLLING_INTERVAL + value: {{ .Values.conf.prometheus_openstack_exporter.OS_POLLING_INTERVAL | quote }} + - name: OS_RETRIES + value: {{ .Values.conf.prometheus_openstack_exporter.OS_RETRIES | quote }} + - name: TIMEOUT_SECONDS + value: {{ .Values.conf.prometheus_openstack_exporter.TIMEOUT_SECONDS | quote }} + - name: OS_IDENTITY_API_VERSION + value: "3" volumeMounts: - name: pod-tmp mountPath: /tmp - - name: prometheus-openstack-exporter-bin - mountPath: /tmp/prometheus-openstack-exporter.sh - subPath: prometheus-openstack-exporter.sh + - name: clouds-yaml + mountPath: /etc/openstack readOnly: true {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + workingDir: /tmp volumes: - name: pod-tmp emptyDir: {} - - name: prometheus-openstack-exporter-bin - configMap: - name: prometheus-openstack-exporter-bin - defaultMode: 0555 + - name: clouds-yaml + emptyDir: {} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index b93a1a4e28..9732e9a4b5 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -17,7 +17,7 @@ --- images: tags: - prometheus_openstack_exporter: quay.io/airshipit/prometheus-openstack-exporter:latest-ubuntu_jammy + prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.6.0 dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy image_repo_sync: quay.io/airshipit/docker:27.5.0 ks_user: quay.io/airshipit/openstack-client:2025.1-ubuntu_noble @@ -52,6 +52,11 @@ pod: prometheus_openstack_exporter_ks_user: readOnlyRootFilesystem: true allowPrivilegeEscalation: false + clouds_yaml_gen: + container: + prometheus_openstack_exporter_ks_user: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false affinity: anti: type: @@ -84,6 +89,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + clouds_yaml_gen: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" jobs: image_repo_sync: requests: diff --git a/releasenotes/notes/prometheus-openstack-exporter-d95d286faa68ea98.yaml b/releasenotes/notes/prometheus-openstack-exporter-d95d286faa68ea98.yaml new file mode 100644 index 0000000000..e247b0df5f --- /dev/null +++ b/releasenotes/notes/prometheus-openstack-exporter-d95d286faa68ea98.yaml @@ -0,0 +1,4 @@ +--- +prometheus-openstack-exporter: + - Swap to official openstack exporter image. +... diff --git a/tools/deployment/common/openstack-exporter.sh b/tools/deployment/common/openstack-exporter.sh index a1c1375603..d8c2898481 100755 --- a/tools/deployment/common/openstack-exporter.sh +++ b/tools/deployment/common/openstack-exporter.sh @@ -12,8 +12,43 @@ # License for the specific language governing permissions and limitations # under the License. + set -xe +# Check if Keystone API DNS and HTTP endpoint are available; skip deployment if not +KEYSTONE_HOST="keystone-api.openstack.svc.cluster.local" +KEYSTONE_PORT=5000 +KEYSTONE_URL="http://$KEYSTONE_HOST:$KEYSTONE_PORT/v3" +TIMEOUT=${TIMEOUT:-60} +INTERVAL=2 +start_time=$(date +%s) + +# DNS check +while ! getent hosts "$KEYSTONE_HOST" >/dev/null; do + now=$(date +%s) + elapsed=$((now - start_time)) + if [ $elapsed -ge $TIMEOUT ]; then + echo "[INFO] Keystone API DNS not found after $TIMEOUT seconds, skipping prometheus-openstack-exporter deployment." + exit 0 + fi + echo "[INFO] Waiting for Keystone DNS... ($elapsed/$TIMEOUT)" + sleep $INTERVAL +done + +# HTTP check +while ! curl -sf "$KEYSTONE_URL" >/dev/null; do + now=$(date +%s) + elapsed=$((now - start_time)) + if [ $elapsed -ge $TIMEOUT ]; then + echo "[INFO] Keystone API not responding after $TIMEOUT seconds, skipping prometheus-openstack-exporter deployment." + exit 0 + fi + echo "[INFO] Waiting for Keystone API... ($elapsed/$TIMEOUT)" + sleep $INTERVAL +done + +echo "[INFO] Keystone API is available. Proceeding with exporter deployment." + #NOTE: Define variables : ${OSH_HELM_REPO:="../openstack-helm"} : ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} diff --git a/tools/deployment/monitoring/openstack-exporter.sh b/tools/deployment/monitoring/openstack-exporter.sh index 522163fc77..748b7bb61b 100755 --- a/tools/deployment/monitoring/openstack-exporter.sh +++ b/tools/deployment/monitoring/openstack-exporter.sh @@ -12,8 +12,44 @@ # License for the specific language governing permissions and limitations # under the License. + + set -xe +# Check if Keystone API DNS and HTTP endpoint are available; skip deployment if not +KEYSTONE_HOST="keystone-api.openstack.svc.cluster.local" +KEYSTONE_PORT=5000 +KEYSTONE_URL="http://$KEYSTONE_HOST:$KEYSTONE_PORT/v3" +TIMEOUT=${TIMEOUT:-60} +INTERVAL=2 +start_time=$(date +%s) + +# DNS check +while ! getent hosts "$KEYSTONE_HOST" >/dev/null; do + now=$(date +%s) + elapsed=$((now - start_time)) + if [ $elapsed -ge $TIMEOUT ]; then + echo "[INFO] Keystone API DNS not found after $TIMEOUT seconds, skipping prometheus-openstack-exporter deployment." + exit 0 + fi + echo "[INFO] Waiting for Keystone DNS... ($elapsed/$TIMEOUT)" + sleep $INTERVAL +done + +# HTTP check +while ! curl -sf "$KEYSTONE_URL" >/dev/null; do + now=$(date +%s) + elapsed=$((now - start_time)) + if [ $elapsed -ge $TIMEOUT ]; then + echo "[INFO] Keystone API not responding after $TIMEOUT seconds, skipping prometheus-openstack-exporter deployment." + exit 0 + fi + echo "[INFO] Waiting for Keystone API... ($elapsed/$TIMEOUT)" + sleep $INTERVAL +done + +echo "[INFO] Keystone API is available. Proceeding with exporter deployment." + : ${OSH_HELM_REPO:="../openstack-helm"} : ${OSH_VALUES_OVERRIDES_PATH:="../openstack-helm/values_overrides"} : ${OSH_EXTRA_HELM_ARGS_OS_EXPORTER:="$(helm osh get-values-overrides -p ${OSH_VALUES_OVERRIDES_PATH} -c prometheus-openstack-exporter ${FEATURES})"}