q792602257/DataMate
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b36fdd24383825c96c3c9b39b1e2a538ade58c01
DataMate/deployment/helm/milvus/charts/minio/templates/post-install-prometheus-metrics-job.yaml
hhhhsc701 f3958f08d9 feature: 对接deer-flow (#54) 
feature: 对接deer-flow
2025-11-04 20:30:40 +08:00

153 lines
8.2 KiB
YAML
Raw Blame History

{{- if or .Values.metrics.serviceMonitor.enabled .Values.metrics.podMonitor.enabled }}
{{- $fullName := include "minio.fullname" . -}}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $fullName }}-update-prometheus-secret
labels:
app: {{ template "minio.name" . }}-update-prometheus-secret
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{ toYaml .Values.updatePrometheusJob.annotations | indent 4 }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-update-prometheus-secret
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.updatePrometheusJob.podAnnotations }}
annotations:
{{ toYaml .Values.updatePrometheusJob.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ $fullName }}-update-prometheus-secret
{{- end }}
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.updatePrometheusJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.updatePrometheusJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.updatePrometheusJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.updatePrometheusJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: workdir
emptyDir: {}
initContainers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command:
- /bin/sh
- "-c"
- mc --config-dir {{ .Values.configPathmc }} admin prometheus generate target --json --no-color -q > /workdir/mc.json
env:
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: accesskey
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: secretkey
# mc admin prometheus generate don't really connect to remote server, TLS cert isn't required
- name: MC_HOST_target
value: {{ $scheme }}://$(MINIO_ACCESS_KEY):$(MINIO_SECRET_KEY)@{{ $fullName }}:{{ .Values.service.port }}
volumeMounts:
- name: workdir
mountPath: /workdir
resources:
{{ toYaml .Values.resources | indent 12 }}
# extract bearerToken from mc admin output
- name: jq
image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}"
imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }}
command:
- /bin/sh
- "-c"
- jq -e -c -j -r .bearerToken < /workdir/mc.json > /workdir/token
volumeMounts:
- name: workdir
mountPath: /workdir
resources:
{{ toYaml .Values.resources | indent 12 }}
- name: kubectl-create
image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}"
imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }}
command: ["/bin/sh", "-c"]
args:
# The following script does:
# - get the servicemonitor that need this secret and copy some metadata and create the ownerreference for the secret file
# - create the secret
# - merge both json
{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podMonitor.enabled }}
- |
mkdir -p /workdir/secrets && kubectl -n {{ .Release.Namespace }} get servicemonitor {{ $fullName }} -o json |
jq -c '{metadata: {name: "{{ $fullName }}-servicemonitor-prometheus", namespace: .metadata.namespace, labels: {app: .metadata.labels.app, release: .metadata.labels.release}, ownerReferences: [{apiVersion: .apiVersion, kind: .kind, blockOwnerDeletion: true, controller: true, uid: .metadata.uid, name: .metadata.name}]}}' > /workdir/servicemonitormetadata.json &&
kubectl create secret generic {{ $fullName }}-servicemonitor-prometheus --from-file=token=/workdir/token --dry-run -o json > /workdir/servicemonitorsecret.json &&
cat /workdir/servicemonitorsecret.json /workdir/servicemonitormetadata.json | jq -s add > /workdir/secrets/servicemonitorobject.json;
mkdir -p /workdir/secrets && kubectl -n {{ .Release.Namespace }} get podmonitor {{ $fullName }} -o json |
jq -c '{metadata: {name: "{{ $fullName }}-podmonitor-prometheus", namespace: .metadata.namespace, labels: {app: .metadata.labels.app, release: .metadata.labels.release}, ownerReferences: [{apiVersion: .apiVersion, kind: .kind, blockOwnerDeletion: true, controller: true, uid: .metadata.uid, name: .metadata.name}]}}' > /workdir/podmonitormetadata.json &&
kubectl create secret generic {{ $fullName }}-podmonitor-prometheus --from-file=token=/workdir/token --dry-run -o json > /workdir/podmonitorsecret.json &&
cat /workdir/podmonitorsecret.json /workdir/podmonitormetadata.json | jq -s add > /workdir/secrets/podmonitorobject.json
{{- else if .Values.metrics.podMonitor.enabled }}
- |
mkdir -p /workdir/secrets && kubectl -n {{ .Release.Namespace }} get podmonitor {{ $fullName }} -o json |
jq -c '{metadata: {name: "{{ $fullName }}-podmonitor-prometheus", namespace: .metadata.namespace, labels: {app: .metadata.labels.app, release: .metadata.labels.release}, ownerReferences: [{apiVersion: .apiVersion, kind: .kind, blockOwnerDeletion: true, controller: true, uid: .metadata.uid, name: .metadata.name}]}}' > /workdir/podmonitormetadata.json &&
kubectl create secret generic {{ $fullName }}-podmonitor-prometheus --from-file=token=/workdir/token --dry-run -o json > /workdir/podmonitorsecret.json &&
cat /workdir/podmonitorsecret.json /workdir/podmonitormetadata.json | jq -s add > /workdir/secrets/podmonitorobject.json
{{- else if .Values.metrics.serviceMonitor.enabled }}
- |
mkdir -p /workdir/secrets && kubectl -n {{ .Release.Namespace }} get servicemonitor {{ $fullName }} -o json |
jq -c '{metadata: {name: "{{ $fullName }}-servicemonitor-prometheus", namespace: .metadata.namespace, labels: {app: .metadata.labels.app, release: .metadata.labels.release}, ownerReferences: [{apiVersion: .apiVersion, kind: .kind, blockOwnerDeletion: true, controller: true, uid: .metadata.uid, name: .metadata.name}]}}' > /workdir/servicemonitormetadata.json &&
kubectl create secret generic {{ $fullName }}-servicemonitor-prometheus --from-file=token=/workdir/token --dry-run -o json > /workdir/servicemonitorsecret.json &&
cat /workdir/servicemonitorsecret.json /workdir/servicemonitormetadata.json | jq -s add > /workdir/secrets/servicemonitorobject.json
{{- end }}
volumeMounts:
- name: workdir
mountPath: /workdir
resources:
{{ toYaml .Values.resources | indent 12 }}
containers:
- name: kubectl-apply
image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}"
imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }}
command:
- kubectl
- apply
- "-f"
- /workdir/secrets
volumeMounts:
- name: workdir
mountPath: /workdir
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink