2018-11-20 20:47:30 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
class PrometheusService < MonitoringService
|
2018-03-27 19:54:05 +05:30
|
|
|
include PrometheusAdapter
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
# Access to prometheus is directly through the API
|
|
|
|
prop_accessor :api_url
|
2020-06-23 00:09:42 +05:30
|
|
|
prop_accessor :google_iap_service_account_json
|
|
|
|
prop_accessor :google_iap_audience_client_id
|
2018-03-17 18:26:18 +05:30
|
|
|
boolean_accessor :manual_configuration
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
# We need to allow the self-monitoring project to connect to the internal
|
|
|
|
# Prometheus instance.
|
|
|
|
# Since the internal Prometheus instance is usually a localhost URL, we need
|
|
|
|
# to allow localhost URLs when the following conditions are true:
|
|
|
|
# 1. project is the self-monitoring project.
|
|
|
|
# 2. api_url is the internal Prometheus URL.
|
2020-04-22 19:07:51 +05:30
|
|
|
with_options presence: true do
|
|
|
|
validates :api_url, public_url: true, if: ->(object) { object.manual_configuration? && !object.allow_local_api_url? }
|
|
|
|
validates :api_url, url: true, if: ->(object) { object.manual_configuration? && object.allow_local_api_url? }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
before_save :synchronize_service_state
|
2018-03-17 18:26:18 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
after_save :clear_reactive_cache!
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
after_commit :track_events
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
after_create_commit :create_default_alerts
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
scope :preload_project, -> { preload(:project) }
|
|
|
|
scope :with_clusters_with_cilium, -> { joins(project: [:clusters]).merge(Clusters::Cluster.with_available_cilium) }
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
def initialize_properties
|
|
|
|
if properties.nil?
|
|
|
|
self.properties = {}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
def show_active_box?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
def title
|
|
|
|
'Prometheus'
|
|
|
|
end
|
|
|
|
|
|
|
|
def description
|
2021-04-17 20:07:23 +05:30
|
|
|
s_('PrometheusService|Monitor application health with Prometheus metrics and dashboards')
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def self.to_param
|
|
|
|
'prometheus'
|
|
|
|
end
|
|
|
|
|
|
|
|
def fields
|
2020-07-28 23:09:34 +05:30
|
|
|
[
|
2018-03-17 18:26:18 +05:30
|
|
|
{
|
|
|
|
type: 'checkbox',
|
|
|
|
name: 'manual_configuration',
|
|
|
|
title: s_('PrometheusService|Active'),
|
2021-04-17 20:07:23 +05:30
|
|
|
help: s_('PrometheusService|Select this checkbox to override the auto configuration settings with your own settings.'),
|
2018-03-17 18:26:18 +05:30
|
|
|
required: true
|
|
|
|
},
|
2017-08-17 22:00:37 +05:30
|
|
|
{
|
|
|
|
type: 'text',
|
|
|
|
name: 'api_url',
|
|
|
|
title: 'API URL',
|
2021-04-17 20:07:23 +05:30
|
|
|
placeholder: s_('PrometheusService|https://prometheus.example.com/'),
|
|
|
|
help: s_('PrometheusService|The Prometheus API base URL.'),
|
2017-09-10 17:25:29 +05:30
|
|
|
required: true
|
2020-07-28 23:09:34 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
type: 'text',
|
|
|
|
name: 'google_iap_audience_client_id',
|
|
|
|
title: 'Google IAP Audience Client ID',
|
2021-04-17 20:07:23 +05:30
|
|
|
placeholder: s_('PrometheusService|IAP_CLIENT_ID.apps.googleusercontent.com'),
|
|
|
|
help: s_('PrometheusService|PrometheusService|The ID of the IAP-secured resource.'),
|
2020-07-28 23:09:34 +05:30
|
|
|
autocomplete: 'off',
|
|
|
|
required: false
|
|
|
|
},
|
|
|
|
{
|
|
|
|
type: 'textarea',
|
|
|
|
name: 'google_iap_service_account_json',
|
|
|
|
title: 'Google IAP Service Account JSON',
|
2021-04-17 20:07:23 +05:30
|
|
|
placeholder: s_('PrometheusService|{ "type": "service_account", "project_id": ... }'),
|
|
|
|
help: s_('PrometheusService|The contents of the credentials.json file of your service account.'),
|
2020-07-28 23:09:34 +05:30
|
|
|
required: false
|
2017-08-17 22:00:37 +05:30
|
|
|
}
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
# Check we can connect to the Prometheus API
|
|
|
|
def test(*args)
|
2019-10-12 21:52:04 +05:30
|
|
|
prometheus_client.ping
|
2017-08-17 22:00:37 +05:30
|
|
|
{ success: true, result: 'Checked API endpoint' }
|
2018-03-27 19:54:05 +05:30
|
|
|
rescue Gitlab::PrometheusClient::Error => err
|
2017-08-17 22:00:37 +05:30
|
|
|
{ success: false, result: err }
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def prometheus_client
|
2019-10-12 21:52:04 +05:30
|
|
|
return unless should_return_client?
|
|
|
|
|
2020-11-24 15:15:51 +05:30
|
|
|
options = prometheus_client_default_options.merge(
|
|
|
|
allow_local_requests: allow_local_api_url?
|
|
|
|
)
|
2020-06-23 00:09:42 +05:30
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
if behind_iap?
|
2020-06-23 00:09:42 +05:30
|
|
|
# Adds the Authorization header
|
|
|
|
options[:headers] = iap_client.apply({})
|
|
|
|
end
|
|
|
|
|
|
|
|
Gitlab::PrometheusClient.new(api_url, options)
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
2018-12-13 13:39:08 +05:30
|
|
|
def prometheus_available?
|
2018-03-17 18:26:18 +05:30
|
|
|
return false if template?
|
|
|
|
return false unless project
|
|
|
|
|
2020-04-08 14:13:33 +05:30
|
|
|
project.all_clusters.enabled.eager_load(:application_prometheus).any? do |cluster|
|
|
|
|
cluster.application_prometheus&.available?
|
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
def allow_local_api_url?
|
2020-04-22 19:07:51 +05:30
|
|
|
allow_local_requests_from_web_hooks_and_services? ||
|
|
|
|
(self_monitoring_project? && internal_prometheus_url?)
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
def configured?
|
|
|
|
should_return_client?
|
|
|
|
end
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
private
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
def self_monitoring_project?
|
2020-03-13 15:44:24 +05:30
|
|
|
project && project.id == current_settings.self_monitoring_project_id
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def internal_prometheus_url?
|
|
|
|
api_url.present? && api_url == ::Gitlab::Prometheus::Internal.uri
|
|
|
|
end
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
def allow_local_requests_from_web_hooks_and_services?
|
|
|
|
current_settings.allow_local_requests_from_web_hooks_and_services?
|
|
|
|
end
|
|
|
|
|
2019-03-13 22:55:13 +05:30
|
|
|
def should_return_client?
|
2019-10-12 21:52:04 +05:30
|
|
|
api_url.present? && manual_configuration? && active? && valid?
|
2019-03-13 22:55:13 +05:30
|
|
|
end
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
def current_settings
|
|
|
|
Gitlab::CurrentSettings.current_application_settings
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def synchronize_service_state
|
2018-12-13 13:39:08 +05:30
|
|
|
self.active = prometheus_available? || manual_configuration?
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
true
|
|
|
|
end
|
2020-01-01 13:55:28 +05:30
|
|
|
|
|
|
|
def track_events
|
|
|
|
if enabled_manual_prometheus?
|
|
|
|
Gitlab::Tracking.event('cluster:services:prometheus', 'enabled_manual_prometheus')
|
|
|
|
elsif disabled_manual_prometheus?
|
|
|
|
Gitlab::Tracking.event('cluster:services:prometheus', 'disabled_manual_prometheus')
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def enabled_manual_prometheus?
|
|
|
|
manual_configuration_changed? && manual_configuration?
|
|
|
|
end
|
|
|
|
|
|
|
|
def disabled_manual_prometheus?
|
|
|
|
manual_configuration_changed? && !manual_configuration?
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
def create_default_alerts
|
|
|
|
return unless project_id
|
|
|
|
|
|
|
|
Prometheus::CreateDefaultAlertsWorker.perform_async(project_id)
|
|
|
|
end
|
2020-06-23 00:09:42 +05:30
|
|
|
|
|
|
|
def behind_iap?
|
|
|
|
manual_configuration? && google_iap_audience_client_id.present? && google_iap_service_account_json.present?
|
|
|
|
end
|
|
|
|
|
2021-02-11 23:33:58 +05:30
|
|
|
def clean_google_iap_service_account
|
|
|
|
return unless google_iap_service_account_json
|
|
|
|
|
|
|
|
google_iap_service_account_json
|
|
|
|
.then { |json| Gitlab::Json.parse(json) }
|
|
|
|
.except('token_credential_uri')
|
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
def iap_client
|
2021-02-11 23:33:58 +05:30
|
|
|
@iap_client ||= Google::Auth::Credentials
|
|
|
|
.new(clean_google_iap_service_account, target_audience: google_iap_audience_client_id)
|
|
|
|
.client
|
2020-06-23 00:09:42 +05:30
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|