diff --git a/charts/prometheus-mysql-exporter/Chart.yaml b/charts/prometheus-mysql-exporter/Chart.yaml index f1a878af5c3a..94a59fc30064 100644 --- a/charts/prometheus-mysql-exporter/Chart.yaml +++ b/charts/prometheus-mysql-exporter/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 description: A Helm chart for prometheus mysql exporter with cloudsqlproxy name: prometheus-mysql-exporter -version: 1.14.0 +version: 2.0.0 home: https://github.com/prometheus/mysqld_exporter -appVersion: v0.14.0 +appVersion: v0.15.0 sources: - https://github.com/prometheus/mysqld_exporter maintainers: diff --git a/charts/prometheus-mysql-exporter/README.md b/charts/prometheus-mysql-exporter/README.md index 2c292203b25a..2023ad9642de 100644 --- a/charts/prometheus-mysql-exporter/README.md +++ b/charts/prometheus-mysql-exporter/README.md @@ -41,6 +41,58 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen helm upgrade [RELEASE_NAME] [CHART] --install ``` +### From 1.x to 2.x + +mysqld_exporter has been updated to [v0.15.0](https://github.com/prometheus/mysqld_exporter/releases/tag/v0.15.0), removing support for `DATA_SOURCE_NAME`. Configuration for exporter use `--config.my-cnf` with a custom cnf file (secret). + +If you use `mysql.existingSecret` to set full `DATA_SOURCE_NAME`, please set `mysql.existingConfigSecret.name` & `mysql.existingConfigSecret.key` to reference the secret config. + +```yaml +mysql: + existingSecret: "my-data-source" +``` + +to: + +```yaml +mysql: + existingConfigSecret: + name: "config" + key: "my.cnf" +``` + +If you use `mysql.param` to extend `DATA_SOURCE_NAME`, please set `mysql.additionalConfig` with extra params to extend my.cnf file. + +```yaml +mysql: + param: "debug&connect-timeout=5" +``` + +to: + +```yaml +mysql: + additionalConfig: + - connect-timeout=5 + - debug +``` + +This version uses [cloud-sql-proxy v2](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/main/migration-guide.md). + +If you use `cloudsqlproxy.ipAddressTypes` to set private connections, please set `cloudsqlproxy.privateIp`. + +```yaml +cloudsqlproxy: + ipAddressTypes: PRIVATE,PUBLIC +``` + +to: + +```yaml +cloudsqlproxy: + privateIp: true +``` + ### To =< 1.0.0 Version 1.0.0 is a major update. diff --git a/charts/prometheus-mysql-exporter/templates/_helpers.tpl b/charts/prometheus-mysql-exporter/templates/_helpers.tpl index fe2baf7a8efd..6b23984296f3 100644 --- a/charts/prometheus-mysql-exporter/templates/_helpers.tpl +++ b/charts/prometheus-mysql-exporter/templates/_helpers.tpl @@ -69,13 +69,24 @@ Secret name for cloudsql credentials {{- end -}} {{/* -Secret name for DATA_SOURCE_NAME +Secret name for config */}} -{{- define "prometheus-mysql-exporter.secret" -}} - {{- if .Values.mysql.existingSecret -}} - {{- printf "%s" .Values.mysql.existingSecret -}} +{{- define "prometheus-mysql-exporter.secretName" -}} + {{- if .Values.mysql.existingConfigSecret.name -}} + {{- printf "%s" .Values.mysql.existingConfigSecret.name -}} {{- else -}} - {{ template "prometheus-mysql-exporter.fullname" . }} + {{ template "prometheus-mysql-exporter.fullname" . }}-config + {{- end -}} +{{- end -}} +*/}} + +Secret key for config +*/}} +{{- define "prometheus-mysql-exporter.secretKey" -}} + {{- if .Values.mysql.existingConfigSecret.key -}} + {{- printf "%s" .Values.mysql.existingConfigSecret.key -}} + {{- else -}} + my.cnf {{- end -}} {{- end -}} */}} diff --git a/charts/prometheus-mysql-exporter/templates/deployment.yaml b/charts/prometheus-mysql-exporter/templates/deployment.yaml index a0732ad047b5..7a99a0464553 100644 --- a/charts/prometheus-mysql-exporter/templates/deployment.yaml +++ b/charts/prometheus-mysql-exporter/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{ toYaml .Values.podLabels | trim | indent 8 }} {{- end }} annotations: - checksum/credentials: {{ include (print .Template.BasePath "/secret-env.yaml") . | sha256sum }} + checksum/credentials: {{ include (print .Template.BasePath "/secret-config.yaml") . | sha256sum }} {{- if .Values.cloudsqlproxy.enabled }} checksum/config: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.annotations }} @@ -40,8 +40,9 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or .Values.config .Values.collectors }} args: + - "--config.my-cnf=/etc/cnf/{{ template "prometheus-mysql-exporter.secretKey" . }}" + {{- if or .Values.config .Values.collectors }} {{- if .Values.config.logLevel }} - "--log.level={{ .Values.config.logLevel }}" {{- end}} @@ -61,27 +62,16 @@ spec: {{- end }} {{- end }} {{- end }} - {{- if not .Values.mysql.existingSecret }} + {{- if and (not .Values.mysql.existingConfigSecret.name) (.Values.mysql.existingPasswordSecret.name) }} env: - - name: DB_PASSWORD + - name: MYSQLD_EXPORTER_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.mysql.existingPasswordSecret.name }} + {{- if and .Values.mysql.existingPasswordSecret.name .Values.mysql.existingPasswordSecret.key }} name: {{ .Values.mysql.existingPasswordSecret.name }} key: {{ .Values.mysql.existingPasswordSecret.key }} - {{- else }} - name: {{ template "prometheus-mysql-exporter.fullname" . }} - key: password {{- end }} {{- end }} - {{- if .Values.mysql.existingSecret }} - envFrom: - - secretRef: - name: {{ template "prometheus-mysql-exporter.secret" . }} - {{- else }} - - name: DATA_SOURCE_NAME - value: "{{ .Values.mysql.user }}:$(DB_PASSWORD)@{{ if .Values.mysql.protocol }}{{ .Values.mysql.protocol }}{{ end }}({{ .Values.mysql.host }}:{{ .Values.mysql.port }})/{{ if .Values.mysql.db }}{{ .Values.mysql.db }}{{ end }}{{ if .Values.mysql.param }}?{{ .Values.mysql.param }}{{ end }}" - {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} livenessProbe: @@ -92,28 +82,63 @@ spec: httpGet: path: / port: {{ .Values.service.internalPort }} + volumeMounts: + - name: secret-config + mountPath: /etc/cnf/ + readOnly: true {{- with .Values.extraVolumeMounts }} - volumeMounts: {{ toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.cloudsqlproxy.enabled }} - name: cloudsql-proxy image: "{{ .Values.cloudsqlproxy.image.repo }}:{{ .Values.cloudsqlproxy.image.tag }}" imagePullPolicy: "{{ .Values.cloudsqlproxy.image.PullPolicy }}" - command: ["/cloud_sql_proxy" - ,"-instances={{ .Values.cloudsqlproxy.instanceConnectionName }}=tcp:{{ .Values.cloudsqlproxy.port }}" - {{- if .Values.cloudsqlproxy.ipAddressTypes }} - ,"-ip_address_types={{ .Values.cloudsqlproxy.ipAddressTypes }}" - {{- end }} - {{- if not .Values.cloudsqlproxy.workloadIdentity.enabled }} - ,"-credential_file=/secrets/cloudsql/credentials.json" - {{- end }} - {{- if .Values.cloudsqlproxy.extraArgs }} - ,"{{ .Values.cloudsqlproxy.extraArgs }}" - {{- end }} - ] + args: ["{{ .Values.cloudsqlproxy.instanceConnectionName }}?port:{{ .Values.cloudsqlproxy.port }}" + ,"--health-check" + ,"--http-address=0.0.0.0" + ,"--run-connection-test" + {{- if .Values.cloudsqlproxy.privateIp }} + ,"--private-ip" + {{- end }} + {{- if not .Values.cloudsqlproxy.workloadIdentity.enabled }} + ,"--credentials-file=/secrets/cloudsql/credentials.json" + {{- end }} + {{- if .Values.cloudsqlproxy.extraArgs }} + ,"{{ .Values.cloudsqlproxy.extraArgs }}" + {{- end }} + ] livenessProbe: - exec: - command: ["nc", "-z", "127.0.0.1", "3306"] + httpGet: + path: /liveness + port: 9090 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 1 + readinessProbe: + httpGet: + path: /readiness + port: 9090 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 1 + startupProbe: + httpGet: + path: /startup + port: 9090 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 20 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsUser: 10000 + runAsNonRoot: true {{- if not .Values.cloudsqlproxy.workloadIdentity.enabled }} volumeMounts: - name: cloudsql-proxy-sa-credentials @@ -136,6 +161,9 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: + - name: secret-config + secret: + secretName: {{ template "prometheus-mysql-exporter.secretName" . }} {{- if and (.Values.cloudsqlproxy.enabled) (not .Values.cloudsqlproxy.workloadIdentity.enabled) }} - name: cloudsql-proxy-sa-credentials secret: diff --git a/charts/prometheus-mysql-exporter/templates/secret-config.yaml b/charts/prometheus-mysql-exporter/templates/secret-config.yaml new file mode 100644 index 000000000000..be4652ba8c9b --- /dev/null +++ b/charts/prometheus-mysql-exporter/templates/secret-config.yaml @@ -0,0 +1,27 @@ +{{- if not .Values.mysql.existingConfigSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus-mysql-exporter.secretName" . }} + labels: + {{- include "prometheus-mysql-exporter.labels" . | nindent 4 }} +type: Opaque +stringData: + {{ template "prometheus-mysql-exporter.secretKey" . }}: | + [client] + host={{ .Values.mysql.host }} + port={{ .Values.mysql.port }} + user={{ .Values.mysql.user }} + {{- if and (.Values.mysql.pass) (not .Values.mysql.existingPasswordSecret.name) }} + password={{ .Values.mysql.pass }} + {{- end }} + {{- if .Values.mysql.db }} + database={{ .Values.mysql.db }} + {{- end }} + {{- if .Values.mysql.protocol }} + protocol={{ .Values.mysql.protocol }} + {{- end }} + {{- range $param := .Values.mysql.additionalConfig}} + {{ $param }} + {{- end }} +{{- end }} diff --git a/charts/prometheus-mysql-exporter/templates/secret-env.yaml b/charts/prometheus-mysql-exporter/templates/secret-env.yaml deleted file mode 100644 index afd67edd715e..000000000000 --- a/charts/prometheus-mysql-exporter/templates/secret-env.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (not .Values.mysql.existingSecret) (not .Values.mysql.existingPasswordSecret.name) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "prometheus-mysql-exporter.fullname" . }} - labels: - {{- include "prometheus-mysql-exporter.labels" . | nindent 4 }} -type: Opaque -data: - password: "{{ .Values.mysql.pass | b64enc }}" -{{- end }} diff --git a/charts/prometheus-mysql-exporter/templates/servicemonitor.yaml b/charts/prometheus-mysql-exporter/templates/servicemonitor.yaml index 66ce89881f1c..c75010447087 100644 --- a/charts/prometheus-mysql-exporter/templates/servicemonitor.yaml +++ b/charts/prometheus-mysql-exporter/templates/servicemonitor.yaml @@ -44,4 +44,4 @@ spec: {{- if .Values.serviceMonitor.relabelings }} relabelings: {{ toYaml .Values.serviceMonitor.relabelings | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/prometheus-mysql-exporter/values.yaml b/charts/prometheus-mysql-exporter/values.yaml index 503099fee156..6ad9dcd85a7a 100644 --- a/charts/prometheus-mysql-exporter/values.yaml +++ b/charts/prometheus-mysql-exporter/values.yaml @@ -140,17 +140,22 @@ collectors: {} # heartbeat.database: heartbeat # heartbeat.table: heartbeat -# mysql connection params which build the DATA_SOURCE_NAME env var of the docker container +# mysql connection params which build the my.cnf config mysql: db: "" host: "localhost" - param: "" + # config my.cnf https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html + additionalConfig: + # - connect-timeout=5 + # - debug pass: "password" port: 3306 protocol: "" user: "exporter" - # secret with full DATA_SOURCE_NAME env var as stringdata - existingSecret: "" + # secret with full config my.cnf + existingConfigSecret: + name: "" + key: "" # secret only containing the password existingPasswordSecret: name: "" @@ -160,11 +165,11 @@ mysql: cloudsqlproxy: enabled: false image: - repo: "gcr.io/cloudsql-docker/gce-proxy" - tag: "1.33.0-alpine" + repo: "gcr.io/cloud-sql-connectors/cloud-sql-proxy" + tag: "2.4.0" pullPolicy: "IfNotPresent" instanceConnectionName: "project:us-central1:dbname" - ipAddressTypes: "" + privateIp: false port: "3306" credentialsSecret: "" # service account json