kube-prometheus: update etcd info

Resolves issue #1629 in this repository.
2018-08-01 09:17:58 -05:00
parent fe923a7239
commit bed6e4865a
5 changed files with 36 additions and 150 deletions
--- a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
@@ -61,6 +61,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
              port: 'metrics',
              interval: '30s',
              scheme: 'https',
+              // Prometheus Operator (and Prometheus) allow us to specify a tlsConfig. This is required as most likely your etcd metrics end points is secure.
              tlsConfig: {
                caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt',
                keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key',
@@ -77,8 +78,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
        },
      },
    secretEtcdCerts:
+      // Prometheus Operator allows us to mount secrets in the pod. By loading the secrets as files, they can be made available inside the Prometheus pod.
      local secret = k.core.v1.secret;
-
      secret.new('kube-etcd-client-certs', {
        'etcd-client-ca.crt': std.base64($._config.etcd.clientCA),
        'etcd-client.key': std.base64($._config.etcd.clientKey),
@@ -87,6 +88,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
      secret.mixin.metadata.withNamespace($._config.namespace),
    prometheus+:
      {
+        // Reference info: https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec
        spec+: {
          secrets+: [$.prometheus.secretEtcdCerts.metadata.name],
        },