Enable monitoring shinyproxy via prometheus (#67)

* added skip_existing flag, bumped to 1.6.0 * added servicemonitor * Added specific service for prometheus's servicemonitor * add code chunk langauges * Shinyproxy monitor doc * Update configmap.yaml * more parameters for configuring monitoring * only minor version is enough
InseeFrLab · Jun 4, 2024 · d724245 · d724245
1 parent 7ef8f82
commit d724245
Show file tree

Hide file tree

Showing 6 changed files with 137 additions and 46 deletions.
diff --git a/charts/shinyproxy/Chart.yaml b/charts/shinyproxy/Chart.yaml
@@ -15,15 +15,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.0
+version: 2.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.0.2"
+appVersion: "3.1.0"
 
 dependencies:
-  - name: library-chart
-    version: 2.0.20
-    repository: https://inseefrlab.github.io/helm-charts-datascience
+- name: library-chart
+  version: 1.5.21
+  repository: https://inseefrlab.github.io/helm-charts-interactive-services
diff --git a/charts/shinyproxy/README.md b/charts/shinyproxy/README.md
@@ -3,9 +3,9 @@
 This helm chart allow to deploy a customised shinyproxy app.
 Security
 
-With or without oidc, if using oidc pay attention to deploy yourself a secret that contains:
+If using oidc for authentication, you must first apply a secret that contains:
 
-```
+```yaml
 apiVersion: v1
 kind: Secret
 metadata:
@@ -17,11 +17,11 @@ stringData:
 
 ## App configuration
 
-You can customized the application.yml file in the apps helm values.
+You can customize the application.yml file in the apps' helm values.
 
-If you want to add some env variable you cas use container-env if you want to protect secret you can deploy yourself a secret like this, let say you have 2 applications:
+If you want to add some env variable you can use container-env if you want to protect secret you can deploy yourself a secret like this, let say you have 2 applications:
 
-```
+```yaml
 apiVersion: v1
 kind: Secret
 metadata:
@@ -35,6 +35,37 @@ stringData:
     VAR_EXAMPLE_3=value3
 ```
 
-This file will be injected in /opt/shinyproxy/conf/app1 and app2, then your application.yml configuration can specify ```container-env-file: /opt/shinyproxy/app1```
+This file will be injected in `/opt/shinyproxy/conf/app1` and `/opt/shinyproxy/conf/app2`, then your application.yml configuration can specify ```container-env-file: /opt/shinyproxy/app1```
+
+container-env and container-env-file can be mixed.
+
+## Monitor shinyproxy activity using prometheus
+
+As explained in the official [shinyproxy's docker image repository](https://shinyproxy.io/documentation/usage-statistics/#micrometer-prometheus), we can set up the Micrometer monitoring backend using Prometheus to fetch shinyproxy activity. By default, is it turned off.
+
+If you want to enable metrics of sinyproxy, put `monitor.enabled` to `true`.
+
+Then you'll want to chose an interval at which the shinyproxy logs to http://localhost:9090/actuator/prometheus in its pod.
+
+Each metric produced by shinyproxy can have a set prefix.
+
+Prometheus will discover the metrics if the service of shinyproxy uses [a specific `metadata.labels.release`](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/troubleshooting.md#using-textual-port-number-instead-of-port-name), this depends on your implementation of prometheus; by default it is empty.
+
+
+Here is an example when monitoring is enabled on shinyproxy :
+
+```yaml
+monitor:
+  enabled: true
+  metadata:
+    labels:
+      release: "prometheus-stack"
+  port:
+    number: 9090
+    name: monitor
+  interval: 10s
+  micrometer:
+    prefix: "shinyproxy"
+```
 
-container-env and container-env-file can be mixed.
+The _servicemonitor.yaml_ needs to fetch infos of a specific service (port, labels, ...). Since the _service.yaml_ we have is already used by the _ingress.yaml_, we made a second one called _service-metrics.yaml_ for ths purpose.
diff --git a/charts/shinyproxy/templates/configmap.yaml b/charts/shinyproxy/templates/configmap.yaml
@@ -6,6 +6,15 @@ metadata:
     {{- include "library-chart.labels" . | nindent 4 }}
 data:
   application.yml: |-
+    {{ if .Values.monitor.enabled }}
+    usage-stats-micrometer-prefix: {{ .Values.monitor.micrometer.prefix }}
+    usage-stats-url: micrometer
+    management:
+      prometheus:
+        metrics:
+          export:
+            enabled: true
+    {{ end }}
     proxy:
       landing-page: {{ .Values.proxyConfig.landingPage }}
       container-backend: kubernetes

diff --git a/charts/shinyproxy/templates/service-metrics.yaml b/charts/shinyproxy/templates/service-metrics.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.monitor.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "library-chart.fullname" . }}-metrics
+  labels:
+    {{- include "library-chart.labels" . | nindent 4 }}
+    servicename: {{ include "library-chart.fullname" . }}-metrics
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: {{ .Values.monitor.port.name }}
+      port: 9090
+      targetPort: {{ .Values.monitor.port.number }}
+      protocol: TCP
+  selector:
+    {{- include "library-chart.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/shinyproxy/templates/servicemonitor.yaml b/charts/shinyproxy/templates/servicemonitor.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.monitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "library-chart.fullname" . }}-monitor
+  namespace:  {{ .Release.Namespace }}
+  labels:
+    release: {{ .Values.monitor.metadata.labels.release }}
+    app.kubernetes.io/name: {{ include "library-chart.fullname" . }}
+spec:
+  endpoints:
+  - port: {{ .Values.monitor.port.name }}
+    interval: {{ .Values.monitor.interval }}
+    path: /actuator/prometheus
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      servicename: {{ include "library-chart.fullname" . }}-metrics
+{{- end }}
diff --git a/charts/shinyproxy/values.yaml b/charts/shinyproxy/values.yaml
@@ -1,31 +1,31 @@
 proxyDeploy:
   image:
     name: openanalytics/shinyproxy
-    tag: 3.0.2
+    tag: 3.1.0
     pullPolicy: Always
   replicaCount: 1
   resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
   podAnnotations: {}
   podLabels: {}
   podSecurityContext: {}
-    # fsGroup: 2000
+  # fsGroup: 2000
   securityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
   nodeSelector: {}
   tolerations: []
   affinity: {}
@@ -39,22 +39,22 @@ proxyConfig:
   authentication:
     type: none
     # type: openid
-    # openid:
-    #   authURL: ""
-    #   tokenURL: ""
-    #   jwksURL: ""
-    #   logoutURL: ""
-    #   usernameAttribute: ""
-    #   rolesClaim: ""
-    #   existingClientCredentialsSecretName: ""
+# openid:
+#   authURL: ""
+#   tokenURL: ""
+#   jwksURL: ""
+#   logoutURL: ""
+#   usernameAttribute: ""
+#   rolesClaim: ""
+#   existingClientCredentialsSecretName: ""
 
 apps:
-  - id: ""
-    display-name: ""
-    description: ""
-    container-image: ""
-    container-cmd: []
-    access-groups: []
+- id: ""
+  display-name: ""
+  description: ""
+  container-image: ""
+  container-cmd: []
+  access-groups: []
 
 
 existingAppsSecretName:
@@ -69,8 +69,8 @@ ingress:
   hostname: chart-example.local
 
 service:
-    type: ClusterIP
-    port: 8080
+  type: ClusterIP
+  port: 8080
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -80,3 +80,15 @@ serviceAccount:
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
+
+monitor:
+  enabled: false
+  metadata:
+    labels:
+      release: ""
+  port:
+    name: ""
+    number: 9090
+  interval: 10s
+  micrometer:
+    prefix: ""