cadvisor: Added basic auth

e72e02be · MyIgel · 1087c1f4 · 1087c1f4 · e72e02be · e72e02be
Commit e72e02be authored 6 years ago by MyIgel
--- a/cadvisor/files/ferm.conf.j2
+++ b/cadvisor/files/ferm.conf.j2
-domain (ip ip6) {
-  table filter {
-    chain INPUT {
-      proto tcp dport ({{ port }}) saddr (185.206.209.130 2a06:8187:fb11:1::2:1) ACCEPT;
-    }
-  }
-}
--- a/cadvisor/init.sls
+++ b/cadvisor/init.sls
 {% set docker = pillar.get('docker', {}) %}
+{% set volume = docker.volume_root ~ '/cadvisor' %}
 {% set image = 'google/cadvisor:latest' %}
+{% set cadvisor = pillar.get('cadvisor', {}) %}
+{% set metrics = cadvisor.get('metrics', {}) %}
 {% set port = '9999' %}

 include:
  - docker

 /etc/ferm/conf.d/40-cadvisor.conf:
-  file.managed:
-    - source: salt://cadvisor/files/ferm.conf.j2
-    - user: root
-    - group: root
-    - mode: 644
-    - makedirs: True
-    - template: jinja
-    - context:
-      port: '{{ port }}'
-    - require_in:
-      - file: ferm
+  file.absent: []

 docker-image-{{ image }}:
  docker_image.present:
@@ -25,6 +18,22 @@ docker-image-{{ image }}:
    - require:
      - pkg: docker

+{% if metrics %}
+docker-volume-cadvisor:
+  file.directory:
+    - name: {{ volume }}
+    - makedirs: True
+    - require:
+      - file: docker-volume-root
+
+cadvisor-htpasswd:
+  webutil.user_exists:
+    - name: {{ metrics.get('user', 'monitoring') }}
+    - password: {{ metrics.password }}
+    - htpasswd_file: {{ volume }}/htpasswd
+    - options: d
+{% endif %}
+
 docker-container-cadvisor:
  docker_container.running:
    - image: {{ image }}
@@ -33,15 +42,26 @@ docker-container-cadvisor:
    - restart_policy: always
    - port_bindings:
      - "{{ port }}:8080"
+    - entrypoint:
+      - "/usr/bin/cadvisor"
+      - "-logtostderr"
+      {% if metrics %}
+      - "--http_auth_file /htpasswd"
+      {% endif %}
    - binds:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
+      {% if metrics %}
+      - {{ volume }}/htpasswd:/htpasswd
+      {% endif %}
    - require:
      - docker_image: docker-image-{{ image }}
-      - file: /etc/ferm/conf.d/40-cadvisor.conf
+      {% if metrics %}
+      - file: cadvisor-htpasswd
+      {% endif %}
    - watch:
      - docker_image: docker-image-{{ image }}


--- a/prometheus/files/prometheus.yml.j2
+++ b/prometheus/files/prometheus.yml.j2
@@ -100,5 +100,11 @@ scrape_configs:

 {% set cadvisor_targets = salt['prometheus.prometheus_targets_for_grain']('prometheus_cadvisor_export') %}
  - job_name: cadvisor
+    {% set cadvisor_metrics = pillar.get('cadvisor:metrics', {}) -%}
+    {% if cadvisor_metrics -%}
+    basic_auth:
+      username: {{ cadvisor_metrics.get('user', 'monitoring') }}
+      password: {{ cadvisor_metrics.get('password') }}
+    {%- endif %}
    static_configs:
      - targets: {{ cadvisor_targets|yaml }}