K
Q

coreos / kube-prometheus - can't setup ingress with whitelisted ip

4/17/2020

So did a basic setup for coreos / kube-prometheus and now i am trying to add additional config for Prometheus, grafana and alert-manager external access points with whitelisted ips, for example accessing (my ip)/prometheus from specific ip. I just started with kubernetes so i have no clue what i am doing.

Right now i have made this kinda config with coreos / kube-prometheus:

  local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
  local secret = k.core.v1.secret;
  local ingress = k.extensions.v1beta1.ingress;
  local ingressTls = ingress.mixin.spec.tlsType;
  local ingressRule = ingress.mixin.spec.rulesType;
  local httpIngressPath = ingressRule.mixin.http.pathsType;

  local kp =
    (import 'kube-prometheus/kube-prometheus.libsonnet') +
    // Uncomment the following imports to enable its patches
    // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
    {
      _config+:: {
        namespace: 'monitoring',
        grafana+:: {
          config+: {
            sections+: {
              server+: {
                root_url: 'http://localhost/grafana',
              },
            },
          },
        },
      },
      alertmanager+:: {
        alertmanager+: {
          spec+: {
            externalUrl: 'http://localhost/alert',
            routePrefix: '/alert'
          },
        },
      },
      prometheus+:: {
        prometheus+: {
          spec+: {
            externalUrl: 'http://localhost/prometheus',
            routePrefix: '/prometheus'
          },
        },
      },

      // Create ingress objects per application
      ingress+:: {
        'alertmanager-main':
          ingress.new() +
          ingress.mixin.metadata.withName('alertmanager-main') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.mixin.backend.withServiceName('alertmanager-main') +
              httpIngressPath.mixin.backend.withServicePort('web')
            ),
          ),
        grafana:
          ingress.new() +
          ingress.mixin.metadata.withName('grafana') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.mixin.backend.withServiceName('grafana') +
              httpIngressPath.mixin.backend.withServicePort('http')
            ),
          ),
        'prometheus-k8s':
          ingress.new() +
          ingress.mixin.metadata.withName('prometheus-k8s') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.withPath("/prometheus") +
              httpIngressPath.mixin.backend.withServiceName('prometheus-k8s') +
              httpIngressPath.mixin.backend.withServicePort('web')
            ),
          ),
      },
    };

  { ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
  {
    ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
    for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
  } +
  // serviceMonitor is separated so that it can be created after the CRDs are ready
  { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
  { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
  { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
  { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
  { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
  { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
  { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
  { [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }

Then i compile it where i get the yaml output and i can apply to kubernetes, after that i check kubectl describe ing prometheus-k8s -n monitoring where i get this:

enter image description here

When i try to access to http://localhost/prometheus nothing happens. No idea what i am doing and i am out of ideas how to make to access the service points, mybe somebody can help me with that?

-- Trusislv1
jsonnet
kubernetes
kubernetes-ingress

Similar Questions

How to get Root Certificate and Public Key for Kubernetes Cluster?
Getting kubernetes config file using google-cloud API
Difference between Kubernetes Service Account Tokens from secret and projected volume
kubectl create / apply synchronously until each object is created

0 Answers