github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/metrics/input/prometheus.nomad (about) 1 job "prometheus" { 2 datacenters = ["dc1", "dc2"] 3 type = "service" 4 5 constraint { 6 attribute = "${attr.kernel.name}" 7 value = "linux" 8 } 9 10 group "monitoring" { 11 count = 1 12 13 restart { 14 attempts = 2 15 interval = "30m" 16 delay = "15s" 17 mode = "fail" 18 } 19 20 ephemeral_disk { 21 size = 300 22 } 23 24 network { 25 port "prometheus_ui" { 26 to = 9090 27 } 28 } 29 30 task "prometheus" { 31 template { 32 change_mode = "noop" 33 destination = "local/prometheus.yml" 34 35 data = <<EOH 36 --- 37 global: 38 scrape_interval: 5s 39 evaluation_interval: 5s 40 41 scrape_configs: 42 43 - job_name: 'nomad_metrics' 44 45 consul_sd_configs: 46 - server: '{{ env "NOMAD_IP_prometheus_ui" }}:8500' 47 48 relabel_configs: 49 - source_labels: ['__meta_consul_tags'] 50 regex: '(.*)http(.*)' 51 action: keep 52 53 scheme: https 54 tls_config: 55 ca_file: '/etc/nomad.d/tls/ca.crt' 56 cert_file: '/etc/nomad.d/tls/agent.crt' 57 key_file: '/etc/nomad.d/tls/agent.key' 58 59 scrape_interval: 5s 60 metrics_path: /v1/metrics 61 params: 62 format: ['prometheus'] 63 EOH 64 65 } 66 67 driver = "docker" 68 69 config { 70 image = "prom/prometheus:latest" 71 72 volumes = [ 73 "local/prometheus.yml:/etc/prometheus/prometheus.yml", 74 ] 75 76 # TODO: https://github.com/hashicorp/nomad/issues/11484 77 # This is very much not how we should do this, because it 78 # exposes the client's mTLS cert to the task and lets the 79 # prometheus masquerade as the client. 80 mount { 81 type = "bind" 82 target = "/etc/nomad.d/tls" 83 source = "/etc/nomad.d/tls" 84 readonly = true 85 } 86 87 ports = ["prometheus_ui"] 88 } 89 90 service { 91 name = "prometheus" 92 tags = ["urlprefix-/"] 93 port = "prometheus_ui" 94 95 check { 96 name = "prometheus_ui port alive" 97 type = "http" 98 path = "/-/healthy" 99 interval = "10s" 100 timeout = "2s" 101 } 102 } 103 } 104 } 105 }