Implement an API for performance monitoring

Signed-off-by: Alexei Dodon <adodon@cisco.com>
2026-06-16 20:38:08 +08:00 · 2021-10-15 18:05:00 +03:00
parent 061dfb333b
commit 8e4d828867
54 changed files with 27267 additions and 196 deletions
@@ -23,6 +23,7 @@ Examples of working configurations for various use cases are available [here](..
 * [Authentication](#authentication)
 * [Identity-based Authorization](#identity-based-authorization)
 * [Logging](#logging)
+* [Metrics](#metrics)


 ## Network
@@ -245,3 +246,24 @@ Enable audit logs and set output file with:
    "audit": "/tmp/zot-audit.log"
  }
 ```
+
+## Metrics
+
+Enable and configure metrics with:
+
+```
+"metrics":{
+    "enable":"true",
+
+```
+
+Set server path on which metrics will be exposed:
+
+```
+    "prometheus": {
+      "path": "/metrics"
+    }
+}
+```
+
+In order to test the Metrics feature locally in a [Kind](https://kind.sigs.k8s.io/) cluster, folow [this guide](metrics/README.md).
@@ -0,0 +1,21 @@
+{
+    "version": "0.1.0-dev",
+    "storage": {
+        "rootDirectory": "/tmp/zot"
+    },
+    "http": {
+        "address": "127.0.0.1",
+        "port": "8080"
+    },
+    "log": {
+        "level": "debug"
+    },
+    "extensions": {
+        "metrics": {
+            "enable": true,
+            "prometheus": {
+                "path": "/metrics"
+            }
+        }
+    }
+}
@@ -0,0 +1,40 @@
+# ---
+# Stage 1: Install certs, build binary, create default config file
+# ---
+FROM docker.io/golang:1.16 AS builder
+RUN mkdir -p /go/src/github.com/anuvu/zot
+WORKDIR /go/src/github.com/anuvu/zot
+COPY . .
+RUN CGO_ENABLED=0 make clean binary
+RUN echo '{\n\
+    "storage": {\n\
+        "rootDirectory": "/var/lib/registry"\n\
+    },\n\
+    "http": {\n\
+        "address": "0.0.0.0",\n\
+        "port": "5000"\n\
+    },\n\
+    "log": {\n\
+        "level": "debug"\n\
+    },\n\
+    "extensions": {\n\
+        "metrics": {\n\
+            "enable": true,\n\
+            "prometheus": {\n\
+                "path": "/metrics"\n\
+            }\n\
+        }\n\
+    }\n\
+}\n' > config.json && cat config.json
+
+# ---
+# Stage 2: Final image with nothing but certs, binary, and default config file
+# ---
+FROM scratch AS final
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /go/src/github.com/anuvu/zot/bin/zot /zot
+COPY --from=builder /go/src/github.com/anuvu/zot/config.json /etc/zot/config.json
+ENTRYPOINT ["/zot"]
+EXPOSE 5000
+VOLUME ["/var/lib/registry"]
+CMD ["serve", "/etc/zot/config.json"]
@@ -0,0 +1,32 @@
+# ---
+# Stage 1: Install certs, build binary, create default config file
+# ---
+FROM docker.io/golang:1.16 AS builder
+RUN mkdir -p /go/src/github.com/anuvu/zot
+WORKDIR /go/src/github.com/anuvu/zot
+COPY . .
+RUN CGO_ENABLED=0 make clean exporter-minimal
+RUN echo '{\n\
+    "Server": {\n\
+        "protocol": "http",\n\
+        "host": "127.0.0.1",\n\
+        "port": "5050"\n\
+    },\n\
+    "Exporter": {\n\
+        "port": "5051",\n\
+        "log": {\n\
+            "level": "debug"\n\
+        }\n\
+    }\n\
+}\n' > config.json && cat config.json
+
+# ---
+# Stage 2: Final image with nothing but certs, binary, and default config file
+# ---
+FROM scratch AS final
+COPY --from=builder /go/src/github.com/anuvu/zot/bin/zot-exporter /zot-exporter
+COPY --from=builder /go/src/github.com/anuvu/zot/config.json /etc/zot/config.json
+ENTRYPOINT ["/zot-exporter"]
+EXPOSE 5051
+VOLUME ["/var/lib/registry"]
+CMD ["config", "/etc/zot/config.json"]
@@ -0,0 +1,32 @@
+# ---
+# Stage 1: Install certs, build binary, create default config file
+# ---
+FROM docker.io/golang:1.16 AS builder
+RUN mkdir -p /go/src/github.com/anuvu/zot
+WORKDIR /go/src/github.com/anuvu/zot
+COPY . .
+RUN CGO_ENABLED=0 make clean binary-minimal
+RUN echo '{\n\
+    "storage": {\n\
+        "rootDirectory": "/var/lib/registry"\n\
+    },\n\
+    "http": {\n\
+        "address": "0.0.0.0",\n\
+        "port": "5050"\n\
+    },\n\
+    "log": {\n\
+        "level": "debug"\n\
+    }\n\
+}\n' > config.json && cat config.json
+
+# ---
+# Stage 2: Final image with nothing but certs, binary, and default config file
+# ---
+FROM scratch AS final
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /go/src/github.com/anuvu/zot/bin/zot-minimal /zot
+COPY --from=builder /go/src/github.com/anuvu/zot/config.json /etc/zot/config.json
+ENTRYPOINT ["/zot"]
+EXPOSE 5050
+VOLUME ["/var/lib/registry"]
+CMD ["serve", "/etc/zot/config.json"]
@@ -0,0 +1,28 @@
+CONTAINER_RUNTIME := $(shell command -v podman 2> /dev/null || echo docker)
+
+.PHONY: binary-container
+binary-container:
+	${CONTAINER_RUNTIME} build -f Dockerfile -t zot-build:latest ../../.
+
+.PHONY: run-container
+run-container:
+	${CONTAINER_RUNTIME} run --rm --security-opt label=disable -v $$(pwd)/../..:/go/src/github.com/anuvu/zot \
+		zot-build:latest
+
+.PHONY: binary-minimal-container
+binary-minimal-container:
+	${CONTAINER_RUNTIME} build -f Dockerfile-minimal -t zot-minimal:latest ../../.
+
+.PHONY: run-minimal-container
+run-minimal-container:
+	${CONTAINER_RUNTIME} run --rm --security-opt label=disable -v $$(pwd)/../..:/go/src/github.com/anuvu/zot \
+		zot-minimal:latest
+
+.PHONY: binary-exporter-container
+binary-exporter-container:
+	${CONTAINER_RUNTIME} build -f Dockerfile-exporter -t zot-exporter:latest ../../.
+
+.PHONY: run-exporter-container
+run-exporter-container:
+	${CONTAINER_RUNTIME} run --rm --security-opt label=disable -v $$(pwd)/../..:/go/src/github.com/anuvu/zot \
+		zot-exporter:latest
@@ -0,0 +1,28 @@
+
+A quick zot Metrics setup can be deployed locally in a kind cluster.
+It contains:
+ * a Prometheus server deployed through an Operator
+ * a dist-spec-only zot deployment (a pod with 2 containers: the zot server & the node exporter)
+ * a zot with all extensions enabled
+
+## Prerequisites
+  * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)
+  * [Kind](https://kind.sigs.k8s.io/)
+  * [Docker](https://www.docker.com/)
+
+In case the prerequisites tool list is not fulfilled the script will install them (needs root privileges)
+
+## Metrics setup
+To run a quick setup:
+
+```
+./kind-setup.sh
+
+```
+
+At the end of the script below ports are locally available (using *kubectl port-forward*) to easy access the Prometheus & zot servers on the host:
+ * 9090 - for accessing Prometheus server
+ * 5000 - for zot with all extensions enabled
+ * 5050 - for accessing dist-spec-only zot server
+ * 5051 - for zot-exporter access (a Prometheus Node exporter)
+
@@ -0,0 +1,18 @@
+{
+    "Server": {
+        "protocol": "http",
+        "host": "127.0.0.1",
+        "port": "8080"
+    },
+    "Exporter": {
+        "port": "8081",
+        "log": {
+            "level": "info",
+            "output": "/tmp/zot_exporter.log"  
+        },
+        "metrics": {
+            "path": "/mymetrics"
+        }
+    }
+}
+
@@ -0,0 +1,14 @@
+{
+    "Server": {
+        "protocol": "http",
+        "host": "127.0.0.1",
+        "port": "8080"
+    },
+    "Exporter": {
+        "port": "8081",
+        "log": {
+            "level": "debug"
+        }
+    }
+}
+
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+#set -x
+set -e
+
+CLUSTER_NAME=zot
+
+# Script tested with below kubectl & kind versions
+KUBECTL_VERSION=v1.17.5
+KIND_VERSION=v0.7.0
+
+function install_bin() {
+    if [ "$EUID" -ne 0 ]
+        then echo "Please run as root/sudo"
+        exit 1
+    fi
+    curl -Lo ./$2 $1
+    chmod +x ./$2
+    yes | mv ./$2 /usr/local/bin/$2
+}
+
+## Install kubectl & kind if not available on the system
+
+# Kubectl
+kubectl > /dev/null 2>&1 || install_bin https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/`uname | awk '{print tolower($0)}'`/amd64/kubectl kubectl
+
+# Kind
+kind version || install_bin https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-$(uname)-amd64 kind
+
+## Delete the cluster if it already exist
+kind get clusters | grep ${CLUSTER_NAME} &&  kind delete cluster --name ${CLUSTER_NAME}
+
+kind create cluster --name ${CLUSTER_NAME}
+
+docker pull quay.io/prometheus-operator/prometheus-operator:v0.51.2
+docker pull quay.io/prometheus-operator/prometheus-config-reloader:v0.51.2
+docker pull quay.io/prometheus/prometheus:v2.22.1
+
+kind load docker-image quay.io/prometheus-operator/prometheus-operator:v0.51.2 --name ${CLUSTER_NAME}
+kind load docker-image quay.io/prometheus-operator/prometheus-config-reloader:v0.51.2 --name ${CLUSTER_NAME}
+kind load docker-image quay.io/prometheus/prometheus:v2.22.1 --name ${CLUSTER_NAME}
+
+## Build zot & zot-exporter related images
+make binary-container
+make binary-minimal-container
+make binary-exporter-container
+
+kind load docker-image zot-build:latest --name ${CLUSTER_NAME}
+kind load docker-image zot-minimal:latest --name ${CLUSTER_NAME}
+kind load docker-image zot-exporter:latest --name ${CLUSTER_NAME}
+
+## Deploy prometheus operator
+kubectl create -f kubernetes/prometheus/bundle.yaml
+
+## Deploy the Kubernetes objects for RBAC, prometheus CRD and deploy the service
+kubectl apply -f kubernetes/prometheus/prom_rbac.yaml
+kubectl apply -f kubernetes/prometheus/prometheus.yaml
+kubectl apply -f kubernetes/prometheus/prom_service.yaml
+
+sleep 10
+## Deploy zot extended & minimal in 2 separate deployments
+## Deploy Prometheus operator servicemonitor CRD instances for prometheus to be able to scrape metrics from zot extended & the node exporter
+kubectl apply -f kubernetes/zot-extended/deployment.yaml
+kubectl apply -f kubernetes/zot-extended/service.yaml
+kubectl apply -f kubernetes/zot-extended/servicemonitor.yaml
+
+kubectl apply -f kubernetes/zot-minimal/deployment.yaml
+kubectl apply -f kubernetes/zot-minimal/service.yaml
+kubectl apply -f kubernetes/zot-minimal/exporter-service.yaml
+kubectl apply -f kubernetes/zot-minimal/exporter-servicemonitor.yaml
+
+sleep 10
+## For being able to access prometheus, zot & exporter on localhost ports
+kubectl port-forward svc/prometheus 9090 --address='0.0.0.0' &
+kubectl port-forward svc/zot-extended 5000 --address='0.0.0.0' &
+kubectl port-forward svc/zot-minimal 5050 --address='0.0.0.0' &
+kubectl port-forward svc/zot-exporter 5051 --address='0.0.0.0' &
+
@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/metrics
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs: ["get"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: default
+
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus
+  labels:
+    app: prometheus
+spec:
+  ports:
+  - name: web
+    port: 9090
+    targetPort: web
+  selector:
+    app: prometheus
+  sessionAffinity: ClientIP
+
@@ -0,0 +1,22 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+  name: prometheus
+  labels:
+    app: prometheus
+spec:
+  image: quay.io/prometheus/prometheus:v2.22.1
+  nodeSelector:
+    kubernetes.io/os: linux
+  replicas: 1
+  resources:
+    requests:
+      memory: 400Mi
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
+  serviceAccountName: prometheus
+  version: v2.22.1
+  serviceMonitorSelector: {}
+
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: zot-extended
+  labels:
+    app: zot-extended
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: zot-extended
+  template:
+    metadata:
+      labels:
+        app: zot-extended
+    spec:
+      containers:
+      - name: zot-extended
+        image: zot-build:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: zot-extended
+          containerPort: 5000
+
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zot-extended
+  labels:
+    app: zot-extended
+spec:
+  ports:
+  - name: zot-extended
+    port: 5000
+    targetPort: zot-extended
+  selector:
+    app: zot-extended
+  sessionAffinity: ClientIP
+
@@ -0,0 +1,15 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: zot-extended
+  labels:
+    app: zot-extended
+spec:
+  endpoints:
+  - interval: 10s
+    port: zot-extended
+    scrapeTimeout: 5s
+  selector:
+    matchLabels:
+      app: zot-extended
+
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: zot-minimal
+  labels:
+    app: zot-minimal
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: zot-minimal
+  template:
+    metadata:
+      labels:
+        app: zot-minimal
+    spec:
+      containers:
+      - name: zot-minimal
+        image: zot-minimal:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: zot-minimal
+          containerPort: 5050
+      - name: zot-exporter
+        image: zot-exporter:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: zot-exporter
+          containerPort: 5051
+
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zot-exporter
+  labels:
+    app: zot-minimal
+spec:
+  ports:
+  - name: zot-exporter
+    port: 5051
+    targetPort: zot-exporter
+  selector:
+    app: zot-minimal
+  sessionAffinity: ClientIP
+
@@ -0,0 +1,15 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: zot-exporter
+  labels:
+    app: zot-minimal
+spec:
+  endpoints:
+  - interval: 10s
+    port: zot-exporter
+    scrapeTimeout: 5s
+  selector:
+    matchLabels:
+      app: zot-minimal
+
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zot-minimal
+  labels:
+    app: zot-minimal
+spec:
+  ports:
+  - name: zot-minimal
+    port: 5050
+    targetPort: zot-minimal
+  selector:
+    app: zot-minimal
+  sessionAffinity: ClientIP
+