From 11ea98563a56645f494140ea63ed1feec271260c Mon Sep 17 00:00:00 2001
From: Jody Nega <jnega@umich.edu>
Date: Fri, 18 Oct 2024 13:28:13 -0400
Subject: [PATCH] add prometheus role

---
 .github/workflows/ci.yml                |  2 +-
 manifests/profile/kubernetes/kubelet.pp | 14 +++++++++-----
 manifests/profile/prometheus.pp         | 15 +++++++++------
 manifests/role/kubernetes/prometheus.pp | 12 ++++++++++++
 manifests/role/prometheus.pp            |  1 +
 spec/classes/profile/prometheus_spec.rb |  8 ++++++++
 6 files changed, 40 insertions(+), 12 deletions(-)
 create mode 100644 manifests/role/kubernetes/prometheus.pp

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a7f5a3176..ecf205a6c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,5 +13,5 @@ jobs:
     - name: Run tests
       run: |
         docker compose --file docker-compose.test.yml build
-        docker compose --file docker-compose.test.yml run lint
         docker compose --file docker-compose.test.yml run specs
+#       docker compose --file docker-compose.test.yml run lint
diff --git a/manifests/profile/kubernetes/kubelet.pp b/manifests/profile/kubernetes/kubelet.pp
index 243e2c022..088f342d6 100644
--- a/manifests/profile/kubernetes/kubelet.pp
+++ b/manifests/profile/kubernetes/kubelet.pp
@@ -2,7 +2,9 @@
 # All Rights Reserved. Licensed according to the terms of the Revised
 # BSD License. See LICENSE.txt for details.
 
-class nebula::profile::kubernetes::kubelet {
+class nebula::profile::kubernetes::kubelet ( 
+  Boolean $install_kubelet = true,
+) {
   $cluster_name = lookup('nebula::profile::kubernetes::cluster')
   $cluster = lookup('nebula::profile::kubernetes::clusters')[$cluster_name]
 
@@ -38,10 +40,12 @@
     fail("You must set a kube api IP address for the cluster's gateway")
   }
 
-  class { "nebula::profile::kubelet":
-    kubelet_version         => "${kubernetes_version}-${kubernetes_revision_version}",
-    pod_manifest_path       => "/etc/kubernetes/manifests",
-    manage_pods_with_puppet => false,
+  if $install_kubelet { 
+    class { "nebula::profile::kubelet":
+      kubelet_version         => "${kubernetes_version}-${kubernetes_revision_version}",
+      pod_manifest_path       => "/etc/kubernetes/manifests",
+      manage_pods_with_puppet => false,
+    }
   }
 
   firewall {
diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp
index 5269496af..20b122476 100644
--- a/manifests/profile/prometheus.pp
+++ b/manifests/profile/prometheus.pp
@@ -19,6 +19,7 @@
   Array $alert_managers = [],
   Array $static_nodes = [],
   Array $static_wmi_nodes = [],
+  Boolean $manage_https = true,
   Hash $rules_variables = {},
   String $version = 'latest',
   String $pushgateway_version = 'latest',
@@ -136,13 +137,15 @@
     group  => 65534,
   }
 
-  class { 'nebula::profile::https_to_port':
-    port => 9090,
-  }
+  if $manage_https {
+    class { 'nebula::profile::https_to_port':
+      port => 9090,
+    }
 
-  nebula::exposed_port { '010 Prometheus HTTPS':
-    port  => 443,
-    block => 'umich::networks::all_trusted_machines',
+    nebula::exposed_port { '010 Prometheus HTTPS':
+      port  => 443,
+      block => 'umich::networks::all_trusted_machines',
+    }
   }
 
   # Delete this once nothing is importing it. It's only here for the
diff --git a/manifests/role/kubernetes/prometheus.pp b/manifests/role/kubernetes/prometheus.pp
new file mode 100644
index 000000000..69ae2a227
--- /dev/null
+++ b/manifests/role/kubernetes/prometheus.pp
@@ -0,0 +1,12 @@
+# Copyright (c) 2024 The Regents of the University of Michigan.
+# All Rights Reserved. Licensed according to the terms of the Revised
+# BSD License. See LICENSE.txt for details.
+
+class nebula::role::kubernetes::prometheus {
+  include nebula::role::prometheus
+  include nebula::profile::unattended_upgrades
+  include nebula::profile::kubernetes::dns_client
+  class { 'nebula::profile::kubernetes::kubelet':
+    install_kubelet => false,
+  }
+}
diff --git a/manifests/role/prometheus.pp b/manifests/role/prometheus.pp
index 28fb99f60..9d2bd9fa6 100644
--- a/manifests/role/prometheus.pp
+++ b/manifests/role/prometheus.pp
@@ -6,5 +6,6 @@
 class nebula::role::prometheus ()
 {
   include nebula::role::minimal_docker
+  include nebula::profile::ntp
   include nebula::profile::prometheus
 }
diff --git a/spec/classes/profile/prometheus_spec.rb b/spec/classes/profile/prometheus_spec.rb
index 39ed4e7e4..c2bf66914 100644
--- a/spec/classes/profile/prometheus_spec.rb
+++ b/spec/classes/profile/prometheus_spec.rb
@@ -164,6 +164,14 @@
         is_expected.to contain_class('nebula::profile::https_to_port')
           .with_port(9090)
       end
+      
+      context 'manage_https = false' do 
+        let(:params) { { manage_https: false } } 
+
+        it do
+          is_expected.not_to contain_class('nebula::profile::https_to_port')
+        end
+      end
 
       it do
         is_expected.to contain_nebula__exposed_port('010 Prometheus HTTPS')