diff --git a/meta/domain-monitor/apps.tf b/meta/domain-monitor/apps.tf index 902ba92..9f54eee 100644 --- a/meta/domain-monitor/apps.tf +++ b/meta/domain-monitor/apps.tf @@ -14,8 +14,11 @@ locals { "backups" = var.backups "app-group" = var.app-group } + grafana = { for k, v in var.grafana : k => v if k!="enable" } prometheus = { for k, v in var.prometheus : k => v if k!="enable" } alertmanager = { for k, v in var.alertmanager : k => v if k!="enable" } + loki = { for k, v in var.loki : k => v if k!="enable" } + promtail = { for k, v in var.promtail : k => v if k!="enable" } alerts-core = { for k, v in var.alerts-core : k => v if k!="enable" } alerts-containers = { for k, v in var.alerts-containers : k => v if k!="enable" } nodeExporter = { for k, v in var.node-exporter : k => v if k!="enable" } @@ -28,7 +31,7 @@ locals { } resource "kubernetes_namespace_v1" "monitor-ns" { - count = ( var.prometheus.enable || var.alertmanager.enable || var.node-exporter.enable || var.kube-state-metrics.enable || var.monitor-control-plan.enable )? 1 : 0 + count = ( var.grafana.enable || var.loki.enable || var.promtail.enable || var.prometheus.enable || var.alertmanager.enable || var.node-exporter.enable || var.kube-state-metrics.enable || var.monitor-control-plan.enable )? 1 : 0 metadata { annotations = local.annotations labels = merge(local.common-labels, local.annotations) @@ -223,3 +226,54 @@ resource "kubectl_manifest" "dashboards-workload" { options: ${jsonencode(merge(local.global, local.dashboards-workload))} EOF } + +resource "kubectl_manifest" "grafana" { + count = var.grafana.enable ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "grafana" + namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.distributions.domain}" + category: "monitor" + component: "grafana" + options: ${jsonencode(merge(local.global, local.grafana))} + EOF +} + +resource "kubectl_manifest" "promtail" { + count = var.promtail.enable ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "promtail" + namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.distributions.domain}" + category: "monitor" + component: "promtail" + options: ${jsonencode(merge(local.global, local.promtail))} + EOF +} + +resource "kubectl_manifest" "loki" { + count = var.loki.enable ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "loki" + namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.distributions.domain}" + category: "monitor" + component: "loki" + options: ${jsonencode(merge(local.global, local.loki))} + EOF +} diff --git a/meta/domain-monitor/index.yaml b/meta/domain-monitor/index.yaml index 1fcae51..1b54759 100644 --- a/meta/domain-monitor/index.yaml +++ b/meta/domain-monitor/index.yaml @@ -6,7 +6,7 @@ metadata: name: domain-monitor description: null options: - alerts-containers: + dashboards-namespace: default: enable: true examples: @@ -17,7 +17,7 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: alerts-containers + x-vynil-package: dashboards-namespace backups: default: enable: false @@ -48,108 +48,6 @@ options: default: backup-settings type: string type: object - monitor-control-plan: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: monitor-control-plan - kube-state-metrics: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: kube-state-metrics - ingress-class: - default: traefik - examples: - - traefik - type: string - domain: - default: your-company - examples: - - your-company - type: string - dashboards-namespace: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-namespace - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - dashboards-cluster: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-cluster - dashboards-workload: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-workload - prometheus: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: prometheus - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object alertmanager: default: enable: true @@ -162,40 +60,35 @@ options: type: object x-vynil-category: monitor x-vynil-package: alertmanager + loki: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: loki + dashboards-workload: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-workload issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - app-group: - default: monitor - examples: - - monitor - type: string - dashboards-minimal: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-minimal - node-exporter: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: node-exporter storage-classes: default: BlockReadWriteMany: '' @@ -221,6 +114,35 @@ options: default: '' type: string type: object + node-exporter: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: node-exporter + ingress-class: + default: traefik + examples: + - traefik + type: string + monitor-control-plan: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: monitor-control-plan alerts-core: default: enable: true @@ -233,6 +155,120 @@ options: type: object x-vynil-category: monitor x-vynil-package: alerts-core + prometheus: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: prometheus + kube-state-metrics: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: kube-state-metrics + domain: + default: your-company + examples: + - your-company + type: string + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + alerts-containers: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: alerts-containers + dashboards-minimal: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-minimal + promtail: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: promtail + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + grafana: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: grafana + app-group: + default: monitor + examples: + - monitor + type: string + dashboards-cluster: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-cluster dependencies: [] providers: kubernetes: true diff --git a/monitor/grafana/apps_v1_Deployment_grafana.yaml b/monitor/grafana/apps_v1_Deployment_grafana.yaml new file mode 100644 index 0000000..c800a25 --- /dev/null +++ b/monitor/grafana/apps_v1_Deployment_grafana.yaml @@ -0,0 +1,297 @@ +# Source: grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + annotations: + checksum/config: 0e9cbd0ea8e24e32f7dfca5bab17a2ba05652642f0a09a4882833ae88e4cc4a3 + checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c + kubectl.kubernetes.io/default-container: grafana + spec: + + serviceAccountName: grafana + automountServiceAccountToken: true + securityContext: + fsGroup: 472 + runAsGroup: 472 + runAsNonRoot: true + runAsUser: 472 + initContainers: + - name: init-chown-data + image: "docker.io/library/busybox:1.31.1" + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + add: + - CHOWN + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + command: + - chown + - -R + - 472:472 + - /var/lib/grafana + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" + enableServiceLinks: true + containers: + - name: grafana-sc-dashboard + image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" + imagePullPolicy: IfNotPresent + env: + - name: METHOD + value: WATCH + - name: LABEL + value: "grafana_dashboard" + - name: FOLDER + value: "/tmp/dashboards" + - name: RESOURCE + value: "both" + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: username + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: password + - name: REQ_URL + value: http://localhost:3000/api/admin/provisioning/dashboards/reload + - name: REQ_METHOD + value: POST + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: sc-dashboard-volume + mountPath: "/tmp/dashboards" + - name: grafana-sc-datasources + image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" + imagePullPolicy: IfNotPresent + env: + - name: METHOD + value: WATCH + - name: LABEL + value: "grafana_datasource" + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: username + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: password + - name: REQ_URL + value: http://localhost:3000/api/admin/provisioning/datasources/reload + - name: REQ_METHOD + value: POST + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" + - name: grafana-sc-notifiers + image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" + imagePullPolicy: IfNotPresent + env: + - name: METHOD + value: WATCH + - name: LABEL + value: "grafana_notifier" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: "both" + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: username + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: password + - name: REQ_URL + value: http://localhost:3000/api/admin/provisioning/notifications/reload + - name: REQ_METHOD + value: POST + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" + - name: grafana-sc-plugins + image: "quay.io/kiwigrid/k8s-sidecar:1.25.2" + imagePullPolicy: IfNotPresent + env: + - name: METHOD + value: WATCH + - name: LABEL + value: "grafana_plugin" + - name: FOLDER + value: "/etc/grafana/provisioning/plugins" + - name: RESOURCE + value: "both" + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: username + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: password + - name: REQ_URL + value: http://localhost:3000/api/admin/provisioning/plugins/reload + - name: REQ_METHOD + value: POST + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" + - name: grafana + image: "docker.io/grafana/grafana:10.2.3" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + - name: storage + mountPath: "/var/lib/grafana" + - name: sc-dashboard-volume + mountPath: "/tmp/dashboards" + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" + ports: + - name: grafana + containerPort: 3000 + protocol: TCP + - name: gossip-tcp + containerPort: 9094 + protocol: TCP + - name: gossip-udp + containerPort: 9094 + protocol: UDP + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: username + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-admin-user + key: password + - name: GF_PATHS_DATA + value: /var/lib/grafana/ + - name: GF_PATHS_LOGS + value: /var/log/grafana + - name: GF_PATHS_PLUGINS + value: /var/lib/grafana/plugins + - name: GF_PATHS_PROVISIONING + value: /etc/grafana/provisioning + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + readinessProbe: + httpGet: + path: /api/health + port: 3000 + volumes: + - name: config + configMap: + name: grafana + - name: storage + persistentVolumeClaim: + claimName: grafana + - name: sc-dashboard-volume + emptyDir: + {} + - name: sc-dashboard-provider + configMap: + name: grafana-config-dashboards + - name: sc-datasources-volume + emptyDir: + {} + - name: sc-plugins-volume + emptyDir: + {} + - name: sc-notifiers-volume + emptyDir: + {} \ No newline at end of file diff --git a/monitor/grafana/autoscaling_v2beta1_HorizontalPodAutoscaler_grafana.yaml b/monitor/grafana/autoscaling_v2beta1_HorizontalPodAutoscaler_grafana.yaml new file mode 100644 index 0000000..ca75402 --- /dev/null +++ b/monitor/grafana/autoscaling_v2beta1_HorizontalPodAutoscaler_grafana.yaml @@ -0,0 +1,23 @@ +# Source: grafana/templates/hpa.yaml +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: grafana + namespace: vynil-monitor + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: grafana +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: grafana + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 60 \ No newline at end of file diff --git a/monitor/grafana/config.tf b/monitor/grafana/config.tf new file mode 100644 index 0000000..07830ec --- /dev/null +++ b/monitor/grafana/config.tf @@ -0,0 +1,26 @@ +resource "kubectl_manifest" "config" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: grafana + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + data: + grafana.ini: | + [analytics] + check_for_updates = true + [grafana_net] + url = https://grafana.net + [log] + mode = console + [paths] + data = /var/lib/grafana/ + logs = /var/log/grafana + plugins = /var/lib/grafana/plugins + provisioning = /etc/grafana/provisioning + [server] + domain = '' + + EOF +} diff --git a/monitor/grafana/datas.tf b/monitor/grafana/datas.tf new file mode 100644 index 0000000..593fe10 --- /dev/null +++ b/monitor/grafana/datas.tf @@ -0,0 +1,68 @@ +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/instance" = var.instance + } + rb-patch = <<-EOF + - op: replace + path: /subjects/0/namespace + value: "${var.namespace}" + EOF +} + +data "kustomization_overlay" "data" { + common_labels = local.common-labels + namespace = var.namespace + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1] + images { + name = "docker.io/grafana/grafana" + new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}" + new_tag = "${var.images.grafana.tag}" + } + images { + name = "docker.io/library/busybox" + new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}" + new_tag = "${var.images.busybox.tag}" + } + images { + name = "quay.io/kiwigrid/k8s-sidecar" + new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}" + new_tag = "${var.images.sidecar.tag}" + } + patches { + target { + kind = "PersistentVolumeClaim" + name = "grafana" + } + patch = <<-EOF + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: grafana + annotations: + k8up.io/backup: "true" + spec: + accessModes: + - "${var.volume.accessMode}" + volumeMode: Filesystem + resources: + requests: + storage: "${var.volume.size}" + EOF + } + patches { + target { + kind = "ServiceMonitor" + name = "grafana" + } + patch = <<-EOF + - op: replace + path: /spec/endpoints/0/relabelings/0/replacement + value: "${var.namespace}/$1" + EOF + } +} diff --git a/monitor/grafana/index.yaml b/monitor/grafana/index.yaml new file mode 100644 index 0000000..e0ece25 --- /dev/null +++ b/monitor/grafana/index.yaml @@ -0,0 +1,164 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: monitor +metadata: + name: grafana + description: null +options: + images: + default: + busybox: + registry: docker.io + repository: library/busybox + tag: 1.31.1 + grafana: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/grafana + tag: 10.2.3 + sidecar: + pullPolicy: IfNotPresent + registry: quay.io + repository: kiwigrid/k8s-sidecar + tag: 1.25.2 + examples: + - busybox: + registry: docker.io + repository: library/busybox + tag: 1.31.1 + grafana: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/grafana + tag: 10.2.3 + sidecar: + pullPolicy: IfNotPresent + registry: quay.io + repository: kiwigrid/k8s-sidecar + tag: 1.25.2 + properties: + busybox: + default: + registry: docker.io + repository: library/busybox + tag: 1.31.1 + properties: + registry: + default: docker.io + type: string + repository: + default: library/busybox + type: string + tag: + default: 1.31.1 + type: string + type: object + grafana: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/grafana + tag: 10.2.3 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: grafana/grafana + type: string + tag: + default: 10.2.3 + type: string + type: object + sidecar: + default: + pullPolicy: IfNotPresent + registry: quay.io + repository: kiwigrid/k8s-sidecar + tag: 1.25.2 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: kiwigrid/k8s-sidecar + type: string + tag: + default: 1.25.2 + type: string + type: object + type: object + domain: + default: your-company + examples: + - your-company + type: string + sub-domain: + default: grafana + examples: + - grafana + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + app-group: + default: monitor + examples: + - monitor + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string +dependencies: [] +providers: + kubernetes: true + authentik: true + kubectl: true + postgresql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml b/monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml new file mode 100644 index 0000000..f07dbab --- /dev/null +++ b/monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml @@ -0,0 +1,28 @@ +# Source: grafana/templates/servicemonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm +spec: + endpoints: + - port: service + interval: 30s + scrapeTimeout: 30s + honorLabels: true + path: /metrics + scheme: http + jobLabel: "grafana" + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + namespaceSelector: + matchNames: + - vynil-monitor \ No newline at end of file diff --git a/monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml b/monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml new file mode 100644 index 0000000..e5869e0 --- /dev/null +++ b/monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml @@ -0,0 +1,20 @@ +# Source: grafana/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: grafana +subjects: +- kind: ServiceAccount + name: grafana + namespace: vynil-monitor \ No newline at end of file diff --git a/monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml b/monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml new file mode 100644 index 0000000..ffd3ae6 --- /dev/null +++ b/monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml @@ -0,0 +1,16 @@ +# Source: grafana/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] \ No newline at end of file diff --git a/monitor/grafana/secret.tf b/monitor/grafana/secret.tf new file mode 100644 index 0000000..ee72b3e --- /dev/null +++ b/monitor/grafana/secret.tf @@ -0,0 +1,19 @@ + +resource "kubectl_manifest" "grafana_secret" { + ignore_fields = ["metadata.annotations"] + yaml_body = <<-EOF + apiVersion: "secretgenerator.mittwald.de/v1alpha1" + kind: "StringSecret" + metadata: + name: "grafana-admin-user" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + forceRegenerate: false + data: + username: "${var.admin_name}" + fields: + - fieldName: "password" + length: "32" + EOF +} diff --git a/monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml b/monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml new file mode 100644 index 0000000..1013796 --- /dev/null +++ b/monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml @@ -0,0 +1,26 @@ +# Source: grafana/templates/configmap-dashboard-provider.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm + name: grafana-config-dashboards + namespace: vynil-monitor +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: 'sidecarProvider' + orgId: 1 + folder: '' + type: file + disableDeletion: false + allowUiUpdates: false + updateIntervalSeconds: 30 + options: + foldersFromFilesStructure: false + path: /tmp/dashboards \ No newline at end of file diff --git a/monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml b/monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml new file mode 100644 index 0000000..ca79b05 --- /dev/null +++ b/monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml @@ -0,0 +1,20 @@ +# Source: grafana/templates/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm + finalizers: + - kubernetes.io/pvc-protection +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" \ No newline at end of file diff --git a/monitor/grafana/v1_ServiceAccount_grafana.yaml b/monitor/grafana/v1_ServiceAccount_grafana.yaml new file mode 100644 index 0000000..ea06bc8 --- /dev/null +++ b/monitor/grafana/v1_ServiceAccount_grafana.yaml @@ -0,0 +1,13 @@ +--- +# Source: grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm + name: grafana + namespace: vynil-monitor \ No newline at end of file diff --git a/monitor/grafana/v1_Service_grafana.yaml b/monitor/grafana/v1_Service_grafana.yaml new file mode 100644 index 0000000..e6da791 --- /dev/null +++ b/monitor/grafana/v1_Service_grafana.yaml @@ -0,0 +1,22 @@ +# Source: grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: vynil-monitor + labels: + helm.sh/chart: grafana-7.2.4 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana + app.kubernetes.io/version: "10.2.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: service + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: grafana \ No newline at end of file diff --git a/monitor/loki/apps_v1_StatefulSet_loki.yaml b/monitor/loki/apps_v1_StatefulSet_loki.yaml new file mode 100644 index 0000000..c4ac9cb --- /dev/null +++ b/monitor/loki/apps_v1_StatefulSet_loki.yaml @@ -0,0 +1,124 @@ +# Source: loki/templates/single-binary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist +spec: + replicas: 1 + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + serviceName: loki-headless + revisionHistoryLimit: 10 + + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + selector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/component: single-binary + template: + metadata: + annotations: + checksum/config: 00968f96c123aef1e3b51506bfca47d4009fec466be45ff4db4755acd6142f13 + labels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist + spec: + serviceAccountName: loki + automountServiceAccountToken: true + enableServiceLinks: true + + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + terminationGracePeriodSeconds: 30 + containers: + - name: loki + image: docker.io/grafana/loki:2.9.3 + imagePullPolicy: IfNotPresent + args: + - -config.file=/etc/loki/config/config.yaml + - -target=all + ports: + - name: http-metrics + containerPort: 3100 + protocol: TCP + - name: grpc + containerPort: 9095 + protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 30 + timeoutSeconds: 1 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: config + mountPath: /etc/loki/config + - name: runtime-config + mountPath: /etc/loki/runtime-config + - name: storage + mountPath: /var/loki + resources: + {} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/component: single-binary + topologyKey: kubernetes.io/hostname + + volumes: + - name: tmp + emptyDir: {} + - name: config + configMap: + name: loki + items: + - key: "config.yaml" + path: "config.yaml" + - name: runtime-config + configMap: + name: loki-runtime + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "17Gi" \ No newline at end of file diff --git a/monitor/loki/config.tf b/monitor/loki/config.tf new file mode 100644 index 0000000..9230439 --- /dev/null +++ b/monitor/loki/config.tf @@ -0,0 +1,83 @@ +resource "kubectl_manifest" "datasource" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: loki-datasource + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + data: + loki-datasource.yaml: |- + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + url: "http://loki:3100" + version: 1 + isDefault: false + jsonData: + {} + EOF +} +resource "kubectl_manifest" "config" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: loki + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + data: + config.yaml: | + auth_enabled: true + common: + compactor_address: 'loki' + path_prefix: /var/loki + replication_factor: 1 + storage: + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + frontend: + scheduler_address: "" + frontend_worker: + scheduler_address: "" + index_gateway: + mode: ring + limits_config: + max_cache_freshness_per_query: 10m + reject_old_samples: true + reject_old_samples_max_age: 168h + split_queries_by_interval: 15m + memberlist: + join_members: + - loki-memberlist + query_range: + align_queries_with_step: true + ruler: + storage: + type: local + runtime_config: + file: /etc/loki/runtime-config/runtime-config.yaml + schema_config: + configs: + - from: "2022-01-11" + index: + period: 24h + prefix: loki_index_ + object_store: filesystem + schema: v12 + store: boltdb-shipper + server: + grpc_listen_port: 9095 + http_listen_port: 3100 + storage_config: + hedging: + at: 250ms + max_per_second: 20 + up_to: 3 + tracing: + enabled: false + EOF +} diff --git a/monitor/loki/datas.tf b/monitor/loki/datas.tf new file mode 100644 index 0000000..1f2706b --- /dev/null +++ b/monitor/loki/datas.tf @@ -0,0 +1,72 @@ +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/instance" = var.instance + } + rb-patch = <<-EOF + - op: replace + path: /subjects/0/namespace + value: "${var.namespace}" + EOF +} + +data "kustomization_overlay" "data" { + common_labels = local.common-labels + namespace = var.namespace + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1] + images { + name = "docker.io/grafana/loki" + new_name = "${var.images.loki.registry}/${var.images.loki.repository}" + new_tag = "${var.images.loki.tag}" + } + patches { + target { + kind = "ServiceMonitor" + name = "loki" + } + patch = <<-EOF + - op: replace + path: /spec/endpoints/0/relabelings/0/replacement + value: "${var.namespace}/$1" + EOF + } + patches { + target { + kind = "StatefulSet" + name = "loki" + } + patch = <<-EOF + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: loki + spec: + replicas: 1 + template: + spec: + containers: + - name: loki + imagePullPolicy: ${var.images.loki.pullPolicy} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: storage + annotations: + k8up.io/backup: "true" + spec: + accessModes: + - "${var.volume.accessMode}" + volumeMode: Filesystem + resources: + requests: + storage: "${var.volume.size}" + EOF + } +} + + diff --git a/monitor/loki/index.yaml b/monitor/loki/index.yaml new file mode 100644 index 0000000..718deee --- /dev/null +++ b/monitor/loki/index.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: monitor +metadata: + name: loki + description: null +options: + images: + default: + loki: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/loki + tag: 2.9.3 + examples: + - loki: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/loki + tag: 2.9.3 + properties: + loki: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/loki + tag: 2.9.3 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: grafana/loki + type: string + tag: + default: 2.9.3 + type: string + type: object + type: object + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-alerts.yaml b/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-alerts.yaml new file mode 100644 index 0000000..11d5948 --- /dev/null +++ b/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-alerts.yaml @@ -0,0 +1,65 @@ +# Source: loki/templates/monitoring/loki-alerts.yaml +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm + name: loki-loki-alerts + namespace: vynil-monitor +spec: + groups: + - name: loki_alerts + rules: + - alert: LokiRequestErrors + annotations: + message: | + {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors. + expr: | + 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route) + / + sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route) + > 10 + for: 15m + labels: + severity: critical + - alert: LokiRequestPanics + annotations: + message: | + {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}% increase of panics. + expr: | + sum(increase(loki_panic_total[10m])) by (namespace, job) > 0 + labels: + severity: critical + - alert: LokiRequestLatency + annotations: + message: | + {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. + expr: | + namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1 + for: 15m + labels: + severity: critical + - alert: LokiTooManyCompactorsRunning + annotations: + message: | + {{ $labels.cluster }} {{ $labels.namespace }} has had {{ printf "%.0f" $value }} compactors running for more than 5m. Only one compactor should run at a time. + expr: | + sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1 + for: 5m + labels: + severity: warning + - name: loki_canaries_alerts + rules: + - alert: LokiCanaryLatency + annotations: + message: | + {{ $labels.job }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency. + expr: | + histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5 + for: 15m + labels: + severity: warning \ No newline at end of file diff --git a/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-rules.yaml b/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-rules.yaml new file mode 100644 index 0000000..e343977 --- /dev/null +++ b/monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-rules.yaml @@ -0,0 +1,98 @@ +# Source: loki/templates/monitoring/loki-rules.yaml +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm + name: loki-loki-rules + namespace: vynil-monitor +spec: + groups: + - name: loki_rules + rules: + - expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, job)) + labels: + cluster: loki + record: job:loki_request_duration_seconds:99quantile + - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, job)) + labels: + cluster: loki + record: job:loki_request_duration_seconds:50quantile + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) / sum(rate(loki_request_duration_seconds_count[1m])) + by (job) + labels: + cluster: loki + record: job:loki_request_duration_seconds:avg + - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job) + labels: + cluster: loki + record: job:loki_request_duration_seconds_bucket:sum_rate + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) + labels: + cluster: loki + record: job:loki_request_duration_seconds_sum:sum_rate + - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job) + labels: + cluster: loki + record: job:loki_request_duration_seconds_count:sum_rate + - expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, job, route)) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds:99quantile + - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, job, route)) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds:50quantile + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) / sum(rate(loki_request_duration_seconds_count[1m])) + by (job, route) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds:avg + - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds_bucket:sum_rate + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds_sum:sum_rate + - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job, route) + labels: + cluster: loki + record: job_route:loki_request_duration_seconds_count:sum_rate + - expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, namespace, job, route)) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds:99quantile + - expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m])) + by (le, namespace, job, route)) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds:50quantile + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route) + / sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds:avg + - expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job, + route) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds_bucket:sum_rate + - expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds_sum:sum_rate + - expr: sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) + labels: + cluster: loki + record: namespace_job_route:loki_request_duration_seconds_count:sum_rate \ No newline at end of file diff --git a/monitor/loki/monitoring.coreos.com_v1_ServiceMonitor_loki.yaml b/monitor/loki/monitoring.coreos.com_v1_ServiceMonitor_loki.yaml new file mode 100644 index 0000000..013f2c8 --- /dev/null +++ b/monitor/loki/monitoring.coreos.com_v1_ServiceMonitor_loki.yaml @@ -0,0 +1,35 @@ +# Source: loki/templates/monitoring/servicemonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: loki + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + matchExpressions: + - key: prometheus.io/service-monitor + operator: NotIn + values: + - "false" + endpoints: + - port: http-metrics + path: /metrics + interval: 15s + relabelings: + - sourceLabels: [job] + action: replace + replacement: "vynil-monitor/$1" + targetLabel: job + - action: replace + replacement: "loki" + targetLabel: cluster + scheme: http \ No newline at end of file diff --git a/monitor/loki/v1_ConfigMap_loki-runtime.yaml b/monitor/loki/v1_ConfigMap_loki-runtime.yaml new file mode 100644 index 0000000..6a0f623 --- /dev/null +++ b/monitor/loki/v1_ConfigMap_loki-runtime.yaml @@ -0,0 +1,15 @@ +# Source: loki/templates/runtime-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-runtime + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm +data: + runtime-config.yaml: | + {} \ No newline at end of file diff --git a/monitor/loki/v1_ServiceAccount_loki.yaml b/monitor/loki/v1_ServiceAccount_loki.yaml new file mode 100644 index 0000000..78ae8a6 --- /dev/null +++ b/monitor/loki/v1_ServiceAccount_loki.yaml @@ -0,0 +1,14 @@ +--- +# Source: loki/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loki + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true \ No newline at end of file diff --git a/monitor/loki/v1_Service_loki-headless.yaml b/monitor/loki/v1_Service_loki-headless.yaml new file mode 100644 index 0000000..1b1fbb7 --- /dev/null +++ b/monitor/loki/v1_Service_loki-headless.yaml @@ -0,0 +1,25 @@ +# Source: loki/templates/single-binary/service-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-headless + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm + variant: headless + prometheus.io/service-monitor: "false" + annotations: +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki \ No newline at end of file diff --git a/monitor/loki/v1_Service_loki-memberlist.yaml b/monitor/loki/v1_Service_loki-memberlist.yaml new file mode 100644 index 0000000..188c14d --- /dev/null +++ b/monitor/loki/v1_Service_loki-memberlist.yaml @@ -0,0 +1,24 @@ +# Source: loki/templates/service-memberlist.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-memberlist + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp + port: 7946 + targetPort: http-memberlist + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/part-of: memberlist \ No newline at end of file diff --git a/monitor/loki/v1_Service_loki.yaml b/monitor/loki/v1_Service_loki.yaml new file mode 100644 index 0000000..4d885d4 --- /dev/null +++ b/monitor/loki/v1_Service_loki.yaml @@ -0,0 +1,28 @@ +# Source: loki/templates/single-binary/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki + namespace: vynil-monitor + labels: + helm.sh/chart: loki-5.41.8 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/version: "2.9.3" + app.kubernetes.io/managed-by: Helm + annotations: +spec: + type: ClusterIP + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + - name: grpc + port: 9095 + targetPort: grpc + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: loki + app.kubernetes.io/component: single-binary \ No newline at end of file diff --git a/monitor/promtail/apps_v1_DaemonSet_promtail.yaml b/monitor/promtail/apps_v1_DaemonSet_promtail.yaml new file mode 100644 index 0000000..f966f72 --- /dev/null +++ b/monitor/promtail/apps_v1_DaemonSet_promtail.yaml @@ -0,0 +1,95 @@ +# Source: promtail/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: promtail + namespace: vynil-monitor + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm + annotations: + configmap.reloader.stakater.com/reload: promtail +spec: + selector: + matchLabels: + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + updateStrategy: + {} + template: + metadata: + labels: + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + annotations: + checksum/config: 6c6fe64da626e7a1dcbf5243d0da373c6ecb04d80b160d827f1264aacfd18a24 + spec: + serviceAccountName: promtail + enableServiceLinks: true + securityContext: + runAsGroup: 0 + runAsUser: 0 + containers: + - name: promtail + image: "docker.io/grafana/promtail:2.9.2" + imagePullPolicy: IfNotPresent + args: + - "-config.file=/etc/promtail/promtail.yaml" + volumeMounts: + - name: config + mountPath: /etc/promtail + - mountPath: /run/promtail + name: run + - mountPath: /var/lib/docker/containers + name: containers + readOnly: true + - mountPath: /var/log/pods + name: pods + readOnly: true + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ports: + - name: http-metrics + containerPort: 3101 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + readinessProbe: + failureThreshold: 5 + httpGet: + path: '/ready' + port: http-metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + volumes: + - name: config + configMap: + name: promtail + - hostPath: + path: /run/promtail + name: run + - hostPath: + path: /var/lib/docker/containers + name: containers + - hostPath: + path: /var/log/pods + name: pods \ No newline at end of file diff --git a/monitor/promtail/config.tf b/monitor/promtail/config.tf new file mode 100644 index 0000000..0cbf1a6 --- /dev/null +++ b/monitor/promtail/config.tf @@ -0,0 +1,94 @@ +resource "kubectl_manifest" "config" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: promtail + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + data: + promtail.yaml: | + server: + log_level: ${var.log_level} + log_format: ${var.log_format} + http_listen_port: 3101 + clients: + - url: http://${var.loki-url}:3100/loki/api/v1/push + positions: + filename: /run/promtail/positions.yaml + scrape_configs: + - job_name: kubernetes-pods + pipeline_stages: + - cri: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_controller_name + regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? + action: replace + target_label: __tmp_controller_name + - source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_name + - __meta_kubernetes_pod_label_app + - __tmp_controller_name + - __meta_kubernetes_pod_name + regex: ^;*([^;]+)(;.*)?$ + action: replace + target_label: app + - source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_instance + - __meta_kubernetes_pod_label_instance + regex: ^;*([^;]+)(;.*)?$ + action: replace + target_label: instance + - source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_component + - __meta_kubernetes_pod_label_component + regex: ^;*([^;]+)(;.*)?$ + action: replace + target_label: component + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node_name + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + replacement: $1 + separator: / + source_labels: + - namespace + - app + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: replace + replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - action: replace + regex: true/(.*) + replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash + - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash + - __meta_kubernetes_pod_container_name + target_label: __path__ + limits_config: + tracing: + enabled: false + EOF +} diff --git a/monitor/promtail/datas.tf b/monitor/promtail/datas.tf new file mode 100644 index 0000000..ed96c30 --- /dev/null +++ b/monitor/promtail/datas.tf @@ -0,0 +1,38 @@ +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/instance" = var.instance + } + rb-patch = <<-EOF + - op: replace + path: /subjects/0/namespace + value: "${var.namespace}" + EOF +} + +data "kustomization_overlay" "data" { + common_labels = local.common-labels + namespace = var.namespace + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1] + images { + name = "docker.io/grafana/promtail" + new_name = "${var.images.promtail.registry}/${var.images.promtail.repository}" + new_tag = "${var.images.promtail.tag}" + } +} +data "kustomization_overlay" "data_no_ns" { + common_labels = local.common-labels + resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0] + + patches { + target { + kind = "ClusterRoleBinding" + name = "prometheus-community-kube-prometheus" + } + patch = local.rb-patch + } +} diff --git a/monitor/promtail/index.yaml b/monitor/promtail/index.yaml new file mode 100644 index 0000000..0eb4044 --- /dev/null +++ b/monitor/promtail/index.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: monitor +metadata: + name: promtail + description: null +options: + log_format: + default: logfmt + examples: + - logfmt + type: string + images: + default: + promtail: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/promtail + tag: 2.9.2 + examples: + - promtail: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/promtail + tag: 2.9.2 + properties: + promtail: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: grafana/promtail + tag: 2.9.2 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: grafana/promtail + type: string + tag: + default: 2.9.2 + type: string + type: object + type: object + log_level: + default: info + examples: + - info + type: string + loki-url: + default: loki + examples: + - loki + type: string +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/monitor/promtail/monitoring.coreos.com_v1_ServiceMonitor_promtail.yaml b/monitor/promtail/monitoring.coreos.com_v1_ServiceMonitor_promtail.yaml new file mode 100644 index 0000000..413b11d --- /dev/null +++ b/monitor/promtail/monitoring.coreos.com_v1_ServiceMonitor_promtail.yaml @@ -0,0 +1,19 @@ +# Source: promtail/templates/servicemonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: promtail + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + endpoints: + - port: http-metrics + scheme: http \ No newline at end of file diff --git a/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRoleBinding_promtail.yaml b/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRoleBinding_promtail.yaml new file mode 100644 index 0000000..c4be71c --- /dev/null +++ b/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRoleBinding_promtail.yaml @@ -0,0 +1,19 @@ +# Source: promtail/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: promtail + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: promtail + namespace: vynil-monitor +roleRef: + kind: ClusterRole + name: promtail + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRole_promtail.yaml b/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRole_promtail.yaml new file mode 100644 index 0000000..1b977af --- /dev/null +++ b/monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRole_promtail.yaml @@ -0,0 +1,24 @@ +# Source: promtail/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: promtail + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - watch + - list \ No newline at end of file diff --git a/monitor/promtail/ressources_no_ns.tf b/monitor/promtail/ressources_no_ns.tf new file mode 100644 index 0000000..9fa58b7 --- /dev/null +++ b/monitor/promtail/ressources_no_ns.tf @@ -0,0 +1,45 @@ + +# first loop through resources in ids_prio[0] +resource "kustomization_resource" "pre_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[0] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) +} + +# then loop through resources in ids_prio[1] +# and set an explicit depends_on on kustomization_resource.pre +# wait 2 minutes for any deployment or daemonset to become ready +resource "kustomization_resource" "main_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[1] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) + wait = true + timeouts { + create = "5m" + update = "5m" + } + + depends_on = [kustomization_resource.pre_no_ns] +} + +# finally, loop through resources in ids_prio[2] +# and set an explicit depends_on on kustomization_resource.main +resource "kustomization_resource" "post_no_ns" { + for_each = data.kustomization_overlay.data_no_ns.ids_prio[2] + + manifest = ( + contains(["_/Secret"], regex("(?P.*/.*)/.*/.*", each.value)["group_kind"]) + ? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value]) + : data.kustomization_overlay.data_no_ns.manifests[each.value] + ) + + depends_on = [kustomization_resource.main_no_ns] +} diff --git a/monitor/promtail/v1_ServiceAccount_promtail.yaml b/monitor/promtail/v1_ServiceAccount_promtail.yaml new file mode 100644 index 0000000..31d71f7 --- /dev/null +++ b/monitor/promtail/v1_ServiceAccount_promtail.yaml @@ -0,0 +1,13 @@ +--- +# Source: promtail/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: promtail + namespace: vynil-monitor + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm \ No newline at end of file diff --git a/monitor/promtail/v1_Service_promtail-metrics.yaml b/monitor/promtail/v1_Service_promtail-metrics.yaml new file mode 100644 index 0000000..a1508b0 --- /dev/null +++ b/monitor/promtail/v1_Service_promtail-metrics.yaml @@ -0,0 +1,22 @@ +# Source: promtail/templates/service-metrics.yaml +apiVersion: v1 +kind: Service +metadata: + name: promtail-metrics + namespace: vynil-monitor + labels: + helm.sh/chart: promtail-6.15.3 + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail + app.kubernetes.io/version: "2.9.2" + app.kubernetes.io/managed-by: Helm +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3101 + targetPort: http-metrics + protocol: TCP + selector: + app.kubernetes.io/name: promtail + app.kubernetes.io/instance: promtail \ No newline at end of file