vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-23 16:20:01 +01:00
parent c21b15ac4b
commit 8c0262e9ba
37 changed files with 2066 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
meta/domain-monitor/apps.tf
View File

@@ -14,8 +14,11 @@ locals {
"backups" = var.backups "backups" = var.backups
"app-group" = var.app-group "app-group" = var.app-group
} }
grafana = { for k, v in var.grafana : k => v if k!="enable" }
prometheus = { for k, v in var.prometheus : k => v if k!="enable" } prometheus = { for k, v in var.prometheus : k => v if k!="enable" }
alertmanager = { for k, v in var.alertmanager : k => v if k!="enable" } alertmanager = { for k, v in var.alertmanager : k => v if k!="enable" }
loki = { for k, v in var.loki : k => v if k!="enable" }
promtail = { for k, v in var.promtail : k => v if k!="enable" }
alerts-core = { for k, v in var.alerts-core : k => v if k!="enable" } alerts-core = { for k, v in var.alerts-core : k => v if k!="enable" }
alerts-containers = { for k, v in var.alerts-containers : k => v if k!="enable" } alerts-containers = { for k, v in var.alerts-containers : k => v if k!="enable" }
nodeExporter = { for k, v in var.node-exporter : k => v if k!="enable" } nodeExporter = { for k, v in var.node-exporter : k => v if k!="enable" }
@@ -28,7 +31,7 @@ locals {
} }
resource "kubernetes_namespace_v1" "monitor-ns" { resource "kubernetes_namespace_v1" "monitor-ns" {
count = ( var.prometheus.enable || var.alertmanager.enable || var.node-exporter.enable || var.kube-state-metrics.enable || var.monitor-control-plan.enable )? 1 : 0 count = ( var.grafana.enable || var.loki.enable || var.promtail.enable || var.prometheus.enable || var.alertmanager.enable || var.node-exporter.enable || var.kube-state-metrics.enable || var.monitor-control-plan.enable )? 1 : 0
metadata { metadata {
annotations = local.annotations annotations = local.annotations
labels = merge(local.common-labels, local.annotations) labels = merge(local.common-labels, local.annotations)
@@ -223,3 +226,54 @@ resource "kubectl_manifest" "dashboards-workload" {
options: ${jsonencode(merge(local.global, local.dashboards-workload))} options: ${jsonencode(merge(local.global, local.dashboards-workload))}
EOF EOF
} }
resource "kubectl_manifest" "grafana" {
count = var.grafana.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "grafana"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
component: "grafana"
options: ${jsonencode(merge(local.global, local.grafana))}
EOF
}
resource "kubectl_manifest" "promtail" {
count = var.promtail.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "promtail"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
component: "promtail"
options: ${jsonencode(merge(local.global, local.promtail))}
EOF
}
resource "kubectl_manifest" "loki" {
count = var.loki.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "loki"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
component: "loki"
options: ${jsonencode(merge(local.global, local.loki))}
EOF
}

302
meta/domain-monitor/index.yaml
View File

@@ -6,7 +6,7 @@ metadata:
name: domain-monitor name: domain-monitor
description: null description: null
options: options:
alerts-containers: dashboards-namespace:
default: default:
enable: true enable: true
examples: examples:
@@ -17,7 +17,7 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: alerts-containers x-vynil-package: dashboards-namespace
backups: backups:
default: default:
enable: false enable: false
@@ -48,108 +48,6 @@ options:
default: backup-settings default: backup-settings
type: string type: string
type: object type: object
monitor-control-plan:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: monitor-control-plan
kube-state-metrics:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: kube-state-metrics
ingress-class:
default: traefik
examples:
- traefik
type: string
domain:
default: your-company
examples:
- your-company
type: string
dashboards-namespace:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-namespace
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
dashboards-cluster:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-cluster
dashboards-workload:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-workload
prometheus:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: prometheus
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
alertmanager: alertmanager:
default: default:
enable: true enable: true
@@ -162,40 +60,35 @@ options:
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: alertmanager x-vynil-package: alertmanager
loki:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: loki
dashboards-workload:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-workload
issuer: issuer:
default: letsencrypt-prod default: letsencrypt-prod
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
app-group:
default: monitor
examples:
- monitor
type: string
dashboards-minimal:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-minimal
node-exporter:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: node-exporter
storage-classes: storage-classes:
default: default:
BlockReadWriteMany: '' BlockReadWriteMany: ''
@@ -221,6 +114,35 @@ options:
default: '' default: ''
type: string type: string
type: object type: object
node-exporter:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: node-exporter
ingress-class:
default: traefik
examples:
- traefik
type: string
monitor-control-plan:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: monitor-control-plan
alerts-core: alerts-core:
default: default:
enable: true enable: true
@@ -233,6 +155,120 @@ options:
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: alerts-core x-vynil-package: alerts-core
prometheus:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: prometheus
kube-state-metrics:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: kube-state-metrics
domain:
default: your-company
examples:
- your-company
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
alerts-containers:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: alerts-containers
dashboards-minimal:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-minimal
promtail:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: promtail
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
grafana:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: grafana
app-group:
default: monitor
examples:
- monitor
type: string
dashboards-cluster:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-cluster
dependencies: [] dependencies: []
providers: providers:
kubernetes: true kubernetes: true

297
monitor/grafana/apps_v1_Deployment_grafana.yaml Normal file
View File

@@ -0,0 +1,297 @@
# Source: grafana/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
annotations:
checksum/config: 0e9cbd0ea8e24e32f7dfca5bab17a2ba05652642f0a09a4882833ae88e4cc4a3
checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
kubectl.kubernetes.io/default-container: grafana
spec:
serviceAccountName: grafana
automountServiceAccountToken: true
securityContext:
fsGroup: 472
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
initContainers:
- name: init-chown-data
image: "docker.io/library/busybox:1.31.1"
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add:
- CHOWN
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
command:
- chown
- -R
- 472:472
- /var/lib/grafana
volumeMounts:
- name: storage
mountPath: "/var/lib/grafana"
enableServiceLinks: true
containers:
- name: grafana-sc-dashboard
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_dashboard"
- name: FOLDER
value: "/tmp/dashboards"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/dashboards/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-dashboard-volume
mountPath: "/tmp/dashboards"
- name: grafana-sc-datasources
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_datasource"
- name: FOLDER
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/datasources/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
- name: grafana-sc-notifiers
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_notifier"
- name: FOLDER
value: "/etc/grafana/provisioning/notifiers"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/notifications/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
- name: grafana-sc-plugins
image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
imagePullPolicy: IfNotPresent
env:
- name: METHOD
value: WATCH
- name: LABEL
value: "grafana_plugin"
- name: FOLDER
value: "/etc/grafana/provisioning/plugins"
- name: RESOURCE
value: "both"
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: REQ_URL
value: http://localhost:3000/api/admin/provisioning/plugins/reload
- name: REQ_METHOD
value: POST
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
- name: grafana
image: "docker.io/grafana/grafana:10.2.3"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: config
mountPath: "/etc/grafana/grafana.ini"
subPath: grafana.ini
- name: storage
mountPath: "/var/lib/grafana"
- name: sc-dashboard-volume
mountPath: "/tmp/dashboards"
- name: sc-dashboard-provider
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
subPath: provider.yaml
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
ports:
- name: grafana
containerPort: 3000
protocol: TCP
- name: gossip-tcp
containerPort: 9094
protocol: TCP
- name: gossip-udp
containerPort: 9094
protocol: UDP
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: username
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-user
key: password
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 30
readinessProbe:
httpGet:
path: /api/health
port: 3000
volumes:
- name: config
configMap:
name: grafana
- name: storage
persistentVolumeClaim:
claimName: grafana
- name: sc-dashboard-volume
emptyDir:
{}
- name: sc-dashboard-provider
configMap:
name: grafana-config-dashboards
- name: sc-datasources-volume
emptyDir:
{}
- name: sc-plugins-volume
emptyDir:
{}
- name: sc-notifiers-volume
emptyDir:
{}

23
monitor/grafana/autoscaling_v2beta1_HorizontalPodAutoscaler_grafana.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Source: grafana/templates/hpa.yaml
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: grafana
namespace: vynil-monitor
labels:
app.kubernetes.io/name: grafana
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: grafana
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: grafana
minReplicas: 1
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 60

26
monitor/grafana/config.tf Normal file
View File

@@ -0,0 +1,26 @@
resource "kubectl_manifest" "config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
grafana.ini: |
[analytics]
check_for_updates = true
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[server]
domain = ''
EOF
}

68
monitor/grafana/datas.tf Normal file
View File

@@ -0,0 +1,68 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
name = "docker.io/grafana/grafana"
new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}"
new_tag = "${var.images.grafana.tag}"
}
images {
name = "docker.io/library/busybox"
new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}"
new_tag = "${var.images.busybox.tag}"
}
images {
name = "quay.io/kiwigrid/k8s-sidecar"
new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}"
new_tag = "${var.images.sidecar.tag}"
}
patches {
target {
kind = "PersistentVolumeClaim"
name = "grafana"
}
patch = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: grafana
annotations:
k8up.io/backup: "true"
spec:
accessModes:
- "${var.volume.accessMode}"
volumeMode: Filesystem
resources:
requests:
storage: "${var.volume.size}"
EOF
}
patches {
target {
kind = "ServiceMonitor"
name = "grafana"
}
patch = <<-EOF
- op: replace
path: /spec/endpoints/0/relabelings/0/replacement
value: "${var.namespace}/$1"
EOF
}
}

164
monitor/grafana/index.yaml Normal file
View File

@@ -0,0 +1,164 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: grafana
description: null
options:
images:
default:
busybox:
registry: docker.io
repository: library/busybox
tag: 1.31.1
grafana:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
sidecar:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
examples:
- busybox:
registry: docker.io
repository: library/busybox
tag: 1.31.1
grafana:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
sidecar:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
properties:
busybox:
default:
registry: docker.io
repository: library/busybox
tag: 1.31.1
properties:
registry:
default: docker.io
type: string
repository:
default: library/busybox
type: string
tag:
default: 1.31.1
type: string
type: object
grafana:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/grafana
tag: 10.2.3
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: grafana/grafana
type: string
tag:
default: 10.2.3
type: string
type: object
sidecar:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: kiwigrid/k8s-sidecar
tag: 1.25.2
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: kiwigrid/k8s-sidecar
type: string
tag:
default: 1.25.2
type: string
type: object
type: object
domain:
default: your-company
examples:
- your-company
type: string
sub-domain:
default: grafana
examples:
- grafana
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: monitor
examples:
- monitor
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
dependencies: []
providers:
kubernetes: true
authentik: true
kubectl: true
postgresql: null
restapi: null
http: null
gitea: null
tfaddtype: null

28
monitor/grafana/monitoring.coreos.com_v1_ServiceMonitor_grafana.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Source: grafana/templates/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
endpoints:
- port: service
interval: 30s
scrapeTimeout: 30s
honorLabels: true
path: /metrics
scheme: http
jobLabel: "grafana"
selector:
matchLabels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
namespaceSelector:
matchNames:
- vynil-monitor

20
monitor/grafana/rbac.authorization.k8s.io_v1_RoleBinding_grafana.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: grafana/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: grafana
subjects:
- kind: ServiceAccount
name: grafana
namespace: vynil-monitor

16
monitor/grafana/rbac.authorization.k8s.io_v1_Role_grafana.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Source: grafana/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]

19
monitor/grafana/secret.tf Normal file
View File

@@ -0,0 +1,19 @@
resource "kubectl_manifest" "grafana_secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "grafana-admin-user"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
forceRegenerate: false
data:
username: "${var.admin_name}"
fields:
- fieldName: "password"
length: "32"
EOF
}

26
monitor/grafana/v1_ConfigMap_grafana-config-dashboards.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Source: grafana/templates/configmap-dashboard-provider.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
name: grafana-config-dashboards
namespace: vynil-monitor
data:
provider.yaml: |-
apiVersion: 1
providers:
- name: 'sidecarProvider'
orgId: 1
folder: ''
type: file
disableDeletion: false
allowUiUpdates: false
updateIntervalSeconds: 30
options:
foldersFromFilesStructure: false
path: /tmp/dashboards

20
monitor/grafana/v1_PersistentVolumeClaim_grafana.yaml Normal file
View File

@@ -0,0 +1,20 @@
# Source: grafana/templates/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
finalizers:
- kubernetes.io/pvc-protection
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"

13
monitor/grafana/v1_ServiceAccount_grafana.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
# Source: grafana/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
name: grafana
namespace: vynil-monitor

22
monitor/grafana/v1_Service_grafana.yaml Normal file
View File

@@ -0,0 +1,22 @@
# Source: grafana/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: vynil-monitor
labels:
helm.sh/chart: grafana-7.2.4
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
app.kubernetes.io/version: "10.2.3"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- name: service
port: 80
protocol: TCP
targetPort: 3000
selector:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana

124
monitor/loki/apps_v1_StatefulSet_loki.yaml Normal file
View File

@@ -0,0 +1,124 @@
# Source: loki/templates/single-binary/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist
spec:
replicas: 1
podManagementPolicy: Parallel
updateStrategy:
rollingUpdate:
partition: 0
serviceName: loki-headless
revisionHistoryLimit: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Delete
whenScaled: Delete
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
template:
metadata:
annotations:
checksum/config: 00968f96c123aef1e3b51506bfca47d4009fec466be45ff4db4755acd6142f13
labels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
app.kubernetes.io/part-of: memberlist
spec:
serviceAccountName: loki
automountServiceAccountToken: true
enableServiceLinks: true
securityContext:
fsGroup: 10001
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
terminationGracePeriodSeconds: 30
containers:
- name: loki
image: docker.io/grafana/loki:2.9.3
imagePullPolicy: IfNotPresent
args:
- -config.file=/etc/loki/config/config.yaml
- -target=all
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 30
timeoutSeconds: 1
volumeMounts:
- name: tmp
mountPath: /tmp
- name: config
mountPath: /etc/loki/config
- name: runtime-config
mountPath: /etc/loki/runtime-config
- name: storage
mountPath: /var/loki
resources:
{}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary
topologyKey: kubernetes.io/hostname
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: loki
items:
- key: "config.yaml"
path: "config.yaml"
- name: runtime-config
configMap:
name: loki-runtime
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "17Gi"

83
monitor/loki/config.tf Normal file
View File

@@ -0,0 +1,83 @@
resource "kubectl_manifest" "datasource" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-datasource
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
loki-datasource.yaml: |-
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: "http://loki:3100"
version: 1
isDefault: false
jsonData:
{}
EOF
}
resource "kubectl_manifest" "config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: loki
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
config.yaml: |
auth_enabled: true
common:
compactor_address: 'loki'
path_prefix: /var/loki
replication_factor: 1
storage:
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
frontend:
scheduler_address: ""
frontend_worker:
scheduler_address: ""
index_gateway:
mode: ring
limits_config:
max_cache_freshness_per_query: 10m
reject_old_samples: true
reject_old_samples_max_age: 168h
split_queries_by_interval: 15m
memberlist:
join_members:
- loki-memberlist
query_range:
align_queries_with_step: true
ruler:
storage:
type: local
runtime_config:
file: /etc/loki/runtime-config/runtime-config.yaml
schema_config:
configs:
- from: "2022-01-11"
index:
period: 24h
prefix: loki_index_
object_store: filesystem
schema: v12
store: boltdb-shipper
server:
grpc_listen_port: 9095
http_listen_port: 3100
storage_config:
hedging:
at: 250ms
max_per_second: 20
up_to: 3
tracing:
enabled: false
EOF
}

72
monitor/loki/datas.tf Normal file
View File

@@ -0,0 +1,72 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
name = "docker.io/grafana/loki"
new_name = "${var.images.loki.registry}/${var.images.loki.repository}"
new_tag = "${var.images.loki.tag}"
}
patches {
target {
kind = "ServiceMonitor"
name = "loki"
}
patch = <<-EOF
- op: replace
path: /spec/endpoints/0/relabelings/0/replacement
value: "${var.namespace}/$1"
EOF
}
patches {
target {
kind = "StatefulSet"
name = "loki"
}
patch = <<-EOF
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki
spec:
replicas: 1
template:
spec:
containers:
- name: loki
imagePullPolicy: ${var.images.loki.pullPolicy}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: storage
annotations:
k8up.io/backup: "true"
spec:
accessModes:
- "${var.volume.accessMode}"
volumeMode: Filesystem
resources:
requests:
storage: "${var.volume.size}"
EOF
}
}

76
monitor/loki/index.yaml Normal file
View File

@@ -0,0 +1,76 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: loki
description: null
options:
images:
default:
loki:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/loki
tag: 2.9.3
examples:
- loki:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/loki
tag: 2.9.3
properties:
loki:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/loki
tag: 2.9.3
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: grafana/loki
type: string
tag:
default: 2.9.3
type: string
type: object
type: object
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null
gitea: null
tfaddtype: null

65
monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-alerts.yaml Normal file
View File

@@ -0,0 +1,65 @@
# Source: loki/templates/monitoring/loki-alerts.yaml
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
name: loki-loki-alerts
namespace: vynil-monitor
spec:
groups:
- name: loki_alerts
rules:
- alert: LokiRequestErrors
annotations:
message: |
{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.
expr: |
100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[2m])) by (namespace, job, route)
/
sum(rate(loki_request_duration_seconds_count[2m])) by (namespace, job, route)
> 10
for: 15m
labels:
severity: critical
- alert: LokiRequestPanics
annotations:
message: |
{{ $labels.job }} is experiencing {{ printf "%.2f" $value }}% increase of panics.
expr: |
sum(increase(loki_panic_total[10m])) by (namespace, job) > 0
labels:
severity: critical
- alert: LokiRequestLatency
annotations:
message: |
{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency.
expr: |
namespace_job_route:loki_request_duration_seconds:99quantile{route!~"(?i).*tail.*"} > 1
for: 15m
labels:
severity: critical
- alert: LokiTooManyCompactorsRunning
annotations:
message: |
{{ $labels.cluster }} {{ $labels.namespace }} has had {{ printf "%.0f" $value }} compactors running for more than 5m. Only one compactor should run at a time.
expr: |
sum(loki_boltdb_shipper_compactor_running) by (namespace, cluster) > 1
for: 5m
labels:
severity: warning
- name: loki_canaries_alerts
rules:
- alert: LokiCanaryLatency
annotations:
message: |
{{ $labels.job }} is experiencing {{ printf "%.2f" $value }}s 99th percentile latency.
expr: |
histogram_quantile(0.99, sum(rate(loki_canary_response_latency_seconds_bucket[5m])) by (le, namespace, job)) > 5
for: 15m
labels:
severity: warning

98
monitor/loki/monitoring.coreos.com_v1_PrometheusRule_loki-loki-rules.yaml Normal file
View File

@@ -0,0 +1,98 @@
# Source: loki/templates/monitoring/loki-rules.yaml
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
name: loki-loki-rules
namespace: vynil-monitor
spec:
groups:
- name: loki_rules
rules:
- expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job))
labels:
cluster: loki
record: job:loki_request_duration_seconds:99quantile
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job))
labels:
cluster: loki
record: job:loki_request_duration_seconds:50quantile
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job) / sum(rate(loki_request_duration_seconds_count[1m]))
by (job)
labels:
cluster: loki
record: job:loki_request_duration_seconds:avg
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job)
labels:
cluster: loki
record: job:loki_request_duration_seconds_bucket:sum_rate
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job)
labels:
cluster: loki
record: job:loki_request_duration_seconds_sum:sum_rate
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job)
labels:
cluster: loki
record: job:loki_request_duration_seconds_count:sum_rate
- expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job, route))
labels:
cluster: loki
record: job_route:loki_request_duration_seconds:99quantile
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, job, route))
labels:
cluster: loki
record: job_route:loki_request_duration_seconds:50quantile
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route) / sum(rate(loki_request_duration_seconds_count[1m]))
by (job, route)
labels:
cluster: loki
record: job_route:loki_request_duration_seconds:avg
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, job, route)
labels:
cluster: loki
record: job_route:loki_request_duration_seconds_bucket:sum_rate
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (job, route)
labels:
cluster: loki
record: job_route:loki_request_duration_seconds_sum:sum_rate
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (job, route)
labels:
cluster: loki
record: job_route:loki_request_duration_seconds_count:sum_rate
- expr: histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, namespace, job, route))
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds:99quantile
- expr: histogram_quantile(0.50, sum(rate(loki_request_duration_seconds_bucket[1m]))
by (le, namespace, job, route))
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds:50quantile
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route)
/ sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route)
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds:avg
- expr: sum(rate(loki_request_duration_seconds_bucket[1m])) by (le, namespace, job,
route)
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds_bucket:sum_rate
- expr: sum(rate(loki_request_duration_seconds_sum[1m])) by (namespace, job, route)
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds_sum:sum_rate
- expr: sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route)
labels:
cluster: loki
record: namespace_job_route:loki_request_duration_seconds_count:sum_rate

35
monitor/loki/monitoring.coreos.com_v1_ServiceMonitor_loki.yaml Normal file
View File

@@ -0,0 +1,35 @@
# Source: loki/templates/monitoring/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: loki
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
matchExpressions:
- key: prometheus.io/service-monitor
operator: NotIn
values:
- "false"
endpoints:
- port: http-metrics
path: /metrics
interval: 15s
relabelings:
- sourceLabels: [job]
action: replace
replacement: "vynil-monitor/$1"
targetLabel: job
- action: replace
replacement: "loki"
targetLabel: cluster
scheme: http

15
monitor/loki/v1_ConfigMap_loki-runtime.yaml Normal file
View File

@@ -0,0 +1,15 @@
# Source: loki/templates/runtime-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-runtime
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
data:
runtime-config.yaml: |
{}

14
monitor/loki/v1_ServiceAccount_loki.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
# Source: loki/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: loki
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true

25
monitor/loki/v1_Service_loki-headless.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Source: loki/templates/single-binary/service-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-headless
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
variant: headless
prometheus.io/service-monitor: "false"
annotations:
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki

24
monitor/loki/v1_Service_loki-memberlist.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Source: loki/templates/service-memberlist.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-memberlist
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp
port: 7946
targetPort: http-memberlist
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/part-of: memberlist

28
monitor/loki/v1_Service_loki.yaml Normal file
View File

@@ -0,0 +1,28 @@
# Source: loki/templates/single-binary/service.yaml
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: vynil-monitor
labels:
helm.sh/chart: loki-5.41.8
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/version: "2.9.3"
app.kubernetes.io/managed-by: Helm
annotations:
spec:
type: ClusterIP
ports:
- name: http-metrics
port: 3100
targetPort: http-metrics
protocol: TCP
- name: grpc
port: 9095
targetPort: grpc
protocol: TCP
selector:
app.kubernetes.io/name: loki
app.kubernetes.io/instance: loki
app.kubernetes.io/component: single-binary

95
monitor/promtail/apps_v1_DaemonSet_promtail.yaml Normal file
View File

@@ -0,0 +1,95 @@
# Source: promtail/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
namespace: vynil-monitor
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm
annotations:
configmap.reloader.stakater.com/reload: promtail
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
updateStrategy:
{}
template:
metadata:
labels:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
annotations:
checksum/config: 6c6fe64da626e7a1dcbf5243d0da373c6ecb04d80b160d827f1264aacfd18a24
spec:
serviceAccountName: promtail
enableServiceLinks: true
securityContext:
runAsGroup: 0
runAsUser: 0
containers:
- name: promtail
image: "docker.io/grafana/promtail:2.9.2"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"
volumeMounts:
- name: config
mountPath: /etc/promtail
- mountPath: /run/promtail
name: run
- mountPath: /var/lib/docker/containers
name: containers
readOnly: true
- mountPath: /var/log/pods
name: pods
readOnly: true
env:
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- name: http-metrics
containerPort: 3101
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
readinessProbe:
failureThreshold: 5
httpGet:
path: '/ready'
port: http-metrics
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- name: config
configMap:
name: promtail
- hostPath:
path: /run/promtail
name: run
- hostPath:
path: /var/lib/docker/containers
name: containers
- hostPath:
path: /var/log/pods
name: pods

94
monitor/promtail/config.tf Normal file
View File

@@ -0,0 +1,94 @@
resource "kubectl_manifest" "config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
promtail.yaml: |
server:
log_level: ${var.log_level}
log_format: ${var.log_format}
http_listen_port: 3101
clients:
- url: http://${var.loki-url}:3100/loki/api/v1/push
positions:
filename: /run/promtail/positions.yaml
scrape_configs:
- job_name: kubernetes-pods
pipeline_stages:
- cri: {}
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_controller_name
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
action: replace
target_label: __tmp_controller_name
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_name
- __meta_kubernetes_pod_label_app
- __tmp_controller_name
- __meta_kubernetes_pod_name
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: app
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_instance
- __meta_kubernetes_pod_label_instance
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: instance
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_component
- __meta_kubernetes_pod_label_component
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: component
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: node_name
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
replacement: $1
separator: /
source_labels:
- namespace
- app
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- action: replace
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: replace
regex: true/(.*)
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
- __meta_kubernetes_pod_container_name
target_label: __path__
limits_config:
tracing:
enabled: false
EOF
}

38
monitor/promtail/datas.tf Normal file
View File

@@ -0,0 +1,38 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/instance" = var.instance
}
rb-patch = <<-EOF
- op: replace
path: /subjects/0/namespace
value: "${var.namespace}"
EOF
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
name = "docker.io/grafana/promtail"
new_name = "${var.images.promtail.registry}/${var.images.promtail.repository}"
new_tag = "${var.images.promtail.tag}"
}
}
data "kustomization_overlay" "data_no_ns" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0]
patches {
target {
kind = "ClusterRoleBinding"
name = "prometheus-community-kube-prometheus"
}
patch = local.rb-patch
}
}

72
monitor/promtail/index.yaml Normal file
View File

@@ -0,0 +1,72 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: monitor
metadata:
name: promtail
description: null
options:
log_format:
default: logfmt
examples:
- logfmt
type: string
images:
default:
promtail:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/promtail
tag: 2.9.2
examples:
- promtail:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/promtail
tag: 2.9.2
properties:
promtail:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: grafana/promtail
tag: 2.9.2
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: grafana/promtail
type: string
tag:
default: 2.9.2
type: string
type: object
type: object
log_level:
default: info
examples:
- info
type: string
loki-url:
default: loki
examples:
- loki
type: string
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null
gitea: null
tfaddtype: null

19
monitor/promtail/monitoring.coreos.com_v1_ServiceMonitor_promtail.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Source: promtail/templates/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: promtail
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
endpoints:
- port: http-metrics
scheme: http

19
monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRoleBinding_promtail.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Source: promtail/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
name: promtail
namespace: vynil-monitor
roleRef:
kind: ClusterRole
name: promtail
apiGroup: rbac.authorization.k8s.io

24
monitor/promtail/rbac.authorization.k8s.io_v1_ClusterRole_promtail.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Source: promtail/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs:
- get
- watch
- list

45
monitor/promtail/ressources_no_ns.tf Normal file
View File

@@ -0,0 +1,45 @@
# first loop through resources in ids_prio[0]
resource "kustomization_resource" "pre_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[0]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
}
# then loop through resources in ids_prio[1]
# and set an explicit depends_on on kustomization_resource.pre
# wait 2 minutes for any deployment or daemonset to become ready
resource "kustomization_resource" "main_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[1]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
wait = true
timeouts {
create = "5m"
update = "5m"
}
depends_on = [kustomization_resource.pre_no_ns]
}
# finally, loop through resources in ids_prio[2]
# and set an explicit depends_on on kustomization_resource.main
resource "kustomization_resource" "post_no_ns" {
for_each = data.kustomization_overlay.data_no_ns.ids_prio[2]
manifest = (
contains(["_/Secret"], regex("(?P<group_kind>.*/.*)/.*/.*", each.value)["group_kind"])
? sensitive(data.kustomization_overlay.data_no_ns.manifests[each.value])
: data.kustomization_overlay.data_no_ns.manifests[each.value]
)
depends_on = [kustomization_resource.main_no_ns]
}

13
monitor/promtail/v1_ServiceAccount_promtail.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
# Source: promtail/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: vynil-monitor
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm

22
monitor/promtail/v1_Service_promtail-metrics.yaml Normal file
View File

@@ -0,0 +1,22 @@
# Source: promtail/templates/service-metrics.yaml
apiVersion: v1
kind: Service
metadata:
name: promtail-metrics
namespace: vynil-monitor
labels:
helm.sh/chart: promtail-6.15.3
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail
app.kubernetes.io/version: "2.9.2"
app.kubernetes.io/managed-by: Helm
spec:
clusterIP: None
ports:
- name: http-metrics
port: 3101
targetPort: http-metrics
protocol: TCP
selector:
app.kubernetes.io/name: promtail
app.kubernetes.io/instance: promtail