From 84b93d5fbd1de67ab9fc765c342be66d91838ac6 Mon Sep 17 00:00:00 2001 From: wboughattas Date: Sat, 27 Dec 2025 23:43:14 -0500 Subject: [PATCH] first commit --- .gitattributes | 1 + .gitignore | 126 +++++++ apps/severed-blog-config.yaml | 47 +++ apps/severed-blog.yaml | 31 ++ apps/severed-ingress.yaml | 20 ++ infra/alloy-env.yaml | 8 + infra/alloy-setup.yaml | 185 ++++++++++ infra/observer/dashboard-json.yaml | 535 ++++++++++++++++++++++++++++ infra/observer/grafana-ingress.yaml | 19 + infra/observer/grafana.yaml | 120 +++++++ infra/observer/loki.yaml | 97 +++++ infra/observer/prometheus.yaml | 76 ++++ namespaces.yaml | 10 + 13 files changed, 1275 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 apps/severed-blog-config.yaml create mode 100644 apps/severed-blog.yaml create mode 100644 apps/severed-ingress.yaml create mode 100644 infra/alloy-env.yaml create mode 100644 infra/alloy-setup.yaml create mode 100644 infra/observer/dashboard-json.yaml create mode 100644 infra/observer/grafana-ingress.yaml create mode 100644 infra/observer/grafana.yaml create mode 100644 infra/observer/loki.yaml create mode 100644 infra/observer/prometheus.yaml create mode 100644 namespaces.yaml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..6313b56 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c1915d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,126 @@ +# OSX leaves these everywhere on SMB shares +._* + +# OSX trash +.DS_Store + +# Developers can store local stuff in dirs named __something +__* + +# Eclipse files +.classpath +.project +.settings/** + +# Files generated by JetBrains IDEs, e.g. IntelliJ IDEA +.idea/ +*.iml + +# Vscode files +.vscode + +# This is where the result of the go build goes +/output*/ +/_output*/ +/_output + +# Emacs save files +*~ +\#*\# +.\#* + +# Vim-related files +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +*.un~ +Session.vim +.netrwhist + +# cscope-related files +cscope.* + +# Go test binaries +*.test +/hack/.test-cmd-auth + +# JUnit test output from ginkgo e2e tests +/junit*.xml + +# Mercurial files +**/.hg +**/.hg* + +# Vagrant +.vagrant +network_closure.sh + +# Local cluster env variables +/cluster/env.sh + +# Compiled binaries in third_party +/third_party/pkg + +# Also ignore etcd installed by hack/install-etcd.sh +/third_party/etcd* +/default.etcd + +# Also ignore protoc installed by hack/install-protoc.sh +/third_party/protoc* + +# User cluster configs +.kubeconfig + +.tags* + +# Version file for dockerized build +.dockerized-kube-version-defs + +# Web UI +/www/master/node_modules/ +/www/master/npm-debug.log +/www/master/shared/config/development.json + +# Karma output +/www/test_out + +# precommit temporary directories created by ./hack/verify-generated-docs.sh and ./hack/lib/util.sh +/_tmp/ +/doc_tmp/ + +# Test artifacts produced by Prow/kubetest2 jobs +/_artifacts/ +/_rundir/ + +# Go dependencies installed on Jenkins +/_gopath/ + +# Config directories created by gcloud and gsutil on Jenkins +/.config/gcloud*/ +/.gsutil/ + +# CoreOS stuff +/cluster/libvirt-coreos/coreos_*.img + +# Downloaded Kubernetes binary release +/kubernetes/ + +# direnv .envrc files +.envrc + +# Downloaded kubernetes binary release tar ball +kubernetes.tar.gz + +# Phony test files used as part of coverage generation +zz_generated_*_test.go + +# Just in time generated data in the source, should never be committed +/test/e2e/generated/bindata.go + +# This file used by some vendor repos (e.g. github.com/go-openapi/...) to store secret variables and should not be ignored +!\.drone\.sec + +/bazel-* +*.pyc + +# generated by verify-vendor.sh +vendordiff.patch diff --git a/apps/severed-blog-config.yaml b/apps/severed-blog-config.yaml new file mode 100644 index 0000000..1faf3d1 --- /dev/null +++ b/apps/severed-blog-config.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: severed-blog-config + namespace: severed-apps +data: + default.conf: | + server { + listen 80; + server_name localhost; + root /usr/share/nginx/html; + index index.html index.htm; + + # gzip compression + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + gzip_vary on; + gzip_min_length 1000; + + # assets (images, fonts, favicons) - cache for 1 Year + location ~* \.(jpg|jpeg|gif|png|ico|svg|woff|woff2|ttf|eot)$ { + expires 365d; + add_header Cache-Control "public, no-transform"; + try_files $uri =404; + } + + # code (css, js) - cache for 1 month + location ~* \.(css|js)$ { + expires 30d; + add_header Cache-Control "public, no-transform"; + try_files $uri =404; + } + + # standard routing + location / { + try_files $uri $uri/ $uri.html =404; + } + + error_page 404 /404.html; + location = /404.html { + internal; + } + + # logging / lb config + real_ip_header X-Forwarded-For; + set_real_ip_from 10.0.0.0/8; + } diff --git a/apps/severed-blog.yaml b/apps/severed-blog.yaml new file mode 100644 index 0000000..a25dd6f --- /dev/null +++ b/apps/severed-blog.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: severed-blog + namespace: severed-apps +spec: + replicas: 2 + selector: + matchLabels: + app: severed-blog + template: + metadata: + labels: + app: severed-blog + spec: + containers: + - name: web + image: severed-blog:v0.3 + imagePullPolicy: Never + ports: + - containerPort: 80 + + volumeMounts: + - name: nginx-config-vol + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + + volumes: + - name: nginx-config-vol + configMap: + name: severed-blog-config diff --git a/apps/severed-ingress.yaml b/apps/severed-ingress.yaml new file mode 100644 index 0000000..4a8d671 --- /dev/null +++ b/apps/severed-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: severed-ingress + namespace: severed-apps + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + # ONLY accept traffic for this specific hostname + - host: blog.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: severed-blog-service + port: + number: 80 diff --git a/infra/alloy-env.yaml b/infra/alloy-env.yaml new file mode 100644 index 0000000..5b12868 --- /dev/null +++ b/infra/alloy-env.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: monitoring-env + namespace: monitoring +data: + LOKI_URL: "http://loki.monitoring.svc:3100/loki/api/v1/push" + PROM_URL: "http://prometheus.monitoring.svc:9090/api/v1/write" diff --git a/infra/alloy-setup.yaml b/infra/alloy-setup.yaml new file mode 100644 index 0000000..9acb786 --- /dev/null +++ b/infra/alloy-setup.yaml @@ -0,0 +1,185 @@ +# --- RBAC configuration --- +# creates a serviceaccount with permissions to discover pods and read logs. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alloy-sa + namespace: monitoring + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alloy-cluster-role +rules: + # discovery permissions: allows alloy to find targets: Nodes, Pods, Services. + - apiGroups: [ "" ] + resources: [ "nodes", "nodes/proxy", "services", "endpoints", "pods" ] + verbs: [ "get", "list", "watch" ] + # log access: required for 'loki.source.kubernetes' to tail logs. + - apiGroups: [ "" ] + resources: [ "pods/log" ] + verbs: [ "get", "list", "watch" ] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alloy-cluster-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alloy-cluster-role +subjects: + - kind: ServiceAccount + name: alloy-sa + namespace: monitoring + +--- +# --- Alloy pipeline configuration --- +# defines how telemetry data is collected, processed, and exported. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: alloy-config + namespace: monitoring +data: + config.alloy: | + // 1. discovery (Shared by Logs and Metrics) + discovery.kubernetes "k8s_pods" { + role = "pod" + } + + // 2. metrics pipeline + // A. read host hardware stats (CPU/RAM) + prometheus.exporter.unix "host" { + rootfs_path = "/host/root" + sysfs_path = "/host/sys" + procfs_path = "/host/proc" + } + + // B. scrape those stats + prometheus.scrape "host_scraper" { + targets = prometheus.exporter.unix.host.targets + forward_to = [prometheus.remote_write.metrics_service.receiver] + } + + // C. send to Prometheus + prometheus.remote_write "metrics_service" { + endpoint { + url = sys.env("PROM_URL") + } + } + + // 3. logs pipeline (With Relabeling Fix) + // A. relabeling: Promote hidden K8s tags to real labels + discovery.relabel "k8s_labels" { + targets = discovery.kubernetes.k8s_pods.targets + + rule { + action = "replace" + source_labels = ["__meta_kubernetes_pod_label_app"] + target_label = "app" + } + + rule { + action = "replace" + source_labels = ["__meta_kubernetes_namespace"] + target_label = "namespace" + } + + rule { + action = "replace" + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "pod" + } + + rule { + action = "replace" + source_labels = ["__meta_kubernetes_pod_container_name"] + target_label = "container" + } + } + + // B. tail logs: using the relabeled targets + loki.source.kubernetes "pod_logs" { + targets = discovery.relabel.k8s_labels.output + forward_to = [loki.write.default.receiver] + } + + // C. send to Loki + loki.write "default" { + endpoint { + url = sys.env("LOKI_URL") + } + } +--- +# --- Agent Deployment (DaemonSet) --- +# deploys one alloy agent per node to monitor the entire cluster. + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: alloy + namespace: monitoring +spec: + selector: + matchLabels: + name: alloy + template: + metadata: + labels: + name: alloy + spec: + serviceAccountName: alloy-sa + hostNetwork: true + hostPID: true + + # Forces the pod to use K8s CoreDNS even when running on host network + dnsPolicy: ClusterFirstWithHostNet + + containers: + - name: alloy + image: grafana/alloy:latest + args: + - run + - --server.http.listen-addr=0.0.0.0:12345 + - /etc/alloy/config.alloy + + envFrom: + - configMapRef: + name: monitoring-env + optional: false + + volumeMounts: + - name: config + mountPath: /etc/alloy + - name: logs + mountPath: /var/log + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + - name: root + mountPath: /host/root + readOnly: true + volumes: + - name: config + configMap: + name: alloy-config + - name: logs + hostPath: + path: /var/log + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + - name: root + hostPath: + path: / diff --git a/infra/observer/dashboard-json.yaml b/infra/observer/dashboard-json.yaml new file mode 100644 index 0000000..e06aaaf --- /dev/null +++ b/infra/observer/dashboard-json.yaml @@ -0,0 +1,535 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboards-json + namespace: monitoring +data: + severed-health.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 0, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 7, + "panels": [], + "title": "Global View", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "Prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "Prometheus" + }, + "editorMode": "code", + "expr": "node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes", + "legendFormat": "Used Memory", + "range": true, + "refId": "A" + } + ], + "title": "Cluster Memory Usage (Node)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "Prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "orange", + "value": 80 + }, + { + "color": "red", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "expr": "100 - (\n node_filesystem_avail_bytes{mountpoint=\"/var/log\", fstype=\"ext4\"}\n /\n node_filesystem_size_bytes{mountpoint=\"/var/log\", fstype=\"ext4\"}\n) * 100", + "legendFormat": "{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "Root Disk Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "Prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 9 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "Prometheus" + }, + "editorMode": "code", + "expr": "sum by (cpu) (rate(node_cpu_seconds_total{mode!=\"idle\"}[5m]))", + "legendFormat": "{{cpu}}", + "range": true, + "refId": "A" + } + ], + "title": "CPU Usage per Core", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "Loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 9 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "sum(rate({app=\"severed-blog\"}[1m]))", + "legendFormat": "Requests/sec", + "refId": "A" + } + ], + "title": "Web Traffic (RPS)", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "Loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 9 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "sum by (status) (count_over_time({app=\"severed-blog\"} | regexp `HTTP/1.1\" (?P[45]\\d{2})` [1m]))", + "legendFormat": "HTTP {{status}}", + "refId": "A" + } + ], + "title": "HTTP Errors (4xx/5xx)", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "", + "schemaVersion": 42, + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Severed Cluster Health", + "uid": "severed-health", + "version": 9 + } \ No newline at end of file diff --git a/infra/observer/grafana-ingress.yaml b/infra/observer/grafana-ingress.yaml new file mode 100644 index 0000000..27f8e4e --- /dev/null +++ b/infra/observer/grafana-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-ingress + namespace: monitoring + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: grafana.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana-service # ...send them to Grafana + port: + number: 3000 diff --git a/infra/observer/grafana.yaml b/infra/observer/grafana.yaml new file mode 100644 index 0000000..11e5b7f --- /dev/null +++ b/infra/observer/grafana.yaml @@ -0,0 +1,120 @@ +# 1. Datasources (Connection to Loki/Prom) +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-datasources + namespace: monitoring +data: + datasources.yaml: | + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus.monitoring.svc:9090 + isDefault: false + - name: Loki + type: loki + access: proxy + url: http://loki.monitoring.svc:3100 + isDefault: true + +--- +# 2. Dashboard Provider (Tells Grafana to load from /var/lib/grafana/dashboards) +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-provider + namespace: monitoring +data: + dashboard-provider.yaml: | + apiVersion: 1 + providers: + - name: 'Severed Dashboards' + orgId: 1 + folder: '' + type: file + disableDeletion: false + updateIntervalSeconds: 10 # Allow editing in UI, but it resets on restart + options: + path: /var/lib/grafana/dashboards + +--- +# 3. Service +apiVersion: v1 +kind: Service +metadata: + name: grafana-service + namespace: monitoring +spec: + type: LoadBalancer + selector: + app: grafana + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + +--- +# 4. Deployment (The App) +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + containers: + - name: grafana + image: grafana/grafana:latest + ports: + - containerPort: 3000 + + env: + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: grafana-secrets + key: admin-user + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: grafana-secrets + key: admin-password + + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ORG_ROLE + value: "Viewer" + - name: GF_AUTH_ANONYMOUS_ORG_NAME + value: "Main Org." + + volumeMounts: + - name: grafana-datasources + mountPath: /etc/grafana/provisioning/datasources + - name: grafana-dashboard-provider + mountPath: /etc/grafana/provisioning/dashboards + - name: grafana-dashboards-json + mountPath: /var/lib/grafana/dashboards + - name: grafana-storage + mountPath: /var/lib/grafana + volumes: + - name: grafana-datasources + configMap: + name: grafana-datasources + - name: grafana-dashboard-provider + configMap: + name: grafana-dashboard-provider + - name: grafana-dashboards-json + configMap: + name: grafana-dashboards-json + - name: grafana-storage + emptyDir: {} diff --git a/infra/observer/loki.yaml b/infra/observer/loki.yaml new file mode 100644 index 0000000..c36875b --- /dev/null +++ b/infra/observer/loki.yaml @@ -0,0 +1,97 @@ +# --- Configuration --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-config + namespace: monitoring +data: + local-config.yaml: | + auth_enabled: false + server: + http_listen_port: 3100 + common: + path_prefix: /loki + storage: + filesystem: + chunks_directory: /loki/chunks + rules_directory: /loki/rules + replication_factor: 1 + ring: + instance_addr: 127.0.0.1 + kvstore: + store: inmemory + schema_config: + configs: + - from: 2020-10-24 + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: index_ + period: 24h + limits_config: + allow_structured_metadata: true + +--- +# --- Storage Service (Headless) --- +# Required for StatefulSets to maintain stable DNS entries. +apiVersion: v1 +kind: Service +metadata: + name: loki + namespace: monitoring +spec: + type: ClusterIP + selector: + app: loki + ports: + - port: 3100 + targetPort: 3100 + name: http-metrics + +--- +# --- The Database (StatefulSet) --- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + namespace: monitoring +spec: + serviceName: loki + replicas: 1 + selector: + matchLabels: + app: loki + template: + metadata: + labels: + app: loki + spec: + # securityContext: + # fsGroup: 10001 # Often needed for Loki write permissions + containers: + - name: loki + image: grafana/loki:latest + args: + - -config.file=/etc/loki/local-config.yaml + ports: + - containerPort: 3100 + name: http-metrics + volumeMounts: + - name: config + mountPath: /etc/loki + - name: data + mountPath: /loki + volumes: + - name: config + configMap: + name: loki-config + # Persistent Storage: Automatically creates a Volume for data retention + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 5Gi diff --git a/infra/observer/prometheus.yaml b/infra/observer/prometheus.yaml new file mode 100644 index 0000000..347a8c0 --- /dev/null +++ b/infra/observer/prometheus.yaml @@ -0,0 +1,76 @@ +# --- Configuration --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-config + namespace: monitoring +data: + prometheus.yml: | + global: + scrape_interval: 15s + evaluation_interval: 15s + storage: + tsdb: + out_of_order_time_window: 1m + +--- +# --- Service --- +apiVersion: v1 +kind: Service +metadata: + name: prometheus + namespace: monitoring +spec: + type: ClusterIP + selector: + app: prometheus + ports: + - port: 9090 + targetPort: 9090 + +--- +# --- The Database (StatefulSet) --- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: prometheus + namespace: monitoring +spec: + serviceName: prometheus + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + spec: + containers: + - name: prometheus + image: prom/prometheus:latest + args: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--web.enable-remote-write-receiver" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + ports: + - containerPort: 9090 + volumeMounts: + - name: config + mountPath: /etc/prometheus + - name: data + mountPath: /prometheus + volumes: + - name: config + configMap: + name: prometheus-config + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 5Gi diff --git a/namespaces.yaml b/namespaces.yaml new file mode 100644 index 0000000..ba2573e --- /dev/null +++ b/namespaces.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: severed-apps + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring