Merge pull request kcl-lang#54 from howieyuen/install

feat: one-click deploy alertmanager integrating with prometheus

Author: howieyuen

base/examples/monitoring/prometheus-install/base/base.k

@@ -0,0 +1,63 @@
+import base.pkg.kusion_models.kube.frontend.rbac
+import base.pkg.kusion_kubernetes.api.core.v1 as corev1
+
+
+_rbac_name = "prometheus"
+_common_namespace = "default"
+
+# 1. create a service account 
+_prometheus_sa: corev1.ServiceAccount {
+    metadata = {
+        name = _rbac_name
+        namespace = _common_namespace
+    }
+}
+
+# 2. prepare required permissions with api groups and resources
+_prometheus_clusterrole: rbac.ClusterRole {
+    metadata = {
+        name = _rbac_name
+        namespace = _common_namespace
+    }
+    rules = [
+        {
+            apiGroups = [""]
+            resources = ["nodes", "nodes/metrics", "services", "endpoints", "pods"]
+            verbs = ["get", "list", "watch"]
+        }
+        {
+            apiGroups = [""]
+            resources = ["configmaps"]
+            verbs = ["get"]
+        }
+        {
+            apiGroups = ["networking.k8s.io"]
+            resources = ["ingresses"]
+            verbs = ["get", "list", "watch"]
+        }
+        {
+            nonResourceURLs = ["/metrics"]
+            verbs = ["get"]
+        }
+    ]
+}
+
+# 3. bind service account and cluster role
+rbac.ClusterRoleBinding{
+    metadata = {
+        name = _rbac_name
+        namespace = _common_namespace
+    }
+    roleRef = {
+        apiGroup = "rbac.authorization.k8s.io"
+        kind = "ClusterRole"
+        name = _prometheus_clusterrole.metadata.name
+    }
+    subjects = [
+        {
+            kind = "ServiceAccount"
+            name = _prometheus_sa.metadata.name
+            namespace = _prometheus_sa.metadata.namespace
+        }
+    ]
+}

base/examples/monitoring/prometheus-install/prod/ci-test/settings.yaml

@@ -0,0 +1 @@
+kcl_options:

base/examples/monitoring/prometheus-install/prod/ci-test/stdout.golden.yaml

@@ -0,0 +1,181 @@
+id: rbac.authorization.k8s.io/v1:ClusterRoleBinding:default:prometheus
+type: Kubernetes
+dependsOn:
+- rbac.authorization.k8s.io/v1:ClusterRole:default:prometheus
+attributes:
+  apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRoleBinding
+  subjects:
+  - kind: ServiceAccount
+    name: prometheus
+    namespace: default
+  metadata:
+    name: prometheus
+    namespace: default
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: prometheus
+---
+id: rbac.authorization.k8s.io/v1:ClusterRole:default:prometheus
+type: Kubernetes
+attributes:
+  apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRole
+  rules:
+  - apiGroups:
+    - ''
+    resources:
+    - nodes
+    - nodes/metrics
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ''
+    resources:
+    - configmaps
+    verbs:
+    - get
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
+  - nonResourceURLs:
+    - /metrics
+    verbs:
+    - get
+  metadata:
+    name: prometheus
+    namespace: default
+---
+id: monitoring.coreos.com/v1alpha1:AlertmanagerConfig:default:config-example
+type: Kubernetes
+attributes:
+  apiVersion: monitoring.coreos.com/v1alpha1
+  kind: AlertmanagerConfig
+  metadata:
+    labels:
+      alertmanagerConfig: example
+    name: config-example
+    namespace: default
+  spec:
+    receivers:
+    - name: webhook
+      webhookConfigs:
+      - url: http://example.com/
+    route:
+      groupBy:
+      - job
+      groupInterval: 5m
+      groupWait: 30s
+      receiver: webhook
+      repeatInterval: 12h
+---
+id: monitoring.coreos.com/v1:Prometheus:default:example
+type: Kubernetes
+attributes:
+  apiVersion: monitoring.coreos.com/v1
+  kind: Prometheus
+  metadata:
+    name: example
+    namespace: default
+  spec:
+    serviceMonitorSelector:
+      matchLabels:
+        prometheus: example
+    replicas: 1
+    scrapeInterval: 30s
+    serviceAccountName: prometheus
+    evaluationInterval: 30s
+    alerting:
+      alertmanagers:
+      - name: alertmanager-example
+        namespace: default
+        port: web
+    ruleSelector:
+      matchLabels:
+        role: alert-rules
+        prometheus: example
+---
+id: monitoring.coreos.com/v1:Alertmanager:default:example
+type: Kubernetes
+attributes:
+  apiVersion: monitoring.coreos.com/v1
+  kind: Alertmanager
+  metadata:
+    name: example
+    namespace: default
+  spec:
+    replicas: 3
+    retention: 120h
+    alertmanagerConfiguration:
+      name: config-example
+---
+id: v1:Service:default:alertmanager-example
+type: Kubernetes
+dependsOn:
+- rbac.authorization.k8s.io/v1:ClusterRole:default:prometheus
+- rbac.authorization.k8s.io/v1:ClusterRoleBinding:default:prometheus
+- v1:ServiceAccount:default:prometheus
+attributes:
+  apiVersion: v1
+  kind: Service
+  metadata:
+    name: alertmanager-example
+    namespace: default
+  spec:
+    ports:
+    - name: web
+      port: 9093
+      targetPort: web
+    - name: reloader-web
+      port: 8080
+      targetPort: reloader-web
+    selector:
+      alertmanager: example
+    sessionAffinity: ClientIP
+---
+id: v1:Service:default:prometheus-example
+type: Kubernetes
+dependsOn:
+- rbac.authorization.k8s.io/v1:ClusterRole:default:prometheus
+- rbac.authorization.k8s.io/v1:ClusterRoleBinding:default:prometheus
+- v1:ServiceAccount:default:prometheus
+attributes:
+  apiVersion: v1
+  kind: Service
+  metadata:
+    name: prometheus-example
+    namespace: default
+  spec:
+    ports:
+    - name: web
+      port: 9090
+      targetPort: web
+    - name: reloader-web
+      port: 8080
+      targetPort: reloader-web
+    selector:
+      prometheus: example
+    sessionAffinity: ClientIP
+---
+id: v1:ServiceAccount:default:prometheus
+type: Kubernetes
+dependsOn:
+- rbac.authorization.k8s.io/v1:ClusterRole:default:prometheus
+- rbac.authorization.k8s.io/v1:ClusterRoleBinding:default:prometheus
+attributes:
+  apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: prometheus
+    namespace: default

base/examples/monitoring/prometheus-install/prod/kcl.yaml

@@ -0,0 +1,5 @@
+kcl_cli_configs:
+  file:
+    - ../base/base.k
+    - main.k
+    - ${KCL_MOD}/base/pkg/kusion_models/kube/render/render.k

base/examples/monitoring/prometheus-install/prod/main.k

@@ -0,0 +1,136 @@
+import base.pkg.kusion_kubernetes.api.core.v1 as corev1
+import base.pkg.kusion_prometheus.monitoring.v1 as monitoringv1
+import base.pkg.kusion_prometheus.monitoring.v1alpha1 as monitoringv1alpha1
+
+
+# 1. creates an AlertmanagerConfig that sends notifications to a fictitious webhook service.
+_alertmanager_config: monitoringv1alpha1.AlertmanagerConfig{
+    metadata = {
+        name = "config-example"
+        namespace = _common_namespace
+        labels = {
+            "alertmanagerConfig" = "example"
+        }
+    }
+    spec = {
+        route = {
+            groupBy = ["job"]
+            groupWait = "30s"
+            groupInterval = "5m"
+            repeatInterval = "12h"
+            receiver = "webhook"
+        }
+        receivers = [
+            {
+                name = "webhook"
+                webhookConfigs = [
+                    {
+                        url = "http://example.com/"
+                    }
+                ]
+            }
+        ]
+    }
+}
+
+# 2. create an alertmanager cluster with 3 replicas and configured with alertmanager config
+_alertmanager: monitoringv1.Alertmanager{
+    metadata = {
+        name = "example"
+        namespace = _common_namespace
+    }
+    spec = {
+        replicas = 3
+        # using AlertmanagerConfig for global configuration
+        alertmanagerConfiguration = {
+            name = _alertmanager_config.metadata.name
+        }
+    }
+}
+
+# 3. expose alertmanager service
+_alertmanager_svc: corev1.Service{
+    metadata = {
+        name = "alertmanager-example"
+        namespace = _common_namespace
+    }
+    spec = {
+        selector = {
+            "alertmanager" = _alertmanager.metadata.name
+        }
+        ports = [
+            {
+                name = "web"
+                port = 9093
+                targetPort = "web"
+            }
+            {
+                name = "reloader-web"
+                port = 8080
+                targetPort = "reloader-web"
+            }
+        ]
+        sessionAffinity = "ClientIP"
+    }
+}
+
+# 4. create a prometheus instance, intergated with alertmanager cluster
+_prometheus: monitoringv1.Prometheus{
+    metadata = {
+        name = "example"
+        namespace = _common_namespace
+    }
+    spec = {
+        # specify service account, default sa has no permissions
+        serviceAccountName = _rbac_name
+        replicas = 1
+        # ruleSelector is nil meaning that the operator picks up no rule
+        ruleSelector = {
+            matchLabels = {
+                "role" = "alert-rules"
+                "prometheus" = "example"
+            }
+        }
+        serviceMonitorSelector = {
+            matchLabels = {
+                "prometheus" = "example"
+            }
+        }
+        # intergating with alert manager by its service
+        alerting = {
+            alertmanagers = [
+                {
+                    name = _alertmanager_svc.metadata.name
+                    namespace = _alertmanager_svc.metadata.namespace
+                    port = _alertmanager_svc.spec.ports[0].name
+                }
+            ]
+        }
+    }
+}
+
+# 5. expose prometheus service
+_prometheus_svc: corev1.Service{
+    metadata = {
+        name = "prometheus-example"
+        namespace = _common_namespace
+    }
+    spec = {
+        selector = {
+            "prometheus" = _prometheus.metadata.name
+        }
+        ports = [
+            {
+                name = "web"
+                port = 9090
+                targetPort = "web"
+            }
+            {
+                name = "reloader-web"
+                port = 8080
+                targetPort = "reloader-web"
+            }
+        ]
+        sessionAffinity = "ClientIP"
+    }
+}

base/examples/monitoring/prometheus-install/prod/stack.yaml

@@ -0,0 +1 @@
+name: prod

base/examples/monitoring/prometheus-install/project.yaml

@@ -0,0 +1 @@
+name: prometheus-install