diff --git a/.gitignore b/.gitignore index 025ba81..e68f4ac 100644 --- a/.gitignore +++ b/.gitignore @@ -3,11 +3,14 @@ influxdb/data/ # Ignore environment files that could contains seeds (credentials) .env-seed* to.do +extra_vars.yaml **/conf/ **/log/ *.env +charts/symlinks.sh + ### ### Python ### diff --git a/charts/Chart.yaml b/charts/Chart.yaml new file mode 100644 index 0000000..409ce44 --- /dev/null +++ b/charts/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: indy-monitoring-stack +description: A Helm chart for the indy-node-monitoring stack +type: application +version: 0.0.2 + +# This is the version number of the indy-node-monitor release version (https://github.com/hyperledger/indy-node-monitor/releases/tag/v0.4.0). +appVersion: "v0.4.0" diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..e03acff --- /dev/null +++ b/charts/README.md @@ -0,0 +1,66 @@ +# Helm chart for the Indy-Monitoring-Stack + +_**Work in progress, for development use only.**_ + +## Pre-requisites + +* K8s or minikube cluster +* Helm v3+ binaries +* Registered Indy network monitor seed + +## Quickstart + +### Configuring the deployment + +1. Clone and edit the [**extra_vars.template**](./extra_vars.template) to a file called **extra_vars.yaml**. + + cp extra_vars.template extra_vars.yaml + +2. Edit the inputs. For some reference you can look at the [**config/indy_node_monitor/networks.json**](./config/indy_node_monitor/networks.json) file. You can add as many as you want. You must include a registered network monitor seed for your selected networks. + + Here is an example for the soverin network: + ```plaintext + inputs: + - name: Sovrin Builder Net + short_name: sbn + genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis + network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + - name: Sovrin Staging Net + short_name: ssn + genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis + network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + - name: Sovrin Main Net + short_name: smn + genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_live_genesis + network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + ``` +3. Set the secrets to something secure. Make sure you keep a copy of your credential in safe keystore such as a password manager or vault. +4. (optional) If you want to expose services, set the **ingress** to `True`, enter your **domain** and **endpoints**. + +### Deployment + +Once you are happy with the configuration, create the namespace and deploy the stack. Here's a one liner that will take care of this for you. Make sure the namespace name matches the **extra_vars.yaml** file. + +```plaintext +helm upgrade indy-monitoring-stack . \ + --namespace indy-monitoring-stack \ + --values ./extra_vars.yaml \ + --create-namespace --install + +``` + +## Advanced configuration + +You can edit the ports for the applications but this is not recommended. Some ports are statically set in the configuration files and it might break things if you are not sure about what you are doing. It is recommeneded to keep the ports as they are defined in the [**values.yaml**](./values.yaml) file. + +### Service configuration + +All service configurations are located in the [**config/**](./config/) folder under their respective application directory. These configurations are loaded as configmaps during deployment and injected into the pods. + +You can apply a new configuration by editing these files and redeploying the stack. + +### Dashboard development + +You can export a dashboard from grafana after you customized it and add the ***.json** file generated under [**config/grafana/dashboards/**](./config/grafana/dashboards/) + +All dashboards from that directory are automatically loaded when redeploying the stack. diff --git a/charts/config/alertmanager/config.yml b/charts/config/alertmanager/config.yml new file mode 120000 index 0000000..2001cb7 --- /dev/null +++ b/charts/config/alertmanager/config.yml @@ -0,0 +1 @@ +../../../alertmanager/config.yml \ No newline at end of file diff --git a/charts/config/grafana/dashboard.yml b/charts/config/grafana/dashboard.yml new file mode 120000 index 0000000..029c52a --- /dev/null +++ b/charts/config/grafana/dashboard.yml @@ -0,0 +1 @@ +../../../grafana/provisioning/dashboards/dashboard.yml \ No newline at end of file diff --git a/charts/config/grafana/dashboards/AlertsDashboard.json b/charts/config/grafana/dashboards/AlertsDashboard.json new file mode 120000 index 0000000..068d633 --- /dev/null +++ b/charts/config/grafana/dashboards/AlertsDashboard.json @@ -0,0 +1 @@ +../../../../grafana/provisioning/dashboards/AlertsDashboard.json \ No newline at end of file diff --git a/charts/config/grafana/dashboards/DrillDownDashboard.json b/charts/config/grafana/dashboards/DrillDownDashboard.json new file mode 120000 index 0000000..1becbfc --- /dev/null +++ b/charts/config/grafana/dashboards/DrillDownDashboard.json @@ -0,0 +1 @@ +../../../../grafana/provisioning/dashboards/DrillDownDashboard.json \ No newline at end of file diff --git a/charts/config/grafana/dashboards/TestDashboard.json b/charts/config/grafana/dashboards/TestDashboard.json new file mode 120000 index 0000000..35f085a --- /dev/null +++ b/charts/config/grafana/dashboards/TestDashboard.json @@ -0,0 +1 @@ +../../../../grafana/provisioning/dashboards/TestDashboard.json \ No newline at end of file diff --git a/charts/config/grafana/dashboards/TopLayerDashboard.json b/charts/config/grafana/dashboards/TopLayerDashboard.json new file mode 120000 index 0000000..c5bc1d9 --- /dev/null +++ b/charts/config/grafana/dashboards/TopLayerDashboard.json @@ -0,0 +1 @@ +../../../../grafana/provisioning/dashboards/TopLayerDashboard.json \ No newline at end of file diff --git a/charts/config/grafana/datasource.yml b/charts/config/grafana/datasource.yml new file mode 120000 index 0000000..c8f9cf4 --- /dev/null +++ b/charts/config/grafana/datasource.yml @@ -0,0 +1 @@ +../../../grafana/provisioning/datasources/datasource.yml \ No newline at end of file diff --git a/charts/config/influxdb/influxdb.conf b/charts/config/influxdb/influxdb.conf new file mode 120000 index 0000000..8eba34c --- /dev/null +++ b/charts/config/influxdb/influxdb.conf @@ -0,0 +1 @@ +../../../influxdb/config/influxdb.conf \ No newline at end of file diff --git a/charts/config/prometheus/alert.rules b/charts/config/prometheus/alert.rules new file mode 120000 index 0000000..ef5758d --- /dev/null +++ b/charts/config/prometheus/alert.rules @@ -0,0 +1 @@ +../../../prometheus/alert.rules \ No newline at end of file diff --git a/charts/config/prometheus/prometheus.yml b/charts/config/prometheus/prometheus.yml new file mode 120000 index 0000000..bd5dbe4 --- /dev/null +++ b/charts/config/prometheus/prometheus.yml @@ -0,0 +1 @@ +../../../prometheus/prometheus.yml \ No newline at end of file diff --git a/charts/extra_vars.template b/charts/extra_vars.template new file mode 100644 index 0000000..795d294 --- /dev/null +++ b/charts/extra_vars.template @@ -0,0 +1,34 @@ +--- +namespace: "indy-monitoring-stack" +ingress: + active: false + domain: "" + cert_manager: + active: false + issuer: letsencrypt-staging + endpoints: + grafana: "" + influxdb: "" + prometheus: "" + alertmanager: "" + indy_node_monitor: "" + +# Here's an example for inputs, replace with the networks you want to monitor. +inputs: + # - name: Sovrin Builder Net + # short_name: sbn + # genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis + # network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + # - name: Sovrin Staging Net + # short_name: ssn + # genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis + # network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + # - name: Sovrin Main Net + # short_name: smn + # genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_live_genesis + # network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE + +secrets: + GF_SECURITY_ADMIN_PASSWORD: CHANGEME + INFLUX_DB_FLUX_TOKEN: CHANGEME + INFLUX_TOKEN: CHANGEME diff --git a/charts/templates/alertmanager/configmap.yaml b/charts/templates/alertmanager/configmap.yaml new file mode 100644 index 0000000..b139fd8 --- /dev/null +++ b/charts/templates/alertmanager/configmap.yaml @@ -0,0 +1,11 @@ +--- +{{- with .Values.alertmanager }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-configmap" +data: +{{ ($.Files.Glob "config/alertmanager/config.yml").AsConfig | indent 2 }} + +{{- end }} diff --git a/charts/templates/alertmanager/deployment.yaml b/charts/templates/alertmanager/deployment.yaml new file mode 100644 index 0000000..56c9639 --- /dev/null +++ b/charts/templates/alertmanager/deployment.yaml @@ -0,0 +1,40 @@ +--- +{{- with .Values.alertmanager }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port }} + command: + - "alertmanager" + - "--config.file=/etc/alertmanager/config.yml" + - "--storage.path=/alertmanager" + volumeMounts: + - mountPath: /etc/alertmanager/config.yml + name: "{{ .name }}-config" + subPath: config.yml + volumes: + - name: "{{ .name }}-config" + configMap: + name: "{{ .name }}-configmap" + items: + - key: config.yml + path: config.yml +{{- end }} diff --git a/charts/templates/alertmanager/ingress.yml b/charts/templates/alertmanager/ingress.yml new file mode 100644 index 0000000..114e496 --- /dev/null +++ b/charts/templates/alertmanager/ingress.yml @@ -0,0 +1,34 @@ +{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.alertmanager) }} +--- +{{- with .Values.alertmanager }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.alertmanager) }} + cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}" + {{- end }} +spec: + rules: + - host: "{{ $.Values.ingress.endpoints.alertmanager }}.{{ $.Values.ingress.domain }}" + http: + paths: + - backend: + service: + name: "{{ .name }}" + port: + number: {{ .port }} + path: / + pathType: ImplementationSpecific + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.alertmanager) }} + tls: + - hosts: + - {{ $.Values.ingress.endpoints.alertmanager }}.{{ $.Values.ingress.domain }} + secretName: {{ $.Values.namespace }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/templates/alertmanager/service.yaml b/charts/templates/alertmanager/service.yaml new file mode 100644 index 0000000..4205855 --- /dev/null +++ b/charts/templates/alertmanager/service.yaml @@ -0,0 +1,15 @@ +--- +{{- with .Values.alertmanager }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - protocol: TCP + port: {{ .port }} + targetPort: {{ .port }} +{{- end }} diff --git a/charts/templates/grafana/configmap.yaml b/charts/templates/grafana/configmap.yaml new file mode 100644 index 0000000..79074ad --- /dev/null +++ b/charts/templates/grafana/configmap.yaml @@ -0,0 +1,12 @@ +--- +{{- with .Values.grafana }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .name }}-configmap" +data: +{{ ($.Files.Glob "config/grafana/datasource.yml").AsConfig | indent 2 }} +{{ ($.Files.Glob "config/grafana/dashboard.yml").AsConfig | indent 2 }} +{{ ($.Files.Glob "config/grafana/dashboards/*").AsConfig | indent 2 }} + +{{- end }} diff --git a/charts/templates/grafana/deployment.yaml b/charts/templates/grafana/deployment.yaml new file mode 100644 index 0000000..6f0bed2 --- /dev/null +++ b/charts/templates/grafana/deployment.yaml @@ -0,0 +1,80 @@ +--- +{{- with .Values.grafana }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port }} + env: + - name: GF_USERS_ALLOW_SIGN_UP + value: "false" + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: credentials + key: GF_SECURITY_ADMIN_PASSWORD + - name: INFLUX_DB_FLUX_TOKEN + valueFrom: + secretKeyRef: + name: credentials + key: INFLUX_DB_FLUX_TOKEN + volumeMounts: + - name: "{{ .name }}-data" + mountPath: "/var/lib/grafana" + - name: "{{ .name }}-datasource" + mountPath: "/etc/grafana/provisioning/datasources/datasource.yml" + subPath: datasource.yml + - name: "{{ .name }}-dashboard" + mountPath: "/etc/grafana/provisioning/dashboards/dashboard.yml" + subPath: dashboard.yml + {{- range $path, $bytes := $.Files.Glob "config/grafana/dashboards/**" }} + {{- with $file := split "/" $path }} + - name: {{ $file._3 | replace ".json" "" | lower }}-dashboard + mountPath: "/etc/grafana/provisioning/dashboards/{{ $file._3 }}" + subPath: "{{ $file._3 }}" + {{- end }} + {{- end }} + volumes: + - name: "{{ .name }}-data" + persistentVolumeClaim: + claimName: "{{ .name }}-pvc" + - name: "{{ .name }}-datasource" + configMap: + name: "{{ .name }}-configmap" + items: + - key: datasource.yml + path: datasource.yml + - name: "{{ .name }}-dashboard" + configMap: + name: "{{ .name }}-configmap" + items: + - key: dashboard.yml + path: dashboard.yml + {{- range $path, $bytes := $.Files.Glob "config/grafana/dashboards/**" }} + {{- with $file := split "/" $path }} + - name: {{ $file._3 | replace ".json" "" | lower }}-dashboard + configMap: + name: "{{ $.Values.grafana.name }}-configmap" + items: + - key: "{{ $file._3 }}" + path: "{{ $file._3 }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/templates/grafana/ingress.yml b/charts/templates/grafana/ingress.yml new file mode 100644 index 0000000..1567fe0 --- /dev/null +++ b/charts/templates/grafana/ingress.yml @@ -0,0 +1,34 @@ +{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.grafana) }} +--- +{{- with .Values.grafana }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.grafana) }} + cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}" + {{- end }} +spec: + rules: + - host: "{{ $.Values.ingress.endpoints.grafana }}.{{ $.Values.ingress.domain }}" + http: + paths: + - backend: + service: + name: "{{ .name }}" + port: + number: {{ .port }} + path: / + pathType: ImplementationSpecific + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.grafana) }} + tls: + - hosts: + - {{ $.Values.ingress.endpoints.grafana }}.{{ $.Values.ingress.domain }} + secretName: {{ $.Values.namespace }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/templates/grafana/pvc.yaml b/charts/templates/grafana/pvc.yaml new file mode 100644 index 0000000..2c464d2 --- /dev/null +++ b/charts/templates/grafana/pvc.yaml @@ -0,0 +1,14 @@ +--- +{{- with .Values.grafana }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-pvc" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .data_volume }} +{{- end }} diff --git a/charts/templates/grafana/service.yaml b/charts/templates/grafana/service.yaml new file mode 100644 index 0000000..9887ec7 --- /dev/null +++ b/charts/templates/grafana/service.yaml @@ -0,0 +1,15 @@ +--- +{{- with .Values.grafana }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - protocol: TCP + port: {{ .port }} + targetPort: {{ .port }} +{{- end }} diff --git a/charts/templates/indy_node_monitor/configmap.yaml b/charts/templates/indy_node_monitor/configmap.yaml new file mode 100644 index 0000000..2d7ab4e --- /dev/null +++ b/charts/templates/indy_node_monitor/configmap.yaml @@ -0,0 +1,22 @@ +--- +{{- with .Values.indy_node_monitor }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-configmap" +data: + networks.json: | + { + {{- range $.Values.inputs }} + "{{ .short_name }}": { + "name": "{{ .name }}", + "genesisUrl": "{{ .genesis_url }}" + }, + {{- end }} + "sbn": { + "name": "Sovrin Builder Net", + "genesisUrl": "https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis" + } + } +{{- end }} diff --git a/charts/templates/indy_node_monitor/deployment.yaml b/charts/templates/indy_node_monitor/deployment.yaml new file mode 100644 index 0000000..5cb35b6 --- /dev/null +++ b/charts/templates/indy_node_monitor/deployment.yaml @@ -0,0 +1,41 @@ +--- +{{- with .Values.indy_node_monitor }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port }} + command: + - "python" + - "main.py" + - "--web" + - "--verbose" + volumeMounts: + - name: "{{ .name }}-config" + mountPath: /home/indy/networks.json + subPath: networks.json + volumes: + - name: "{{ .name }}-config" + configMap: + name: "{{ .name }}-configmap" + items: + - key: networks.json + path: networks.json +{{- end }} diff --git a/charts/templates/indy_node_monitor/ingress.yml b/charts/templates/indy_node_monitor/ingress.yml new file mode 100644 index 0000000..6e172d8 --- /dev/null +++ b/charts/templates/indy_node_monitor/ingress.yml @@ -0,0 +1,34 @@ +{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.indy_node_monitor) }} +--- +{{- with .Values.indy_node_monitor }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.indy_node_monitor) }} + cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}" + {{- end }} +spec: + rules: + - host: "{{ $.Values.ingress.endpoints.indy_node_monitor }}.{{ $.Values.ingress.domain }}" + http: + paths: + - backend: + service: + name: "{{ .name }}" + port: + number: {{ .port }} + path: / + pathType: ImplementationSpecific + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.indy_node_monitor) }} + tls: + - hosts: + - {{ $.Values.ingress.endpoints.indy_node_monitor }}.{{ $.Values.ingress.domain }} + secretName: {{ $.Values.namespace }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/templates/indy_node_monitor/service.yaml b/charts/templates/indy_node_monitor/service.yaml new file mode 100644 index 0000000..75ca2c9 --- /dev/null +++ b/charts/templates/indy_node_monitor/service.yaml @@ -0,0 +1,16 @@ +--- +{{- with .Values.indy_node_monitor }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - protocol: TCP + port: {{ .port }} + targetPort: {{ .port }} +{{- end }} +--- diff --git a/charts/templates/influxdb/configmap.yaml b/charts/templates/influxdb/configmap.yaml new file mode 100644 index 0000000..84b4c9e --- /dev/null +++ b/charts/templates/influxdb/configmap.yaml @@ -0,0 +1,11 @@ +--- +{{- with .Values.influxdb }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-configmap" +data: +{{ ($.Files.Glob "config/influxdb/influxdb.conf").AsConfig | indent 2 }} + +{{- end }} diff --git a/charts/templates/influxdb/deployment.yaml b/charts/templates/influxdb/deployment.yaml new file mode 100644 index 0000000..bb861cc --- /dev/null +++ b/charts/templates/influxdb/deployment.yaml @@ -0,0 +1,49 @@ +--- +{{- with .Values.influxdb }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port_8082 }} + - containerPort: {{ .port_api }} + - containerPort: {{ .port_udp }} + env: + - name: INFLUX_TOKEN + valueFrom: + secretKeyRef: + name: credentials + key: INFLUX_TOKEN + volumeMounts: + - name: "{{ .name }}-data" + mountPath: "/var/lib/influxdb" + - name: "{{ .name }}-config" + mountPath: "/etc/influxdb/influxdb.conf" + subPath: influxdb.conf + volumes: + - name: "{{ .name }}-data" + persistentVolumeClaim: + claimName: "{{ .name }}-pvc" + - name: "{{ .name }}-config" + configMap: + name: "{{ .name }}-configmap" + items: + - key: influxdb.conf + path: influxdb.conf +{{- end }} diff --git a/charts/templates/influxdb/ingress.yml b/charts/templates/influxdb/ingress.yml new file mode 100644 index 0000000..2324b97 --- /dev/null +++ b/charts/templates/influxdb/ingress.yml @@ -0,0 +1,34 @@ +{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.influxdb) }} +--- +{{- with .Values.influxdb }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.influxdb) }} + cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}" + {{- end }} +spec: + rules: + - host: "{{ $.Values.ingress.endpoints.influxdb }}.{{ $.Values.ingress.domain }}" + http: + paths: + - backend: + service: + name: "{{ .name }}" + port: + number: {{ .port_api }} + path: / + pathType: ImplementationSpecific + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.influxdb) }} + tls: + - hosts: + - {{ $.Values.ingress.endpoints.influxdb }}.{{ $.Values.ingress.domain }} + secretName: {{ $.Values.namespace }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/templates/influxdb/pvc.yaml b/charts/templates/influxdb/pvc.yaml new file mode 100644 index 0000000..de88016 --- /dev/null +++ b/charts/templates/influxdb/pvc.yaml @@ -0,0 +1,14 @@ +--- +{{- with .Values.influxdb }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-pvc" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .data_volume }} +{{- end }} diff --git a/charts/templates/influxdb/service.yaml b/charts/templates/influxdb/service.yaml new file mode 100644 index 0000000..3eac20e --- /dev/null +++ b/charts/templates/influxdb/service.yaml @@ -0,0 +1,24 @@ +--- +{{- with .Values.influxdb }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - name: "8082" + protocol: TCP + port: {{ .port_8082 }} + targetPort: {{ .port_8082 }} + - name: api + protocol: TCP + port: {{ .port_api }} + targetPort: {{ .port_api }} + - name: udp + protocol: UDP + port: {{ .port_udp }} + targetPort: {{ .port_udp }} +{{- end }} diff --git a/charts/templates/prometheus/configmap.yaml b/charts/templates/prometheus/configmap.yaml new file mode 100644 index 0000000..af9d14c --- /dev/null +++ b/charts/templates/prometheus/configmap.yaml @@ -0,0 +1,12 @@ +--- +{{- with .Values.prometheus }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-configmap" +data: +{{ ($.Files.Glob "config/prometheus/alert.rules").AsConfig | indent 2 }} +{{ ($.Files.Glob "config/prometheus/prometheus.yml").AsConfig | indent 2 }} + +{{- end }} diff --git a/charts/templates/prometheus/deployment.yaml b/charts/templates/prometheus/deployment.yaml new file mode 100644 index 0000000..b9d13d1 --- /dev/null +++ b/charts/templates/prometheus/deployment.yaml @@ -0,0 +1,56 @@ +--- +{{- with .Values.prometheus }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port }} + command: + - "prometheus" + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--web.console.libraries=/usr/share/prometheus/console_libraries" + - "--web.console.templates=/usr/share/prometheus/consoles" + volumeMounts: + - name: "{{ .name }}-data" + mountPath: "/prometheus" + - name: "{{ .name }}-config" + mountPath: "/etc/prometheus/prometheus.yml" + subPath: prometheus.yml + - name: "{{ .name }}-alert" + mountPath: "/etc/prometheus/alert.rules" + subPath: alert.rules + volumes: + - name: "{{ .name }}-data" + persistentVolumeClaim: + claimName: "{{ .name }}-pvc" + - name: "{{ .name }}-config" + configMap: + name: "{{ .name }}-configmap" + items: + - key: prometheus.yml + path: prometheus.yml + - name: "{{ .name }}-alert" + configMap: + name: "{{ .name }}-configmap" + items: + - key: alert.rules + path: alert.rules +{{- end }} diff --git a/charts/templates/prometheus/ingress.yml b/charts/templates/prometheus/ingress.yml new file mode 100644 index 0000000..31ee02e --- /dev/null +++ b/charts/templates/prometheus/ingress.yml @@ -0,0 +1,34 @@ +{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.prometheus) }} +--- +{{- with .Values.prometheus }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }}-ingress + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.prometheus) }} + cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}" + {{- end }} +spec: + rules: + - host: "{{ $.Values.ingress.endpoints.prometheus }}.{{ $.Values.ingress.domain }}" + http: + paths: + - backend: + service: + name: "{{ .name }}" + port: + number: {{ .port }} + path: / + pathType: ImplementationSpecific + {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.prometheus) }} + tls: + - hosts: + - {{ $.Values.ingress.endpoints.prometheus }}.{{ $.Values.ingress.domain }} + secretName: {{ $.Values.namespace }}-tls + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/templates/prometheus/pvc.yaml b/charts/templates/prometheus/pvc.yaml new file mode 100644 index 0000000..07532f9 --- /dev/null +++ b/charts/templates/prometheus/pvc.yaml @@ -0,0 +1,14 @@ +--- +{{- with .Values.prometheus }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-pvc" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .data_volume }} +{{- end }} diff --git a/charts/templates/prometheus/service.yaml b/charts/templates/prometheus/service.yaml new file mode 100644 index 0000000..b4e5645 --- /dev/null +++ b/charts/templates/prometheus/service.yaml @@ -0,0 +1,15 @@ +--- +{{- with .Values.prometheus }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - protocol: TCP + port: {{ .port }} + targetPort: {{ .port }} +{{- end }} diff --git a/charts/templates/secret.yaml b/charts/templates/secret.yaml new file mode 100644 index 0000000..22d1c85 --- /dev/null +++ b/charts/templates/secret.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ $.Values.namespace }} + name: credentials +type: Opaque +stringData: + GF_SECURITY_ADMIN_PASSWORD: {{ $.Values.secrets.GF_SECURITY_ADMIN_PASSWORD }} + INFLUX_DB_FLUX_TOKEN: {{ $.Values.secrets.INFLUX_DB_FLUX_TOKEN }} + INFLUX_TOKEN: {{ $.Values.secrets.INFLUX_TOKEN }} +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ $.Values.namespace }} + name: seeds +type: Opaque +stringData: +{{- range $.Values.inputs }} +{{ .short_name | upper | indent 2 }}_SEED: {{ .network_monitor_seed | quote }} +{{- end }} diff --git a/charts/templates/telegraf/configmap.yaml b/charts/templates/telegraf/configmap.yaml new file mode 100644 index 0000000..8bcade8 --- /dev/null +++ b/charts/templates/telegraf/configmap.yaml @@ -0,0 +1,94 @@ +--- +{{- with .Values.telegraf }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}-configmap" +data: + telegraf.conf: |- + [agent] + interval = "1m" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + collection_jitter = "0s" + flush_interval = "5s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "$HOSTNAME" + omit_hostname = false + + [[outputs.influxdb]] + urls = ["http://influxdb:8086"] + database = "telegraf" + username = "" + password = "" + retention_policy = "" + write_consistency = "any" + timeout = "5s" + + [[outputs.prometheus_client]] + listen = ":9273" + metric_version = 2 + + {{- range $.Values.inputs }} + [[inputs.http]] + urls = [ + "http://indy-node-monitor:8080/networks/{{ .short_name }}" + ] + name_override = "node" + method = "GET" + headers = {"seed" = "${{ .short_name | upper }}_SEED"} + timeout = "2m" + success_status_codes = [200] + data_format = "json" + json_strict = true + json_query = "" + tag_keys = [ + "name", + "network" + ] + json_string_fields = [ + "client-address", + "node-address", + "status_software_sovrin", + "status_software_indy-node", + "response_result_data_Node_info_Node_ip", + "response_result_data_Node_info_Node_port", + "response_result_data_Node_info_Client_ip", + "response_result_data_Node_info_Client_port", + "response_result_data_Node_info_Node_protocol", + "status_ok", + "response_result_data_Node_info_Mode", + "response_result_data_Node_info_BLS_key", + "response_result_data_Hardware_HDD_used_by_node", + "response_result_data_Pool_info_Read_only", + "response_result_data_Pool_info_Suspicious_nodes", + "response_result_data_Pool_info_Quorums", + "response_result_data_Software_OS_version", + "response_result_data_Node_info_verkey", + "response_result_data_Node_info_Catchup_status_Ledger_statuses", + "response_result_data_Node_info_Catchup_status_Waiting_consistency_proof_msgs", + "response_result_data_Node_info_Catchup_status_Last_txn_3PC_keys", + "response_result_data_Node_info_Committed_ledger_root_hashes", + "response_result_data_Node_info_Committed_state_root_hashes", + "response_result_data_Node_info_Uncommitted_state_root_hashes", + "response_result_data_Node_info_did", + "response_result_data_Extractions_indy-node-status", + "response_result_data_Extractions_node-control-status", + "response_result_data_Extractions_upgrade_log", + "response_result_data_Extractions_journalctl_exceptions", + "response_result_data_Pool_info_Reachable_nodes", + "response_result_data_Pool_info_Unreachable_nodes", + "response_result_data_Software_Installed_packages", + "response_result_data_Software_Indy_packages" + ] + json_time_key = "status_timestamp" + json_time_format = "unix" + json_timezone = "" + {{- end }} +{{- end }} diff --git a/charts/templates/telegraf/deployment.yaml b/charts/templates/telegraf/deployment.yaml new file mode 100644 index 0000000..c06db1a --- /dev/null +++ b/charts/templates/telegraf/deployment.yaml @@ -0,0 +1,51 @@ +--- +{{- with .Values.telegraf }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ $.Values.namespace }} + name: {{ .name }} + labels: + app: {{ .name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + template: + metadata: + labels: + app: {{ .name }} + spec: + containers: + - name: {{ .name }} + image: "{{ .repository }}:{{ .tag }}" + ports: + - containerPort: {{ .port }} + env: + - name: INFLUX_TOKEN + valueFrom: + secretKeyRef: + name: credentials + key: INFLUX_TOKEN + {{- range $.Values.inputs }} + - name: "{{ .short_name | upper }}_SEED" + valueFrom: + secretKeyRef: + name: seeds + key: "{{ .short_name | upper }}_SEED" + {{- end }} + - name: HOSTNAME + value: {{ .name }} + volumeMounts: + - name: "{{ .name }}-config" + mountPath: /etc/telegraf/telegraf.conf + subPath: telegraf.conf + volumes: + - name: "{{ .name }}-config" + configMap: + name: "{{ .name }}-configmap" + items: + - key: telegraf.conf + path: telegraf.conf +{{- end }} diff --git a/charts/templates/telegraf/service.yaml b/charts/templates/telegraf/service.yaml new file mode 100644 index 0000000..72adad7 --- /dev/null +++ b/charts/templates/telegraf/service.yaml @@ -0,0 +1,15 @@ +--- +{{- with .Values.telegraf }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Values.namespace }} + name: "{{ .name }}" +spec: + selector: + app: {{ .name }} + ports: + - protocol: TCP + port: {{ .port }} + targetPort: {{ .port }} +{{- end }} diff --git a/charts/values.yaml b/charts/values.yaml new file mode 100644 index 0000000..cddc963 --- /dev/null +++ b/charts/values.yaml @@ -0,0 +1,46 @@ +--- +namespace: indy-monitoring-stack + +ingress: + active: true + +indy_node_monitor: + name: indy-node-monitor + port: 8080 + repository: idlaborg/indy-node-monitor + tag: "0.4.2" + +alertmanager: + name: alertmanager + port: 9093 + repository: prom/alertmanager + tag: v0.24.0 + +prometheus: + name: prometheus + port: 9090 + repository: prom/prometheus + tag: v2.34.0 + data_volume: 20Gi + +influxdb: + name: influxdb + port_8082: 8082 + port_api: 8086 + port_udp: 8089 + repository: influxdb + tag: "1.8" + data_volume: 20Gi + +telegraf: + name: telegraf + port: 9273 + repository: telegraf + tag: 1.22-alpine + +grafana: + name: grafana + port: 3000 + repository: grafana/grafana + tag: "8.4.4" + data_volume: 1Gi