[DRAFT] Helm chart for k8s deployment

.gitignore

@@ -3,11 +3,14 @@ influxdb/data/
 # Ignore environment files that could contains seeds (credentials)
 .env-seed*
 to.do
+extra_vars.yaml
 
 **/conf/
 **/log/
 *.env
 
+charts/symlinks.sh
+
 ###
 ### Python
 ###

charts/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: indy-monitoring-stack
+description: A Helm chart for the indy-node-monitoring stack
+type: application
+version: 0.0.2
+
+# This is the version number of the indy-node-monitor release version (https://github.com/hyperledger/indy-node-monitor/releases/tag/v0.4.0).
+appVersion: "v0.4.0"

charts/README.md

@@ -0,0 +1,66 @@
+# Helm chart for the Indy-Monitoring-Stack
+
+_**Work in progress, for development use only.**_
+
+## Pre-requisites
+
+*   K8s or minikube cluster
+*   Helm v3+ binaries
+*   Registered Indy network monitor seed
+
+## Quickstart
+
+### Configuring the deployment
+
+1.  Clone and edit the [**extra_vars.template**](./extra_vars.template) to a file called **extra_vars.yaml**.
+
+        cp extra_vars.template extra_vars.yaml
+
+2.  Edit the inputs. For some reference you can look at the [**config/indy_node_monitor/networks.json**](./config/indy_node_monitor/networks.json) file. You can add as many as you want. You must include a registered network monitor seed for your selected networks.
+
+    Here is an example for the soverin network:
+    ```plaintext
+    inputs:
+      - name: Sovrin Builder Net
+        short_name: sbn
+        genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis
+        network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+      - name: Sovrin Staging Net
+        short_name: ssn
+        genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis
+        network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+      - name: Sovrin Main Net
+        short_name: smn
+        genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_live_genesis
+        network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+    ```
+3.  Set the secrets to something secure. Make sure you keep a copy of your credential in safe keystore such as a password manager or vault.
+4.  (optional) If you want to expose services, set the **ingress** to `True`, enter your **domain** and **endpoints**.
+
+### Deployment
+
+Once you are happy with the configuration, create the namespace and deploy the stack. Here's a one liner that will take care of this for you. Make sure the namespace name matches the **extra_vars.yaml** file.
+
+```plaintext
+helm upgrade indy-monitoring-stack . \
+    --namespace indy-monitoring-stack \
+    --values ./extra_vars.yaml \
+    --create-namespace --install
+
+```
+
+## Advanced configuration
+
+You can edit the ports for the applications but this is not recommended. Some ports are statically set in the configuration files and it might break things if you are not sure about what you are doing. It is recommeneded to keep the ports as they are defined in the [**values.yaml**](./values.yaml) file.
+
+### Service configuration
+
+All service configurations are located in the [**config/**](./config/) folder under their respective application directory. These configurations are loaded as configmaps during deployment and injected into the pods. 
+
+You can apply a new configuration by editing these files and redeploying the stack.
+
+### Dashboard development
+
+You can export a dashboard from grafana after you customized it and add the ***.json** file generated under [**config/grafana/dashboards/**](./config/grafana/dashboards/)
+
+All dashboards from that directory are automatically loaded when redeploying the stack.

charts/config/alertmanager/config.yml

@@ -0,0 +1 @@
+../../../alertmanager/config.yml

charts/config/grafana/dashboard.yml

@@ -0,0 +1 @@
+../../../grafana/provisioning/dashboards/dashboard.yml

charts/config/grafana/dashboards/AlertsDashboard.json

@@ -0,0 +1 @@
+../../../../grafana/provisioning/dashboards/AlertsDashboard.json

charts/config/grafana/dashboards/DrillDownDashboard.json

@@ -0,0 +1 @@
+../../../../grafana/provisioning/dashboards/DrillDownDashboard.json

charts/config/grafana/dashboards/TestDashboard.json

@@ -0,0 +1 @@
+../../../../grafana/provisioning/dashboards/TestDashboard.json

charts/config/grafana/dashboards/TopLayerDashboard.json

@@ -0,0 +1 @@
+../../../../grafana/provisioning/dashboards/TopLayerDashboard.json

charts/config/grafana/datasource.yml

@@ -0,0 +1 @@
+../../../grafana/provisioning/datasources/datasource.yml

charts/config/influxdb/influxdb.conf

@@ -0,0 +1 @@
+../../../influxdb/config/influxdb.conf

charts/config/prometheus/alert.rules

@@ -0,0 +1 @@
+../../../prometheus/alert.rules

charts/config/prometheus/prometheus.yml

@@ -0,0 +1 @@
+../../../prometheus/prometheus.yml

charts/extra_vars.template

@@ -0,0 +1,34 @@
+---
+namespace: "indy-monitoring-stack"
+ingress:
+  active: false
+  domain: ""
+  cert_manager: 
+    active: false
+    issuer: letsencrypt-staging
+  endpoints:
+    grafana: ""
+    influxdb: ""
+    prometheus: ""
+    alertmanager: ""
+    indy_node_monitor: ""
+
+# Here's an example for inputs, replace with the networks you want to monitor.
+inputs:
+  # - name: Sovrin Builder Net
+  #   short_name: sbn
+  #   genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis
+  #   network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+  # - name: Sovrin Staging Net
+  #   short_name: ssn
+  #   genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis
+  #   network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+  # - name: Sovrin Main Net
+  #   short_name: smn
+  #   genesis_url: https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_live_genesis
+  #   network_monitor_seed: INSERT_REGISTERED_NETWORK_MONITOR_SEED_HERE
+
+secrets:
+  GF_SECURITY_ADMIN_PASSWORD: CHANGEME
+  INFLUX_DB_FLUX_TOKEN: CHANGEME
+  INFLUX_TOKEN: CHANGEME

charts/templates/alertmanager/configmap.yaml

@@ -0,0 +1,11 @@
+---
+{{- with .Values.alertmanager }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: "{{ .name }}-configmap"
+data:
+{{ ($.Files.Glob "config/alertmanager/config.yml").AsConfig | indent 2 }}
+
+{{- end }}

charts/templates/alertmanager/deployment.yaml

@@ -0,0 +1,40 @@
+---
+{{- with .Values.alertmanager }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: {{ .name }}
+  labels:
+    app: {{ .name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .name }}
+    spec:
+      containers:
+        - name: {{ .name }}
+          image: "{{ .repository }}:{{ .tag }}"
+          ports:
+            - containerPort: {{ .port }}
+          command:
+            - "alertmanager"
+            - "--config.file=/etc/alertmanager/config.yml"
+            - "--storage.path=/alertmanager"
+          volumeMounts:
+            - mountPath: /etc/alertmanager/config.yml
+              name: "{{ .name }}-config"
+              subPath: config.yml
+      volumes:
+        - name: "{{ .name }}-config"
+          configMap:
+            name: "{{ .name }}-configmap"
+            items:
+              - key: config.yml
+                path: config.yml
+{{- end }}

charts/templates/alertmanager/ingress.yml

@@ -0,0 +1,34 @@
+{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.alertmanager) }}
+---
+{{- with .Values.alertmanager }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: {{ .name }}-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.alertmanager) }}
+    cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}"
+    {{- end }}
+spec:
+  rules:
+  - host: "{{ $.Values.ingress.endpoints.alertmanager }}.{{ $.Values.ingress.domain }}"
+    http:
+      paths:
+      - backend:
+          service:
+            name: "{{ .name }}"
+            port:
+              number: {{ .port }}
+        path: /
+        pathType: ImplementationSpecific
+  {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.alertmanager) }}
+  tls:
+  - hosts:
+    - {{ $.Values.ingress.endpoints.alertmanager }}.{{ $.Values.ingress.domain }}
+    secretName: {{ $.Values.namespace }}-tls
+  {{- end }}
+{{- end }}
+{{- end }}

charts/templates/alertmanager/service.yaml

@@ -0,0 +1,15 @@
+---
+{{- with .Values.alertmanager }}
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: "{{ .name }}"
+spec:
+  selector:
+    app: {{ .name }}
+  ports:
+    - protocol: TCP
+      port: {{ .port }}
+      targetPort: {{ .port }}
+{{- end }}

charts/templates/grafana/configmap.yaml

@@ -0,0 +1,12 @@
+---
+{{- with .Values.grafana }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .name }}-configmap"
+data:
+{{ ($.Files.Glob "config/grafana/datasource.yml").AsConfig | indent 2 }}
+{{ ($.Files.Glob "config/grafana/dashboard.yml").AsConfig | indent 2 }}
+{{ ($.Files.Glob "config/grafana/dashboards/*").AsConfig | indent 2 }}
+
+{{- end }}

charts/templates/grafana/deployment.yaml

@@ -0,0 +1,80 @@
+---
+{{- with .Values.grafana }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: {{ .name }}
+  labels:
+    app: {{ .name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .name }}
+    spec:
+      containers:
+        - name: {{ .name }}
+          image: "{{ .repository }}:{{ .tag }}"
+          ports:
+            - containerPort: {{ .port }}
+          env:
+            - name: GF_USERS_ALLOW_SIGN_UP
+              value: "false"
+            - name: GF_SECURITY_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key:  GF_SECURITY_ADMIN_PASSWORD
+            - name: INFLUX_DB_FLUX_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key: INFLUX_DB_FLUX_TOKEN
+          volumeMounts:
+            - name: "{{ .name }}-data"
+              mountPath: "/var/lib/grafana"
+            - name: "{{ .name }}-datasource"
+              mountPath: "/etc/grafana/provisioning/datasources/datasource.yml"
+              subPath: datasource.yml
+            - name: "{{ .name }}-dashboard"
+              mountPath: "/etc/grafana/provisioning/dashboards/dashboard.yml"
+              subPath: dashboard.yml
+            {{- range $path, $bytes  := $.Files.Glob "config/grafana/dashboards/**" }}
+            {{- with $file := split "/" $path }}
+            - name: {{ $file._3 | replace ".json" "" | lower }}-dashboard
+              mountPath: "/etc/grafana/provisioning/dashboards/{{ $file._3 }}"
+              subPath: "{{ $file._3 }}"
+            {{- end }}
+            {{- end }}
+      volumes:
+        - name: "{{ .name }}-data"
+          persistentVolumeClaim:
+            claimName: "{{ .name }}-pvc"
+        - name: "{{ .name }}-datasource"
+          configMap:
+            name: "{{ .name }}-configmap"
+            items:
+              - key: datasource.yml
+                path: datasource.yml
+        - name: "{{ .name }}-dashboard"
+          configMap:
+            name: "{{ .name }}-configmap"
+            items:
+              - key: dashboard.yml
+                path: dashboard.yml
+        {{- range $path, $bytes  := $.Files.Glob "config/grafana/dashboards/**" }}
+        {{- with $file := split "/" $path }}
+        - name: {{ $file._3 | replace ".json" "" | lower }}-dashboard
+          configMap:
+            name: "{{ $.Values.grafana.name }}-configmap"
+            items:
+              - key: "{{ $file._3 }}"
+                path: "{{ $file._3 }}"
+        {{- end }}
+        {{- end }}
+{{- end }}

charts/templates/grafana/ingress.yml

@@ -0,0 +1,34 @@
+{{- if and (eq .Values.ingress.active true) (.Values.ingress.endpoints.grafana) }}
+---
+{{- with .Values.grafana }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: {{ $.Values.namespace }}
+  name: {{ .name }}-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.grafana) }}
+    cert-manager.io/cluster-issuer: "{{ $.Values.ingress.cert_manager.issuer }}"
+    {{- end }}
+spec:
+  rules:
+  - host: "{{ $.Values.ingress.endpoints.grafana }}.{{ $.Values.ingress.domain }}"
+    http:
+      paths:
+      - backend:
+          service:
+            name: "{{ .name }}"
+            port:
+              number: {{ .port }}
+        path: /
+        pathType: ImplementationSpecific
+  {{- if and (eq $.Values.ingress.cert_manager.active true) ($.Values.ingress.endpoints.grafana) }}
+  tls:
+  - hosts:
+    - {{ $.Values.ingress.endpoints.grafana }}.{{ $.Values.ingress.domain }}
+    secretName: {{ $.Values.namespace }}-tls
+  {{- end }}
+{{- end }}
+{{- end }}