This repository has been archived by the owner on Mar 8, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #65 from cmu-db/GEN-343-migrate-monitoring-to-k8s-…
…master Gen 343 migrate monitoring to k8s master
- Loading branch information
Showing
11 changed files
with
604 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| --- | ||
|
|
||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: grafana | ||
| namespace: monitoring | ||
| labels: | ||
| app: grafana | ||
| spec: | ||
| replicas: 1 | ||
| strategy: | ||
| type: RollingUpdate | ||
| selector: | ||
| matchLabels: | ||
| app: grafana | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: grafana | ||
| spec: | ||
| nodeSelector: | ||
| env: master | ||
| volumes: | ||
| - name: grafana-volume | ||
| # persistentVolumeClaim: | ||
| # claimName: grafana-volume | ||
| containers: | ||
| - name: grafana | ||
| image: "{{ grafana_container_image }}" | ||
| imagePullPolicy: "{{ image_pull_policy }}" | ||
| ports: | ||
| - name: http | ||
| containerPort: 3000 | ||
| volumeMounts: | ||
| - name: grafana-volume | ||
| mountPath: /var/lib/grafana | ||
| env: | ||
| - name: GF_PATHS_LOGS | ||
| value: /var/log/grafana/ | ||
| - name: GF_LOG_MODE | ||
| value: "console file" | ||
| - name: GF_SERVER_DOMAIN | ||
| value: "{{ service_hostname }}" | ||
| - name: GF_SERVER_ROOT_URL | ||
| value: "https://{{ service_hostname }}/grafana" | ||
| - name: GF_SERVER_SERVE_FROM_SUB_PATH | ||
| value: "true" | ||
| - name: GF_SERVER_HTTP_PORT | ||
| value: "3000" | ||
| - name: GF_AUTH_GITHUB_ENABLED | ||
| value: "true" | ||
| - name: GF_AUTH_GITHUB_ALLOW_SIGN_UP | ||
| value: "true" | ||
| - name: GF_AUTH_GITHUB_ALLOWED_ORGANIZATIONS | ||
| value: "cmu-db" | ||
| - name: GF_SECURITY_ADMIN_USER | ||
| value: "admin" | ||
| - name: GF_SECURITY_ADMIN_PASSWORD | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: secrets-k8s-master | ||
| key: gf_admin_password | ||
| #GitHub Login | ||
| - name: GF_AUTH_GITHUB_CLIENT_ID | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: secrets-k8s-master | ||
| key: gf_auth_github_client_id | ||
| - name: GF_AUTH_GITHUB_CLIENT_SECRET | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: secrets-k8s-master | ||
| key: gf_auth_github_client_secret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| --- | ||
|
|
||
| kind: Service | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: grafana-service | ||
| namespace: monitoring | ||
| labels: | ||
| app: grafana | ||
| spec: | ||
| type: NodePort | ||
| selector: | ||
| app: grafana | ||
| ports: | ||
| - protocol: TCP | ||
| port: 3000 | ||
| nodePort: 32004 | ||
| externalTrafficPolicy: Local |
14 changes: 14 additions & 0 deletions
14
deployments/kubernetes/monitoring/prometheus/cluster-role-binding.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| --- | ||
|
|
||
| apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| name: prometheus | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: prometheus | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: default | ||
| namespace: monitoring |
29 changes: 29 additions & 0 deletions
29
deployments/kubernetes/monitoring/prometheus/cluster-role.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| --- | ||
|
|
||
| apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| name: prometheus | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: | ||
| - nodes | ||
| - nodes/proxy | ||
| - services | ||
| - endpoints | ||
| - pods | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - apiGroups: ["extensions"] | ||
| resources: | ||
| - ingresses | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - nonResourceURLs: | ||
| - /metrics | ||
| verbs: | ||
| - get |
115 changes: 115 additions & 0 deletions
115
deployments/kubernetes/monitoring/prometheus/config-map.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| --- | ||
|
|
||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: prometheus-server-conf | ||
| labels: | ||
| name: prometheus-server-conf | ||
| namespace: monitoring | ||
| data: | ||
| prometheus.yml: |- | ||
| global: | ||
| scrape_interval: 5s | ||
| evaluation_interval: 5s | ||
| scrape_configs: | ||
| - job_name: 'kubernetes-apiservers' | ||
| kubernetes_sd_configs: | ||
| - role: endpoints | ||
| scheme: https | ||
| tls_config: | ||
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
| relabel_configs: | ||
| - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] | ||
| action: keep | ||
| regex: default;kubernetes;https | ||
| - job_name: 'kubernetes-nodes' | ||
| scheme: https | ||
| tls_config: | ||
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
| kubernetes_sd_configs: | ||
| - role: node | ||
| relabel_configs: | ||
| - action: labelmap | ||
| regex: __meta_kubernetes_node_label_(.+) | ||
| - target_label: __address__ | ||
| replacement: kubernetes.default.svc:443 | ||
| - source_labels: [__meta_kubernetes_node_name] | ||
| regex: (.+) | ||
| target_label: __metrics_path__ | ||
| replacement: /api/v1/nodes/${1}/proxy/metrics | ||
| - job_name: 'kubernetes-pods' | ||
| kubernetes_sd_configs: | ||
| - role: pod | ||
| relabel_configs: | ||
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] | ||
| action: keep | ||
| regex: true | ||
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] | ||
| action: replace | ||
| target_label: __metrics_path__ | ||
| regex: (.+) | ||
| - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] | ||
| action: replace | ||
| regex: ([^:]+)(?::\d+)?;(\d+) | ||
| replacement: $1:$2 | ||
| target_label: __address__ | ||
| - action: labelmap | ||
| regex: __meta_kubernetes_pod_label_(.+) | ||
| - source_labels: [__meta_kubernetes_namespace] | ||
| action: replace | ||
| target_label: kubernetes_namespace | ||
| - source_labels: [__meta_kubernetes_pod_name] | ||
| action: replace | ||
| target_label: kubernetes_pod_name | ||
| - job_name: 'kubernetes-cadvisor' | ||
| scheme: https | ||
| tls_config: | ||
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
| kubernetes_sd_configs: | ||
| - role: node | ||
| relabel_configs: | ||
| - action: labelmap | ||
| regex: __meta_kubernetes_node_label_(.+) | ||
| - target_label: __address__ | ||
| replacement: kubernetes.default.svc:443 | ||
| - source_labels: [__meta_kubernetes_node_name] | ||
| regex: (.+) | ||
| target_label: __metrics_path__ | ||
| replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor | ||
| - job_name: 'kubernetes-service-endpoints' | ||
| kubernetes_sd_configs: | ||
| - role: endpoints | ||
| relabel_configs: | ||
| - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] | ||
| action: keep | ||
| regex: true | ||
| - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] | ||
| action: replace | ||
| target_label: __scheme__ | ||
| regex: (https?) | ||
| - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] | ||
| action: replace | ||
| target_label: __metrics_path__ | ||
| regex: (.+) | ||
| - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] | ||
| action: replace | ||
| target_label: __address__ | ||
| regex: ([^:]+)(?::\d+)?;(\d+) | ||
| replacement: $1:$2 | ||
| - action: labelmap | ||
| regex: __meta_kubernetes_service_label_(.+) | ||
| - source_labels: [__meta_kubernetes_namespace] | ||
| action: replace | ||
| target_label: kubernetes_namespace | ||
| - source_labels: [__meta_kubernetes_service_name] | ||
| action: replace | ||
| target_label: kubernetes_name |
46 changes: 46 additions & 0 deletions
46
deployments/kubernetes/monitoring/prometheus/deployment.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| --- | ||
|
|
||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: prometheus-deployment | ||
| namespace: monitoring | ||
| labels: | ||
| app: prometheus-server | ||
| spec: | ||
| replicas: 1 | ||
| strategy: | ||
| type: RollingUpdate | ||
| selector: | ||
| matchLabels: | ||
| app: prometheus-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: prometheus-server | ||
| spec: | ||
| nodeSelector: | ||
| env: master | ||
| containers: | ||
| - name: prometheus | ||
| image: prom/prometheus:v2.2.1 | ||
| args: | ||
| - "--config.file=/etc/prometheus/prometheus.yml" | ||
| - "--storage.tsdb.path=/prometheus/" | ||
| # FOR REVERSED PROXY | ||
| - "--web.external-url=http://localhost:9090/prometheus" | ||
| - "--web.route-prefix=/" | ||
| ports: | ||
| - containerPort: 9090 | ||
| volumeMounts: | ||
| - name: prometheus-config-volume | ||
| mountPath: /etc/prometheus/ | ||
| - name: prometheus-storage-volume | ||
| mountPath: /prometheus/ | ||
| volumes: | ||
| - name: prometheus-config-volume | ||
| configMap: | ||
| defaultMode: 420 | ||
| name: prometheus-server-conf | ||
| - name: prometheus-storage-volume | ||
| emptyDir: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| --- | ||
|
|
||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: prometheus-service | ||
| namespace: monitoring | ||
| annotations: | ||
| prometheus.io/scrape: "true" | ||
| prometheus.io/port: "9090" | ||
| spec: | ||
| selector: | ||
| app: prometheus-server | ||
| type: NodePort | ||
| ports: | ||
| - port: 8080 | ||
| targetPort: 9090 | ||
| nodePort: 30000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,4 +8,4 @@ metadata: | |
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: fuzzing | ||
| name: monitoring | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| - hosts: k8s_master | ||
| name: Deploy Moniotoring Grafana | ||
| vars: | ||
| dir_repo: "{{ inventory_dir | dirname }}" | ||
| dir_deploy: "{{ inventory_dir }}" | ||
| dir_k8s_grafana: "{{ dir_deploy }}/kubernetes/monitoring/grafana" | ||
| service_hostname: incrudibles-k8s.db.pdl.cmu.edu | ||
| ansible_python_interpreter: /usr/bin/python3 | ||
| pre_tasks: | ||
| - name: Ensure k8s module dependencies are installed. | ||
| pip: | ||
| name: openshift | ||
| state: present | ||
| tasks: | ||
| - name: Create Grafana Deployment | ||
| vars: | ||
| deployment_file: "{{ dir_k8s_grafana }}/deployment.yml" | ||
| k8s: | ||
| state: present | ||
| definition: "{{ lookup('template', '{{ deployment_file }}') }}" | ||
|
|
||
| - name: Create Grafana Service | ||
| vars: | ||
| service_file: "{{ dir_k8s_grafana }}/service.yml" | ||
| k8s: | ||
| state: present | ||
| definition: "{{ lookup('template', '{{ service_file }}') }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| --- | ||
|
|
||
| - hosts: "{{ host_override | default('k8s_master') }}" | ||
| name: Deploy Prometheus | ||
| vars: | ||
| dir_deployment: "{{ inventory_dir }}" | ||
| dir_k8s_prometheus: "{{ dir_deployment }}/kubernetes/monitoring/prometheus" | ||
| pre_tasks: | ||
| - name: Ensure k8s module dependencies are installed. | ||
| pip: | ||
| state: present | ||
| name: openshift | ||
|
|
||
| tasks: | ||
| - name: Apply Prometheus Deployment Configs | ||
| vars: | ||
| config: "{{ dir_k8s_prometheus }}/{{ item }}" | ||
| k8s: | ||
| state: present | ||
| definition: "{{ lookup('template', '{{ config }}') }}" | ||
| loop: | ||
| - cluster-role.yml | ||
| - cluster-role-binding.yml | ||
| - config-map.yml | ||
| - deployment.yml | ||
| - service.yml |
Oops, something went wrong.