-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2360 from lsst-sqre/tickets/DM-40204
tickets/DM-40204: move "monitoring" into Phalanx
- Loading branch information
Showing
28 changed files
with
513 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: v2 | ||
name: monitoring | ||
version: 0.0.1 | ||
description: Chronograf-based UI for monitoring (data stored in InfluxDBv2) | ||
sources: | ||
- https://github.com/lsst-sqre/rubin-influx-tools | ||
appVersion: 0.2.0 | ||
dependencies: | ||
- name: chronograf | ||
version: 1.2.5 | ||
repository: https://helm.influxdata.com/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# monitoring | ||
|
||
Chronograf-based UI for monitoring (data stored in InfluxDBv2) | ||
|
||
## Source Code | ||
|
||
* <https://github.com/lsst-sqre/rubin-influx-tools> | ||
|
||
## Values | ||
|
||
| Key | Type | Default | Description | | ||
|-----|------|---------|-------------| | ||
| chronograf.env.CUSTOM_AUTO_REFRESH | string | `"1s=1000"` | | | ||
| chronograf.env.GH_CLIENT_ID | string | `""` | | | ||
| chronograf.env.GH_ORGS | string | `"lsst-sqre"` | | | ||
| chronograf.env.HOST_PAGE_DISABLED | bool | `true` | | | ||
| chronograf.env.INFLUXDB_ORG | string | `"square"` | | | ||
| chronograf.env.INFLUXDB_URL | string | `"https://monitoring.lsst.codes"` | | | ||
| chronograf.envFromSecret | string | `"monitoring"` | | | ||
| chronograf.image.pullPolicy | string | `"IfNotPresent"` | | | ||
| chronograf.image.tag | string | `"1.9.4"` | | | ||
| chronograf.ingress.enabled | bool | `false` | | | ||
| chronograf.oauth.enabled | bool | `false` | | | ||
| chronograf.resources.limits.cpu | int | `4` | | | ||
| chronograf.resources.limits.memory | string | `"30Gi"` | | | ||
| chronograf.resources.requests.cpu | int | `1` | | | ||
| chronograf.resources.requests.memory | string | `"1024Mi"` | | | ||
| chronograf.service.replicas | int | `1` | | | ||
| chronograf.service.type | string | `"ClusterIP"` | | | ||
| chronograf.updateStrategy.type | string | `"Recreate"` | | | ||
| cronjob.debug | bool | `false` | set to true to enable debug logging | | ||
| cronjob.image | object | `{"repository":"ghcr.io/lsst-sqre/rubin-influx-tools","tag":""}` | image for monitoring-related cronjobs | | ||
| cronjob.image.repository | string | `"ghcr.io/lsst-sqre/rubin-influx-tools"` | repository for rubin-influx-tools | | ||
| cronjob.image.tag | string | the appVersion of the chart | tag for rubin-influx-tools | | ||
| cronjob.schedule | object | `{"bucketmaker":"*/15 * * * *","bucketmapper":"3-59/15 * * * *","taskmaker":"6-59/15 * * * *"}` | schedules for jobs | | ||
| cronjob.schedule.bucketmaker | string | `"*/15 * * * *"` | bucketmaker schedule | | ||
| cronjob.schedule.bucketmapper | string | `"3-59/15 * * * *"` | bucketmapper schedule | | ||
| cronjob.schedule.taskmaker | string | `"6-59/15 * * * *"` | taskmaker schedule | | ||
| global.influxdbOrg | string | `"square"` | InfluxDBv2 organization | | ||
| global.influxdbUrl | string | `"https://monitoring.lsst.codes"` | URL for InfluxDBv2 instance | | ||
| global.vaultSecretsPath | string | Set by Argo CD | Base path for Vault secrets | | ||
| ingress.chronograf | object | `{"annotations":{},"hostname":""}` | ingress for Chronograf UI | | ||
| ingress.chronograf.annotations | object | `{}` | Additional annotations to add to the ingress | | ||
| ingress.chronograf.hostname | string | `""` | hostname for Chronograf UI @ default -- None, must be set by each individual instance | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{{/* vim: set filetype=mustache: */}} | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "monitoring.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "monitoring.fullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "monitoring.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Common labels | ||
*/}} | ||
{{- define "monitoring.labels" -}} | ||
app.kubernetes.io/name: {{ include "monitoring.name" . }} | ||
helm.sh/chart: {{ include "monitoring.chart" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Selector labels | ||
*/}} | ||
{{- define "monitoring.selectorLabels" -}} | ||
app.kubernetes.io/name: {{ include "monitoring.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
name: bucketmaker | ||
spec: | ||
schedule: {{ .Values.cronjob.schedule.bucketmaker | quote }} | ||
successfulJobsHistoryLimit: 1 | ||
jobTemplate: | ||
spec: | ||
template: | ||
spec: | ||
restartPolicy: Never | ||
automountServiceAccountToken: false | ||
{{- with .Values.cronjob.tolerations }} | ||
tolerations: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
{{- with .Values.cronjob.affinity }} | ||
affinity: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
containers: | ||
- name: bucketmaker | ||
image: "{{ .Values.cronjob.image.repository }}:{{ .Values.cronjob.image.tag | default .Chart.AppVersion }}" | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
runAsNonRoot: true | ||
runAsUser: 405 | ||
runAsGroup: 100 | ||
capabilities: | ||
drop: | ||
- all | ||
readOnlyRootFilesystem: true | ||
env: | ||
- name: "INFLUXDB_TOKEN" | ||
valueFrom: | ||
secretKeyRef: | ||
name: "monitoring" | ||
key: "influx-alert-token" | ||
- name: "INFLUXDB_ORG" | ||
value: {{ .Values.global.influxdbOrg | quote }} | ||
- name: "INFLUXDB_URL" | ||
value: {{ .Values.global.influxdbUrl | quote }} | ||
{{- with .Values.cronjob.debug }} | ||
- name: "DEBUG" | ||
value: "true" | ||
{{- end }} | ||
command: [ "bucketmaker" ] | ||
volumeMounts: | ||
- mountPath: /tmp | ||
name: tmpdir | ||
volumes: | ||
# We download the phalanx repo into here to determine what our | ||
# active applications are. | ||
- name: tmpdir | ||
emptyDir: {} | ||
--- | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
name: bucketmapper | ||
spec: | ||
schedule: {{ .Values.cronjob.schedule.bucketmapper | quote }} | ||
successfulJobsHistoryLimit: 1 | ||
jobTemplate: | ||
spec: | ||
template: | ||
spec: | ||
restartPolicy: Never | ||
automountServiceAccountToken: false | ||
{{- with .Values.cronjob.tolerations }} | ||
tolerations: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
{{- with .Values.cronjob.affinity }} | ||
affinity: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
containers: | ||
- name: bucketmapper | ||
image: "{{ .Values.cronjob.image.repository }}:{{ .Values.cronjob.image.tag | default .Chart.AppVersion }}" | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
runAsNonRoot: true | ||
runAsUser: 405 | ||
runAsGroup: 100 | ||
capabilities: | ||
drop: | ||
- all | ||
readOnlyRootFilesystem: true | ||
env: | ||
- name: "INFLUXDB_TOKEN" | ||
valueFrom: | ||
secretKeyRef: | ||
name: "monitoring" | ||
# We should be able to do away with this level of | ||
# privilege as recent Influx versions automatically | ||
# create this mapping, but we would need to change | ||
# our naming conventions to adapt. | ||
key: "admin-token" | ||
- name: "INFLUXDB_ORG" | ||
value: {{ .Values.global.influxdbOrg | quote }} | ||
- name: "INFLUXDB_URL" | ||
value: {{ .Values.global.influxdbUrl | quote }} | ||
{{- with .Values.cronjob.debug }} | ||
- name: "DEBUG" | ||
value: "true" | ||
{{- end }} | ||
command: [ "bucketmapper" ] | ||
--- | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
name: taskmaker | ||
spec: | ||
successfulJobsHistoryLimit: 1 | ||
schedule: {{ .Values.cronjob.schedule.taskmaker | quote }} | ||
jobTemplate: | ||
spec: | ||
template: | ||
spec: | ||
restartPolicy: Never | ||
automountServiceAccountToken: false | ||
{{- with .Values.cronjob.tolerations }} | ||
tolerations: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
{{- with .Values.cronjob.affinity }} | ||
affinity: | ||
{{ toYaml . | indent 12 }} | ||
{{- end }} | ||
containers: | ||
- name: taskmaker | ||
image: "{{ .Values.cronjob.image.repository }}:{{ .Values.cronjob.image.tag | default .Chart.AppVersion }}" | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
runAsNonRoot: true | ||
runAsUser: 405 | ||
runAsGroup: 100 | ||
capabilities: | ||
drop: | ||
- all | ||
readOnlyRootFilesystem: true | ||
env: | ||
- name: "INFLUXDB_TOKEN" | ||
valueFrom: | ||
secretKeyRef: | ||
name: "monitoring" | ||
key: "influx-alert-token" | ||
- name: "INFLUXDB_ORG" | ||
value: {{ .Values.global.influxdbOrg | quote }} | ||
- name: "INFLUXDB_URL" | ||
value: {{ .Values.global.influxdbUrl | quote }} | ||
{{- with .Values.cronjob.debug }} | ||
- name: "DEBUG" | ||
value: "true" | ||
{{- end }} | ||
command: [ "taskmaker" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
apiVersion: gafaelfawr.lsst.io/v1alpha1 | ||
kind: GafaelfawrIngress | ||
metadata: | ||
name: "chronograf" | ||
labels: | ||
{{- include "monitoring.labels" . | nindent 4 }} | ||
annotations: | ||
cert-manager.io/cluster-issuer: "letsencrypt-dns" | ||
{{- with .Values.ingress.chronograf.annotations }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
config: | ||
baseUrl: "https://{{ .Values.ingress.chronograf.hostname }}" | ||
scopes: | ||
anonymous: true # We will use Chronograf auth for now. | ||
template: | ||
metadata: | ||
name: "chronograf" | ||
spec: | ||
tls: | ||
- hosts: | ||
- {{ .Values.ingress.chronograf.hostname | quote }} | ||
secretName: tls | ||
rules: | ||
- host: {{ .Values.ingress.chronograf.hostname | quote }} | ||
http: | ||
paths: | ||
- path: "/" | ||
pathType: "Prefix" | ||
backend: | ||
service: | ||
name: monitoring-chronograf | ||
port: | ||
number: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: ricoberger.de/v1alpha1 | ||
kind: VaultSecret | ||
metadata: | ||
name: {{ include "monitoring.fullname" . }} | ||
labels: | ||
{{- include "monitoring.labels" . | nindent 4 }} | ||
spec: | ||
path: "{{ .Values.global.vaultSecretsPath }}/monitoring" | ||
type: Opaque |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
chronograf: | ||
env: | ||
GH_CLIENT_ID: "e85fe410b0021a251180" | ||
cronjob: | ||
debug: true | ||
ingresses: | ||
chronograf: | ||
hostname: "monitoring-dev.lsst.cloud" |
Oops, something went wrong.