| Serge Bazanski | 363bf4f | 2020-08-24 21:00:56 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | // Global sets up a global tier instance of the hscloud monitoring infrastructure. |
| 5 | // |
| 6 | // This currently consists of Victoria Metrics, to which the agent tier sends metrics data via |
| 7 | // the prometheus remote_write protocol. |
| 8 | // Victoria Metrics is here used as a long-term storage solution. However, right now, it |
| 9 | // just keeps data locally on disk. In the future, S3 snapshots/backups should be introduced. |
| 10 | Global(name):: { |
| 11 | local global = self, |
| 12 | local cfg = global.cfg, |
| 13 | |
| 14 | cfg:: { |
| 15 | name: name, |
| 16 | namespace: "monitoring-global-%s" % [cfg.name], |
| 17 | |
| 18 | images: { |
| 19 | victoria: "victoriametrics/victoria-metrics:v1.40.0", |
| 20 | vmauth: "victoriametrics/vmauth:v1.40.0", |
| 21 | }, |
| 22 | |
| 23 | hosts: { |
| 24 | // DNS hostname that this global tier will use. Ingress will run under it. |
| 25 | globalAPI: error "hosts.globalAPI must be set", |
| 26 | }, |
| 27 | |
| 28 | storageClasses: { |
| 29 | // Storage class used for main data retention. |
| 30 | victoria: error "storageClasses.victoria must be set", |
| 31 | }, |
| 32 | |
| 33 | // A list of agents that will push metrics to this instance. |
| 34 | // List of: |
| 35 | // { |
| 36 | // username: the username that the agent will authenticate with |
| 37 | // password: the password that the agent will authenticate with |
| 38 | // } |
| 39 | agents: [], |
| 40 | }, |
| 41 | |
| 42 | // Generated URLs that agents should use to ship metrics over. Both require HTTP basic |
| 43 | // auth, configured via cfg.agents. |
| 44 | // The internal URL should be used for agents colocated in the same Kubernetes cluster. |
| 45 | internalIngestURL:: "http://%s/api/v1/write" % [global.victoria.serviceAPI.host_colon_port], |
| 46 | // The glboal URL should be used for agents sending data over the internet. |
| 47 | globalIngestURL:: "https://%s/api/v1/write" % [cfg.hosts.globalAPI], |
| 48 | |
| 49 | namespace: kube.Namespace(cfg.namespace), |
| 50 | local ns = global.namespace, |
| 51 | |
| 52 | victoria: { |
| 53 | local victoria = self, |
| 54 | |
| 55 | pvc: ns.Contain(kube.PersistentVolumeClaim("victoria-data")) { |
| 56 | spec+: { |
| 57 | storageClassName: cfg.storageClasses.victoria, |
| 58 | accessModes: ["ReadWriteOnce"], |
| 59 | resources: { |
| 60 | requests: { |
| 61 | storage: "64Gi", |
| 62 | }, |
| 63 | }, |
| 64 | }, |
| 65 | }, |
| 66 | |
| 67 | authSecret: ns.Contain(kube.Secret("vmauth")) { |
| 68 | data+: { |
| 69 | "config.yaml": std.base64(std.manifestJson({ |
| 70 | users: [ |
| 71 | { |
| 72 | username: a.username, |
| 73 | password: a.password, |
| 74 | url_prefix: "http://localhost:8428", |
| 75 | } |
| 76 | for a in cfg.agents |
| 77 | ], |
| 78 | }) + "\n") |
| 79 | }, |
| 80 | }, |
| 81 | |
| 82 | deploy: ns.Contain(kube.Deployment("victoria")) { |
| 83 | spec+: { |
| 84 | template+: { |
| 85 | spec+: { |
| 86 | containers_: { |
| 87 | default: kube.Container("default") { |
| 88 | image: cfg.images.victoria, |
| 89 | volumeMounts_: { |
| 90 | data: { mountPath: "/victoria-metrics-data", }, |
| 91 | }, |
| 92 | }, |
| 93 | vmauth: kube.Container("vmauth") { |
| 94 | image: cfg.images.vmauth, |
| 95 | command: [ |
| 96 | "/vmauth-prod", |
| 97 | "-auth.config", "/mnt/secret/config.yaml", |
| 98 | ], |
| 99 | volumeMounts_: { |
| 100 | secret: { mountPath: "/mnt/secret", }, |
| 101 | }, |
| 102 | ports_: { |
| 103 | api: { containerPort: 8427 } |
| 104 | }, |
| 105 | } |
| 106 | }, |
| 107 | volumes_: { |
| 108 | data: kube.PersistentVolumeClaimVolume(victoria.pvc), |
| 109 | secret: kube.SecretVolume(victoria.authSecret), |
| 110 | }, |
| 111 | }, |
| 112 | }, |
| 113 | }, |
| 114 | }, |
| 115 | |
| 116 | serviceAPI: ns.Contain(kube.Service("victoria-api")) { |
| 117 | target_pod: victoria.deploy.spec.template, |
| 118 | spec+: { |
| 119 | ports: [ |
| 120 | { name: "api", port: 8427, targetPort: 8427, protocol: "TCP" }, |
| 121 | ], |
| 122 | type: "ClusterIP", |
| 123 | }, |
| 124 | }, |
| 125 | |
| 126 | ingressAPI: ns.Contain(kube.Ingress("victoria-api")) { |
| 127 | metadata+: { |
| 128 | annotations+: { |
| 129 | "kubernetes.io/tls-acme": "true", |
| 130 | "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", |
| 131 | }, |
| 132 | }, |
| 133 | spec+: { |
| 134 | tls: [ |
| 135 | { hosts: [cfg.hosts.globalAPI], secretName: "ingress-tls" }, |
| 136 | ], |
| 137 | rules: [ |
| 138 | { |
| 139 | host: cfg.hosts.globalAPI, |
| 140 | http: { |
| 141 | paths: [ { path: "/", backend: { serviceName: victoria.serviceAPI.metadata.name, servicePort: 8427 } }, ], |
| 142 | }, |
| 143 | } |
| 144 | ], |
| 145 | }, |
| 146 | }, |
| 147 | }, |
| 148 | } |
| 149 | } |