marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

monitoring-experimentation with terraform

Browse Source
This commit is contained in:
marcel-dempers 2020-07-15 10:46:41 +10:00
parent 877810d147
commit d074681032
8 changed files with 19331 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
kubernetes/cloud/azure/terraform/main.tf
View File

@ -19,4 +19,14 @@ module "k8s" {
client_certificate = "${base64decode(module.cluster.client_certificate)}" client_certificate = "${base64decode(module.cluster.client_certificate)}"
client_key = "${base64decode(module.cluster.client_key)}" client_key = "${base64decode(module.cluster.client_key)}"
cluster_ca_certificate= "${base64decode(module.cluster.cluster_ca_certificate)}" cluster_ca_certificate= "${base64decode(module.cluster.cluster_ca_certificate)}"
}
module "k8s_monitoring_prometheus_operator" {
source = "./modules/monitoring/prometheus-operator/"
host = "${module.cluster.host}"
client_certificate = "${base64decode(module.cluster.client_certificate)}"
client_key = "${base64decode(module.cluster.client_key)}"
cluster_ca_certificate= "${base64decode(module.cluster.cluster_ca_certificate)}"
} }

105
kubernetes/cloud/azure/terraform/modules/monitoring/alertmanager/alertmanager.tf Normal file
View File

@ -0,0 +1,105 @@
resource "kubernetes_manifest" "secret_alertmanager_main" {
manifest = {
"apiVersion" = "v1"
"data" = {}
"kind" = "Secret"
"metadata" = {
"name" = "alertmanager-main"
"namespace" = "monitoring"
}
"stringData" = {
"alertmanager.yaml" = "\"global\":\n \"resolve_timeout\": \"5m\"\n\"inhibit_rules\":\n- \"equal\":\n - \"namespace\"\n - \"alertname\"\n \"source_match\":\n \"severity\": \"critical\"\n \"target_match_re\":\n \"severity\": \"warning|info\"\n- \"equal\":\n - \"namespace\"\n - \"alertname\"\n \"source_match\":\n \"severity\": \"warning\"\n \"target_match_re\":\n \"severity\": \"info\"\n\"receivers\":\n- \"name\": \"Default\"\n- \"name\": \"Watchdog\"\n- \"name\": \"Critical\"\n\"route\":\n \"group_by\":\n - \"namespace\"\n \"group_interval\": \"5m\"\n \"group_wait\": \"30s\"\n \"receiver\": \"Default\"\n \"repeat_interval\": \"12h\"\n \"routes\":\n - \"match\":\n \"alertname\": \"Watchdog\"\n \"receiver\": \"Watchdog\"\n - \"match\":\n \"severity\": \"critical\"\n \"receiver\": \"Critical\""
}
"type" = "Opaque"
}
}
resource "kubernetes_manifest" "serviceaccount_alertmanager_main" {
manifest = {
"apiVersion" = "v1"
"kind" = "ServiceAccount"
"metadata" = {
"name" = "alertmanager-main"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "service_alertmanager_main" {
manifest = {
"apiVersion" = "v1"
"kind" = "Service"
"metadata" = {
"labels" = {
"alertmanager" = "main"
}
"name" = "alertmanager-main"
"namespace" = "monitoring"
}
"spec" = {
"ports" = [
{
"name" = "web"
"port" = 9093
"targetPort" = "web"
},
]
"selector" = {
"alertmanager" = "main"
"app" = "alertmanager"
}
"sessionAffinity" = "ClientIP"
}
}
}
resource "kubernetes_manifest" "servicemonitor_alertmanager" {
manifest = {
"apiVersion" = "monitoring.coreos.com/v1"
"kind" = "ServiceMonitor"
"metadata" = {
"labels" = {
"k8s-app" = "alertmanager"
}
"name" = "alertmanager"
"namespace" = "monitoring"
}
"spec" = {
"endpoints" = [
{
"interval" = "30s"
"port" = "web"
},
]
"selector" = {
"matchLabels" = {
"alertmanager" = "main"
}
}
}
}
}
resource "kubernetes_manifest" "alertmanager_main" {
manifest = {
"apiVersion" = "monitoring.coreos.com/v1"
"kind" = "Alertmanager"
"metadata" = {
"labels" = {
"alertmanager" = "main"
}
"name" = "main"
"namespace" = "monitoring"
}
"spec" = {
"image" = "quay.io/prometheus/alertmanager:v0.21.0"
"nodeSelector" = {
"kubernetes.io/os" = "linux"
}
"replicas" = 3
"securityContext" = {
"fsGroup" = 2000
"runAsNonRoot" = true
"runAsUser" = 1000
}
"serviceAccountName" = "alertmanager-main"
"version" = "v0.21.0"
}
}
}

441
kubernetes/cloud/azure/terraform/modules/monitoring/grafana/grafana.tf Normal file
View File

@ -0,0 +1,441 @@
resource "kubernetes_manifest" "secret_grafana_datasources" {
manifest = {
"apiVersion" = "v1"
"data" = {
"datasources.yaml" = "ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0="
}
"kind" = "Secret"
"metadata" = {
"name" = "grafana-datasources"
"namespace" = "monitoring"
}
"type" = "Opaque"
}
}
resource "kubernetes_manifest" "configmap_grafana_dashboard_nodeexporter" {
manifest = {
"apiVersion" = "v1"
"data" = {
}
"kind" = "ConfigMap"
"metadata" = {
"name" = "grafana-dashboard-nodeexporter"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "configmap_grafana_dashboards" {
manifest = {
"apiVersion" = "v1"
"data" = {
"dashboards.yaml" = "{\n \"apiVersion\": 1,\n \"providers\": [\n {\n \"folder\": \"Default\",\n \"name\": \"0\",\n \"options\": {\n \"path\": \"/grafana-dashboard-definitions/0\"\n },\n \"orgId\": 1,\n \"type\": \"file\"\n }\n ]\n}"
}
"kind" = "ConfigMap"
"metadata" = {
"name" = "grafana-dashboards"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "deployment_grafana" {
manifest = {
"apiVersion" = "apps/v1"
"kind" = "Deployment"
"metadata" = {
"labels" = {
"app" = "grafana"
}
"name" = "grafana"
"namespace" = "monitoring"
}
"spec" = {
"replicas" = 1
"selector" = {
"matchLabels" = {
"app" = "grafana"
}
}
"template" = {
"metadata" = {
"labels" = {
"app" = "grafana"
}
}
"spec" = {
"containers" = [
{
"env" = []
"image" = "grafana/grafana:6.7.4"
"name" = "grafana"
"ports" = [
{
"containerPort" = 3000
"name" = "http"
},
]
"readinessProbe" = {
"httpGet" = {
"path" = "/api/health"
"port" = "http"
}
}
"resources" = {
"limits" = {
"cpu" = "200m"
"memory" = "200Mi"
}
"requests" = {
"cpu" = "100m"
"memory" = "100Mi"
}
}
"volumeMounts" = [
{
"mountPath" = "/var/lib/grafana"
"name" = "grafana-storage"
"readOnly" = false
},
{
"mountPath" = "/etc/grafana/provisioning/datasources"
"name" = "grafana-datasources"
"readOnly" = false
},
{
"mountPath" = "/etc/grafana/provisioning/dashboards"
"name" = "grafana-dashboards"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/nodeexporter"
"name" = "grafana-dashboard-nodeexporter"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/apiserver"
"name" = "grafana-dashboard-apiserver"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/cluster-total"
"name" = "grafana-dashboard-cluster-total"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/controller-manager"
"name" = "grafana-dashboard-controller-manager"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-cluster"
"name" = "grafana-dashboard-k8s-resources-cluster"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-namespace"
"name" = "grafana-dashboard-k8s-resources-namespace"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-node"
"name" = "grafana-dashboard-k8s-resources-node"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-pod"
"name" = "grafana-dashboard-k8s-resources-pod"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-workload"
"name" = "grafana-dashboard-k8s-resources-workload"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/k8s-resources-workloads-namespace"
"name" = "grafana-dashboard-k8s-resources-workloads-namespace"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/kubelet"
"name" = "grafana-dashboard-kubelet"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/namespace-by-pod"
"name" = "grafana-dashboard-namespace-by-pod"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/namespace-by-workload"
"name" = "grafana-dashboard-namespace-by-workload"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/node-cluster-rsrc-use"
"name" = "grafana-dashboard-node-cluster-rsrc-use"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/node-rsrc-use"
"name" = "grafana-dashboard-node-rsrc-use"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/nodes"
"name" = "grafana-dashboard-nodes"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/persistentvolumesusage"
"name" = "grafana-dashboard-persistentvolumesusage"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/pod-total"
"name" = "grafana-dashboard-pod-total"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/prometheus-remote-write"
"name" = "grafana-dashboard-prometheus-remote-write"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/prometheus"
"name" = "grafana-dashboard-prometheus"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/proxy"
"name" = "grafana-dashboard-proxy"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/scheduler"
"name" = "grafana-dashboard-scheduler"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/statefulset"
"name" = "grafana-dashboard-statefulset"
"readOnly" = false
},
{
"mountPath" = "/grafana-dashboard-definitions/0/workload-total"
"name" = "grafana-dashboard-workload-total"
"readOnly" = false
},
]
},
]
"nodeSelector" = {
"beta.kubernetes.io/os" = "linux"
}
"securityContext" = {
"runAsNonRoot" = true
"runAsUser" = 65534
}
"serviceAccountName" = "grafana"
"volumes" = [
{
"emptyDir" = {}
"name" = "grafana-storage"
},
{
"name" = "grafana-datasources"
"secret" = {
"secretName" = "grafana-datasources"
}
},
{
"configMap" = {
"name" = "grafana-dashboards"
}
"name" = "grafana-dashboards"
},
{
"configMap" = {
"name" = "grafana-dashboard-nodeexporter"
}
"name" = "grafana-dashboard-nodeexporter"
},
{
"configMap" = {
"name" = "grafana-dashboard-apiserver"
}
"name" = "grafana-dashboard-apiserver"
},
{
"configMap" = {
"name" = "grafana-dashboard-cluster-total"
}
"name" = "grafana-dashboard-cluster-total"
},
{
"configMap" = {
"name" = "grafana-dashboard-controller-manager"
}
"name" = "grafana-dashboard-controller-manager"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-cluster"
}
"name" = "grafana-dashboard-k8s-resources-cluster"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-namespace"
}
"name" = "grafana-dashboard-k8s-resources-namespace"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-node"
}
"name" = "grafana-dashboard-k8s-resources-node"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-pod"
}
"name" = "grafana-dashboard-k8s-resources-pod"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-workload"
}
"name" = "grafana-dashboard-k8s-resources-workload"
},
{
"configMap" = {
"name" = "grafana-dashboard-k8s-resources-workloads-namespace"
}
"name" = "grafana-dashboard-k8s-resources-workloads-namespace"
},
{
"configMap" = {
"name" = "grafana-dashboard-kubelet"
}
"name" = "grafana-dashboard-kubelet"
},
{
"configMap" = {
"name" = "grafana-dashboard-namespace-by-pod"
}
"name" = "grafana-dashboard-namespace-by-pod"
},
{
"configMap" = {
"name" = "grafana-dashboard-namespace-by-workload"
}
"name" = "grafana-dashboard-namespace-by-workload"
},
{
"configMap" = {
"name" = "grafana-dashboard-node-cluster-rsrc-use"
}
"name" = "grafana-dashboard-node-cluster-rsrc-use"
},
{
"configMap" = {
"name" = "grafana-dashboard-node-rsrc-use"
}
"name" = "grafana-dashboard-node-rsrc-use"
},
{
"configMap" = {
"name" = "grafana-dashboard-nodes"
}
"name" = "grafana-dashboard-nodes"
},
{
"configMap" = {
"name" = "grafana-dashboard-persistentvolumesusage"
}
"name" = "grafana-dashboard-persistentvolumesusage"
},
{
"configMap" = {
"name" = "grafana-dashboard-pod-total"
}
"name" = "grafana-dashboard-pod-total"
},
{
"configMap" = {
"name" = "grafana-dashboard-prometheus-remote-write"
}
"name" = "grafana-dashboard-prometheus-remote-write"
},
{
"configMap" = {
"name" = "grafana-dashboard-prometheus"
}
"name" = "grafana-dashboard-prometheus"
},
{
"configMap" = {
"name" = "grafana-dashboard-proxy"
}
"name" = "grafana-dashboard-proxy"
},
{
"configMap" = {
"name" = "grafana-dashboard-scheduler"
}
"name" = "grafana-dashboard-scheduler"
},
{
"configMap" = {
"name" = "grafana-dashboard-statefulset"
}
"name" = "grafana-dashboard-statefulset"
},
{
"configMap" = {
"name" = "grafana-dashboard-workload-total"
}
"name" = "grafana-dashboard-workload-total"
},
]
}
}
}
}
}
resource "kubernetes_manifest" "serviceaccount_grafana" {
manifest = {
"apiVersion" = "v1"
"kind" = "ServiceAccount"
"metadata" = {
"name" = "grafana"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "service_grafana" {
manifest = {
"apiVersion" = "v1"
"kind" = "Service"
"metadata" = {
"labels" = {
"app" = "grafana"
}
"name" = "grafana"
"namespace" = "monitoring"
}
"spec" = {
"ports" = [
{
"name" = "http"
"port" = 3000
"targetPort" = "http"
},
]
"selector" = {
"app" = "grafana"
}
}
}
}

400
kubernetes/cloud/azure/terraform/modules/monitoring/kube-state-metrics/kube-state-metrics.tf Normal file
View File

@ -0,0 +1,400 @@
resource "kubernetes_manifest" "clusterrolebinding_kube_state_metrics" {
manifest = {
"apiVersion" = "rbac.authorization.k8s.io/v1"
"kind" = "ClusterRoleBinding"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
"name" = "kube-state-metrics"
}
"roleRef" = {
"apiGroup" = "rbac.authorization.k8s.io"
"kind" = "ClusterRole"
"name" = "kube-state-metrics"
}
"subjects" = [
{
"kind" = "ServiceAccount"
"name" = "kube-state-metrics"
"namespace" = "monitoring"
},
]
}
}
resource "kubernetes_manifest" "clusterrole_kube_state_metrics" {
manifest = {
"apiVersion" = "rbac.authorization.k8s.io/v1"
"kind" = "ClusterRole"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
"name" = "kube-state-metrics"
}
"rules" = [
{
"apiGroups" = [
"",
]
"resources" = [
"configmaps",
"secrets",
"nodes",
"pods",
"services",
"resourcequotas",
"replicationcontrollers",
"limitranges",
"persistentvolumeclaims",
"persistentvolumes",
"namespaces",
"endpoints",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"extensions",
]
"resources" = [
"daemonsets",
"deployments",
"replicasets",
"ingresses",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"apps",
]
"resources" = [
"statefulsets",
"daemonsets",
"deployments",
"replicasets",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"batch",
]
"resources" = [
"cronjobs",
"jobs",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"autoscaling",
]
"resources" = [
"horizontalpodautoscalers",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"authentication.k8s.io",
]
"resources" = [
"tokenreviews",
]
"verbs" = [
"create",
]
},
{
"apiGroups" = [
"authorization.k8s.io",
]
"resources" = [
"subjectaccessreviews",
]
"verbs" = [
"create",
]
},
{
"apiGroups" = [
"policy",
]
"resources" = [
"poddisruptionbudgets",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"certificates.k8s.io",
]
"resources" = [
"certificatesigningrequests",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"storage.k8s.io",
]
"resources" = [
"storageclasses",
"volumeattachments",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"admissionregistration.k8s.io",
]
"resources" = [
"mutatingwebhookconfigurations",
"validatingwebhookconfigurations",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"networking.k8s.io",
]
"resources" = [
"networkpolicies",
]
"verbs" = [
"list",
"watch",
]
},
{
"apiGroups" = [
"coordination.k8s.io",
]
"resources" = [
"leases",
]
"verbs" = [
"list",
"watch",
]
},
]
}
}
resource "kubernetes_manifest" "deployment_kube_state_metrics" {
manifest = {
"apiVersion" = "apps/v1"
"kind" = "Deployment"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
"name" = "kube-state-metrics"
"namespace" = "monitoring"
}
"spec" = {
"replicas" = 1
"selector" = {
"matchLabels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
}
}
"template" = {
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
}
"spec" = {
"containers" = [
{
"args" = [
"--host=127.0.0.1",
"--port=8081",
"--telemetry-host=127.0.0.1",
"--telemetry-port=8082",
]
"image" = "quay.io/coreos/kube-state-metrics:v1.9.5"
"name" = "kube-state-metrics"
"securityContext" = {
"runAsUser" = 65534
}
},
{
"args" = [
"--logtostderr",
"--secure-listen-address=:8443",
"--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"--upstream=http://127.0.0.1:8081/",
]
"image" = "quay.io/coreos/kube-rbac-proxy:v0.4.1"
"name" = "kube-rbac-proxy-main"
"ports" = [
{
"containerPort" = 8443
"name" = "https-main"
},
]
"securityContext" = {
"runAsUser" = 65534
}
},
{
"args" = [
"--logtostderr",
"--secure-listen-address=:9443",
"--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"--upstream=http://127.0.0.1:8082/",
]
"image" = "quay.io/coreos/kube-rbac-proxy:v0.4.1"
"name" = "kube-rbac-proxy-self"
"ports" = [
{
"containerPort" = 9443
"name" = "https-self"
},
]
"securityContext" = {
"runAsUser" = 65534
}
},
]
"nodeSelector" = {
"kubernetes.io/os" = "linux"
}
"serviceAccountName" = "kube-state-metrics"
}
}
}
}
}
resource "kubernetes_manifest" "serviceaccount_kube_state_metrics" {
manifest = {
"apiVersion" = "v1"
"kind" = "ServiceAccount"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
"name" = "kube-state-metrics"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "servicemonitor_kube_state_metrics" {
manifest = {
"apiVersion" = "monitoring.coreos.com/v1"
"kind" = "ServiceMonitor"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
"k8s-app" = "kube-state-metrics"
}
"name" = "kube-state-metrics"
"namespace" = "monitoring"
}
"spec" = {
"endpoints" = [
{
"bearerTokenFile" = "/var/run/secrets/kubernetes.io/serviceaccount/token"
"honorLabels" = true
"interval" = "30s"
"port" = "https-main"
"relabelings" = [
{
"action" = "labeldrop"
"regex" = "(pod|service|endpoint|namespace)"
},
]
"scheme" = "https"
"scrapeTimeout" = "30s"
"tlsConfig" = {
"insecureSkipVerify" = true
}
},
{
"bearerTokenFile" = "/var/run/secrets/kubernetes.io/serviceaccount/token"
"interval" = "30s"
"port" = "https-self"
"scheme" = "https"
"tlsConfig" = {
"insecureSkipVerify" = true
}
},
]
"jobLabel" = "app.kubernetes.io/name"
"selector" = {
"matchLabels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
}
}
}
}
}
resource "kubernetes_manifest" "service_kube_state_metrics" {
manifest = {
"apiVersion" = "v1"
"kind" = "Service"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "kube-state-metrics"
"app.kubernetes.io/version" = "1.9.5"
}
"name" = "kube-state-metrics"
"namespace" = "monitoring"
}
"spec" = {
"clusterIP" = "None"
"ports" = [
{
"name" = "https-main"
"port" = 8443
"targetPort" = "https-main"
},
{
"name" = "https-self"
"port" = 9443
"targetPort" = "https-self"
},
]
"selector" = {
"app.kubernetes.io/name" = "kube-state-metrics"
}
}
}
}

282
kubernetes/cloud/azure/terraform/modules/monitoring/node-exporter/node-exporter.tf Normal file
View File

@ -0,0 +1,282 @@
resource "kubernetes_manifest" "clusterrolebinding_node_exporter" {
manifest = {
"apiVersion" = "rbac.authorization.k8s.io/v1"
"kind" = "ClusterRoleBinding"
"metadata" = {
"name" = "node-exporter"
}
"roleRef" = {
"apiGroup" = "rbac.authorization.k8s.io"
"kind" = "ClusterRole"
"name" = "node-exporter"
}
"subjects" = [
{
"kind" = "ServiceAccount"
"name" = "node-exporter"
"namespace" = "monitoring"
},
]
}
}
resource "kubernetes_manifest" "clusterrole_node_exporter" {
manifest = {
"apiVersion" = "rbac.authorization.k8s.io/v1"
"kind" = "ClusterRole"
"metadata" = {
"name" = "node-exporter"
}
"rules" = [
{
"apiGroups" = [
"authentication.k8s.io",
]
"resources" = [
"tokenreviews",
]
"verbs" = [
"create",
]
},
{
"apiGroups" = [
"authorization.k8s.io",
]
"resources" = [
"subjectaccessreviews",
]
"verbs" = [
"create",
]
},
]
}
}
resource "kubernetes_manifest" "daemonset_node_exporter" {
manifest = {
"apiVersion" = "apps/v1"
"kind" = "DaemonSet"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "node-exporter"
"app.kubernetes.io/version" = "v0.18.1"
}
"name" = "node-exporter"
"namespace" = "monitoring"
}
"spec" = {
"selector" = {
"matchLabels" = {
"app.kubernetes.io/name" = "node-exporter"
}
}
"template" = {
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "node-exporter"
"app.kubernetes.io/version" = "v0.18.1"
}
}
"spec" = {
"containers" = [
{
"args" = [
"--web.listen-address=127.0.0.1:9100",
"--path.procfs=/host/proc",
"--path.sysfs=/host/sys",
"--path.rootfs=/host/root",
"--no-collector.wifi",
"--no-collector.hwmon",
"--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)",
]
"image" = "quay.io/prometheus/node-exporter:v0.18.1"
"name" = "node-exporter"
"resources" = {
"limits" = {
"cpu" = "250m"
"memory" = "180Mi"
}
"requests" = {
"cpu" = "102m"
"memory" = "180Mi"
}
}
"volumeMounts" = [
{
"mountPath" = "/host/proc"
"name" = "proc"
"readOnly" = false
},
{
"mountPath" = "/host/sys"
"name" = "sys"
"readOnly" = false
},
{
"mountPath" = "/host/root"
"mountPropagation" = "HostToContainer"
"name" = "root"
"readOnly" = true
},
]
},
{
"args" = [
"--logtostderr",
"--secure-listen-address=[$(IP)]:9100",
"--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"--upstream=http://127.0.0.1:9100/",
]
"env" = [
{
"name" = "IP"
"valueFrom" = {
"fieldRef" = {
"fieldPath" = "status.podIP"
}
}
},
]
"image" = "quay.io/coreos/kube-rbac-proxy:v0.4.1"
"name" = "kube-rbac-proxy"
"ports" = [
{
"containerPort" = 9100
"hostPort" = 9100
"name" = "https"
},
]
"resources" = {
"limits" = {
"cpu" = "20m"
"memory" = "40Mi"
}
"requests" = {
"cpu" = "10m"
"memory" = "20Mi"
}
}
},
]
"hostNetwork" = true
"hostPID" = true
"nodeSelector" = {
"kubernetes.io/os" = "linux"
}
"securityContext" = {
"runAsNonRoot" = true
"runAsUser" = 65534
}
"serviceAccountName" = "node-exporter"
"tolerations" = [
{
"operator" = "Exists"
},
]
"volumes" = [
{
"hostPath" = {
"path" = "/proc"
}
"name" = "proc"
},
{
"hostPath" = {
"path" = "/sys"
}
"name" = "sys"
},
{
"hostPath" = {
"path" = "/"
}
"name" = "root"
},
]
}
}
}
}
}
resource "kubernetes_manifest" "serviceaccount_node_exporter" {
manifest = {
"apiVersion" = "v1"
"kind" = "ServiceAccount"
"metadata" = {
"name" = "node-exporter"
"namespace" = "monitoring"
}
}
}
resource "kubernetes_manifest" "servicemonitor_node_exporter" {
manifest = {
"apiVersion" = "monitoring.coreos.com/v1"
"kind" = "ServiceMonitor"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "node-exporter"
"app.kubernetes.io/version" = "v0.18.1"
"k8s-app" = "node-exporter"
}
"name" = "node-exporter"
"namespace" = "monitoring"
}
"spec" = {
"endpoints" = [
{
"bearerTokenFile" = "/var/run/secrets/kubernetes.io/serviceaccount/token"
"interval" = "15s"
"port" = "https"
"relabelings" = [
{
"action" = "replace"
"regex" = "(.*)"
"replacement" = "$1"
"sourceLabels" = [
"__meta_kubernetes_pod_node_name",
]
"targetLabel" = "instance"
},
]
"scheme" = "https"
"tlsConfig" = {
"insecureSkipVerify" = true
}
},
]
"jobLabel" = "app.kubernetes.io/name"
"selector" = {
"matchLabels" = {
"app.kubernetes.io/name" = "node-exporter"
}
}
}
}
}
resource "kubernetes_manifest" "service_node_exporter" {
manifest = {
"apiVersion" = "v1"
"kind" = "Service"
"metadata" = {
"labels" = {
"app.kubernetes.io/name" = "node-exporter"
"app.kubernetes.io/version" = "v0.18.1"
}
"name" = "node-exporter"
"namespace" = "monitoring"
}
"spec" = {
"clusterIP" = "None"
"ports" = [
{
"name" = "https"
"port" = 9100
"targetPort" = "https"
},
]
"selector" = {
"app.kubernetes.io/name" = "node-exporter"
}
}
}
}

2129
kubernetes/cloud/azure/terraform/modules/monitoring/prometheus-cluster-monitoring/prometheus-cluster-monitoring.tf Normal file
View File

File diff suppressed because it is too large Load Diff

15953
kubernetes/cloud/azure/terraform/modules/monitoring/prometheus-operator/prometheus-operator.tf Normal file
View File

File diff suppressed because it is too large Load Diff

11
kubernetes/cloud/azure/terraform/modules/monitoring/prometheus-operator/variables.tf Normal file
View File

@ -0,0 +1,11 @@
variable "host" {
}
variable "client_certificate" {
}
variable "client_key" {
}
variable "cluster_ca_certificate" {
}