Monitoring (gardener#100)

* change kube-apiserver component to export not only CA but also public and private key

* add monitoring/prometheus component

* add monitoring/grafana component

* add gardener-metrics-exporter

* add documentation for monitoring

* add monitoring to integration tests

acre.yaml

@@ -152,6 +152,25 @@ landscape:
         image_tag: (( valid( tag ) ? tag :~~ ))
         image_repo: (( ~~ ))
         repo: "https://github.com/gardener/certificate-dns-bridge.git"
+    monitoring:
+      prometheus:
+        image_repo: quay.io/prometheus/prometheus
+        image_tag: v2.12.0
+      blackbox-exporter:
+        image_repo: quay.io/prometheus/blackbox-exporter
+        image_tag: v0.14.0
+      configmap-reload:
+        image_repo: quay.io/coreos/configmap-reload
+        image_tag: v0.0.1
+      grafana:
+        image_repo: grafana/grafana
+        image_tag: "6.3.2"
+      gardener-metrics-exporter:
+        <<: (( merge ))
+        repo: https://github.com/gardener/gardener-metrics-exporter.git
+        tag: (( valid( branch ) -or valid( commit ) ? ~~ :"0.4.0" ))
+        image_tag: (( valid( tag ) ? tag :~~ ))
+        image_repo: (( ~~ ))
   iaas: (( merge none // map[ select[stub()|e|-> ( ! defined( e.mode ) ) -or ( e.mode != "inactive" ) ] |idx,v|-> v { "mode" = v.mode || "seed" } ] ))
   etcd:
     <<: (( merge ))
@@ -163,6 +182,11 @@ landscape:
   dashboard: (( ~~ ))
   identity:
   gardener: (( ~~ ))
+  monitoring:
+    active: false
+    username: admin
+    password: (( ~~ ))
+    hash: (( ~~ ))
   cert-manager:
     <<: (( merge ))
     server: (( merge none // valid( stub() ) ? ( type( stub() ) == "map" ? stub() :{ "url" = stub() } ) :{"url" = "self-signed"} ))

components/gardener/runtime/deployment.yaml

@@ -26,7 +26,7 @@ spec:
   controller_secret: (( utilities.kubectl.getField(kubeconfig,"sa","gardener-controller-manager", "{.secrets[0].name}") ))
   controller_token: (( base64_decode( utilities.kubectl.getField( kubeconfig, "secret", controller_secret, "{.data.token}")) ))
   cluster_endpoint: (( "https://" utilities.kubectl.getField( landscape.clusters.[0].kubeconfig, "svc", "garden-kube-apiserver", "{.metadata.name}:{.spec.ports[0].port}") ))
-  apiserver_ca: (( base64( imports.kube_apiserver.export.kube_apiserver_ca ) ))
+  apiserver_ca: (( base64( imports.kube_apiserver.export.kube_apiserver_ca.cert ) ))
 
 kubeconfig_scheme:
   <<: (( &temporary &template ))

components/identity/export.yaml

@@ -21,4 +21,6 @@ export:
   callback_url: (( .settings.callbackUrl ))
   dashboard_url: (( .settings.dashboardUrl ))
   dashboardClientSecret: (( .state.dashboardClientSecret.value ))
-  dashboard_dns: (( .settings.dashboard_dns ))
+  dashboard_dns: (( .settings.dashboard_dns ))
+  identity_dns: (( .settings.identity_dns ))
+  identity_url: (( "https://" identity_dns ))

components/ingress-controller/export.yaml

@@ -14,8 +14,8 @@
 
 ---
 ingresscontroller: (( &temporary ))
-env:
-landscape: (( &temporaray ))
+env: (( &temporary ))
+landscape: (( &temporary ))
 settings: (( &temporary ))
 
 temp:

components/kube-apiserver/export.yaml

@@ -36,7 +36,7 @@ export:
   gardener_dns: (( .settings.gardener_dns ))
   apiserver_dns: (( .settings.apiserver_dns ))
   apiserver_url: (( "https://" apiserver_dns ))
-  kube_apiserver_ca: (( .state.kube_apiserver_ca.value.cert ))
+  kube_apiserver_ca: (( .state.kube_apiserver_ca.value ))
   kubeconfig: (( parse(base64_decode(exec( temp.command ))) || "" ))
 
 files:

components/monitoring/gardener-metrics-exporter/action

@@ -0,0 +1,26 @@
+# Copyright 2019 Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source "$SOWLIB/k8s"
+
+kubectl_patch()
+{
+  PLUGIN_setup "$2" kubectl_patch
+  K8S_setKubeConfig "$field_path" "$GENDIR/$field_path/kubeconfig"
+  getRequiredValue name "name" PLUGINCONFIGJSON
+  getRequiredValue namespace "namespace" PLUGINCONFIGJSON
+  getRequiredValue resource "resource" PLUGINCONFIGJSON
+  getRequiredValue patch "patch.$1" PLUGINCONFIGJSON
+  kubectl -n "$namespace" patch "$resource" "$name" --patch "$(echo "$patch")"
+}

components/monitoring/gardener-metrics-exporter/component.yaml

@@ -0,0 +1,19 @@
+---
+landscape: (( &temporary ))
+component:
+  active: (( .landscape.monitoring.active ))
+  imports:
+    - monitoring/prometheus
+    - grafana: monitoring/grafana
+    - kube-apiserver
+    - namespace
+
+  plugins:
+    - git
+
+git:
+  <<: (( .landscape.versions.monitoring.gardener-metrics-exporter ))
+  files:
+    - "charts"
+    - "dashboards"
+

components/monitoring/gardener-metrics-exporter/deployment.yaml

@@ -0,0 +1,41 @@
+---
+imports: (( &temporary ))
+landscape: (( &temporary ))
+env: (( &temporary ))
+
+plugins:
+  - kubectl_patch
+  - helm
+
+kubectl_patch:
+  kubeconfig: (( .landscape.clusters[0].kubeconfig ))
+  resource: configmap
+  name: (( .imports.grafana.export.grafana_dashboards_configmap ))
+  namespace: (( .landscape.namespace ))
+  patch:
+    deploy: (( asyaml( .patch.deploy ) ))
+    delete: (( asyaml( .patch.delete ) ))
+
+helm:
+  kubeconfig: (( landscape.clusters.[0].kubeconfig ))
+  source: "git/repo/charts/gardener-metrics-exporter"
+  name: gardener-metrics-exporter
+  namespace: (( .landscape.namespace ))
+  values:
+    image:
+      repository: (( .landscape.versions.monitoring.gardener-metrics-exporter.image_repo || ~~ ))
+      tag: (( .landscape.versions.monitoring.gardener-metrics-exporter.image_tag || ~~ ))
+    kubeconfig: (( asyaml( .imports.kube-apiserver.export.kubeconfig ) ))
+
+settings:
+  dashboard_path_prefix: (( env.GENDIR "/git/repo/dashboards/" ))
+  excluded_dashboards:
+    - shoot-state-overview-dashboard.json
+
+patch:
+  <<: (( &temporary ))
+  deploy:
+    data: (( sum[list_files( .settings.dashboard_path_prefix )|{}|s,f|-> contains( .settings.excluded_dashboards, f ) ? s :s { f = read( .settings.dashboard_path_prefix f, "text" ) }] ))
+  delete:
+    data: (( sum[list_files( .settings.dashboard_path_prefix )|{}|s,f|-> contains( .settings.excluded_dashboards, f ) ? s :s { f = "null" }] ))
+

components/monitoring/gardener-metrics-exporter/export.yaml

@@ -0,0 +1 @@
+---

components/monitoring/grafana/component.yaml

@@ -0,0 +1,12 @@
+---
+landscape: (( &temporary ))
+component:
+  active: (( .landscape.monitoring.active ))
+  imports:
+    - prometheus: monitoring/prometheus
+    - ingress-controller
+    - cert: cert-manager/cert
+    - namespace
+
+  stubs:
+    - plugins/kubectl/utilities.yaml

components/monitoring/grafana/deployment.yaml

@@ -0,0 +1,19 @@
+---
+imports: (( &temporary ))
+landscape: (( &temporary ))
+utilities: (( &temporary ))
+
+plugins:
+  - kubectl: grafana
+
+settings:
+  grafana_domain: (( "garden-grafana." .imports.ingress-controller.export.ingress_domain ))
+  grafana_dashboards_configmap: "garden-grafana-dashboards"
+
+grafana: (( sum[list_files( __ctx.DIR "/manifests" )|[]|s,f|-> s .utilities.kubectl.generate( __ctx.DIR "/manifests/" f, .landscape.clusters[0].kubeconfig, .kubectlconfig )] ))
+
+kubectlconfig:
+  <<: (( &temporary ))
+  namespace: (( .landscape.namespace ))
+  monitoring_versions: (( .landscape.versions.monitoring ))
+  settings: (( .settings ))

components/monitoring/grafana/export.yaml

@@ -0,0 +1,3 @@
+---
+settings: (( &temporary ))
+export: (( settings ))

components/monitoring/grafana/manifests/10-datasources-configmap.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: garden-grafana-datasources
+  namespace: (( values.namespace ))
+  labels:
+    app: monitoring
+    role: grafana
+    context: garden
+data:
+  datasource.yaml: |-
+    apiVersion: 1
+    deleteDatasources:
+    - name: Graphite
+      orgId: 1
+    datasources:
+    - name: cluster-prometheus
+      type: prometheus
+      access: proxy
+      url: http://garden-prometheus:80
+      basicAuth: false
+      isDefault: true
+      version: 1
+      editable: false

components/monitoring/grafana/manifests/20-dashboard-providers-configmap.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: garden-grafana-dashboard-providers
+  namespace: (( values.namespace ))
+  labels:
+    app: monitoring
+    role: grafana
+    context: garden
+data:
+  default.yaml: |-
+    apiVersion: 1
+    providers:
+    - name: 'default'
+      orgId: 1
+      folder: ''
+      type: file
+      disableDeletion: false
+      editable: false
+      updateIntervalSeconds: 120
+      options:
+        path: /var/lib/grafana/dashboards

components/monitoring/grafana/manifests/30-grafana-dashboards.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: (( values.settings.grafana_dashboards_configmap ))
+  namespace: (( values.namespace ))
+  labels:
+    app: monitoring
+    role: grafana
+    context: garden
+data: (( sum[list_files( __ctx.DIR "/manifests/dashboard-configs" )|{}|dashboards,dconf|-> dashboards { dconf = read( __ctx.DIR "/manifests/dashboard-configs/" dconf, "text" ) }] ))

components/monitoring/grafana/manifests/40-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: garden-grafana
+  namespace: (( values.namespace ))
+  labels:
+    app: monitoring
+    role: grafana
+    context: garden
+spec:
+  type: ClusterIP
+  ports:
+  - name: web
+    port: 80
+    protocol: TCP
+    targetPort: 3000
+  selector:
+    app: monitoring
+    role: grafana
+    context: garden

components/monitoring/grafana/manifests/50-deployment.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: garden-grafana
+  namespace: (( values.namespace ))
+  labels:
+    app: monitoring
+    role: grafana
+    context: garden
+spec:
+  revisionHistoryLimit: 0
+  replicas: 1
+  selector:
+    matchLabels:
+      app: monitoring
+      role: grafana
+      context: garden
+  template:
+    metadata:
+      labels:
+        app: monitoring
+        role: grafana
+        context: garden
+    spec:
+      # initContainers:
+      # - name: init-prometheus
+      #   image: ${images['busybox']}
+      #   command: ['sh', '-c', 'until wget -T 5 -qO- http://garden-prometheus/-/healthy > /dev/null; do echo waiting for Prometheus; sleep 2; done;']
+      containers:
+      - name: grafana
+        image: (( values.monitoring_versions.grafana.image_repo ":" values.monitoring_versions.grafana.image_tag ))
+        imagePullPolicy: (( values.monitoring_versions.grafana.image_tag == "latest" ? "Always" :"IfNotPresent" ))
+        env:
+        - name: GF_AUTH_BASIC_ENABLED
+          value: "false"
+        - name: GF_AUTH_DISABLE_LOGIN_FORM
+          value: "true"
+        - name: GF_AUTH_ANONYMOUS_ENABLED
+          value: "true"
+        volumeMounts:
+        - name: dashboards
+          mountPath: /var/lib/grafana/dashboards
+        - name: datasources
+          mountPath: /etc/grafana/provisioning/datasources
+        - name: dashboard-providers
+          mountPath: /etc/grafana/provisioning/dashboards
+        ports:
+        - name: web
+          containerPort: 3000
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+          limits:
+            cpu: 200m
+            memory: 128Mi
+      volumes:
+      - name: dashboards
+        configMap:
+          name: garden-grafana-dashboards
+      - name: datasources
+        configMap:
+          name: garden-grafana-datasources
+      - name: dashboard-providers
+        configMap:
+          name: garden-grafana-dashboard-providers