feat: unify all monitoring via grafana
diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 29d3d8d..59afcf2 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml
@@ -208,6 +208,7 @@
# service type in order to generate the URLs
vars:
default_map:
+ kube_prometheus_stack_grafana_host: "grafana.{{ domain_name }}"
openstack_helm_endpoints_region_name: "{{ region_name }}"
openstack_helm_endpoints_barbican_api_host: "key-manager.{{ domain_name }}"
openstack_helm_endpoints_cinder_api_host: "volume.{{ domain_name }}"
diff --git a/roles/kube_prometheus_stack/README.md b/roles/kube_prometheus_stack/README.md
index 9442f90..e069671 100644
--- a/roles/kube_prometheus_stack/README.md
+++ b/roles/kube_prometheus_stack/README.md
@@ -1,159 +1,19 @@
# `kube_prometheus_stack`
-## Exposing data
+There is a Grafana deployemnt with a few dashboards that are created by default
+and a Prometheus deployment that is used to collect metrics from the cluster
+which sends alerts to AlertManager. In addition, Loki is deployed to collect
+logs from the cluster using Vector.
-There are a few ways to expose both the monitoring services to view the health
-and the metrics and logs of the cluster.
+## Viewing data
-### Port forwarding
+By default, an `Ingress` is created for Grafana using the `kube_prometheus_stack_grafana_host`
+variable. The default login is `admin` and the password is the value of
+`kube_prometheus_stack_grafana_admin_password`.
-The easiest way to expose the monitoring services is to use port forwarding
-using the built-in `kubectl` command.
-
-#### Grafana
-
-```bash
-kubectl -n monitoring port-forward svc/kube-prometheus-stack-grafana 3000:80
-```
-
-Once you run the command above, you'll be able to open `http://localhost:3000`
-on your local system and view the Grafana UI. The default login is `admin` and
-the password is `prom-operator`.
-
-#### Prometheus
-
-```bash
-kubectl -n monitoring port-forward svc/kube-prometheus-stack-prometheus 9090
-```
-
-Once you run the command above, you'll be able to open `http://localhost:9090`
-on your local system and view the Prometheus UI.
-
-#### AlertManager
-
-```bash
-kubectl -n monitoring port-forward svc/kube-prometheus-stack-alertmanager 9093
-```
-
-Once you run the command above, you'll be able to open `http://localhost:9093`
-on your local system and view the AlertManager UI.
-
-### Unprotected access
-
-If you want to expose the monitoring services, you can use the following
-overrides which will create an `Ingress` for all the services.
-
-!!! danger
-
- This will expose the monitoring services without any authentication or
- authorization. This is not recommended for production environments or any
- environment where the monitoring services are exposed to the public internet.
-
-```yaml
-kube_prometheus_stack_helm_values:
- alertmanager:
- ingress:
- enabled: true
- ingressClassName: atmosphere
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
- hosts:
- - alertmanager.example.com
- tls:
- - secretName: alertmanager-tls
- hosts:
- - alertmanager.example.com
- alertmanagerSpec:
- externalUrl: https://alertmanager.example.com
- prometheus:
- ingress:
- enabled: true
- ingressClassName: atmosphere
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
- hosts:
- - prometheus.example.com
- tls:
- - secretName: prometheus-certs
- hosts:
- - prometheus.example.com
- prometheusSpec:
- externalUrl: https://prometheus.example.com
- grafana:
- ingress:
- enabled: true
- ingressClassName: atmosphere
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
- hosts:
- - grafana.example.com
- tls:
- - secretName: grafana-certs
- hosts:
- - grafana.example.com
-```
-
-### Protected access
-
-If you want to expose the monitoring services, you can use the following
-overrides which will create an `Ingress` for all the services.
-
-```yaml
-kube_prometheus_stack_helm_values:
- alertmanager:
- ingress:
- enabled: true
- ingressClassName: openstack
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
- nginx.ingress.kubernetes.io/auth-type: basic
- nginx.ingress.kubernetes.io/auth-secret: prometheus-auth
- nginx.ingress.kubernetes.io/auth-realm: Prometheus
- hosts:
- - alertmanager.example.com
- tls:
- - secretName: alertmanager-tls
- hosts:
- - alertmanager.example.com
- alertmanagerSpec:
- externalUrl: https://alertmanager.example.com
- prometheus:
- ingress:
- enabled: true
- ingressClassName: openstack
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
- nginx.ingress.kubernetes.io/auth-type: basic
- nginx.ingress.kubernetes.io/auth-secret: prometheus-auth
- nginx.ingress.kubernetes.io/auth-realm: Prometheus
- hosts:
- - prometheus.example.com
- tls:
- - secretName: prometheus-certs
- hosts:
- - prometheus.example.com
- prometheusSpec:
- externalUrl: https://prometheus.example.com
-```
-
-Once you've deployed with the overrides above, you'll need to create a secret
-with the username and password you want to use to access the monitoring
-services.
-
-```bash
-htpasswd -c auth monitoring
-```
-
-The above will generate a file called `auth` with the username and password,
-in this case the username is `monitoring`. You'll need to create a secret with
-the contents of the file.
-
-```bash
-kubectl -n monitoring create secret generic prometheus-auth --from-file=auth
-```
-
-Once you're done, you'll be able to access the monitoring services using the
-username and password you created.
+You can view the existing dashboards by going to _Manage_ > _Dashboards_. You
+can also check any alerts that are currently firing by going to _Alerting_ >
+_Alerts_.
## Integrations
diff --git a/roles/kube_prometheus_stack/defaults/main.yml b/roles/kube_prometheus_stack/defaults/main.yml
index 1890fb9..2b04c19 100644
--- a/roles/kube_prometheus_stack/defaults/main.yml
+++ b/roles/kube_prometheus_stack/defaults/main.yml
@@ -18,3 +18,10 @@
kube_prometheus_stack_helm_release_namespace: monitoring
kube_prometheus_stack_helm_values: {}
+
+kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
+kube_prometheus_stack_grafana_ingress_class_name: "{{ kube_prometheus_stack_ingress_class_name }}"
+# kube_prometheus_stack_grafana_host:
+
+kube_prometheus_stack_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_admin_password') }}"
diff --git a/roles/kube_prometheus_stack/vars/main.yml b/roles/kube_prometheus_stack/vars/main.yml
index eeb27e8..ed62d7e 100644
--- a/roles/kube_prometheus_stack/vars/main.yml
+++ b/roles/kube_prometheus_stack/vars/main.yml
@@ -30,20 +30,56 @@
nodeSelector: &node_selector
openstack-control-plane: enabled
grafana:
+ adminPassword: "{{ kube_prometheus_stack_grafana_admin_password }}"
image:
repository: "{{ atmosphere_images['grafana'] | vexxhost.kubernetes.docker_image('name') }}"
tag: "{{ atmosphere_images['grafana'] | vexxhost.kubernetes.docker_image('tag') }}"
+ ingress:
+ enabled: true
+ ingressClassName: "{{ kube_prometheus_stack_grafana_ingress_class_name }}"
+ annotations:
+ cert-manager.io/cluster-issuer: atmosphere
+ hosts:
+ - "{{ kube_prometheus_stack_grafana_host }}"
+ tls:
+ - secretName: grafana-tls
+ hosts:
+ - "{{ kube_prometheus_stack_grafana_host }}"
sidecar:
image:
repository: "{{ atmosphere_images['grafana_sidecar'] | vexxhost.kubernetes.docker_image('name') }}"
tag: "{{ atmosphere_images['grafana_sidecar'] | vexxhost.kubernetes.docker_image('tag') }}"
+ datasources:
+ defaultDatasourceEnabled: false
additionalDataSources:
+ - name: AlertManager
+ type: alertmanager
+ uid: alertmanager
+ url: '{% raw %}http://{{ printf "%s-alertmanager.%s" .Release.Name .Release.Namespace }}:9093{% endraw %}'
+ access: proxy
+ editable: false
+ jsonData:
+ implementation: prometheus
+ handleGrafanaManagedAlerts: true
+ - name: Prometheus
+ type: prometheus
+ uid: prometheus
+ url: '{% raw %}http://{{ printf "%s-prometheus.%s" .Release.Name .Release.Namespace }}:9090{% endraw %}'
+ access: proxy
+ isDefault: true
+ editable: false
+ jsonData:
+ timeInterval: 30s
+ alertmanagerUid: alertmanager
- name: Loki
type: loki
+ uid: loki
access: proxy
url: http://loki-gateway
version: 1
editable: false
+ jsonData:
+ alertmanagerUid: alertmanager
serviceMonitor:
relabelings: *relabelings_instance_to_pod_name
nodeSelector: *node_selector