infrastructure/k8s.tjo.cloud/modules/cluster-core/monitoring.tf

resource "kubernetes_namespace" "monitoring-system" {
  metadata {
    name = "monitoring-system"
    labels = {
      "pod-security.kubernetes.io/enforce" = "privileged"
    }
  }
}

resource "kubernetes_manifest" "prometheus-pod-monitors" {
  manifest = yamldecode(file("${path.module}/manifests/crd-podmonitors.yaml"))
}

resource "kubernetes_manifest" "prometheus-service-monitors" {
  manifest = yamldecode(file("${path.module}/manifests/crd-servicemonitors.yaml"))
}

resource "helm_release" "kube-state-metrics" {
  depends_on = [kubernetes_manifest.prometheus-pod-monitors, kubernetes_manifest.prometheus-service-monitors]

  name            = "kube-state-metrics"
  chart           = "kube-state-metrics"
  repository      = "https://prometheus-community.github.io/helm-charts"
  version         = "5.24.0"
  namespace       = kubernetes_namespace.monitoring-system.metadata[0].name
  atomic          = true
  cleanup_on_fail = true

  values = [<<-EOF
    nodeSelector:
      node-role.kubernetes.io/control-plane: ""
    tolerations:
      - key: "node-role.kubernetes.io/control-plane"
        effect: NoSchedule
    updateStrategy: Recreate
    prometheusScrape: false
    prometheus:
      monitor:
        enabled: true
        http:
          honorLabels: true
    EOF
  ]
}

resource "helm_release" "monitoring" {
  depends_on = [kubernetes_manifest.prometheus-pod-monitors, kubernetes_manifest.prometheus-service-monitors]

  name            = "monitoring"
  chart           = "k8s-monitoring"
  repository      = "https://grafana.github.io/helm-charts"
  version         = "2.0.0-rc.11"
  namespace       = kubernetes_namespace.monitoring-system.metadata[0].name
  atomic          = true
  cleanup_on_fail = true

  values = [<<-EOF
    cluster:
      name: "${var.cluster_name}"

    clusterMetrics:
      enabled: true

    clusterEvents:
      enabled: true

    podLogs:
      enabled: true

    prometheusOperatorObjects:
      enabled: true

    annotationAutodiscovery:
      enabled: true

    alloy-logs:
      enabled: true
    alloy-metrics:
      enabled: true
    alloy-singleton:
      enabled: true

    destinations:
      - name: monitor-tjo-cloud
        type: otlp
        url: "grpc.otel.monitor.tjo.cloud:443"
        auth:
          type: oauth2
          oauth2:
            tokenURL: "https://id.tjo.space/application/o/token/"
            clientId: "Vlw69HXoTJn1xMQaDX71ymGuLVoD9d2WxscGhksh"
            clientSecretFile: "/var/run/secrets/kubernetes.io/serviceaccount/token"
            endpointParams:
              grant_type:
                - "client_credentials"
              client_assertion_type:
                - "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
        logs:
          enabled: true
        metrics:
          enabled: true
        traces:
          enabled: false
    EOF
  ]
}
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`resource "kubernetes_namespace" "monitoring-system" {`
			`metadata {`
			`name = "monitoring-system"`
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`labels = {`
			`"pod-security.kubernetes.io/enforce" = "privileged"`
			`}`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`}`
			`}`

			`resource "kubernetes_manifest" "prometheus-pod-monitors" {`
feat: monitoring fixes 2024-07-27 09:31:15 +00:00			`manifest = yamldecode(file("${path.module}/manifests/crd-podmonitors.yaml"))`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`}`

			`resource "kubernetes_manifest" "prometheus-service-monitors" {`
feat: monitoring fixes 2024-07-27 09:31:15 +00:00			`manifest = yamldecode(file("${path.module}/manifests/crd-servicemonitors.yaml"))`
			`}`

			`resource "helm_release" "kube-state-metrics" {`
			`depends_on = [kubernetes_manifest.prometheus-pod-monitors, kubernetes_manifest.prometheus-service-monitors]`

			`name = "kube-state-metrics"`
			`chart = "kube-state-metrics"`
			`repository = "https://prometheus-community.github.io/helm-charts"`
			`version = "5.24.0"`
			`namespace = kubernetes_namespace.monitoring-system.metadata[0].name`
			`atomic = true`
			`cleanup_on_fail = true`

			`values = [<<-EOF`
			`nodeSelector:`
			`node-role.kubernetes.io/control-plane: ""`
			`tolerations:`
			`- key: "node-role.kubernetes.io/control-plane"`
feat: monitoring fixes 2024-07-27 14:08:21 +00:00			`effect: NoSchedule`
			`updateStrategy: Recreate`
			`prometheusScrape: false`
feat: monitoring fixes 2024-07-27 09:31:15 +00:00			`prometheus:`
			`monitor:`
			`enabled: true`
			`http:`
			`honorLabels: true`
			`EOF`
			`]`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`}`

feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`resource "helm_release" "monitoring" {`
feat: monitoring fixes 2024-07-27 09:31:15 +00:00			`depends_on = [kubernetes_manifest.prometheus-pod-monitors, kubernetes_manifest.prometheus-service-monitors]`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`name = "monitoring"`
			`chart = "k8s-monitoring"`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`repository = "https://grafana.github.io/helm-charts"`
feat: working monitoring 2024-12-23 17:57:13 +00:00			`version = "2.0.0-rc.11"`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`namespace = kubernetes_namespace.monitoring-system.metadata[0].name`
			`atomic = true`
			`cleanup_on_fail = true`

			`values = [<<-EOF`
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`cluster:`
			`name: "${var.cluster_name}"`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00
feat: working k8s 2024-12-22 12:32:22 +00:00			`clusterMetrics:`
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`enabled: true`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00
feat: working k8s 2024-12-22 12:32:22 +00:00			`clusterEvents:`
			`enabled: true`

			`podLogs:`
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`enabled: true`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00
feat: working k8s 2024-12-22 12:32:22 +00:00			`prometheusOperatorObjects:`
			`enabled: true`

			`annotationAutodiscovery:`
			`enabled: true`

			`alloy-logs:`
			`enabled: true`
			`alloy-metrics:`
			`enabled: true`
			`alloy-singleton:`
feat: working basic monitoring 2024-08-07 21:13:58 +00:00			`enabled: true`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00
feat: working k8s 2024-12-22 12:32:22 +00:00			`destinations:`
			`- name: monitor-tjo-cloud`
			`type: otlp`
			`url: "grpc.otel.monitor.tjo.cloud:443"`
			`auth:`
			`type: oauth2`
			`oauth2:`
			`tokenURL: "https://id.tjo.space/application/o/token/"`
feat: working monitoring 2024-12-23 17:57:13 +00:00			`clientId: "Vlw69HXoTJn1xMQaDX71ymGuLVoD9d2WxscGhksh"`
feat: working k8s 2024-12-22 12:32:22 +00:00			`clientSecretFile: "/var/run/secrets/kubernetes.io/serviceaccount/token"`
			`endpointParams:`
			`grant_type:`
			`- "client_credentials"`
			`client_assertion_type:`
			`- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"`
			`logs:`
			`enabled: true`
			`metrics:`
			`enabled: true`
			`traces:`
			`enabled: false`
feat: initial monitoring setup 2024-07-26 21:40:38 +00:00			`EOF`
			`]`
			`}`