grafana and kube-prometheus
This commit is contained in:
parent
9a655ead7f
commit
18726f12c3
|
@ -0,0 +1,6 @@
|
||||||
|
.DS_Store
|
||||||
|
.idea
|
||||||
|
*.log
|
||||||
|
tmp/
|
||||||
|
|
||||||
|
kube-prometheus/
|
80
README.md
80
README.md
|
@ -37,7 +37,9 @@ local-path-storage local-path-provisioner-7577fdbbfb-jj2b7 1/1 Runnin
|
||||||
|
|
||||||
You will want to wait for all pods to become ready (showing `1/1` in the `READY` field) and once complete you will have a cluster running on your computer.
|
You will want to wait for all pods to become ready (showing `1/1` in the `READY` field) and once complete you will have a cluster running on your computer.
|
||||||
|
|
||||||
## Run services
|
## Internal Services
|
||||||
|
|
||||||
|
services that help kubernetes do what it does
|
||||||
|
|
||||||
### Ingress Controller (nginx)
|
### Ingress Controller (nginx)
|
||||||
|
|
||||||
|
@ -54,14 +56,84 @@ kubectl wait --namespace ingress-nginx \
|
||||||
--timeout=300s
|
--timeout=300s
|
||||||
```
|
```
|
||||||
|
|
||||||
Usually you'll want to next install a load balancer, but for a single node cluster this is not required.
|
NOTE: You might run into problems running this on windows without WSL2. I have not tested this.
|
||||||
|
|
||||||
|
### MetalLB - LoadBalancer
|
||||||
|
|
||||||
|
LoadBalancers define L2/L3 networking on the host and services as a whole define the boundary between internal k8s networking and the host's network (potentially out to internet routable ips, depending on configuration)
|
||||||
|
|
||||||
|
https://kind.sigs.k8s.io/docs/user/loadbalancer/
|
||||||
|
|
||||||
|
1. install: `kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml`
|
||||||
|
1. list ips available to docker: `docker network inspect -f '{{.IPAM.Config}}' kind`
|
||||||
|
|
||||||
|
in my case, the `172.18.0.0/16` CIDR is available:
|
||||||
|
|
||||||
|
```
|
||||||
|
[{172.18.0.0/16 172.18.0.1 map[]} {fc00:xxxx:xxxx:xxxx::/64 map[]}]
|
||||||
|
```
|
||||||
|
|
||||||
|
If yours is different, edit the [metallb/ips.yaml](./metallb/ips.yaml) file to reflect a block available to docker
|
||||||
|
|
||||||
|
1. apply ip configuration: `kubectl apply -f metallb/ips.yaml`
|
||||||
|
|
||||||
|
You can tell this works when any LoadBalancer you make gets an `External-IP`
|
||||||
|
|
||||||
|
```
|
||||||
|
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||||
|
service/grafana LoadBalancer 10.96.122.31 172.18.255.200 3000:32105/TCP 5m13s
|
||||||
|
```
|
||||||
|
|
||||||
|
## External Services
|
||||||
|
|
||||||
|
services that are run and exposed to the world
|
||||||
|
|
||||||
### Observability (grafana, prometheus)
|
### Observability (grafana, prometheus)
|
||||||
|
|
||||||
tbd - grafana, prometheus, alertmanager, thanos, servicemonitor, podmonitor
|
#### Grafana
|
||||||
|
|
||||||
|
https://grafana.com/docs/grafana/latest/setup-grafana/installation/kubernetes/
|
||||||
|
|
||||||
|
1. create namespace for deployment `kubectl create ns grafana`
|
||||||
|
1. review what we're creating in the [deployment.yaml](./grafana/deployment.yaml)
|
||||||
|
1. apply configuration `kubectl apply -n grafana -f grafana/deployment.yaml`
|
||||||
|
1. find the external ip that was given to the loadbalancer with `kubectl get service -n grafana`
|
||||||
|
|
||||||
|
```
|
||||||
|
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||||
|
grafana LoadBalancer 10.96.122.31 172.18.255.200 3000:32105/TCP 7m43s
|
||||||
|
```
|
||||||
|
|
||||||
|
Open in a web browser or `curl` the http://<LOADBALANCER_IP>:3000 to check you can access it. Default user/pass is `admin`/`admin`.
|
||||||
|
|
||||||
|
#### kube-prometheus
|
||||||
|
|
||||||
|
This is a pre-built subset of a ton of tools for monitoring of your cluster. It installs it's own grafana and a ton of other tools that can be used to monitor not only the cluster but everything running inside the cluster.
|
||||||
|
|
||||||
|
1. check out the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project: `git clone https://github.com/prometheus-operator/kube-prometheus`
|
||||||
|
1. run setup and install:
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
kubectl apply --server-side -f kube-prometheus/manifests/setup
|
||||||
|
kubectl wait \
|
||||||
|
--for condition=Established \
|
||||||
|
--all CustomResourceDefinition \
|
||||||
|
--namespace=monitoring
|
||||||
|
kubectl apply -f kube-prometheus/manifests/
|
||||||
|
```
|
||||||
|
|
||||||
|
To [access the GUIs](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/access-ui.md), the default configuration does not provide any access outside the cluster and leaves it up to you to decide how you want to access it. For now, you can temporarily expose these outside the cluster with the following:
|
||||||
|
|
||||||
|
- Prometheus: `kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090` exposes http://localhost:9090
|
||||||
|
- Grafana: `kubectl --namespace monitoring port-forward svc/grafana 3000` exposes http://localhost:3000
|
||||||
|
- AlertManager: `kubectl --namespace monitoring port-forward svc/alertmanager-main 9093` exposes http://localhost:9093
|
||||||
|
|
||||||
|
The next step to exposing those services would be to use the `ingress-nginx` installation we installed above to expose the service using an nginx reverse proxy.
|
||||||
|
|
||||||
### Vault (secrets)
|
### Vault (secrets)
|
||||||
|
|
||||||
|
tbd
|
||||||
|
|
||||||
### Forgejo (with redis and postgresql)
|
### Forgejo (with redis and postgresql)
|
||||||
|
|
||||||
tbd - https://artifacthub.io/packages/helm/forgejo-helm/forgejo#single-pod-configurations
|
tbd - https://artifacthub.io/packages/helm/forgejo-helm/forgejo#single-pod-configurations
|
||||||
|
@ -85,4 +157,4 @@ tbd
|
||||||
- Synapse - https://github.com/element-hq/synapse
|
- Synapse - https://github.com/element-hq/synapse
|
||||||
- Vaultwarden - https://github.com/dani-garcia/vaultwarden
|
- Vaultwarden - https://github.com/dani-garcia/vaultwarden
|
||||||
- input - https://getinput.co/
|
- input - https://getinput.co/
|
||||||
- grafana - https://grafana.com/
|
- grafana - https://grafana.com/
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
# https://grafana.com/docs/grafana/latest/setup-grafana/installation/kubernetes/
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: grafana-pvc
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: grafana
|
||||||
|
name: grafana
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: grafana
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: grafana
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 472
|
||||||
|
supplementalGroups:
|
||||||
|
- 0
|
||||||
|
containers:
|
||||||
|
- name: grafana
|
||||||
|
image: grafana/grafana:latest
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- containerPort: 3000
|
||||||
|
name: http-grafana
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /robots.txt
|
||||||
|
port: 3000
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 30
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 2
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: 3000
|
||||||
|
timeoutSeconds: 1
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 250m
|
||||||
|
memory: 750Mi
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/lib/grafana
|
||||||
|
name: grafana-pv
|
||||||
|
volumes:
|
||||||
|
- name: grafana-pv
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: grafana-pvc
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 3000
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: http-grafana
|
||||||
|
selector:
|
||||||
|
app: grafana
|
||||||
|
sessionAffinity: None
|
||||||
|
type: LoadBalancer
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: example
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
- 172.18.255.200-172.18.255.250
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: L2Advertisement
|
||||||
|
metadata:
|
||||||
|
name: empty
|
||||||
|
namespace: metallb-system
|
Loading…
Reference in New Issue