Merge pull request #7 from ricsanfre/prometheus

Adding kube Prometheus stack

README.md

@@ -32,6 +32,7 @@ As part of the project the goal is to deploy on the Kuberenets cluster basic ser
         - [SSL certificates centralized management](documentation/certmanager.md). Configure Cert-manager to automatically manage the lifecycle of SSL certificates.
     - [K3S Distributed Storage](documentation/longhorn.md). Installing LongHorn as cluster distributed storage solution for providing Persistent Volumes to pods.
     - [K3S centralized logging monitoring](documentation/logging.md). Installing a centralized log monitoring tool based on EFK stack. Real-time processing of Kuberentes pods and services and homelab servers logs.
+    - [K3S centralized monitoring](documentation/monitoring.md). Installing Kube Prometheus Stack for monitoring Kuberentes cluster
 
 ## Automatic deployment instructions using Ansible
 

ansible/k3s_deploy.yml

@@ -35,6 +35,8 @@
       tags: ['certmanager']
     - role: longhorn
       tags: ['longhorn']
+    - role: prometheus
+      tags: ['monitoring']
     - role: logging/k3s
       tags: ['logging']
 

ansible/roles/longhorn/tasks/main.yml

@@ -15,7 +15,7 @@
   kubernetes.core.helm:
     name: longhorn
     chart_ref: longhorn/longhorn
-    # chart_version: "2.0.7"
+    update_repo_cache: true
     release_namespace: longhorn-system
     state: present
     release_values:

ansible/roles/prometheus/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+# Storage Settings
+prometheus_storage_size: "5Gi"
+prometheus_storage_class: "longhorn"

ansible/roles/prometheus/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+- name: Create prometheus namespace.
+  kubernetes.core.k8s:
+    name: k3s-monitoring
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Add prometheus community chart repo.
+  kubernetes.core.helm_repository:
+    name: prometheus-community
+    repo_url: "https://prometheus-community.github.io/helm-charts"
+
+- name: Deploy prometheus-stack Helm chart.
+  kubernetes.core.helm:
+    name: kube-prometheus-stack
+    chart_ref: prometheus-community/kube-prometheus-stack
+    release_namespace: k3s-monitoring
+    state: present
+    release_values:
+      alertmanager:
+        alertmanagerSpec:
+          storage:
+            volumeClaimTemplate:
+              spec:
+                storageClassName: "{{ prometheus_storage_class }}"
+                accessModes: ["ReadWriteOnce"]
+                resources:
+                  requests:
+                    storage: "{{ prometheus_storage_size }}"
+      prometheus:
+        prometheusSpec:
+          storageSpec:
+            volumeClaimTemplate:
+              spec:
+                storageClassName: "{{ prometheus_storage_class }}"
+                accessModes: ["ReadWriteOnce"]
+                resources:
+                  requests:
+                    storage: "{{ prometheus_storage_size }}"
+
+- name: Create Ingress rule for Prometheus, Alertmanager and Graphana UI
+  kubernetes.core.k8s:
+    definition: "{{ lookup('template', 'templates/' + item ) }}"
+    state: present
+  with_items:
+    - prometheus_ingress.yml
+    - grafana_ingress.yml
+    - alertmanager_ingress.yml

ansible/roles/prometheus/templates/alertmanager_ingress.yml

@@ -0,0 +1,58 @@
+---
+# HTTPS Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alertmanager-ingress
+  namespace: k3s-monitoring
+  annotations:
+    # HTTPS as entry point
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    # Enable TLS
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    # Use Basic Auth Midleware configured
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-basic-auth@kubernetescrd
+    # Enable cert-manager to create automatically the SSL certificate and store in Secret
+    cert-manager.io/cluster-issuer: self-signed-issuer
+    cert-manager.io/common-name: alertmanager
+spec:
+  tls:
+  - hosts:
+    - alertmanager.picluster.ricsanfre.com
+    secretName: prometheus-tls
+  rules:
+  - host: alertmanager.picluster.ricsanfre.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-prometheus-stack-alertmanager
+            port:
+              number: 9093
+
+---
+# http ingress for http->https redirection
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: alertmanager-redirect
+  namespace: k3s-monitoring
+  annotations:
+    # Use redirect Midleware configured
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-redirect@kubernetescrd
+    # HTTP as entrypoint
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: alertmanager.picluster.ricsanfre.com
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: kube-prometheus-stack-alertmanager
+              port:
+                number: 9093

ansible/roles/prometheus/templates/grafana_ingress.yml

@@ -0,0 +1,56 @@
+---
+# HTTPS Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana-ingress
+  namespace: k3s-monitoring
+  annotations:
+    # HTTPS as entry point
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    # Enable TLS
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    # Enable cert-manager to create automatically the SSL certificate and store in Secret
+    cert-manager.io/cluster-issuer: self-signed-issuer
+    cert-manager.io/common-name: grafana
+spec:
+  tls:
+  - hosts:
+    - grafana.picluster.ricsanfre.com
+    secretName: grafana-tls
+  rules:
+  - host: grafana.picluster.ricsanfre.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-prometheus-stack-grafana
+            port:
+              number: 80
+
+---
+# http ingress for http->https redirection
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: grafana-redirect
+  namespace: k3s-monitoring
+  annotations:
+    # Use redirect Midleware configured
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-redirect@kubernetescrd
+    # HTTP as entrypoint
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: grafana.picluster.ricsanfre.com
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: kube-prometheus-stack-grafana
+              port:
+                number: 80

ansible/roles/prometheus/templates/prometheus_ingress.yml

@@ -0,0 +1,58 @@
+---
+# HTTPS Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus-ingress
+  namespace: k3s-monitoring
+  annotations:
+    # HTTPS as entry point
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    # Enable TLS
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    # Use Basic Auth Midleware configured
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-basic-auth@kubernetescrd
+    # Enable cert-manager to create automatically the SSL certificate and store in Secret
+    cert-manager.io/cluster-issuer: self-signed-issuer
+    cert-manager.io/common-name: prometheus
+spec:
+  tls:
+  - hosts:
+    - prometheus.picluster.ricsanfre.com
+    secretName: prometheus-tls
+  rules:
+  - host: prometheus.picluster.ricsanfre.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kube-prometheus-stack-prometheus
+            port:
+              number: 9090
+
+---
+# http ingress for http->https redirection
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: prometheus-redirect
+  namespace: k3s-monitoring
+  annotations:
+    # Use redirect Midleware configured
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-redirect@kubernetescrd
+    # HTTP as entrypoint
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: prometheus.picluster.ricsanfre.com
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: kube-prometheus-stack-prometheus
+              port:
+                number: 9090