fix(infra-monitoring): add tempo

2024-08-07 10:24:23 +02:00 · 2024-08-07 10:24:23 +02:00 · d8f8677531
commit d8f8677531
parent 36d8643ca9
19 changed files with 725 additions and 13 deletions
--- a/base/README.adoc
+++ b/base/README.adoc
@ -2,7 +2,7 @@

 = base

-image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0]
+image::https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square[Version: 0.2.1]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 == Maintainers

--- a/docs/modules/components/nav.adoc
+++ b/docs/modules/components/nav.adoc
@ -7,7 +7,9 @@
 ** xref:infra-trivy.adoc[infra-trivy]
 ** xref:mycloud-authentik.adoc[mycloud-authentik]
 ** xref:mycloud-collabora.adoc[mycloud-collabora]
+** xref:mycloud-firefly-iii.adoc[mycloud-firefly-iii]
 ** xref:mycloud-gotosocial.adoc[mycloud-gotosocial]
 ** xref:mycloud-matrix.adoc[mycloud-matrix]
 ** xref:mycloud-nextcloud.adoc[mycloud-nextcloud]
 ** xref:mycloud-services.adoc[mycloud-services]
+** xref:template.adoc[template]
--- a/docs/modules/components/pages/mycloud-firefly-iii.adoc
+++ b/docs/modules/components/pages/mycloud-firefly-iii.adoc
@ -0,0 +1 @@
+../../../../mycloud-firefly-iii/README.adoc
--- a/docs/modules/components/pages/template.adoc
+++ b/docs/modules/components/pages/template.adoc
@ -0,0 +1 @@
+../../../../template/README.adoc
--- a/docs/modules/mycloud/pages/partial-list-components.adoc
+++ b/docs/modules/mycloud/pages/partial-list-components.adoc
@ -1,6 +1,7 @@

 * xref:components:mycloud-authentik.adoc[mycloud-authentik]
 * xref:components:mycloud-collabora.adoc[mycloud-collabora]
+* xref:components:mycloud-firefly-iii.adoc[mycloud-firefly-iii]
 * xref:components:mycloud-gotosocial.adoc[mycloud-gotosocial]
 * xref:components:mycloud-matrix.adoc[mycloud-matrix]
 * xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud]
--- a/infra-ingress/README.adoc
+++ b/infra-ingress/README.adoc
@ -61,6 +61,36 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `{}`
 | labels on Pod- and Service-Monitor
 |===
+
+.Values Commons Tracing
+|===
+| Key | Type | Default | Description
+
+| commons.tracing.enabled
+| bool
+| `false`
+| enable tracing on all components
+
+| commons.tracing.grpc.enabled
+| bool
+| `true`
+| prefer grpc over http
+
+| commons.tracing.grpc.endpoint
+| string
+| `"tempo.monitoring.svc:4317"`
+| grpc endpoint
+
+| commons.tracing.grpc.insecure
+| bool
+| `true`
+| allow insecure connection per grpc
+
+| commons.tracing.http.endpoint
+| string
+| `"http://tempo.monitoring.svc:4318/v1/traces"`
+| http endpoint
+|===
 .Values Other Values
 |===
 | Key | Type | Default | Description
@ -75,6 +105,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `true`
 |

+| hostNetwork
+| bool
+| `true`
+|
+
 | init.namespace
 | string
 | `"bases"`
--- a/infra-monitoring/README.adoc
+++ b/infra-monitoring/README.adoc
@ -62,8 +62,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

@ -240,6 +240,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `nil`
 | generated from commons.masterPassword

+| grafana.auth.enabled
+| bool
+| `false`
+|
+
 | grafana.dashboards.annotations."grafana.mon.local/dashboard-folder"
 | string
 | `"Kubernetes"`
@ -290,6 +295,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `true`
 |

+| karma.filters.default[0]
+| string
+| `"@state=active"`
+|
+
 | karma.ingress.annotations
 | object
 | `{}`
@ -315,6 +325,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `true`
 |

+| prometheus.exporter.blackbox.hostNetwork
+| bool
+| `false`
+|
+
 | prometheus.exporter.blackbox.ingress.annotations
 | object
 | `{}`
@ -344,6 +359,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | string
 | `""`
 |
+
+| tempo.enabled
+| bool
+| `false`
+|
 |===

 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/infra-monitoring/templates/kube-prometheus-stack/release.yaml
+++ b/infra-monitoring/templates/kube-prometheus-stack/release.yaml
@ -53,6 +53,13 @@ spec:
        {{- if .Values.prometheus.ingress.enabled }}
        externalUrl: "https://{{ $hostPrometheus }}"
        {{- end }}
+        {{- if .Values.tempo.enabled }}
+        enableRemoteWriteReceiver: true
+        tracingConfig:
+          clientType: grpc
+          endpoint: "tempo.{{ .Release.Namespace }}:4317"
+          insecure: true
+        {{- end }}
        podMonitorSelector:
          matchLabels:
            prometheus: "default"
@ -179,6 +186,14 @@ spec:
          enabled: true
        {{- end }}

+        {{- if .Values.tempo.enabled }}
+        plugin.plugin_id:
+          tracing: true
+        tracing.opentelemetry.otlp:
+          address: tempo.{{ .Release.Namespace }}:4317
+          propagation: "w3c"
+        {{- end }}
+
      {{- if and .Values.commons.auth.enabled (eq .Values.commons.auth.type "authentik") }}
        auth.generic_oauth:
          name: authentik
@ -215,6 +230,12 @@ spec:
          {{- end }}
        datasources:
          searchNamespace: ALL
+
+      serviceMonitor:
+        enabled: true
+        labels:
+          prometheus: default
+
      {{- with .Values.grafana.ingress }}
      {{- if .enabled }}
      {{- $hostGrafana := .host | default (printf "grafana.%s" $.Values.commons.ingress.domain) }}
--- a/infra-monitoring/templates/tempo/configmap_datasource.yaml
+++ b/infra-monitoring/templates/tempo/configmap_datasource.yaml
@ -0,0 +1,30 @@
+{{- if .Values.tempo.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tempo-grafana-datasource
+  labels:
+    grafana_datasource: "1"
+data:
+  datasource.yaml: |-
+    apiVersion: 1
+    datasources:
+      - uid: "tempo"
+        name: "Tempo"
+        type: tempo
+        url: "http://tempo.{{ .Release.Namespace }}:3100/"
+        jsonData:
+          serviceMap:
+            datasourceUid: 'prometheus'
+          nodeGraph:
+            enabled: true
+          tracesToMetrics:
+            datasourceUid: 'prometheus'
+            spanStartTimeShift: '1h'
+            spanEndTimeShift: '-1h'
+            tags: [{ key: 'service.name', value: 'service' }, { key: 'job' }]
+            queries:
+              - name: 'Sample query'
+                query: 'sum(rate(traces_spanmetrics_latency_bucket{$$__tags}[5m]))'
+{{- end }}
--- a/infra-monitoring/templates/tempo/release.yaml
+++ b/infra-monitoring/templates/tempo/release.yaml
@ -0,0 +1,34 @@
+{{- if .Values.tempo.enabled }}
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tempo
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: "grafana"
+      chart: "tempo"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  values:
+    serviceMonitor:
+      enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
+      additionalLabels:
+        {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 8 }}
+
+    tempo:
+      reportingEnabled: false
+      metricsGenerator:
+        enabled: true
+        remoteWriteUrl: "http://kube-prometheus-stack-prometheus.{{ .Release.Namespace }}:9090/api/v1/write"
+{{- end }}
--- a/infra-monitoring/templates/tempo/repo.yaml
+++ b/infra-monitoring/templates/tempo/repo.yaml
@ -0,0 +1,11 @@
+{{- if .Values.tempo.enabled }}
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: grafana
+spec:
+  url: oci://ghcr.io/grafana/helm-charts
+  type: oci
+  interval: 10m
+{{- end }}
--- a/infra-monitoring/values.yaml
+++ b/infra-monitoring/values.yaml
@ -206,3 +206,6 @@ karma:
      - '@state=active'

  additionalAlertmanager:
+
+tempo:
+  enabled: false
--- a/mycloud-authentik/README.adoc
+++ b/mycloud-authentik/README.adoc
@ -62,8 +62,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

--- a/mycloud-collabora/README.adoc
+++ b/mycloud-collabora/README.adoc
@ -87,8 +87,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

--- a/mycloud-firefly-iii/README.adoc
+++ b/mycloud-firefly-iii/README.adoc
@ -0,0 +1,229 @@
+
+
+= mycloud-firefly-iii
+
+image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
+image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
+== Maintainers
+
+.Maintainers
+|===
+| Name | Email | Url
+
+| WrenIX
+|
+| <https://wrenix.eu>
+|===
+
+== Values
+
+.Values Commons
+|===
+| Key | Type | Default | Description
+
+| commons.auth.host
+| string
+| `nil`
+| default auth.(.Values.commons.ingress.domain)
+
+| commons.masterPassword
+| string
+| `"CHANGEME"`
+| masterPassword to generate secrets
+|===
+
+.Values Commons helm release
+|===
+| Key | Type | Default | Description
+
+| commons.helm.release.driftDetection
+| object
+| `{}`
+| driftDetection of FluxCD HelmRelease
+
+| commons.helm.release.install
+| object
+| `{}`
+| install of FluxCD HelmRelease
+
+| commons.helm.release.test
+| object
+| `{}`
+| test of FluxCD HelmRelease
+
+| commons.helm.release.upgrade
+| object
+| `{}`
+| upgrade of FluxCD HelmRelease
+|===
+
+.Values Commons Ingress
+|===
+| Key | Type | Default | Description
+
+| commons.ingress.annotations
+| object
+| `{"cert-manager.io/cluster-issuer":"letsencrypt-prod"}`
+| annotations for all ingress objects
+
+| commons.ingress.domain
+| string
+| `"wrenix.eu"`
+| top domain for all services
+
+| commons.ingress.tls.enabled
+| bool
+| `true`
+| tls on every ingress
+
+| commons.ingress.tls.override
+| list
+| `[]`
+| use own definition of tls (e.g. for own or wildcard certificate)
+|===
+
+.Values Commons mail
+|===
+| Key | Type | Default | Description
+
+| commons.mail.from
+| string
+| `nil`
+| send from address
+
+| commons.mail.host
+| string
+| `nil`
+| smtp server
+
+| commons.mail.password
+| string
+| `nil`
+| smtp password
+
+| commons.mail.use_ssl
+| bool
+| `false`
+| smtp server use ssl
+
+| commons.mail.use_tls
+| bool
+| `false`
+| smtp server use start tls
+
+| commons.mail.username
+| string
+| `nil`
+| smtp username
+|===
+
+.Values Commons Persistence
+|===
+| Key | Type | Default | Description
+
+| commons.persistence.hostPath.enabled
+| bool
+| `false`
+| use hostPath instatt of PVC
+
+| commons.persistence.hostPath.prefix
+| string
+| `"/var/lib/mycloud"`
+| use hostPath under the following path
+
+| commons.persistence.storageClass
+| string
+| `nil`
+| storageClass of PVC
+|===
+
+.Values Commons theme
+|===
+| Key | Type | Default | Description
+
+| commons.theme.favicon
+| string
+| `"/static/dist/assets/icons/icon.png"`
+| favicon everywhere
+
+| commons.theme.logo
+| string
+| `"/static/dist/assets/icons/icon_left_brand.svg"`
+| logo everywhere
+
+| commons.theme.title
+| string
+| `"myCloud"`
+| title everywhere
+|===
+.Values Other Values
+|===
+| Key | Type | Default | Description
+
+| commons.auth.authentik.backend
+| string
+| `"mycloud-authentik-hr-server"`
+|
+
+| database.host
+| string
+| `"mycloud-services-postgresql"`
+| default is from mysql-services
+
+| database.name
+| string
+| `"firefly"`
+|
+
+| database.password
+| string
+| `nil`
+| generated by .Values.commons.masterPassword (equal to mycloud-services)
+
+| database.username
+| string
+| `"firefly"`
+|
+
+| ingress.annotations
+| object
+| `{}`
+|
+
+| ingress.host
+| string
+| `nil`
+| default: social.(Values.commons.ingress.domain)
+
+| init.namespace
+| string
+| `"bases"`
+|
+
+| init.version
+| int
+| `0`
+|
+
+| mail.from
+| string
+| `nil`
+| generade by Values.commons.mail.from
+
+| mail.host
+| string
+| `nil`
+| default Values.commons.mail.host
+
+| persistence.size
+| string
+| `"16Gi"`
+|
+
+| persistence.storageClass
+| string
+| `nil`
+|
+|===
+
+Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/mycloud-gotosocial/README.adoc
+++ b/mycloud-gotosocial/README.adoc
@ -77,8 +77,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

@ -171,6 +171,36 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `"myCloud"`
 | title everywhere
 |===
+
+.Values Commons Tracing
+|===
+| Key | Type | Default | Description
+
+| commons.tracing.enabled
+| bool
+| `false`
+| enable tracing on all components
+
+| commons.tracing.grpc.enabled
+| bool
+| `true`
+| prefer grpc over http
+
+| commons.tracing.grpc.endpoint
+| string
+| `"tempo.monitoring.svc:4317"`
+| grpc endpoint
+
+| commons.tracing.grpc.insecure
+| bool
+| `true`
+| allow insecure connection per grpc
+
+| commons.tracing.http.endpoint
+| string
+| `"http://tempo.monitoring.svc:4318/v1/traces"`
+| http endpoint
+|===
 .Values Other Values
 |===
 | Key | Type | Default | Description
--- a/mycloud-matrix/README.adoc
+++ b/mycloud-matrix/README.adoc
@ -102,8 +102,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

@ -181,6 +181,36 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `"myCloud"`
 | title everywhere
 |===
+
+.Values Commons Tracing
+|===
+| Key | Type | Default | Description
+
+| commons.tracing.enabled
+| bool
+| `false`
+| enable tracing on all components
+
+| commons.tracing.grpc.enabled
+| bool
+| `true`
+| prefer grpc over http
+
+| commons.tracing.grpc.endpoint
+| string
+| `"tempo.monitoring.svc:4317"`
+| grpc endpoint
+
+| commons.tracing.grpc.insecure
+| bool
+| `true`
+| allow insecure connection per grpc
+
+| commons.tracing.http.endpoint
+| string
+| `"http://tempo.monitoring.svc:4318/v1/traces"`
+| http endpoint
+|===
 .Values Other Values
 |===
 | Key | Type | Default | Description
--- a/mycloud-nextcloud/README.adoc
+++ b/mycloud-nextcloud/README.adoc
@ -77,8 +77,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | tls on every ingress

 | commons.ingress.tls.override
-| string
-| `nil`
+| list
+| `[]`
 | use own definition of tls (e.g. for own or wildcard certificate)
 |===

@ -275,6 +275,16 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `"nextcloud"`
 |

+| default.language
+| string
+| `"en"`
+|
+
+| default.phoneRegion
+| string
+| `"GB"`
+|
+
 | ingress.annotations
 | string
 | `nil`
@ -295,6 +305,16 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
 | `0`
 |

+| limits.memory
+| string
+| `"512M"`
+|
+
+| limits.upload
+| string
+| `"2G"`
+|
+
 | mail.authtype
 | string
 | `"PLAIN"`
--- a/template/README.adoc
+++ b/template/README.adoc
@ -0,0 +1,244 @@
+
+
+= <template>
+
+image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
+image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
+== Maintainers
+
+.Maintainers
+|===
+| Name | Email | Url
+
+| WrenIX
+|
+| <https://wrenix.eu>
+|===
+
+== Values
+
+.Values Commons
+|===
+| Key | Type | Default | Description
+
+| commons.auth.host
+| string
+| `nil`
+| default auth.(.Values.commons.ingress.domain)
+
+| commons.masterPassword
+| string
+| `"CHANGEME"`
+| masterPassword to generate secrets
+|===
+
+.Values Commons helm release
+|===
+| Key | Type | Default | Description
+
+| commons.helm.release.driftDetection
+| object
+| `{}`
+| driftDetection of FluxCD HelmRelease
+
+| commons.helm.release.install
+| object
+| `{}`
+| install of FluxCD HelmRelease
+
+| commons.helm.release.test
+| object
+| `{}`
+| test of FluxCD HelmRelease
+
+| commons.helm.release.upgrade
+| object
+| `{}`
+| upgrade of FluxCD HelmRelease
+|===
+
+.Values Commons Ingress
+|===
+| Key | Type | Default | Description
+
+| commons.ingress.annotations
+| object
+| `{"cert-manager.io/cluster-issuer":"letsencrypt-prod"}`
+| annotations for all ingress objects
+
+| commons.ingress.domain
+| string
+| `"wrenix.eu"`
+| top domain for all services
+
+| commons.ingress.tls.enabled
+| bool
+| `true`
+| tls on every ingress
+
+| commons.ingress.tls.override
+| list
+| `[]`
+| use own definition of tls (e.g. for own or wildcard certificate)
+|===
+
+.Values Commons mail
+|===
+| Key | Type | Default | Description
+
+| commons.mail.from
+| string
+| `nil`
+| send from address
+
+| commons.mail.host
+| string
+| `nil`
+| smtp server
+
+| commons.mail.password
+| string
+| `nil`
+| smtp password
+
+| commons.mail.use_ssl
+| bool
+| `false`
+| smtp server use ssl
+
+| commons.mail.use_tls
+| bool
+| `false`
+| smtp server use start tls
+
+| commons.mail.username
+| string
+| `nil`
+| smtp username
+|===
+
+.Values Commons Persistence
+|===
+| Key | Type | Default | Description
+
+| commons.persistence.hostPath.enabled
+| bool
+| `false`
+| use hostPath instatt of PVC
+
+| commons.persistence.hostPath.prefix
+| string
+| `"/var/lib/mycloud"`
+| use hostPath under the following path
+
+| commons.persistence.storageClass
+| string
+| `nil`
+| storageClass of PVC
+|===
+
+.Values Commons Monitoring
+|===
+| Key | Type | Default | Description
+
+| commons.prometheus.monitor.labels
+| object
+| `{}`
+| labels on Pod- and Service-Monitor
+
+| commons.prometheus.rules.labels
+| object
+| `{}`
+| labels on PrometheusRules
+|===
+
+.Values Commons theme
+|===
+| Key | Type | Default | Description
+
+| commons.theme.favicon
+| string
+| `"/static/dist/assets/icons/icon.png"`
+| favicon everywhere
+
+| commons.theme.logo
+| string
+| `"/static/dist/assets/icons/icon_left_brand.svg"`
+| logo everywhere
+
+| commons.theme.title
+| string
+| `"myCloud"`
+| title everywhere
+|===
+
+.Values Commons Tracing
+|===
+| Key | Type | Default | Description
+
+| commons.tracing.enabled
+| bool
+| `false`
+| enable tracing on all components
+
+| commons.tracing.grpc.enabled
+| bool
+| `true`
+| prefer grpc over http
+
+| commons.tracing.grpc.endpoint
+| string
+| `"tempo.monitoring.svc:4317"`
+| grpc endpoint
+
+| commons.tracing.grpc.insecure
+| bool
+| `true`
+| allow insecure connection per grpc
+
+| commons.tracing.http.endpoint
+| string
+| `"http://tempo.monitoring.svc:4318/v1/traces"`
+| http endpoint
+|===
+.Values Other Values
+|===
+| Key | Type | Default | Description
+
+| commons.auth.authentik.backend
+| string
+| `"authentik-server"`
+|
+
+| commons.auth.authentik.domain
+| string
+| `""`
+|
+
+| commons.auth.enabled
+| bool
+| `false`
+|
+
+| commons.auth.namespace
+| string
+| `""`
+|
+
+| commons.auth.type
+| string
+| `"authentik"`
+|
+
+| init.namespace
+| string
+| `"bases"`
+|
+
+| init.version
+| int
+| `0`
+|
+|===
+
+Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]