fix(grafana): fix circular dependency between grafana <-> cockroachdb…

…_managed
rivet-gg · May 5, 2024 · 024bf73 · 024bf73
1 parent 3769c26
commit 024bf73
Show file tree

Hide file tree

Showing 21 changed files with 202 additions and 149 deletions.
diff --git a/infra/tf/cockroachdb_managed/main.tf b/infra/tf/cockroachdb_managed/main.tf
@@ -54,7 +54,10 @@ data "cockroach_cluster_cert" "main" {
 }
 
 resource "kubernetes_config_map" "crdb_ca" {
-	for_each = toset(["rivet-service", "bolt"])
+	for_each = toset(flatten([
+		["rivet-service", "bolt"],
+		var.prometheus_enabled ? ["grafana"] : []
+	]))
 
 	metadata {
 		name = "crdb-ca"

diff --git a/infra/tf/cockroachdb_managed/vars.tf b/infra/tf/cockroachdb_managed/vars.tf
@@ -17,3 +17,7 @@ variable "cockroachdb_request_unit_limit" {
 variable "cockroachdb_storage_limit" {
 	type = string
 }
+
+variable "prometheus_enabled" {
+	type = bool
+}
diff --git a/infra/tf/grafana/grafana.tf b/infra/tf/grafana/grafana.tf
@@ -0,0 +1,141 @@
+locals {
+	service_grafana = lookup(var.services, "grafana", {
+		count = 1
+		resources = {
+			cpu = 500
+			memory = 512
+		}
+	})
+
+	grafana_dashboards = {
+		for f in fileset("${path.module}/grafana_dashboards/", "*.json"):
+		"${trimsuffix(f, ".json")}" => {
+			body = file("${path.module}/grafana_dashboards/${f}")
+		}
+	}
+
+	crdb_host = "${try(data.terraform_remote_state.cockroachdb_k8s.outputs.host, data.terraform_remote_state.cockroachdb_managed.outputs.host)}:${try(data.terraform_remote_state.cockroachdb_k8s.outputs.port, data.terraform_remote_state.cockroachdb_managed.outputs.port)}"
+}
+
+module "crdb_user_grafana_secrets" {
+	source = "../modules/secrets"
+
+	keys = [ "crdb/user/grafana/username", "crdb/user/grafana/password" ]
+}
+
+resource "helm_release" "grafana" {
+	name = "grafana"
+	namespace = "grafana"
+	repository = "https://grafana.github.io/helm-charts"
+	chart = "grafana"
+	version = "7.3.9"
+	values = [yamlencode({
+		"grafana.ini" = {
+			auth = {
+				disable_login_form = true
+			}
+			"auth.anonymous" = {
+				enabled = true
+				org_role = "Admin"
+			}
+		}	
+
+		resources = var.limit_resources ? {
+			limits = {
+				memory = "${local.service_grafana.resources.memory}Mi"
+				cpu = "${local.service_grafana.resources.cpu}m"
+			}
+		} : null
+
+		datasources = {
+			"datasources.yaml" = {
+				apiVersion = 1
+
+				datasources = [
+					{
+						name = "Prometheus"
+						type = "prometheus"
+						uid = "prometheus"
+						url = "http://prometheus-kube-prometheus-prometheus.prometheus:9090/"
+						access = "proxy"
+						isDefault = true
+						jsonData = {
+							httpMethod = "POST"
+							# prometheus.prometheusSpec.scrapeInterval
+							timeInterval = "30s"
+						}
+					},
+					{
+						name = "Loki"
+						type = "loki"
+						uid = "loki"
+						url = "http://loki-gateway.loki.svc.cluster.local:80/"
+						access = "proxy"
+						jsonData = {}
+					},
+					{
+						name = "CockroachDB"
+						type = "postgres"
+						uid = "crdb"
+						url = local.crdb_host
+						user = module.crdb_user_grafana_secrets.values["crdb/user/grafana/username"]
+						secureJsonData = {
+							password = module.crdb_user_grafana_secrets.values["crdb/user/grafana/password"]
+						}
+						jsonData = {
+							sslmode = "verify-ca"
+							sslRootCertFile = "/local/crdb/ca.crt"
+						}
+						secret = true
+					}
+				]
+			}
+		}
+
+		extraConfigmapMounts = [
+			# TLS Cert for postgres datasource
+			{
+				name = "crdb-ca"
+				configMap = "crdb-ca"
+				mountPath = "/local/crdb/ca.crt"
+				subPath = "ca.crt"
+				readOnly = true
+			}
+		]
+
+		sidecar = {
+			dashboards = {
+				enabled = true
+			}
+		}
+
+		serviceMonitor = {
+			enabled = true
+			path = "/metrics"
+			labels = {}
+
+			interval = ""
+			scheme = "http"
+			tlsConfig = {}
+			scrapeTimeout = "15s"
+
+			relabelings = []
+		}
+	})]
+}
+
+resource "kubernetes_config_map" "grafana_dashboard" {
+	for_each = local.grafana_dashboards
+
+	metadata {
+		namespace = "grafana"
+		name = "grafana-rivet-${each.key}"
+		labels = {
+			grafana_dashboard = "1"
+		}
+	}
+
+	data = {
+		"${each.key}.json" = each.value.body
+	}
+}
diff --git a/...f/k8s_infra/grafana_dashboards/cache.json → .../tf/grafana/grafana_dashboards/cache.json b/...f/k8s_infra/grafana_dashboards/cache.json → .../tf/grafana/grafana_dashboards/cache.json
diff --git a/...s_infra/grafana_dashboards/chirp-api.json → ...grafana/grafana_dashboards/chirp-api.json b/...s_infra/grafana_dashboards/chirp-api.json → ...grafana/grafana_dashboards/chirp-api.json
diff --git a/...a/grafana_dashboards/chirp-operation.json → ...a/grafana_dashboards/chirp-operation.json b/...a/grafana_dashboards/chirp-operation.json → ...a/grafana_dashboards/chirp-operation.json
diff --git a/.../grafana_dashboards/chirp-perf-spans.json → .../grafana_dashboards/chirp-perf-spans.json b/.../grafana_dashboards/chirp-perf-spans.json → .../grafana_dashboards/chirp-perf-spans.json
diff --git a/...fra/grafana_dashboards/chirp-service.json → ...ana/grafana_dashboards/chirp-service.json b/...fra/grafana_dashboards/chirp-service.json → ...ana/grafana_dashboards/chirp-service.json
diff --git a/...rafana_dashboards/node-exporter-full.json → ...rafana_dashboards/node-exporter-full.json b/...rafana_dashboards/node-exporter-full.json → ...rafana_dashboards/node-exporter-full.json
diff --git a/...na_dashboards/node-exporter-multiple.json → ...na_dashboards/node-exporter-multiple.json b/...na_dashboards/node-exporter-multiple.json → ...na_dashboards/node-exporter-multiple.json
diff --git a/...nfra/grafana_dashboards/provisioning.json → ...fana/grafana_dashboards/provisioning.json b/...nfra/grafana_dashboards/provisioning.json → ...fana/grafana_dashboards/provisioning.json
diff --git a/...fana_dashboards/resource-allocations.json → ...fana_dashboards/resource-allocations.json b/...fana_dashboards/resource-allocations.json → ...fana_dashboards/resource-allocations.json
diff --git a/..._infra/grafana_dashboards/rivet-logs.json → ...rafana/grafana_dashboards/rivet-logs.json b/..._infra/grafana_dashboards/rivet-logs.json → ...rafana/grafana_dashboards/rivet-logs.json
diff --git a/...s_infra/grafana_dashboards/rivet-sql.json → ...grafana/grafana_dashboards/rivet-sql.json b/...s_infra/grafana_dashboards/rivet-sql.json → ...grafana/grafana_dashboards/rivet-sql.json
diff --git a/.../grafana_dashboards/traefik-services.json → .../grafana_dashboards/traefik-services.json b/.../grafana_dashboards/traefik-services.json → .../grafana_dashboards/traefik-services.json
diff --git a/infra/tf/grafana/providers.tf b/infra/tf/grafana/providers.tf
@@ -0,0 +1,10 @@
+provider "kubernetes" {
+	config_path = var.kubeconfig_path
+}
+
+provider "helm" {
+	kubernetes {
+		config_path = var.kubeconfig_path
+	}
+}
+
diff --git a/infra/tf/grafana/vars.tf b/infra/tf/grafana/vars.tf
@@ -0,0 +1,23 @@
+variable "namespace" {
+	type = string
+}
+
+# MARK: Services
+variable "services" {
+	type = map(object({
+		count = number
+		resources = object({
+			cpu = number
+			memory = number
+		})
+	}))
+}
+
+# MARK: K8s
+variable "kubeconfig_path" {
+	type = string
+}
+
+variable "limit_resources" {
+	type = bool
+}
diff --git a/infra/tf/k8s_infra/grafana.tf b/infra/tf/k8s_infra/grafana.tf
@@ -1,20 +1,3 @@
-locals {
-	service_grafana = lookup(var.services, "grafana", {
-		count = 1
-		resources = {
-			cpu = 500
-			memory = 512
-		}
-	})
-
-	grafana_dashboards = {
-		for f in fileset("${path.module}/grafana_dashboards/", "*.json"):
-		"${trimsuffix(f, ".json")}" => {
-			body = file("${path.module}/grafana_dashboards/${f}")
-		}
-	}
-}
-
 resource "kubernetes_namespace" "grafana" {
 	count = var.prometheus_enabled ? 1 : 0
 
@@ -23,122 +6,3 @@ resource "kubernetes_namespace" "grafana" {
 	}
 }
 
-resource "helm_release" "grafana" {
-	count = var.prometheus_enabled ? 1 : 0
-	depends_on = [helm_release.vpa]
-
-	name = "grafana"
-	namespace = kubernetes_namespace.grafana.0.metadata.0.name
-	repository = "https://grafana.github.io/helm-charts"
-	chart = "grafana"
-	version = "7.3.9"
-	values = [yamlencode({
-		"grafana.ini" = {
-			auth = {
-				disable_login_form = true
-			}
-			"auth.anonymous" = {
-				enabled = true
-				org_role = "Admin"
-			}
-		}	
-
-		resources = var.limit_resources ? {
-			limits = {
-				memory = "${local.service_grafana.resources.memory}Mi"
-				cpu = "${local.service_grafana.resources.cpu}m"
-			}
-		} : null
-
-		datasources = {
-			"datasources.yaml" = {
-				apiVersion = 1
-
-				datasources = [
-					{
-						name = "Prometheus"
-						type = "prometheus"
-						uid = "prometheus"
-						url = "http://prometheus-kube-prometheus-prometheus.prometheus:9090/"
-						access = "proxy"
-						isDefault = true
-						jsonData = {
-							httpMethod = "POST"
-							# prometheus.prometheusSpec.scrapeInterval
-							timeInterval = "30s"
-						}
-					},
-					{
-						name = "Loki"
-						type = "loki"
-						uid = "loki"
-						url = "http://loki-gateway.loki.svc.cluster.local:80/"
-						access = "proxy"
-						jsonData = {}
-					},
-					{
-						name = "CockroachDB"
-						type = "postgres"
-						uid = "crdb"
-						url = local.crdb_host
-						user = module.crdb_user_grafana_secrets.values["crdb/user/grafana/username"]
-						secureJsonData = {
-							password = module.crdb_user_grafana_secrets.values["crdb/user/grafana/password"]
-						}
-						jsonData = {
-							sslmode = "verify-ca"
-							sslRootCertFile = "/local/crdb/ca.crt"
-						}
-						secret = true
-					}
-				]
-			}
-		}
-
-		extraConfigmapMounts = [
-			# TLS Cert for postgres datasource
-			{
-				name = kubernetes_config_map.crdb_ca["grafana"].metadata.0.name
-				configMap = "crdb-ca"
-				mountPath = "/local/crdb/ca.crt"
-				subPath = "ca.crt"
-				readOnly = true
-			}
-		]
-
-		sidecar = {
-			dashboards = {
-				enabled = true
-			}
-		}
-
-		serviceMonitor = {
-			enabled = true
-			path = "/metrics"
-			labels = {}
-
-			interval = ""
-			scheme = "http"
-			tlsConfig = {}
-			scrapeTimeout = "15s"
-
-			relabelings = []
-		}
-	})]
-}
-
-resource "kubernetes_config_map" "grafana_dashboard" {
-	for_each = var.prometheus_enabled ? local.grafana_dashboards : {}
-
-	metadata {
-		namespace = kubernetes_namespace.grafana.0.metadata.0.name
-		name = "grafana-rivet-${each.key}"
-		labels = {
-			grafana_dashboard = "1"
-		}
-	}
-
-	data = {
-		"${each.key}.json" = each.value.body
-	}
-}
diff --git a/infra/tf/k8s_infra/prometheus.tf b/infra/tf/k8s_infra/prometheus.tf
@@ -63,8 +63,6 @@ locals {
 			]
 		}] : []
 	])
-
-	crdb_host = "${try(data.terraform_remote_state.cockroachdb_k8s.outputs.host, data.terraform_remote_state.cockroachdb_managed.outputs.host)}:${try(data.terraform_remote_state.cockroachdb_k8s.outputs.port, data.terraform_remote_state.cockroachdb_managed.outputs.port)}"
 }
 
 module "alertmanager_secrets" {

diff --git a/lib/bolt/core/src/dep/terraform/remote_states.rs b/lib/bolt/core/src/dep/terraform/remote_states.rs
@@ -21,7 +21,6 @@ pub fn dependency_graph(_ctx: &ProjectContext) -> HashMap<&'static str, Vec<Remo
 		],
 		"k8s_infra" => vec![
 			RemoteStateBuilder::default().plan_id("cockroachdb_k8s").build().unwrap(),
-			RemoteStateBuilder::default().plan_id("cockroachdb_managed").build().unwrap(),
 		],
 		"cockroachdb_managed" => vec![
 			RemoteStateBuilder::default().plan_id("k8s_cluster_aws").build().unwrap(),
@@ -35,6 +34,10 @@ pub fn dependency_graph(_ctx: &ProjectContext) -> HashMap<&'static str, Vec<Remo
 		"cloudflare_tunnels" => vec![
 			RemoteStateBuilder::default().plan_id("dns").build().unwrap(),
 		],
+		"grafana" => vec![
+			RemoteStateBuilder::default().plan_id("cockroachdb_k8s").build().unwrap(),
+			RemoteStateBuilder::default().plan_id("cockroachdb_managed").build().unwrap(),
+		],
 	}
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -63,8 +63,6 @@ locals { @@
     			]
     		}] : []
     	])
-    	crdb_host = "${try(data.terraform_remote_state.cockroachdb_k8s.outputs.host, data.terraform_remote_state.cockroachdb_managed.outputs.host)}:${try(data.terraform_remote_state.cockroachdb_k8s.outputs.port, data.terraform_remote_state.cockroachdb_managed.outputs.port)}"
     }
     module "alertmanager_secrets" {
@@ Expand Down @@