[terraform] Add support for monitoring features

deploy/infrastructure/dependencies/terraform-aws-kubernetes/network_dns.tf

@@ -61,3 +61,14 @@ resource "aws_route53_record" "yugabyte_tserver_hostnames" {
   ttl     = 300
   records = [each.value]
 }
+
+# Public prometheus DNS
+resource "aws_route53_record" "prometheus_hostname" {
+  count = var.prometheus_hostname == "" ? 0 : 1
+
+  zone_id = var.aws_route53_zone_id
+  name    = var.prometheus_hostname
+  type    = "A"
+  ttl     = 300
+  records = [aws_eip.ip_prometheus[count.index].public_ip]
+}

deploy/infrastructure/dependencies/terraform-aws-kubernetes/network_lb.tf

@@ -93,3 +93,13 @@ resource "aws_eip" "ip_yugabyte" {
     ExpectedTServerDNS = format("%s.tserver.%s", count.index, var.db_hostname_suffix)
   }
 }
+
+resource "aws_eip" "ip_prometheus" {
+  domain = "vpc"
+  count  = var.prometheus_hostname == "" ? 0 : 1
+
+  tags = {
+    Name        = format("%s-ip-prometheus", var.cluster_name)
+    ExpectedDNS = var.prometheus_hostname
+  }
+}

deploy/infrastructure/dependencies/terraform-aws-kubernetes/output.tf

@@ -18,6 +18,10 @@ output "ip_gateway" {
   value = aws_eip.gateway[0].id
 }
 
+output "ip_prometheus" {
+  value = length(aws_eip.ip_prometheus) > 0 ? aws_eip.ip_prometheus[0].id : ""
+}
+
 output "crdb_nodes" {
   value = [
     for i in aws_eip.ip_crdb : {
@@ -82,6 +86,16 @@ output "gateway_address" {
   }
 }
 
+output "prometheus_address" {
+  value = length(aws_eip.ip_prometheus) > 0 ? {
+    expected_dns : aws_eip.ip_prometheus[0].tags.ExpectedDNS,
+    address : aws_eip.ip_prometheus[0].public_ip,
+    } : {
+    expected_dns : null,
+    address : null,
+  }
+}
+
 output "workload_subnet" {
   value = data.aws_subnet.main_subnet.id
 }

deploy/infrastructure/dependencies/terraform-aws-kubernetes/variables.gen.tf

@@ -107,6 +107,20 @@ variable "cluster_name" {
   EOT
 }
 
+variable "prometheus_hostname" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+  Domain used to expose prometheus on an external endpoint.
+
+  Leave empty to disable exposition of prometheus publicly.
+
+  Example: `prometheus.dss.example.com`
+
+  EOT
+}
+
+
 variable "kubernetes_version" {
   type        = string
   description = <<-EOT

deploy/infrastructure/dependencies/terraform-commons-dss/helm.tf

@@ -93,7 +93,18 @@ resource "local_file" "helm_chart_values" {
     }
 
     monitoring = {
-      enabled = false
+      enabled = var.enable_monitoring
+      externalService = var.prometheus_hostname != "" ? {
+        enabled  = var.enable_monitoring
+        ip       = var.ip_prometheus
+        subnet   = var.workload_subnet
+        hostname = var.prometheus_hostname
+        } : {
+        enabled  = false
+        ip       = null
+        subnet   = null
+        hostname = null
+      }
     },
 
     prometheus = {
@@ -289,7 +300,18 @@ resource "local_file" "helm_chart_values" {
     }
 
     monitoring = {
-      enabled = false
+      enabled = var.enable_monitoring
+      externalService = var.prometheus_hostname != "" ? {
+        enabled  = var.enable_monitoring
+        ip       = var.ip_prometheus
+        subnet   = var.workload_subnet
+        hostname = var.prometheus_hostname
+        } : {
+        enabled  = false
+        ip       = null
+        subnet   = null
+        hostname = null
+      }
     },
 
     prometheus = {

deploy/infrastructure/dependencies/terraform-commons-dss/tanka.tf

@@ -51,6 +51,8 @@ resource "local_file" "tanka_config_main" {
     VAR_EVICT_RID_TTL                        = var.evict_rid_ttl
     VAR_EVICT_RID_ENABLE_ISAS                = var.evict_rid_isas
     VAR_EVICT_RID_ENABLE_SUBSCRIPTIONS       = var.evict_rid_subscriptions
+    VAR_PROMETHEUS_EXPOSE_EXTERNAL           = var.prometheus_hostname != ""
+    VAR_PROMETHEUS_IP                        = var.ip_prometheus
   })
   filename = "${local.tanka_workspace_location}/main.jsonnet"
 }

deploy/infrastructure/dependencies/terraform-commons-dss/templates/main.jsonnet.tmp

@@ -83,6 +83,8 @@ local metadata = metadataBase {
   },
   prometheus+: {
     storageClass: '${VAR_STORAGE_CLASS}',
+    expose_external: ${VAR_PROMETHEUS_EXPOSE_EXTERNAL},
+    IP: '${VAR_PROMETHEUS_IP}',
   },
   image_pull_secret: '${VAR_DOCKER_IMAGE_PULL_SECRET}',
   cloud_provider: '${VAR_CLOUD_PROVIDER}',

deploy/infrastructure/dependencies/terraform-commons-dss/variables.gen.tf

@@ -64,6 +64,20 @@ variable "cluster_name" {
   EOT
 }
 
+variable "prometheus_hostname" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+  Domain used to expose prometheus on an external endpoint.
+
+  Leave empty to disable exposition of prometheus publicly.
+
+  Example: `prometheus.dss.example.com`
+
+  EOT
+}
+
+
 variable "image" {
   type        = string
   description = <<-EOT
@@ -456,3 +470,14 @@ variable "evict_rid_subscriptions" {
 }
 
 
+variable "enable_monitoring" {
+  type        = bool
+  default     = false
+  description = <<-EOT
+  Set to true to enable monitoring stack with prometheus / grafana.
+
+  Example: `true`
+  EOT
+}
+
+

deploy/infrastructure/dependencies/terraform-commons-dss/variables_internal.tf

@@ -50,6 +50,11 @@ variable "ip_gateway" {
   description = "IP of the gateway used by the DSS service"
 }
 
+variable "ip_prometheus" {
+  type        = string
+  description = "IP of the gateway used by prometheus"
+}
+
 variable "kubernetes_storage_class" {
   type        = string
   description = <<-EOT

deploy/infrastructure/dependencies/terraform-google-kubernetes/cluster.tf

@@ -70,6 +70,17 @@ resource "google_compute_address" "ip_yugabyte" {
   description = format("%s.%%s.%s", count.index, var.db_hostname_suffix)
 }
 
+resource "google_compute_address" "ip_prometheus" {
+
+  count = var.prometheus_hostname == "" ? 0 : 1
+
+  name   = format("%s-ip-prometheus", var.cluster_name)
+  region = local.region
+
+  # Current google terraform provider doesn't allow tags or labels. Description is used to preserve mapping between ips and hostnames.
+  description = var.prometheus_hostname
+}
+
 locals {
   kubectl_cluster_context_name = format("gke_%s_%s_%s", google_container_cluster.kubernetes_cluster.project, google_container_cluster.kubernetes_cluster.location, google_container_cluster.kubernetes_cluster.name)
 }

deploy/infrastructure/dependencies/terraform-google-kubernetes/dns.tf

@@ -44,3 +44,13 @@ resource "google_dns_record_set" "yugabyte_tserver" {
   managed_zone = data.google_dns_managed_zone.default[0].name
   rrdatas      = [google_compute_address.ip_yugabyte[count.index].address]
 }
+
+resource "google_dns_record_set" "prometheus_hostname" {
+  count = var.prometheus_hostname == "" || var.google_dns_managed_zone_name == "" ? 0 : 1
+  name  = "${google_compute_address.ip_prometheus[0].description}." # description contains the expected hostname
+  type  = "A"
+  ttl   = 300
+
+  managed_zone = data.google_dns_managed_zone.default[0].name
+  rrdatas      = [google_compute_address.ip_prometheus[0].address]
+}

deploy/infrastructure/dependencies/terraform-google-kubernetes/output.tf

@@ -67,3 +67,7 @@ output "yugabyte_tservers_nodes" {
     }
   ]
 }
+
+output "ip_prometheus" {
+  value = length(google_compute_address.ip_prometheus) > 0 ? google_compute_address.ip_prometheus[0].address : ""
+}

deploy/infrastructure/dependencies/terraform-google-kubernetes/variables.gen.tf

@@ -96,6 +96,20 @@ variable "cluster_name" {
   EOT
 }
 
+variable "prometheus_hostname" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+  Domain used to expose prometheus on an external endpoint.
+
+  Leave empty to disable exposition of prometheus publicly.
+
+  Example: `prometheus.dss.example.com`
+
+  EOT
+}
+
+
 variable "kubernetes_version" {
   type        = string
   description = <<-EOT

deploy/infrastructure/modules/terraform-aws-dss/TFVARS.gen.md

@@ -157,6 +157,11 @@ Use <code>latest</code> to use the latest schema version.</p>
 Use <code>latest</code> to use the latest schema version.</p>
 <p>Example: <code>3.1.0</code></p>
 <br/>Default value: <code>"latest"</code></td>
+            </tr><tr>
+                <td>enable_monitoring (<code>bool</code>)</td>
+                <td><p>Set to true to enable monitoring stack with prometheus / grafana.</p>
+<p>Example: <code>true</code></p>
+<br/>Default value: <code>false</code></td>
             </tr><tr>
                 <td>enable_scd (<code>bool</code>)</td>
                 <td><p>Set this boolean true to enable ASTM strategic conflict detection functionality</p>
@@ -249,6 +254,12 @@ DSS instances) value is acceptable.</p>
 Currently, only single node or three nodes deployments are supported.</p>
 <p>Example: <code>3</code></p>
 </td>
+            </tr><tr>
+                <td>prometheus_hostname (<code>string</code>)</td>
+                <td><p>Domain used to expose prometheus on an external endpoint.</p>
+<p>Leave empty to disable exposition of prometheus publicly.</p>
+<p>Example: <code>prometheus.dss.example.com</code></p>
+<br/>Default value: <code>""</code></td>
             </tr><tr>
                 <td>should_init (<code>bool</code>)</td>
                 <td><p>Set to false if joining an existing pool, true if creating the first DSS instance

deploy/infrastructure/modules/terraform-aws-dss/main.tf

@@ -10,6 +10,7 @@ module "terraform-aws-kubernetes" {
   aws_iam_permissions_boundary = var.aws_iam_permissions_boundary
   node_count                   = var.node_count
   kubernetes_version           = var.kubernetes_version
+  prometheus_hostname          = var.prometheus_hostname
 
   source = "../../dependencies/terraform-aws-kubernetes"
 }
@@ -56,6 +57,9 @@ module "terraform-commons-dss" {
   evict_rid_ttl                    = var.evict_rid_ttl
   evict_rid_isas                   = var.evict_rid_isas
   evict_rid_subscriptions          = var.evict_rid_subscriptions
+  enable_monitoring                = var.enable_monitoring
+  prometheus_hostname              = var.prometheus_hostname
+  ip_prometheus                    = module.terraform-aws-kubernetes.ip_prometheus
 
   source = "../../dependencies/terraform-commons-dss"
 }

deploy/infrastructure/modules/terraform-aws-dss/terraform.dev.example.tfvars

@@ -39,3 +39,7 @@ yugabyte_region          = "aws-uss-1"
 yugabyte_zone            = "aws-uss-1"
 yugabyte_light_resources = false
 yugabyte_external_nodes  = []
+
+# Monitoring
+enable_monitoring = false
+# prometheus_hostname             = "prometheus.dss.interuss.example.com"

deploy/infrastructure/modules/terraform-aws-dss/variables.gen.tf

@@ -107,6 +107,20 @@ variable "cluster_name" {
   EOT
 }
 
+variable "prometheus_hostname" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+  Domain used to expose prometheus on an external endpoint.
+
+  Leave empty to disable exposition of prometheus publicly.
+
+  Example: `prometheus.dss.example.com`
+
+  EOT
+}
+
+
 variable "kubernetes_version" {
   type        = string
   description = <<-EOT
@@ -555,3 +569,14 @@ variable "evict_rid_subscriptions" {
 }
 
 
+variable "enable_monitoring" {
+  type        = bool
+  default     = false
+  description = <<-EOT
+  Set to true to enable monitoring stack with prometheus / grafana.
+
+  Example: `true`
+  EOT
+}
+
+

deploy/infrastructure/modules/terraform-google-dss/TFVARS.gen.md

@@ -126,6 +126,11 @@ Use <code>latest</code> to use the latest schema version.</p>
 Use <code>latest</code> to use the latest schema version.</p>
 <p>Example: <code>3.1.0</code></p>
 <br/>Default value: <code>"latest"</code></td>
+            </tr><tr>
+                <td>enable_monitoring (<code>bool</code>)</td>
+                <td><p>Set to true to enable monitoring stack with prometheus / grafana.</p>
+<p>Example: <code>true</code></p>
+<br/>Default value: <code>false</code></td>
             </tr><tr>
                 <td>enable_scd (<code>bool</code>)</td>
                 <td><p>Set this boolean true to enable ASTM strategic conflict detection functionality</p>
@@ -245,6 +250,12 @@ DSS instances) value is acceptable.</p>
 Currently, only single node or three nodes deployments are supported.</p>
 <p>Example: <code>3</code></p>
 </td>
+            </tr><tr>
+                <td>prometheus_hostname (<code>string</code>)</td>
+                <td><p>Domain used to expose prometheus on an external endpoint.</p>
+<p>Leave empty to disable exposition of prometheus publicly.</p>
+<p>Example: <code>prometheus.dss.example.com</code></p>
+<br/>Default value: <code>""</code></td>
             </tr><tr>
                 <td>should_init (<code>bool</code>)</td>
                 <td><p>Set to false if joining an existing pool, true if creating the first DSS instance

deploy/infrastructure/modules/terraform-google-dss/main.tf

@@ -10,6 +10,7 @@ module "terraform-google-kubernetes" {
   google_machine_type          = var.google_machine_type
   node_count                   = var.node_count
   kubernetes_version           = var.kubernetes_version
+  prometheus_hostname          = var.prometheus_hostname
 
   source = "../../dependencies/terraform-google-kubernetes"
 }
@@ -55,6 +56,9 @@ module "terraform-commons-dss" {
   evict_rid_ttl                    = var.evict_rid_ttl
   evict_rid_isas                   = var.evict_rid_isas
   evict_rid_subscriptions          = var.evict_rid_subscriptions
+  enable_monitoring                = var.enable_monitoring
+  prometheus_hostname              = var.prometheus_hostname
+  ip_prometheus                    = module.terraform-google-kubernetes.ip_prometheus
 
   source = "../../dependencies/terraform-commons-dss"
 }

deploy/infrastructure/modules/terraform-google-dss/terraform.dev.example.tfvars

@@ -40,3 +40,7 @@ yugabyte_region          = "gcp-uss-1"
 yugabyte_zone            = "gcp-uss-1"
 yugabyte_light_resources = false
 yugabyte_external_nodes  = []
+
+# Monitoring
+enable_monitoring = false
+# prometheus_hostname             = "prometheus.dss.interuss.example.com"