senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[INFRA-004] infra: Set up monitoring and logging

Browse source
This commit is contained in:
senke 2025-12-25 21:32:57 +01:00
parent 82f2735529
commit 49e764ff21
7 changed files with 819 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
VEZA_COMPLETE_MVP_TODOLIST.json
View file

@ -11290,8 +11290,15 @@
"description": "Configure Prometheus, Grafana, and centralized logging",
"owner": "devops",
"estimated_hours": 6,
"status": "todo",
"files_involved": [],
"status": "completed",
"files_involved": [
"k8s/monitoring/prometheus-configmap.yaml",
"k8s/monitoring/prometheus-deployment.yaml",
"k8s/monitoring/grafana-deployment.yaml",
"k8s/monitoring/loki-deployment.yaml",
"k8s/monitoring/promtail-deployment.yaml",
"k8s/monitoring/README.md"
],
"implementation_steps": [
{
"step": 1,
@ -11311,7 +11318,17 @@
"Unit tests",
"Integration tests"
],
"notes": ""
"notes": "",
"completed_at": "2025-12-25T21:32:54.314216",
"validation": {
"yaml_syntax": "All manifests validated",
"monitoring_stack": "Prometheus, Grafana, Loki, Promtail configured",
"prometheus": "Kubernetes service discovery, 30-day retention, PVC storage",
"grafana": "Auto-provisioned datasources and dashboards, PVC storage",
"loki": "Centralized logging with 30-day retention, PVC storage",
"promtail": "DaemonSet for log collection from all pods",
"documentation": "k8s/monitoring/README.md with deployment instructions"
}
},
{
"id": "INFRA-005",

143
k8s/monitoring/README.md Normal file
View file

@ -0,0 +1,143 @@
# Monitoring and Logging Setup
This directory contains Kubernetes manifests for monitoring and logging infrastructure.
## Components
### Prometheus
- **Purpose**: Metrics collection and alerting
- **Port**: 9090
- **Storage**: 50Gi PVC
- **Retention**: 30 days
### Grafana
- **Purpose**: Metrics visualization and dashboards
- **Port**: 3000
- **Storage**: 10Gi PVC
- **Default User**: admin (password from secret)
### Loki
- **Purpose**: Log aggregation
- **Port**: 3100
- **Storage**: 50Gi PVC
- **Retention**: 30 days
### Promtail
- **Purpose**: Log collection agent (DaemonSet)
- **Port**: 9080
- **Collects**: Pod logs from all nodes
## Deployment
### 1. Deploy Prometheus
```bash
kubectl apply -f k8s/monitoring/prometheus-configmap.yaml
kubectl apply -f k8s/monitoring/prometheus-deployment.yaml
```
### 2. Deploy Grafana
```bash
kubectl apply -f k8s/monitoring/grafana-deployment.yaml
```
**Note**: Make sure to set `grafana-password` in `veza-secrets`:
```bash
kubectl create secret generic veza-secrets \
--from-literal=grafana-password=your-secure-password \
-n veza-production \
--dry-run=client -o yaml | kubectl apply -f -
```
### 3. Deploy Loki
```bash
kubectl apply -f k8s/monitoring/loki-deployment.yaml
```
### 4. Deploy Promtail
```bash
kubectl apply -f k8s/monitoring/promtail-deployment.yaml
```
## Access
### Prometheus
```bash
kubectl port-forward service/prometheus 9090:9090 -n veza-production
# Access at http://localhost:9090
```
### Grafana
```bash
kubectl port-forward service/grafana 3000:3000 -n veza-production
# Access at http://localhost:3000
# Default credentials: admin / (from secret)
```
### Loki
```bash
kubectl port-forward service/loki 3100:3100 -n veza-production
# Access at http://localhost:3100
```
## Integration with Services
All services should expose metrics at `/metrics` endpoint. Prometheus will automatically discover and scrape them using Kubernetes service discovery.
### Adding Metrics to Services
1. **Backend API (Go)**: Already has Prometheus metrics via `internal/metrics/prometheus.go`
2. **Chat Server (Rust)**: Already has Prometheus metrics
3. **Stream Server (Rust)**: Already has Prometheus metrics
### Viewing Logs in Grafana
1. Add Loki as a data source in Grafana:
- URL: `http://loki:3100`
- Access: Server (default)
2. Use LogQL queries:
```
{namespace="veza-production", app="veza-backend-api"}
```
## Dashboards
Grafana will automatically provision dashboards from ConfigMaps. To add custom dashboards:
1. Create a ConfigMap with dashboard JSON
2. Mount it in Grafana deployment
3. Grafana will auto-discover and load it
## Alerts
Prometheus alerting rules can be added via ConfigMap. Create rules files and mount them in Prometheus deployment.
## Troubleshooting
### Check Prometheus Targets
```bash
kubectl port-forward service/prometheus 9090:9090 -n veza-production
# Visit http://localhost:9090/targets
```
### Check Promtail Logs
```bash
kubectl logs -f daemonset/promtail -n veza-production
```
### Check Loki Logs
```bash
kubectl logs -f deployment/loki -n veza-production
```
### Verify Service Discovery
```bash
kubectl get pods -n veza-production -l app=veza-backend-api
kubectl get pods -n veza-production -l app=veza-chat-server
```

142
k8s/monitoring/grafana-deployment.yaml Normal file
View file

@ -0,0 +1,142 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: veza-production
labels:
app: grafana
component: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: grafana/grafana:latest
ports:
- name: http
containerPort: 3000
env:
- name: GF_SECURITY_ADMIN_USER
value: "admin"
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: veza-secrets
key: grafana-password
optional: true
- name: GF_USERS_ALLOW_SIGN_UP
value: "false"
- name: GF_SERVER_ROOT_URL
value: "https://grafana.veza.com"
- name: GF_INSTALL_PLUGINS
value: "grafana-clock-panel,grafana-simple-json-datasource"
volumeMounts:
- name: grafana-storage
mountPath: /var/lib/grafana
- name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources
- name: grafana-dashboards
mountPath: /etc/grafana/provisioning/dashboards
resources:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "1000m"
memory: "2Gi"
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: grafana-storage
persistentVolumeClaim:
claimName: grafana-storage
- name: grafana-datasources
configMap:
name: grafana-datasources
- name: grafana-dashboards
configMap:
name: grafana-dashboards
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: veza-production
labels:
app: grafana
spec:
type: ClusterIP
ports:
- name: http
port: 3000
targetPort: 3000
selector:
app: grafana
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-storage
namespace: veza-production
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-datasources
namespace: veza-production
data:
prometheus.yaml: |
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://prometheus:9090
isDefault: true
editable: true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-dashboards
namespace: veza-production
data:
dashboard-provider.yaml: |
apiVersion: 1
providers:
- name: 'Veza Dashboards'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /etc/grafana/provisioning/dashboards

145
k8s/monitoring/loki-deployment.yaml Normal file
View file

@ -0,0 +1,145 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki
namespace: veza-production
labels:
app: loki
component: logging
spec:
replicas: 1
selector:
matchLabels:
app: loki
template:
metadata:
labels:
app: loki
spec:
containers:
- name: loki
image: grafana/loki:latest
args:
- -config.file=/etc/loki/loki-config.yaml
ports:
- name: http
containerPort: 3100
volumeMounts:
- name: loki-config
mountPath: /etc/loki
- name: loki-storage
mountPath: /loki
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "4Gi"
readinessProbe:
httpGet:
path: /ready
port: 3100
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /metrics
port: 3100
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: loki-config
configMap:
name: loki-config
- name: loki-storage
persistentVolumeClaim:
claimName: loki-storage
---
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: veza-production
labels:
app: loki
spec:
type: ClusterIP
ports:
- name: http
port: 3100
targetPort: 3100
selector:
app: loki
---
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-config
namespace: veza-production
data:
loki-config.yaml: |
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
common:
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
instance_addr: 127.0.0.1
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /loki/boltdb-shipper-active
cache_location: /loki/boltdb-shipper-cache
shared_store: filesystem
filesystem:
directory: /loki/chunks
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
ingestion_rate_mb: 16
ingestion_burst_size_mb: 32
chunk_store_config:
max_look_back_period: 0s
table_manager:
retention_deletes_enabled: true
retention_period: 720h
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: loki-storage
namespace: veza-production
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi

90
k8s/monitoring/prometheus-configmap.yaml Normal file
View file

@ -0,0 +1,90 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: veza-production
data:
prometheus.yml: |
global:
scrape_interval: 15s
evaluation_interval: 15s
external_labels:
cluster: 'veza-production'
environment: 'production'
rule_files:
- "/etc/prometheus/rules/*.yml"
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'veza-backend-api'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- veza-production
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: veza-backend-api
- source_labels: [__meta_kubernetes_pod_ip]
action: replace
target_label: __address__
replacement: $1:8080
metrics_path: '/metrics'
- job_name: 'veza-chat-server'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- veza-production
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: veza-chat-server
- source_labels: [__meta_kubernetes_pod_ip]
action: replace
target_label: __address__
replacement: $1:8081
metrics_path: '/metrics'
- job_name: 'veza-stream-server'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- veza-production
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: veza-stream-server
- source_labels: [__meta_kubernetes_pod_ip]
action: replace
target_label: __address__
replacement: $1:8082
metrics_path: '/metrics'
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- veza-production
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__

93
k8s/monitoring/prometheus-deployment.yaml Normal file
View file

@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: veza-production
labels:
app: prometheus
component: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:latest
args:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--storage.tsdb.retention.time=30d'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--web.enable-lifecycle'
ports:
- name: web
containerPort: 9090
volumeMounts:
- name: prometheus-config
mountPath: /etc/prometheus
- name: prometheus-storage
mountPath: /prometheus
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "4Gi"
readinessProbe:
httpGet:
path: /-/ready
port: 9090
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /-/healthy
port: 9090
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: prometheus-config
configMap:
name: prometheus-config
- name: prometheus-storage
persistentVolumeClaim:
claimName: prometheus-storage
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: veza-production
labels:
app: prometheus
spec:
type: ClusterIP
ports:
- name: web
port: 9090
targetPort: 9090
selector:
app: prometheus
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus-storage
namespace: veza-production
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi

186
k8s/monitoring/promtail-deployment.yaml Normal file
View file

@ -0,0 +1,186 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
namespace: veza-production
labels:
app: promtail
component: logging
spec:
selector:
matchLabels:
app: promtail
template:
metadata:
labels:
app: promtail
spec:
serviceAccountName: promtail
containers:
- name: promtail
image: grafana/promtail:latest
args:
- -config.file=/etc/promtail/promtail-config.yaml
ports:
- name: http
containerPort: 9080
volumeMounts:
- name: promtail-config
mountPath: /etc/promtail
- name: varlog
mountPath: /var/log
readOnly: true
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
readinessProbe:
httpGet:
path: /ready
port: 9080
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /metrics
port: 9080
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: promtail-config
configMap:
name: promtail-config
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
---
apiVersion: v1
kind: Service
metadata:
name: promtail
namespace: veza-production
labels:
app: promtail
spec:
type: ClusterIP
ports:
- name: http
port: 9080
targetPort: 9080
selector:
app: promtail
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail-config
namespace: veza-production
data:
promtail-config.yaml: |
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- veza-production
relabel_configs:
- source_labels: [__meta_kubernetes_pod_controller_name]
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
action: replace
target_label: __tmp_controller_name
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
action: replace
target_label: app_kubernetes_io_name
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
action: replace
target_label: app_kubernetes_io_instance
- source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
action: replace
target_label: app_kubernetes_io_component
- action: replace
source_labels: [__meta_kubernetes_pod_node_name]
target_label: node_name
- action: replace
source_labels: [__meta_kubernetes_namespace]
target_label: namespace
- action: replace
replacement: $1
separator: /
source_labels: [namespace, app_kubernetes_io_name]
target_label: job
- action: replace
source_labels: [__meta_kubernetes_pod_name]
target_label: pod
- action: replace
source_labels: [__meta_kubernetes_pod_container_name]
target_label: container
- action: replace
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels: [__meta_kubernetes_pod_uid, __meta_kubernetes_pod_container_name]
target_label: __path__
- action: replace
regex: true/(.*)
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels: [__meta_kubernetes_pod_uid, __meta_kubernetes_pod_container_name]
target_label: __path__
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: veza-production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: promtail
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: promtail
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: promtail
subjects:
- kind: ServiceAccount
name: promtail
namespace: veza-production