merklecounty · philips · Aug 3, 2019 · Aug 3, 2019
diff --git a/TODO b/TODO
@@ -38,7 +38,7 @@ x Have github subcommands take a URL not flags for project, org, tag
 x Take github credentials via environment variables
 x Submit automatically after github publish happens - printed out submit instead
 x Print out an rget command after submission for a user to test
-- Add prometheus metrics exporting for GET requests and submission requests and hook up to stackdriver
+x Add prometheus metrics exporting for GET requests and submission requests and hook up to stackdriver
 - Use a different path for submissions. probably /submit or something
 - Introduce rget check to check a URL works and when the certificate was issued, etc
 - Make the rget root command output more useful output

diff --git a/production/README.md b/production/README.md
@@ -0,0 +1,17 @@
+# Production
+
+Kubernetes manifests for the production setup of the `rget server`
+
+## Accessing Services
+
+### rget service
+
+```
+kubectl -n sget port-forward sserve-64cfc885c5-pmgpc 8080:2112 --address 0.0.0.0
+```
+
+### prometheus
+
+```
+kubectl -n sget port-forward prometheus-prometheus-0 9090 --address 0.0.0.0
+```
diff --git a/production/prometheus-operator.yaml b/production/prometheus-operator.yaml
@@ -0,0 +1,168 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.31.1
+  name: prometheus-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-operator
+subjects:
+- kind: ServiceAccount
+  name: prometheus-operator
+  namespace: sget
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.31.1
+  name: prometheus-operator
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - alertmanagers
+  - prometheuses
+  - prometheuses/finalizers
+  - alertmanagers/finalizers
+  - servicemonitors
+  - podmonitors
+  - prometheusrules
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - services/finalizers
+  - endpoints
+  verbs:
+  - get
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.31.1
+  name: prometheus-operator
+  namespace: sget
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: controller
+      app.kubernetes.io/name: prometheus-operator
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/name: prometheus-operator
+        app.kubernetes.io/version: v0.31.1
+    spec:
+      containers:
+      - args:
+        - --kubelet-service=kube-system/kubelet
+        - --logtostderr=true
+        - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1
+        - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.31.1
+        image: quay.io/coreos/prometheus-operator:v0.31.1
+        name: prometheus-operator
+        ports:
+        - containerPort: 8080
+          name: http
+        resources:
+          limits:
+            cpu: 200m
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+      serviceAccountName: prometheus-operator
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.31.1
+  name: prometheus-operator
+  namespace: sget
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.31.1
+  name: prometheus-operator
+  namespace: sget
+spec:
+  clusterIP: None
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http
+  selector:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
diff --git a/production/prometheus.yaml b/production/prometheus.yaml
@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs: ["get"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: sget
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+  name: prometheus
+spec:
+  serviceAccountName: prometheus
+  serviceMonitorSelector:
+    matchLabels:
+      name: sserve
+  resources:
+    requests:
+      memory: 400Mi
+  enableAdminAPI: false
+  containers:
+  - name: sidecar
+    image: gcr.io/stackdriver-prometheus/stackdriver-prometheus-sidecar:0.4.3
+    imagePullPolicy: Always
+    args:
+    - --stackdriver.project-id=onchain-dev
+    - --prometheus.wal-directory=/prometheus/wal
+    - --stackdriver.kubernetes.location=us-central1-a
+    - --stackdriver.kubernetes.cluster-name=ifup-dev-gke
+    ports:
+    - name: sidecar
+      containerPort: 9091
+    volumeMounts:
+    - name: prometheus-prometheus-db
+      mountPath: /prometheus
diff --git a/production/servicemonitor.yaml b/production/servicemonitor.yaml
@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: sserve
+  labels:
+    name: sserve
+spec:
+  selector:
+    matchLabels:
+      name: sserve
+  endpoints:
+  - port: metrics
+    path: /
diff --git a/production/sserve-service.yaml b/production/sserve-service.yaml
@@ -2,12 +2,16 @@ apiVersion: v1
 kind: Service
 metadata:
   name: sserve-service
+  labels: 
+    name: sserve
 spec:
   type: LoadBalancer
   ports:
   - port: 80
     name: http
   - port: 443
     name: https
+  - port: 2112
+    name: metrics
   selector:
     name: sserve