diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..92b2793 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.direnv diff --git a/kustomize/consensus-layer-svc.yaml b/kustomize/consensus-layer-svc.yaml index 1175601..cc88b2f 100644 --- a/kustomize/consensus-layer-svc.yaml +++ b/kustomize/consensus-layer-svc.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: consensus-layer-svc + name: consensus-layer spec: type: ClusterIP selector: diff --git a/kustomize/consensus-layer.yaml b/kustomize/consensus-layer.yaml index 50ac334..438e574 100644 --- a/kustomize/consensus-layer.yaml +++ b/kustomize/consensus-layer.yaml @@ -3,13 +3,7 @@ kind: Deployment metadata: name: consensus-layer spec: - minReadySeconds: 3 - revisionHistoryLimit: 5 - progressDeadlineSeconds: 60 - strategy: - rollingUpdate: - maxUnavailable: 0 - type: RollingUpdate + replicas: 1 selector: matchLabels: app: consensus-layer @@ -18,6 +12,7 @@ spec: annotations: prometheus.io/scrape: "true" prometheus.io/port: "5054" + prometheus.io/path: "/metrics" labels: app: consensus-layer spec: @@ -26,53 +21,47 @@ spec: runAsGroup: 1001 fsGroup: 1001 containers: - - name: lighthouse - image: sigp/lighthouse:v5.1.3-modern - imagePullPolicy: IfNotPresent - ports: - - name: rpc - containerPort: 5052 - protocol: TCP - - name: http - containerPort: 5053 - protocol: TCP - - name: metrics - containerPort: 5054 - protocol: TCP - - name: peering-tcp - containerPort: 9000 - protocol: TCP - - name: peering-udp - containerPort: 9000 - protocol: UDP - - name: peering - containerPort: 9001 - protocol: UDP - command: ["/bin/sh", "-c"] - args: - - > - lighthouse bn - --network mainnet - --http --http-address 0.0.0.0 - --execution-endpoint http://execution-layer-svc:8551 - --metrics --metrics-address 0.0.0.0 - --execution-jwt /mnt/token/jwt - --checkpoint-sync-url https://mainnet.checkpoint.sigp.io - resources: - limits: - cpu: 3000m - memory: 10240Mi - requests: - cpu: 2000m - memory: 8192Mi - volumeMounts: - - name: jwt-secret-volume - readOnly: true - mountPath: /mnt/token - - name: logs - mountPath: /logs - - name: lighthouse - mountPath: /.lighthouse + - name: lighthouse + image: sigp/lighthouse:v5.1.3-modern + imagePullPolicy: IfNotPresent + ports: + - name: rpc + containerPort: 5052 + protocol: TCP + - name: http + containerPort: 5053 + protocol: TCP + - name: metrics + containerPort: 5054 + protocol: TCP + - name: peering-tcp + containerPort: 9000 + protocol: TCP + - name: peering-udp + containerPort: 9000 + protocol: UDP + - name: peering + containerPort: 9001 + protocol: UDP + command: ["/bin/sh", "-c"] + args: + - > + lighthouse bn --network mainnet --http --http-address 0.0.0.0 --execution-endpoint http://execution-layer:8551 --metrics --metrics-address 0.0.0.0 --metrics-port 5054 --execution-jwt /mnt/token/jwt --checkpoint-sync-url https://mainnet.checkpoint.sigp.io + resources: + limits: + cpu: 2000m + memory: 10240Mi + requests: + cpu: 1000m + memory: 6144Mi + volumeMounts: + - name: jwt-secret-volume + readOnly: true + mountPath: /mnt/token + - name: logs + mountPath: /logs + - name: lighthouse + mountPath: /.lighthouse volumes: - name: jwt-secret-volume secret: @@ -82,4 +71,3 @@ spec: emptyDir: {} - name: lighthouse emptyDir: {} - diff --git a/kustomize/download-dashboards.yaml b/kustomize/download-dashboards.yaml new file mode 100644 index 0000000..8b1b149 --- /dev/null +++ b/kustomize/download-dashboards.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: download-dashboards + labels: + app: grafana +data: + download-dashboards.sh: | + #!/bin/sh + + apk add --no-cache curl sed + + if [[ ! -d /var/lib/grafana/dashboards ]]; then + mkdir -p /var/lib/grafana/dashboards + fi + + curl https://grafana.com/api/dashboards/315/revisions/latest/download -o /var/lib/grafana/dashboards/kubernetes-dashboard.json + curl https://raw.githubusercontent.com/paradigmxyz/reth/main/etc/grafana/dashboards/overview.json -o /var/lib/grafana/dashboards/overview.json + sed -i 's/\${DS_PROMETHEUS}/DS_PROMETHEUS/g' /var/lib/grafana/dashboards/kubernetes-dashboard.json /var/lib/grafana/dashboards/overview.json diff --git a/kustomize/execution-layer-svc.yaml b/kustomize/execution-layer-svc.yaml index 47b0e69..09d3bfd 100644 --- a/kustomize/execution-layer-svc.yaml +++ b/kustomize/execution-layer-svc.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: execution-layer-svc + name: execution-layer spec: type: ClusterIP selector: diff --git a/kustomize/execution-layer.yaml b/kustomize/execution-layer.yaml index 7e21641..bbd9322 100644 --- a/kustomize/execution-layer.yaml +++ b/kustomize/execution-layer.yaml @@ -3,13 +3,7 @@ kind: Deployment metadata: name: execution-layer spec: - minReadySeconds: 3 - revisionHistoryLimit: 5 - progressDeadlineSeconds: 60 - strategy: - rollingUpdate: - maxUnavailable: 0 - type: RollingUpdate + replicas: 1 selector: matchLabels: app: execution-layer @@ -18,6 +12,7 @@ spec: annotations: prometheus.io/scrape: "true" prometheus.io/port: "5055" + prometheus.io/path: "/" labels: app: execution-layer spec: @@ -26,50 +21,41 @@ spec: runAsGroup: 1001 fsGroup: 1001 containers: - - name: reth - image: ghcr.io/paradigmxyz/reth - imagePullPolicy: IfNotPresent - ports: - - name: rpc - containerPort: 8545 - protocol: TCP - - name: engine - containerPort: 8551 - protocol: TCP - - name: metrics - containerPort: 5055 - protocol: TCP - - name: peering - containerPort: 30303 - protocol: TCP - command: ["/bin/sh", "-c"] - args: - - > - reth node - --chain mainnet - --metrics 0.0.0.0:5054 - --log.file.directory /logs - --authrpc.addr 0.0.0.0 - --authrpc.port 8551 - --authrpc.jwtsecret /mnt/token/jwt - --http --http.addr 0.0.0.0 --http.port 8545 - --http.api "eth,net,web3" -# command: ["sh", "-c", "sleep infinity"] - resources: - limits: - cpu: 3000m - memory: 10240Mi - requests: - cpu: 2000m - memory: 8192Mi - volumeMounts: - - name: jwt-secret-volume - readOnly: true - mountPath: /mnt/token - - name: logs - mountPath: /logs - - name: local - mountPath: /.local + - name: reth + image: ghcr.io/paradigmxyz/reth + imagePullPolicy: IfNotPresent + ports: + - name: rpc + containerPort: 8545 + protocol: TCP + - name: engine + containerPort: 8551 + protocol: TCP + - name: metrics + containerPort: 5055 + protocol: TCP + - name: peering + containerPort: 30303 + protocol: TCP + command: ["/bin/sh", "-c"] + args: + - > + reth node --chain mainnet --metrics 0.0.0.0:5055 --log.file.directory /logs --authrpc.addr 0.0.0.0 --authrpc.port 8551 --authrpc.jwtsecret /mnt/token/jwt --http --http.addr 0.0.0.0 --http.port 8545 --http.api "eth,net,web3" + resources: + limits: + cpu: 2000m + memory: 6144Mi + requests: + cpu: 1000m + memory: 4096Mi + volumeMounts: + - name: jwt-secret-volume + readOnly: true + mountPath: /mnt/token + - name: logs + mountPath: /logs + - name: local + mountPath: /.local volumes: - name: jwt-secret-volume secret: @@ -79,5 +65,3 @@ spec: emptyDir: {} - name: local emptyDir: {} - - diff --git a/kustomize/grafana-dashboards.yaml b/kustomize/grafana-dashboards.yaml new file mode 100644 index 0000000..a4af277 --- /dev/null +++ b/kustomize/grafana-dashboards.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-providers + labels: + grafana_dashboard_providers: "1" +data: + dashboards.yaml: | + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + updateIntervalSeconds: 30 + options: + path: /var/lib/grafana/dashboards diff --git a/kustomize/grafana-datasources.yaml b/kustomize/grafana-datasources.yaml new file mode 100644 index 0000000..cd546c8 --- /dev/null +++ b/kustomize/grafana-datasources.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-datasources + labels: + app: grafana +data: + prometheus-datasource.yaml: | + apiVersion: 1 + datasources: + - name: DS_PROMETHEUS + type: prometheus + access: proxy + url: http://prometheus:9090 + isDefault: true + editable: true diff --git a/kustomize/grafana-svc.yaml b/kustomize/grafana-svc.yaml new file mode 100644 index 0000000..b1d283e --- /dev/null +++ b/kustomize/grafana-svc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: grafana + labels: + app: grafana +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: 3000 + selector: + app: grafana diff --git a/kustomize/grafana.yaml b/kustomize/grafana.yaml new file mode 100644 index 0000000..e23da20 --- /dev/null +++ b/kustomize/grafana.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + labels: + app: grafana +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + initContainers: + - name: grafana-dashboards + image: alpine:latest + command: ["/bin/sh", "-c", "source /mnt/scripts/download-dashboards.sh"] + volumeMounts: + - name: download-dashboards + mountPath: /mnt/scripts + - name: grafana-storage + mountPath: /var/lib/grafana + containers: + - name: grafana + image: grafana/grafana:10.0.0 + ports: + - containerPort: 3000 + env: + - name: GF_SECURITY_ADMIN_PASSWORD + value: admin + volumeMounts: + - name: grafana-storage + mountPath: /var/lib/grafana + - name: grafana-datasource-volume + mountPath: /etc/grafana/provisioning/datasources + - name: grafana-dashboards-volume + mountPath: /etc/grafana/provisioning/dashboards + volumes: + - name: grafana-storage + emptyDir: {} + - name: grafana-datasource-volume + configMap: + name: grafana-datasources + - name: grafana-dashboards-volume + configMap: + name: grafana-dashboard-providers + - name: download-dashboards + configMap: + name: download-dashboards + defaultMode: 0770 diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index dd89bb5..8686f56 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -1,7 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - download-dashboards.yaml + - grafana-dashboards.yaml + - grafana-datasources.yaml + - prometheus-permissions.yaml + - prometheus-config.yaml - execution-layer.yaml - consensus-layer.yaml + - prometheus.yaml + - grafana.yaml - execution-layer-svc.yaml - consensus-layer-svc.yaml + - prometheus-svc.yaml + - grafana-svc.yaml diff --git a/kustomize/prometheus-config.yaml b/kustomize/prometheus-config.yaml new file mode 100644 index 0000000..b19d6ef --- /dev/null +++ b/kustomize/prometheus-config.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-config + labels: + app: prometheus +data: + prometheus.yml: | + global: + scrape_interval: 15s + + scrape_configs: + - job_name: 'app-metrics' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + - job_name: kubernetes-nodes-cadvisor + scrape_interval: 10s + scrape_timeout: 10s + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor diff --git a/kustomize/prometheus-permissions.yaml b/kustomize/prometheus-permissions.yaml new file mode 100644 index 0000000..f9c7228 --- /dev/null +++ b/kustomize/prometheus-permissions.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus +rules: + - apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] + - apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] + - nonResourceURLs: ["/metrics"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +subjects: + - kind: ServiceAccount + name: prometheus + namespace: ethereum-node-automation +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus + namespace: ethereum-node-automation diff --git a/kustomize/prometheus-svc.yaml b/kustomize/prometheus-svc.yaml new file mode 100644 index 0000000..dc29fd7 --- /dev/null +++ b/kustomize/prometheus-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: prometheus + labels: + app: prometheus +spec: + type: ClusterIP + selector: + app: prometheus + ports: + - port: 9090 + targetPort: 9090 + protocol: TCP + name: web diff --git a/kustomize/prometheus.yaml b/kustomize/prometheus.yaml new file mode 100644 index 0000000..c59275b --- /dev/null +++ b/kustomize/prometheus.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus + labels: + app: prometheus +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + spec: + serviceAccountName: prometheus + containers: + - name: prometheus + image: prom/prometheus:v2.43.0 + args: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + ports: + - containerPort: 9090 + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus/ + - name: storage-volume + mountPath: /prometheus + volumes: + - name: config-volume + configMap: + name: prometheus-config + - name: storage-volume + emptyDir: {}