gerrit-monitoring/install.sh

#!/bin/bash -e

# Copyright (C) 2020 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

usage() {
    me=`basename "$0"`
    echo >&2 "Usage: $me [--output OUTPUT] [--dryrun] CONFIG"
    exit 1
}

while test $# -gt 0 ; do
  case "$1" in
  --output)
    shift
    OUTPUT=$1
    shift
    ;;

  --dryrun)
    DRYRUN="true"
    shift
    ;;

  *)
    break
  esac
done

test -z "$OUTPUT" && OUTPUT="$(dirname $0)/dist"

CONFIG=$1
test -z "$CONFIG" && usage

NAMESPACE=$(yq r $CONFIG namespace)
TMP_CONFIG=$OUTPUT/$(basename $CONFIG)

function updateOrInstall() {
  if test -n "$(helm ls -n $NAMESPACE --short | grep $1)"; then
    echo "upgrade"
  else
    echo "install"
  fi
}

function addHtpasswdEntryUnencrypted() {
  local COMPONENT=$1

  local HTPASSWD=$(htpasswd -nb \
    $(yq r $TMP_CONFIG $COMPONENT.username) \
    $(yq r $TMP_CONFIG $COMPONENT.password))

  yq w -i $TMP_CONFIG $COMPONENT.htpasswd $HTPASSWD
}

function addHtpasswdEntryEncrypted() {
  local COMPONENT=$1

  local HTPASSWD=$(htpasswd -nb \
    $(sops -d --extract "$COMPONENT['username']" $TMP_CONFIG) \
    $(sops -d --extract "$COMPONENT['password']" $TMP_CONFIG))

  sops --set "$COMPONENT['htpasswd'] \"$HTPASSWD\"" $TMP_CONFIG
}

function runYtt() {
  ytt \
    -f charts/namespace.yaml \
    -f charts/prometheus/ \
    -f charts/loki/ \
    -f charts/grafana/ \
    -f promtail/ \
    --output-directory $OUTPUT \
    --ignore-unknown-comments \
    -f $1
}

mkdir -p $OUTPUT
cp $CONFIG $TMP_CONFIG

# Fill in templates
if test -z "$(grep -o '^sops:$' $TMP_CONFIG)"; then
  addHtpasswdEntryUnencrypted loki
  addHtpasswdEntryUnencrypted prometheus.server
  echo -e "#@data/values\n---\n$(cat $TMP_CONFIG)" | runYtt -
else
  addHtpasswdEntryEncrypted "['loki']" $TMP_CONFIG
  addHtpasswdEntryEncrypted "['prometheus']['server']" $TMP_CONFIG
  echo -e "#@data/values\n---\n$(sops -d $TMP_CONFIG)" | runYtt -
fi

# Create configmap with dashboards
kubectl create configmap grafana-dashboards \
  --from-file=./dashboards \
  --dry-run=true \
  --namespace=$NAMESPACE \
  -o yaml > $OUTPUT/configuration/dashboards.cm.yaml

test -n "$DRYRUN" && exit 0

# Install loose components
kubectl apply -f $OUTPUT/namespace.yaml
kubectl apply -f $OUTPUT/configuration
kubectl apply -f $OUTPUT/storage

# Add Loki helm repository
helm repo add loki https://grafana.github.io/loki/charts
helm repo update

# Install Prometheus
PROMETHEUS_CHART_NAME=prometheus-$NAMESPACE
helm $(updateOrInstall $PROMETHEUS_CHART_NAME) $PROMETHEUS_CHART_NAME \
  stable/prometheus \
  --version $(cat ./charts/prometheus/VERSION) \
  --values $OUTPUT/prometheus.yaml \
  --namespace $NAMESPACE

# Install Loki
LOKI_CHART_NAME=loki-$NAMESPACE
helm $(updateOrInstall $LOKI_CHART_NAME) $LOKI_CHART_NAME \
  loki/loki \
  --version $(cat ./charts/loki/VERSION) \
  --values $OUTPUT/loki.yaml \
  --namespace $NAMESPACE

# Install Grafana
GRAFANA_CHART_NAME=grafana-$NAMESPACE
helm $(updateOrInstall $GRAFANA_CHART_NAME) $GRAFANA_CHART_NAME \
  stable/grafana \
  --version $(cat ./charts/grafana/VERSION) \
  --values $OUTPUT/grafana.yaml \
  --namespace $NAMESPACE
Move internal project to open source This change adds the current status of a project that aims to create a simple monitoring setup to monitor Gerrit servers, which was developed internally at SAP. The project provides an opinionated and basic configuration for helm charts that can be used to install Loki, Prometheus and Grafana on a Kubernetes cluster. Scripts to easily apply the configuration and install the whole setup are provided as well. The contributions so far were done by (with number of commits) 80 Thomas Draebing 11 Matthias Sohn 2 Saša Živkov Change-Id: I8045780446edfb3c0dc8287b8f494505e338e066 2020-03-11 12:46:52 +00:00			`#!/bin/bash -e`

			`# Copyright (C) 2020 The Android Open Source Project`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`usage() {`
			me=`basename "$0"`
			`echo >&2 "Usage: $me [--output OUTPUT] [--dryrun] CONFIG"`
			`exit 1`
			`}`

			`while test $# -gt 0 ; do`
			`case "$1" in`
			`--output)`
			`shift`
			`OUTPUT=$1`
			`shift`
			`;;`

			`--dryrun)`
			`DRYRUN="true"`
			`shift`
			`;;`

			`*)`
			`break`
			`esac`
			`done`

			`test -z "$OUTPUT" && OUTPUT="$(dirname $0)/dist"`

			`CONFIG=$1`
			`test -z "$CONFIG" && usage`

			`NAMESPACE=$(yq r $CONFIG namespace)`
			`TMP_CONFIG=$OUTPUT/$(basename $CONFIG)`

			`function updateOrInstall() {`
			`if test -n "$(helm ls -n $NAMESPACE --short \| grep $1)"; then`
			`echo "upgrade"`
			`else`
			`echo "install"`
			`fi`
			`}`

			`function addHtpasswdEntryUnencrypted() {`
			`local COMPONENT=$1`

			`local HTPASSWD=$(htpasswd -nb \`
			`$(yq r $TMP_CONFIG $COMPONENT.username) \`
			`$(yq r $TMP_CONFIG $COMPONENT.password))`

			`yq w -i $TMP_CONFIG $COMPONENT.htpasswd $HTPASSWD`
			`}`

			`function addHtpasswdEntryEncrypted() {`
			`local COMPONENT=$1`

			`local HTPASSWD=$(htpasswd -nb \`
			`$(sops -d --extract "$COMPONENT['username']" $TMP_CONFIG) \`
			`$(sops -d --extract "$COMPONENT['password']" $TMP_CONFIG))`

			`sops --set "$COMPONENT['htpasswd'] \"$HTPASSWD\"" $TMP_CONFIG`
			`}`

			`function runYtt() {`
			`ytt \`
			`-f charts/namespace.yaml \`
			`-f charts/prometheus/ \`
			`-f charts/loki/ \`
			`-f charts/grafana/ \`
			`-f promtail/ \`
			`--output-directory $OUTPUT \`
			`--ignore-unknown-comments \`
			`-f $1`
			`}`

			`mkdir -p $OUTPUT`
			`cp $CONFIG $TMP_CONFIG`

			`# Fill in templates`
			`if test -z "$(grep -o '^sops:$' $TMP_CONFIG)"; then`
			`addHtpasswdEntryUnencrypted loki`
			`addHtpasswdEntryUnencrypted prometheus.server`
			`echo -e "#@data/values\n---\n$(cat $TMP_CONFIG)" \| runYtt -`
			`else`
			`addHtpasswdEntryEncrypted "['loki']" $TMP_CONFIG`
			`addHtpasswdEntryEncrypted "['prometheus']['server']" $TMP_CONFIG`
			`echo -e "#@data/values\n---\n$(sops -d $TMP_CONFIG)" \| runYtt -`
			`fi`

			`# Create configmap with dashboards`
			`kubectl create configmap grafana-dashboards \`
			`--from-file=./dashboards \`
			`--dry-run=true \`
			`--namespace=$NAMESPACE \`
			`-o yaml > $OUTPUT/configuration/dashboards.cm.yaml`

			`test -n "$DRYRUN" && exit 0`

			`# Install loose components`
			`kubectl apply -f $OUTPUT/namespace.yaml`
			`kubectl apply -f $OUTPUT/configuration`
			`kubectl apply -f $OUTPUT/storage`

			`# Add Loki helm repository`
			`helm repo add loki https://grafana.github.io/loki/charts`
			`helm repo update`

			`# Install Prometheus`
			`PROMETHEUS_CHART_NAME=prometheus-$NAMESPACE`
			`helm $(updateOrInstall $PROMETHEUS_CHART_NAME) $PROMETHEUS_CHART_NAME \`
			`stable/prometheus \`
			`--version $(cat ./charts/prometheus/VERSION) \`
			`--values $OUTPUT/prometheus.yaml \`
			`--namespace $NAMESPACE`

			`# Install Loki`
			`LOKI_CHART_NAME=loki-$NAMESPACE`
			`helm $(updateOrInstall $LOKI_CHART_NAME) $LOKI_CHART_NAME \`
			`loki/loki \`
			`--version $(cat ./charts/loki/VERSION) \`
			`--values $OUTPUT/loki.yaml \`
			`--namespace $NAMESPACE`

			`# Install Grafana`
			`GRAFANA_CHART_NAME=grafana-$NAMESPACE`
			`helm $(updateOrInstall $GRAFANA_CHART_NAME) $GRAFANA_CHART_NAME \`
			`stable/grafana \`
			`--version $(cat ./charts/grafana/VERSION) \`
			`--values $OUTPUT/grafana.yaml \`
			`--namespace $NAMESPACE`