feat(prometheus): Add prometheus for metrics collection

Initial commit of prometheus that collects and displays metrics, stores
them in Thanos, and includes dashboards in Grafana.

The installation uses the kube-prometheus project
(https://github.com/prometheus-operator/kube-prometheus), manifests
generation uses the `Makefile`, with application using kustomize.

As the upstream project using jsonnet for configuration, most
configuration options are in the settings.jsonnet file. Changes to the
settings, requires rerunning the `make manifests` to create the new
manifests. Commit the results to the metacpan-k8s repository.

Author: ssoriche

.gitignore

@@ -1,2 +1,3 @@
 **/charts/
 platform/kube-thanos/vendor
+platform/kube-prometheus/vendor

platform/kube-prometheus/Makefile

@@ -0,0 +1,47 @@
+.DEFAULT_GOAL := help
+
+SHELL := /bin/bash
+PATH := $(PWD)/tmp/bin:${PATH}
+JSONNET_FILE := settings.jsonnet
+
+.PHONY: all clean manifests check-tools
+
+all: check-tools clean manifests
+
+.PHONY: init
+init:
+	jb init
+	jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
+
+.PHONY: manifests
+manifests:
+	mkdir -p base/setup
+	jsonnet -J vendor -m base $(JSONNET_FILE) | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml' -- {}
+	find base -type f ! -name '*.yaml' -delete
+	rm -f kustomization
+	rm base/grafana-config.yaml
+
+.PHONY: clean
+clean:
+	rm -rf base
+
+.PHONY: upgrade
+upgrade:
+	jb update github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
+
+.PHONY: check-tools
+check-tools:
+	@command -v jb >/dev/null 2>&1 || { echo >&2 "jb is not installed. Aborting."; exit 1; }
+	@command -v jsonnet >/dev/null 2>&1 || { echo >&2 "jsonnet is not installed. Aborting."; exit 1; }
+	@command -v gojsontoyaml >/dev/null 2>&1 || { echo >&2 "gojsontoyaml is not installed. Aborting."; exit 1; }
+
+.PHONY: help
+help:
+	@echo "Makefile for pulling kube-prometheus YAML"
+	@echo ""
+	@echo "Targets:"
+	@echo "  manifests   : extract kube-prometheus YAML from jssonet with specified settings.jsonnet"
+	@echo "  upgrade     : update kube-prometheus from jssonet with specified settings.jsonnet"
+	@echo "  init        : initialize jsonnet vendor packages"
+	@echo "  check-tools : ensure required tools are installed"
+	@echo "  help        : Display this help message"

platform/kube-prometheus/README.md

@@ -0,0 +1,104 @@
+# kube-prometheus
+
+The [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus)
+project provides a set of Kubernetes manifests, Grafana dashboards, and
+Prometheus rules to deploy a full monitoring stack for Kubernetes. It includes
+Prometheus, Alertmanager, and Grafana, along with various exporters and
+dashboards to monitor the health and performance of a Kubernetes cluster.
+
+## Makefile Overview
+
+This project's design is to pull and manage the kube-prometheus YAML
+configurations using jsonnet from the upstream project. The Makefile provided
+in this project helps automate tasks such as initializing dependencies,
+generating manifests, cleaning up, and ensure required tools are present.
+
+## Prerequisites
+
+Before using the Makefile, ensure you have the following tools installed:
+
+- `jb` (jsonnet Bundler)
+- `jsonnet`
+- `gojsontoyaml`
+
+## Makefile Targets
+
+The Makefile includes targets to help manage the project:
+
+### `all`
+
+Runs the `check-tools`, `clean`, and `manifests` targets in sequence. This is
+the default target.
+
+### `init`
+
+Initializes the jsonnet vendor packages by running `jb init` and installs the
+kube-prometheus jsonnet library.
+
+### `manifests`
+
+Generates the kube-prometheus YAML files from the specified `settings.jsonnet`
+file. It converts the jsonnet output to YAML and places the files in the `base`
+directory. Removal of non-YAML files in the `base` directory, and the
+`kustomization` file.
+
+### `clean`
+
+Removes the `base` directory and its contents.
+
+### `upgrade`
+
+Updates the kube-prometheus jsonnet library to the latest version.
+
+### `check-tools`
+
+Checks if the installation of required tools (`jb`, `jsonnet`, and
+`gojsontoyaml`). If any of the tools are missing, the target will abort with an
+error message.
+
+### `help`
+
+Displays a help message with a brief description of each target.
+
+## Usage
+
+To use the Makefile, run the following commands in your terminal:
+
+1. **Initialize the project:**
+
+   ```sh
+   make init
+   ```
+
+2. **Generate the manifests:**
+
+   ```sh
+   make manifests
+   ```
+
+3. **Clean up the generated files:**
+
+   ```sh
+   make clean
+   ```
+
+4. **Upgrade the kube-prometheus library:**
+
+   ```sh
+   make upgrade
+   ```
+
+5. **Check if required tools are installed:**
+
+   ```sh
+   make check-tools
+   ```
+
+6. **Display the help message:**
+
+   ```sh
+   make help
+   ```
+
+By following these steps, you can manage the kube-prometheus YAML
+configurations efficiently using the provided Makefile.

platform/kube-prometheus/base/00namespace-namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/warn-version: latest
+  name: monitoring

platform/kube-prometheus/base/00namespace-prometheusRule.yaml

@@ -0,0 +1,83 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-prometheus
+    app.kubernetes.io/part-of: kube-prometheus
+    prometheus: k8s
+    role: alert-rules
+  name: kube-prometheus-rules
+  namespace: monitoring
+spec:
+  groups:
+  - name: general.rules
+    rules:
+    - alert: TargetDown
+      annotations:
+        description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.'
+        runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/targetdown
+        summary: One or more targets are unreachable.
+      expr: 100 * (count(up == 0) BY (cluster, job, namespace, service) / count(up) BY (cluster, job, namespace, service)) > 10
+      for: 10m
+      labels:
+        severity: warning
+    - alert: Watchdog
+      annotations:
+        description: |
+          This is an alert meant to ensure that the entire alerting pipeline is functional.
+          This alert is always firing, therefore it should always be firing in Alertmanager
+          and always fire against a receiver. There are integrations with various notification
+          mechanisms that send a notification when this alert is not firing. For example the
+          "DeadMansSnitch" integration in PagerDuty.
+        runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/watchdog
+        summary: An alert that should always be firing to certify that Alertmanager is working properly.
+      expr: vector(1)
+      labels:
+        severity: none
+    - alert: InfoInhibitor
+      annotations:
+        description: |
+          This is an alert that is used to inhibit info alerts.
+          By themselves, the info-level alerts are sometimes very noisy, but they are relevant when combined with
+          other alerts.
+          This alert fires whenever there's a severity="info" alert, and stops firing when another alert with a
+          severity of 'warning' or 'critical' starts firing on the same namespace.
+          This alert should be routed to a null receiver and configured to inhibit alerts with severity="info".
+        runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/infoinhibitor
+        summary: Info-level alert inhibition.
+      expr: ALERTS{severity = "info"} == 1 unless on(namespace) ALERTS{alertname != "InfoInhibitor", severity =~ "warning|critical", alertstate="firing"} == 1
+      labels:
+        severity: none
+  - name: node-network
+    rules:
+    - alert: NodeNetworkInterfaceFlapping
+      annotations:
+        description: Network interface "{{ $labels.device }}" changing its up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}
+        runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/nodenetworkinterfaceflapping
+        summary: Network interface is often changing its status
+      expr: |
+        changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2
+      for: 2m
+      labels:
+        severity: warning
+  - name: kube-prometheus-node-recording.rules
+    rules:
+    - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance)
+      record: instance:node_cpu:rate:sum
+    - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
+      record: instance:node_network_receive_bytes:rate:sum
+    - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
+      record: instance:node_network_transmit_bytes:rate:sum
+    - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)
+      record: instance:node_cpu:ratio
+    - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))
+      record: cluster:node_cpu:sum_rate5m
+    - expr: cluster:node_cpu:sum_rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))
+      record: cluster:node_cpu:ratio
+  - name: kube-prometheus-general.rules
+    rules:
+    - expr: count without(instance, pod, node) (up == 1)
+      record: count:up1
+    - expr: count without(instance, pod, node) (up == 0)
+      record: count:up0

platform/kube-prometheus/base/alertmanager-alertmanager.yaml

@@ -0,0 +1,35 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+  labels:
+    app.kubernetes.io/component: alert-router
+    app.kubernetes.io/instance: main
+    app.kubernetes.io/name: alertmanager
+    app.kubernetes.io/part-of: kube-prometheus
+    app.kubernetes.io/version: 0.27.0
+  name: main
+  namespace: monitoring
+spec:
+  image: quay.io/prometheus/alertmanager:v0.27.0
+  nodeSelector:
+    kubernetes.io/os: linux
+  podMetadata:
+    labels:
+      app.kubernetes.io/component: alert-router
+      app.kubernetes.io/instance: main
+      app.kubernetes.io/name: alertmanager
+      app.kubernetes.io/part-of: kube-prometheus
+      app.kubernetes.io/version: 0.27.0
+  replicas: 3
+  resources:
+    limits: {}
+    requests:
+      cpu: 4m
+      memory: 100Mi
+  secrets: []
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
+  serviceAccountName: alertmanager-main
+  version: 0.27.0

platform/kube-prometheus/base/alertmanager-networkPolicy.yaml

@@ -0,0 +1,42 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    app.kubernetes.io/component: alert-router
+    app.kubernetes.io/instance: main
+    app.kubernetes.io/name: alertmanager
+    app.kubernetes.io/part-of: kube-prometheus
+    app.kubernetes.io/version: 0.27.0
+  name: alertmanager-main
+  namespace: monitoring
+spec:
+  egress:
+  - {}
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: prometheus
+    ports:
+    - port: 9093
+      protocol: TCP
+    - port: 8080
+      protocol: TCP
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: alertmanager
+    ports:
+    - port: 9094
+      protocol: TCP
+    - port: 9094
+      protocol: UDP
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: alert-router
+      app.kubernetes.io/instance: main
+      app.kubernetes.io/name: alertmanager
+      app.kubernetes.io/part-of: kube-prometheus
+  policyTypes:
+  - Egress
+  - Ingress

platform/kube-prometheus/base/alertmanager-podDisruptionBudget.yaml

@@ -0,0 +1,19 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/component: alert-router
+    app.kubernetes.io/instance: main
+    app.kubernetes.io/name: alertmanager
+    app.kubernetes.io/part-of: kube-prometheus
+    app.kubernetes.io/version: 0.27.0
+  name: alertmanager-main
+  namespace: monitoring
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: alert-router
+      app.kubernetes.io/instance: main
+      app.kubernetes.io/name: alertmanager
+      app.kubernetes.io/part-of: kube-prometheus