Add local observability stack with OTel, Prometheus, and Grafana (#75)

* Add observability stack configuration

* Fix Prometheus remote write and OTLP port conflicts

Author: shayancoin

README.md

@@ -102,6 +102,16 @@ The frontend uses Next.js App Router architecture:
 docker compose --env-file .env.development -f docker-compose.dev.yml up
 ```
 
+To launch the observability stack alongside your application, start a second
+Compose project in a separate terminal:
+
+```bash
+docker compose -f docker-compose.observability.yml up
+```
+
+This brings up Prometheus, Grafana, Loki, Tempo, and the OpenTelemetry
+Collector with their configuration mounted from the `ops/` directory.
+
 ### Production
 
 ```bash

docker-compose.observability.yml

@@ -0,0 +1,89 @@
+version: "3.9"
+
+services:
+  prometheus:
+    image: prom/prometheus:v2.49.1
+    restart: unless-stopped
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--web.enable-lifecycle"
+      - "--web.enable-remote-write-receiver"
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./ops/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ./ops/prometheus/alerts.yml:/etc/prometheus/alerts.yml:ro
+      - prometheus_data:/prometheus
+    networks:
+      - observability
+
+  loki:
+    image: grafana/loki:2.9.3
+    restart: unless-stopped
+    command: ["-config.file=/etc/loki/local-config.yaml"]
+    ports:
+      - "3100:3100"
+    volumes:
+      - ./ops/loki/local-config.yaml:/etc/loki/local-config.yaml:ro
+      - loki_data:/loki
+    networks:
+      - observability
+
+  tempo:
+    image: grafana/tempo:2.4.1
+    restart: unless-stopped
+    command: ["-config.file=/etc/tempo/tempo.yaml"]
+    ports:
+      - "3200:3200"
+    volumes:
+      - ./ops/tempo/tempo.yaml:/etc/tempo/tempo.yaml:ro
+      - tempo_data:/tmp/tempo
+    networks:
+      - observability
+
+  otel-collector:
+    image: otel/opentelemetry-collector-contrib:0.87.0
+    restart: unless-stopped
+    command: ["--config=/etc/otelcol/config.yaml"]
+    depends_on:
+      - prometheus
+      - loki
+      - tempo
+    ports:
+      - "4317:4317"
+      - "4318:4318"
+      - "8888:8888"
+    volumes:
+      - ./ops/otel/otelcol-config.yaml:/etc/otelcol/config.yaml:ro
+    networks:
+      - observability
+
+  grafana:
+    image: grafana/grafana:10.4.2
+    restart: unless-stopped
+    depends_on:
+      - prometheus
+      - loki
+      - tempo
+    ports:
+      - "3000:3000"
+    environment:
+      GF_SECURITY_ADMIN_USER: admin
+      GF_SECURITY_ADMIN_PASSWORD: admin
+      GF_PATHS_PROVISIONING: /etc/grafana/provisioning
+    volumes:
+      - grafana_data:/var/lib/grafana
+      - ./ops/grafana/provisioning:/etc/grafana/provisioning:ro
+      - ./ops/grafana/dashboards:/var/lib/grafana/dashboards:ro
+    networks:
+      - observability
+
+volumes:
+  prometheus_data:
+  loki_data:
+  tempo_data:
+  grafana_data:
+
+networks:
+  observability:
+    driver: bridge

ops/grafana/provisioning/dashboards/dashboards.yaml

@@ -0,0 +1,11 @@
+apiVersion: 1
+providers:
+  - name: default
+    orgId: 1
+    folder: ""
+    type: file
+    disableDeletion: false
+    editable: true
+    updateIntervalSeconds: 30
+    options:
+      path: /var/lib/grafana/dashboards

ops/grafana/provisioning/datasources/datasources.yaml

@@ -0,0 +1,39 @@
+apiVersion: 1
+datasources:
+  - name: Prometheus
+    uid: prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090
+    isDefault: true
+    jsonData:
+      httpMethod: POST
+  - name: Loki
+    uid: loki
+    type: loki
+    access: proxy
+    url: http://loki:3100
+  - name: Tempo
+    uid: tempo
+    type: tempo
+    access: proxy
+    url: http://tempo:3200
+    jsonData:
+      httpMethod: POST
+      serviceMap:
+        datasourceUid: prometheus
+      tracesToLogs:
+        datasourceUid: loki
+        spanStartTimeShift: -1h
+        spanEndTimeShift: 1h
+        filterByTraceID: true
+        filterBySpanID: false
+        tags:
+          - key: service.name
+          - key: service.namespace
+      tracesToMetrics:
+        datasourceUid: prometheus
+        tags:
+          - key: service.name
+          - key: service.namespace
+    secureJsonData: {}

ops/loki/local-config.yaml

@@ -0,0 +1,45 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9096
+
+common:
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
+  replication_factor: 1
+  path_prefix: /loki
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+storage_config:
+  boltdb_shipper:
+    active_index_directory: /loki/index
+    cache_location: /loki/cache
+    shared_store: filesystem
+  filesystem:
+    directory: /loki/chunks
+
+limits_config:
+  allow_structured_metadata: true
+  retention_period: 168h
+
+chunk_store_config:
+  max_look_back_period: 0s
+
+compactor:
+  working_directory: /loki/compactor
+  shared_store: filesystem
+  compactor_ring:
+    kvstore:
+      store: inmemory

ops/otel/otelcol-config.yaml

@@ -0,0 +1,59 @@
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 0.0.0.0:4317
+      http:
+        endpoint: 0.0.0.0:4318
+
+processors:
+  batch:
+    send_batch_size: 8192
+    timeout: 5s
+  resource:
+    attributes:
+      - key: environment
+        value: local
+        action: upsert
+      - key: service.namespace
+        value: paform
+        action: upsert
+
+exporters:
+  logging:
+    loglevel: info
+  otlp/tempo:
+    endpoint: tempo:4317
+    tls:
+      insecure: true
+  prometheusremotewrite:
+    endpoint: http://prometheus:9090/api/v1/write
+  loki:
+    endpoint: http://loki:3100/loki/api/v1/push
+    default_labels_enabled:
+      job: true
+      instance: true
+      service_name: true
+      service_namespace: true
+      environment: true
+
+service:
+  telemetry:
+    logs:
+      level: info
+    metrics:
+      level: normal
+      address: 0.0.0.0:8888
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [resource, batch]
+      exporters: [otlp/tempo]
+    metrics:
+      receivers: [otlp]
+      processors: [resource, batch]
+      exporters: [prometheusremotewrite]
+    logs:
+      receivers: [otlp]
+      processors: [resource, batch]
+      exporters: [loki]

ops/prometheus/alerts.yml

@@ -0,0 +1,46 @@
+groups:
+  - name: backend-alerts
+    rules:
+      - alert: BackendHighErrorRate
+        expr: |
+          sum(rate(http_requests_total{job="backend",status_code=~"5.."}[5m]))
+            /
+          sum(rate(http_requests_total{job="backend"}[5m]))
+            > 0.05
+        for: 5m
+        labels:
+          severity: warning
+        annotations:
+          summary: "High 5xx error rate on backend"
+          description: |
+            The backend service has more than 5% 5xx responses over the last 5 minutes.
+
+      - alert: ApiP95LatencyHigh
+        expr: |
+          histogram_quantile(
+            0.95,
+            sum(rate(http_request_duration_seconds_bucket{job="backend"}[5m])) by (le)
+          ) > 0.75
+        for: 10m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Backend p95 latency is elevated"
+          description: |
+            The 95th percentile API latency has been above 750ms for more than 10 minutes.
+
+  - name: frontend-alerts
+    rules:
+      - alert: FrontendLCPDegraded
+        expr: |
+          histogram_quantile(
+            0.95,
+            sum(rate(web_vitals_lcp_seconds_bucket{job="frontend"}[10m])) by (le)
+          ) > 2.5
+        for: 15m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Frontend LCP is above target"
+          description: |
+            The frontend Largest Contentful Paint 95th percentile has exceeded 2.5 seconds for 15 minutes.

ops/prometheus/prometheus.yml

@@ -0,0 +1,32 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets: []
+
+rule_files:
+  - /etc/prometheus/alerts.yml
+
+scrape_configs:
+  - job_name: otel-collector
+    scrape_interval: 15s
+    metrics_path: /metrics
+    static_configs:
+      - targets:
+          - otel-collector:8888
+
+  - job_name: backend
+    scrape_interval: 15s
+    metrics_path: /metrics
+    static_configs:
+      - targets:
+          - backend:8000
+
+  - job_name: node-exporter
+    scrape_interval: 30s
+    static_configs:
+      - targets:
+          - node-exporter:9100

ops/tempo/tempo.yaml

@@ -0,0 +1,44 @@
+server:
+  http_listen_port: 3200
+  log_level: info
+
+distributor:
+  receivers:
+    otlp:
+      protocols:
+        grpc:
+          endpoint: 0.0.0.0:4317
+        http:
+          endpoint: 0.0.0.0:4318
+
+ingester:
+  max_block_duration: 5m
+  max_block_bytes: 1000000
+
+compactor:
+  compaction:
+    block_retention: 168h
+
+storage:
+  trace:
+    backend: local
+    block:
+      bloom_filter_false_positive: 0.05
+      index_downsample_bytes: 1000
+      encoding: zstd
+    wal:
+      path: /tmp/tempo/wal
+    local:
+      path: /tmp/tempo/blocks
+
+overrides:
+  defaults:
+    metrics_generator_processors:
+      - service-graphs
+      - span-metrics
+    metrics_generator:
+      processors:
+        span-metrics:
+          dimensions: [service.name, service.namespace]
+        service-graphs:
+          dimensions: [service.name, service.namespace]