Merge pull request #358 from osamamagdy/feat--add-monitoring-to-chart

Feat  add monitoring to chart

aws/README.md

@@ -91,12 +91,16 @@ Want to make the CTFD instance look pretty? Include the fragment located at [./k
 In the front page of the application you can edit the description to reference the right urls and the desplayed image. Use the following:
 
 ```sh
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.REACT_APP_MOVING_GIF_LOGO=<>" \
   --set="balancer.env.REACT_APP_HEROKU_WRONGSECRETS_URL=<>" \
   --set="balancer.env.REACT_APP_CTFD_URL='<>'" \
 ```
 
+### Monitoring the cluster
+
+For a guide on how to use the monitoring setup, see the [monitoring guide](../guides/monitoring-setup/monitoring.md).
+
 ### Clean it up
 
 When you're done:

aws/build-and-deploy-aws.sh

@@ -137,7 +137,7 @@ else
 fi
 
 echo "App password is ${APP_PASSWORD}"
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.K8S_ENV=aws" \
   --set="balancer.env.IRSA_ROLE=${IRSA_ROLE_ARN}" \
   --set="balancer.env.REACT_APP_ACCESS_PASSWORD=${APP_PASSWORD}" \

aws/k8s/grafana-ingress.yaml

@@ -0,0 +1,20 @@
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   namespace: default
+#   name: grafana
+#   annotations:
+#     kubernetes.io/ingress.class: nginx
+#     # cert-manager.io/issue-temporary-certificate: "true"
+# spec:
+#   rules:
+#     - host: grafana.<your domain>
+#     - http:
+#         paths:
+#           - path: /grafana
+#             pathType: Prefix
+#             backend:
+#               service:
+#                 name: wrongsecrets-grafana
+#                 port:
+#                   number: 80

azure/README.md

@@ -115,12 +115,16 @@ If you want to share with others go to the [When you want to share your environm
 In the front page of the application you can edit the description to reference the right urls and the desplayed image. Use the following:
 
 ```sh
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.REACT_APP_MOVING_GIF_LOGO=<>" \
   --set="balancer.env.REACT_APP_HEROKU_WRONGSECRETS_URL=<>" \
   --set="balancer.env.REACT_APP_CTFD_URL='<>'" \
 ```
 
+### Monitoring the cluster
+
+For a guide on how to use the monitoring setup, see the [monitoring guide](../guides/monitoring-setup/monitoring.md).
+
 ### Clean it up
 
 When you're done:

azure/build-and-deploy-azure.sh

@@ -150,7 +150,7 @@ echo "App password is ${APP_PASSWORD}" > password.txt
 
 echo "You can find the app password in password.txt"
 
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.K8S_ENV=azure" \
   --set="balancer.env.REACT_APP_AZ_BLOB_URL=https://${AZ_STORAGE_ACCOUNT}.blob.core.windows.net/tfstate" \
   --set="balancer.env.REACT_APP_ACCESS_PASSWORD=${APP_PASSWORD}" \

azure/k8s-nginx-lb-script.sh

@@ -30,6 +30,11 @@ echo "Ingress for Ctfd is not supported by default as it needs to have a sub-dom
 echo "Go to the file at k8s/ctfd-ingress.yaml and change the host to your own domain name"
 # kubectl apply -f k8s/ctfd-ingress.yaml
 
+echo "Ingress for Grafana is not supported by default as it needs to have a sub-domain with root path. Do kubectl port-forward svc/wrongsecrets-grafana 8080:80 to access it locally"
+
+echo "Go to the file at k8s/grafana-ingress.yaml and change the host to your own domain name"
+# kubectl apply -f k8s/grafana-ingress.yaml
+
 IP_ADDRESS="$(kubectl get service ingress-nginx-controller --namespace=ingress-nginx --output jsonpath='{.status.loadBalancer.ingress[0].ip}')"
 
 echo "IP_ADDRESS for the entrypoint is $IP_ADDRESS"

azure/k8s/grafana-ingress.yaml

@@ -0,0 +1,20 @@
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   namespace: default
+#   name: grafana
+#   annotations:
+#     kubernetes.io/ingress.class: nginx
+#     # cert-manager.io/issue-temporary-certificate: "true"
+# spec:
+#   rules:
+#     - host: grafana.<your domain>
+#     - http:
+#         paths:
+#           - path: /grafana
+#             pathType: Prefix
+#             backend:
+#               service:
+#                 name: wrongsecrets-grafana
+#                 port:
+#                   number: 80

build-and-deploy-container-minikube.sh

@@ -12,4 +12,14 @@ sleep 5
 
 echo "let's go!"
 
-kubectl port-forward service/wrongsecrets-balancer 3000:3000
+wait 10
+
+kubectl port-forward service/wrongsecrets-balancer 3000:3000 &
+
+echo "Balancer is running on http://localhost:3000"
+
+wait 10
+
+kubectl port-forward svc/wrongsecrets-grafana 8080:80 &
+
+echo "Grafana is running on http://localhost:8080"

build-and-deploy-container.sh

@@ -31,4 +31,4 @@ docker pull $WRONGSECRETS_BALANCER_IMAGE:$WRONGSECRETS_BALANCER_TAG &
 docker pull $WRONGSECRETS_CLEANER_IMAGE:$WRONGSECRETS_CLEANER_TAG
 wait
 
-helm upgrade --install mj ./helm/wrongsecrets-ctf-party --set="imagePullPolicy=IfNotPresent"
+helm upgrade --install wrongsecrets ./helm/wrongsecrets-ctf-party --set="imagePullPolicy=IfNotPresent"

build-and-deploy-minikube.sh

@@ -13,3 +13,7 @@ sleep 15
 echo "let's go!"
 
 kubectl port-forward service/wrongsecrets-balancer 3000:3000
+
+kubectl port-forward service/prometheus-server 9090:80
+
+kubectl port-forward service/grafana 80:80

build-and-deploy.sh

@@ -26,4 +26,4 @@ docker build -t local/wrongsecrets-balancer:$version ./wrongsecrets-balancer &
 docker build -t local/cleaner:$version ./cleaner &
 wait
 
-helm upgrade --install mj ./helm/wrongsecrets-ctf-party --set="imagePullPolicy=Never" --set="balancer.repository=local/wrongsecrets-balancer" --set="balancer.tag=$version" --set="wrongsecretsCleanup.repository=local/cleaner" --set="wrongsecretsCleanup.tag=$version"
+helm upgrade --install wrongsecrets ./helm/wrongsecrets-ctf-party --set="imagePullPolicy=Never" --set="balancer.repository=local/wrongsecrets-balancer" --set="balancer.tag=$version" --set="wrongsecretsCleanup.repository=local/cleaner" --set="wrongsecretsCleanup.tag=$version"

gcp/README.md

@@ -108,12 +108,16 @@ If you want to share with others go to the [When you want to share your environm
 In the front page of the application you can edit the description to reference the right urls and the desplayed image. Use the following:
 
 ```sh
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.REACT_APP_MOVING_GIF_LOGO=<>" \
   --set="balancer.env.REACT_APP_HEROKU_WRONGSECRETS_URL=<>" \
   --set="balancer.env.REACT_APP_CTFD_URL='<>'" \
 ```
 
+### Monitoring the cluster
+
+For a guide on how to use the monitoring setup, see the [monitoring guide](../guides/monitoring-setup/monitoring.md).
+
 ### Clean it up
 
 When you're done:

gcp/build-and-deploy-gcp.sh

@@ -102,14 +102,15 @@ echo "App password is ${APP_PASSWORD}" > password.txt
 
 echo "You can find the app password in password.txt"
 
-helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
+helm upgrade --install wrongsecrets ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.K8S_ENV=gcp" \
   --set="balancer.env.REACT_APP_GCP_BUCKET_URL=https://console.cloud.google.com/storage/browser/${GCP_BUCKET_NAME}" \
   --set="balancer.env.REACT_APP_ACCESS_PASSWORD=${APP_PASSWORD}" \
   --set="balancer.env.REACT_APP_CREATE_TEAM_HMAC_KEY=${CREATE_TEAM_HMAC}" \
   --set="balancer.cookie.cookieParserSecret=${COOKIE_PARSER_SECRET}" \
   --set="balancer.env.GCP_PROJECT_ID=${GCP_PROJECT}" \
-
+  --set="balancer.repository=osamamagdy/wrongsecrets-balancer" \
+  --set="balancer.tag=v1.3.5"
 
 kubectl annotate serviceaccount \
   --namespace default wrongsecrets-balancer \

gcp/k8s-nginx-lb-script.sh

@@ -22,6 +22,11 @@ echo "Ingress for Ctfd is not supported by default as it needs to have a sub-dom
 echo "Go to the file at k8s/ctfd-ingress.yaml and change the host to your own domain name"
 # kubectl apply -f k8s/ctfd-ingress.yaml
 
+echo "Ingress for Grafana is not supported by default as it needs to have a sub-domain with root path. Do kubectl port-forward svc/wrongsecrets-grafana 8080:80 to access it locally"
+
+echo "Go to the file at k8s/grafana-ingress.yaml and change the host to your own domain name"
+# kubectl apply -f k8s/grafana-ingress.yaml
+
 IP_ADDRESS="$(kubectl get service ingress-nginx-controller --namespace=ingress-nginx --output jsonpath='{.status.loadBalancer.ingress[0].ip}')"
 
 echo "IP_ADDRESS for the entrypoint is $IP_ADDRESS"

gcp/k8s/grafana-ingress.yaml

@@ -0,0 +1,20 @@
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   namespace: default
+#   name: grafana
+#   annotations:
+#     kubernetes.io/ingress.class: nginx
+#     # cert-manager.io/issue-temporary-certificate: "true"
+# spec:
+#   rules:
+#     - host: grafana.<your domain>
+#     - http:
+#         paths:
+#           - path: /grafana
+#             pathType: Prefix
+#             backend:
+#               service:
+#                 name: wrongsecrets-grafana
+#                 port:
+#                   number: 80

gcp/shared-state/README.md

@@ -14,7 +14,7 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.80.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.83.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
 
 ## Modules

guides/monitoring-setup/monitoring.md

@@ -1,32 +1,11 @@
-# MultiJuicer Monitoring Setups
+# Wrongsecrets Monitoring Setups
 
-This is a short and temporary guide on how to install MultiJuicer together with Prometheus, Grafana & Grafana Loki to get nice monitoring setup for your MultiJuicer installation.
+This is a short and temporary guide on how to install Wrongsecrets together with Prometheus, Grafana & Grafana Loki to get nice monitoring setup for your Wrongsecrets installation.
 
-After you have everything installed you can locally port forward the grafana port by running: `kubectl -n monitoring port-forward service/monitoring-grafana 8080:80` and access Grafana in your browser on [http://localhost:8080](http://localhost:8080). The default admin password for the Grafana Setup is: `prom-operator`. You can overwrite this by adding `set="grafana.adminPassword=yourPasswordHere"` to the helm install command for the prometheus-operator.
+The chart comes with dependency charts for Prometheus, Grafana & Grafana Loki. The default values for the charts are used, but you can overwrite them by adding `--set="key=value"` to the helm install command or by adding `key: value` to the [values file](../../helm/wrongsecrets-ctf-party/values.yaml) under the block `kube-prometheus-stack`. You can find the documentation of each dependency chart in the [chart.yaml file](../../helm/wrongsecrets-ctf-party/Chart.yaml) under `dependencies`.
 
-```sh
-# Install Prometheus, Grafana & Grafana Loki
+After you have everything installed you can locally port forward the grafana port by running: `kubectl port-forward svc/wrongsecrets-grafana 8080:80` and access Grafana in your browser on [http://localhost:8080](http://localhost:8080). The default admin password for the Grafana Setup is: `prom-operator`. You can overwrite this by adding `set="kube-prometheus-stack.grafana.adminPassword=yourPasswordHere"` to the helm install command for the chart.
 
-helm repo add grafana https://grafana.github.io/helm-charts
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+## Grafana Dashboards
 
-kubectl create namespace monitoring
-
-echo "Installing prometheus-operator"
-wget https://raw.githubusercontent.com/iteratec/multi-juicer/main/guides/monitoring-setup/prometheus-operator-config.yaml
-
-echo "Installing Prometheus Operator & Grafana"
-helm --namespace monitoring upgrade --install monitoring prometheus-community/kube-prometheus-stack --version 13.3.0 --values prometheus-operator-config.yaml
-
-echo "Installing loki"
-helm --namespace monitoring upgrade --install loki grafana/loki --version 2.3.0 --set="serviceMonitor.enabled=true"
-
-echo "Installing loki/promtail"
-helm --namespace monitoring upgrade --install promtail grafana/promtail --version 3.0.4 --set "config.lokiAddress=http://loki:3100/loki/api/v1/push" --set="serviceMonitor.enabled=true"
-
-echo "Installing MultiJuicer"
-helm repo add wrongsecrets-ctf-party https://iteratec.github.io/multi-juicer/
-
-# for helm >= 3
-helm install wrongsecrets-ctf-party wrongsecrets-ctf-party/wrongsecrets-ctf-party --set="balancer.metrics.enabled=true" --set="balancer.metrics.dashboards.enabled=true" --set="balancer.metrics.serviceMonitor.enabled=true"
-```
+The chart comes with a set of dashboards for Wrongsecrets. You can find them in the Grafana UI under `Dashboards -> Browse`.

helm/wrongsecrets-ctf-party/Chart.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: kube-prometheus-stack
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 43.1.4
+- name: loki
+  repository: https://grafana.github.io/helm-charts
+  version: 2.16.0
+- name: promtail
+  repository: https://grafana.github.io/helm-charts
+  version: 3.6.0
+digest: sha256:c68f0a283febf2fd6b176ed1dc4c375eb1bf88f5b5fc9c179b8f500a1120bbac
+generated: "2023-09-23T15:26:32.867688899+02:00"

helm/wrongsecrets-ctf-party/Chart.yaml

@@ -34,4 +34,15 @@ version: 1.7.0
 # incremented each time you make changes to the application.
 appVersion: 1.7.0
 
-dependencies: []
+dependencies:
+  - name: kube-prometheus-stack
+    version: 43.1.4
+    repository: https://prometheus-community.github.io/helm-charts
+
+  - name: loki
+    version: 2.16.0
+    repository: https://grafana.github.io/helm-charts
+
+  - name: promtail
+    version: 3.6.0
+    repository: https://grafana.github.io/helm-charts