From d07c625064c8e5ebd89392b493f012e95eb765fa Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Fri, 26 Dec 2025 16:23:17 +0000
Subject: [PATCH] add pve exporter playbook + pve exporter in k8s [ci skip]

---
 main.tf                               |   2 +
 modules/kubernetes/main.tf            |   2 +
 modules/kubernetes/monitoring/main.tf | 181 ++++++++++++++++++++------
 playbooks/deploy_node_exporter.yaml   |  70 ++++++++++
 playbooks/inventory.ini               |   2 +
 5 files changed, 219 insertions(+), 38 deletions(-)
 create mode 100644 playbooks/deploy_node_exporter.yaml
 create mode 100644 playbooks/inventory.ini

diff --git a/main.tf b/main.tf
index cb90f85b..4c1efbc4 100644
--- a/main.tf
+++ b/main.tf
@@ -126,6 +126,7 @@ variable "tiny_tuya_api_secret" { type = string }
 variable "tiny_tuya_service_secret" { type = string }
 variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
+variable "pve_password" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
 variable "wealthfolio_password_hash" { type = string }
@@ -520,6 +521,7 @@ module "kubernetes_cluster" {
   tiny_tuya_service_secret = var.tiny_tuya_service_secret
   tiny_tuya_slack_url      = var.tiny_tuya_slack_url
   haos_api_token           = var.haos_api_token
+  pve_password             = var.pve_password
 
   clickhouse_password          = var.clickhouse_password
   clickhouse_postgres_password = var.clickhouse_postgres_password
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index bae19940..e0ea171a 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -105,6 +105,7 @@ variable "tiny_tuya_api_secret" { type = string }
 variable "tiny_tuya_service_secret" { type = string }
 variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
+variable "pve_password" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
 variable "wealthfolio_password_hash" { type = string }
@@ -245,6 +246,7 @@ module "monitoring" {
   alertmanager_slack_api_url    = var.alertmanager_slack_api_url
   tiny_tuya_service_secret      = var.tiny_tuya_service_secret
   haos_api_token                = var.haos_api_token
+  pve_password                  = var.pve_password
 
   depends_on = [null_resource.core_services]
 }
diff --git a/modules/kubernetes/monitoring/main.tf b/modules/kubernetes/monitoring/main.tf
index 6a48b73a..d1ab5243 100644
--- a/modules/kubernetes/monitoring/main.tf
+++ b/modules/kubernetes/monitoring/main.tf
@@ -12,6 +12,7 @@ variable "idrac_password" {
 variable "alertmanager_slack_api_url" {}
 variable "tiny_tuya_service_secret" { type = string }
 variable "haos_api_token" { type = string }
+variable "pve_password" { type = string }
 
 module "tls_secret" {
   source          = "../setup_tls_secret"
@@ -547,6 +548,110 @@ module "snmp-exporter-ingress" {
   port                    = 9116
 }
 
+resource "kubernetes_secret" "pve_exporter_config" {
+  metadata {
+    name      = "pve-exporter-config"
+    namespace = "monitoring"
+  }
+
+  data = {
+    "pve.yml" = <<-EOF
+      default:
+          user: "root@pam"
+          password: ${var.pve_password}
+          verify_ssl: false
+          timeout: 30
+    EOF
+  }
+}
+
+resource "kubernetes_deployment" "pve_exporter" {
+  metadata {
+    name      = "proxmox-exporter"
+    namespace = "monitoring"
+  }
+
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "proxmox-exporter"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "proxmox-exporter"
+        }
+      }
+
+      spec {
+        container {
+          name  = "proxmox-exporter"
+          image = "prompve/prometheus-pve-exporter:latest"
+
+          port {
+            container_port = 9221
+          }
+
+          # Mount the file into the container
+          volume_mount {
+            name       = "config-volume"
+            mount_path = "/etc/prometheus"
+            read_only  = true
+          }
+        }
+
+        volume {
+          name = "config-volume"
+          secret {
+            secret_name = kubernetes_secret.pve_exporter_config.metadata[0].name
+            items {
+              key  = "pve.yml"
+              path = "pve.yml" # This results in /etc/prometheus/pve.yml
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "proxmox-exporter" {
+  metadata {
+    name      = "proxmox-exporter"
+    namespace = "monitoring"
+    labels = {
+      "app" = "proxmox-exporter"
+    }
+    annotations = {
+      "prometheus.io/scrape"        = "true"
+      "prometheus.io/port"          = 9221
+      "prometheus.io/path"          = "/pve"
+      "prometheus.io/param_target"  = "192.168.1.127"
+      "prometheus.io/param_node"    = "1"
+      "prometheus.io/param_cluster" = "1"
+    }
+  }
+
+  spec {
+    selector = {
+      "app" = "proxmox-exporter"
+    }
+    port {
+      name        = "http"
+      port        = 9221
+      target_port = 9221
+    }
+  }
+}
+
+# To monitor the pve node, use the node exporter and the playbook in this repo. from the root run:
+# ansible-playbook -i ./playbooks/inventory.ini  ./playbooks/deploy_node_exporter.yaml
+# This installs the exporter binary
+
+
 # resource "helm_release" "loki" {
 #   namespace        = "monitoring"
 #   create_namespace = true
@@ -560,45 +665,45 @@ module "snmp-exporter-ingress" {
 #   timeout = 120
 # }
 
-resource "kubernetes_persistent_volume" "loki" {
-  metadata {
-    name = "loki"
-  }
-  spec {
-    capacity = {
-      storage = "15Gi"
-    }
-    access_modes = ["ReadWriteOnce"]
-    persistent_volume_source {
-      nfs {
-        path   = "/mnt/main/loki/loki"
-        server = "10.0.10.15"
-      }
-    }
-    persistent_volume_reclaim_policy = "Retain"
-    volume_mode                      = "Filesystem"
-  }
-}
+# resource "kubernetes_persistent_volume" "loki" {
+#   metadata {
+#     name = "loki"
+#   }
+#   spec {
+#     capacity = {
+#       storage = "15Gi"
+#     }
+#     access_modes = ["ReadWriteOnce"]
+#     persistent_volume_source {
+#       nfs {
+#         path   = "/mnt/main/loki/loki"
+#         server = "10.0.10.15"
+#       }
+#     }
+#     persistent_volume_reclaim_policy = "Retain"
+#     volume_mode                      = "Filesystem"
+#   }
+# }
 
-resource "kubernetes_persistent_volume" "loki-minio" {
-  metadata {
-    name = "loki-minio"
-  }
-  spec {
-    capacity = {
-      storage = "15Gi"
-    }
-    access_modes = ["ReadWriteMany"]
-    persistent_volume_source {
-      nfs {
-        path   = "/mnt/main/loki/minio"
-        server = "10.0.10.15"
-      }
-    }
-    persistent_volume_reclaim_policy = "Retain"
-    volume_mode                      = "Filesystem"
-  }
-}
+# resource "kubernetes_persistent_volume" "loki-minio" {
+#   metadata {
+#     name = "loki-minio"
+#   }
+#   spec {
+#     capacity = {
+#       storage = "15Gi"
+#     }
+#     access_modes = ["ReadWriteMany"]
+#     persistent_volume_source {
+#       nfs {
+#         path   = "/mnt/main/loki/minio"
+#         server = "10.0.10.15"
+#       }
+#     }
+#     persistent_volume_reclaim_policy = "Retain"
+#     volume_mode                      = "Filesystem"
+#   }
+# }
 
 
 # https://grafana.com/docs/alloy/latest/configure/kubernetes/
diff --git a/playbooks/deploy_node_exporter.yaml b/playbooks/deploy_node_exporter.yaml
new file mode 100644
index 00000000..de3c3937
--- /dev/null
+++ b/playbooks/deploy_node_exporter.yaml
@@ -0,0 +1,70 @@
+---
+- name: Install Prometheus Node Exporter
+  hosts: all
+  become: true
+  vars:
+    node_exporter_version: "1.10.2"
+    architecture: "linux-amd64"
+    # Defines where the binary is downloaded/extracted
+    download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.{{ architecture }}.tar.gz"
+
+  tasks:
+    - name: Create node_exporter group
+      group:
+        name: node_exporter
+        state: present
+
+    - name: Create node_exporter user
+      user:
+        name: node_exporter
+        group: node_exporter
+        shell: /bin/false
+        create_home: no
+
+    - name: Download and unarchive Node Exporter
+      unarchive:
+        src: "{{ download_url }}"
+        dest: /tmp/
+        remote_src: yes
+
+    - name: Move binary to /usr/local/bin
+      copy:
+        src: "/tmp/node_exporter-{{ node_exporter_version }}.{{ architecture }}/node_exporter"
+        dest: /usr/local/bin/node_exporter
+        mode: '0755'
+        owner: node_exporter
+        group: node_exporter
+        remote_src: yes
+
+    - name: Create Systemd service file
+      copy:
+        dest: /etc/systemd/system/node_exporter.service
+        content: |
+          [Unit]
+          Description=Node Exporter
+          Wants=network-online.target
+          After=network-online.target
+
+          [Service]
+          User=node_exporter
+          Group=node_exporter
+          Type=simple
+          ExecStart=/usr/local/bin/node_exporter
+
+          [Install]
+          WantedBy=multi-user.target
+
+    - name: Force systemd to reread configs
+      systemd:
+        daemon_reload: yes
+
+    - name: Enable and start Node Exporter
+      systemd:
+        name: node_exporter
+        state: started
+        enabled: yes
+
+    - name: Clean up temporary files
+      file:
+        path: "/tmp/node_exporter-{{ node_exporter_version }}.{{ architecture }}"
+        state: absent
diff --git a/playbooks/inventory.ini b/playbooks/inventory.ini
new file mode 100644
index 00000000..2c953ad0
--- /dev/null
+++ b/playbooks/inventory.ini
@@ -0,0 +1,2 @@
+[keyserver]
+192.168.1.127 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519