viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

add pve exporter playbook + pve exporter in k8s [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-12-26 16:23:17 +00:00
parent 3c71cd8a44
commit d07c625064
5 changed files with 219 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
main.tf
View file

@ -126,6 +126,7 @@ variable "tiny_tuya_api_secret" { type = string }
variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_service_secret" { type = string }
variable "tiny_tuya_slack_url" { type = string } variable "tiny_tuya_slack_url" { type = string }
variable "haos_api_token" { type = string } variable "haos_api_token" { type = string }
variable "pve_password" { type = string }
variable "clickhouse_password" { type = string } variable "clickhouse_password" { type = string }
variable "clickhouse_postgres_password" { type = string } variable "clickhouse_postgres_password" { type = string }
variable "wealthfolio_password_hash" { type = string } variable "wealthfolio_password_hash" { type = string }
@ -520,6 +521,7 @@ module "kubernetes_cluster" {
tiny_tuya_service_secret = var.tiny_tuya_service_secret tiny_tuya_service_secret = var.tiny_tuya_service_secret
tiny_tuya_slack_url = var.tiny_tuya_slack_url tiny_tuya_slack_url = var.tiny_tuya_slack_url
haos_api_token = var.haos_api_token haos_api_token = var.haos_api_token
pve_password = var.pve_password
clickhouse_password = var.clickhouse_password clickhouse_password = var.clickhouse_password
clickhouse_postgres_password = var.clickhouse_postgres_password clickhouse_postgres_password = var.clickhouse_postgres_password

2
modules/kubernetes/main.tf
View file

@ -105,6 +105,7 @@ variable "tiny_tuya_api_secret" { type = string }
variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_service_secret" { type = string }
variable "tiny_tuya_slack_url" { type = string } variable "tiny_tuya_slack_url" { type = string }
variable "haos_api_token" { type = string } variable "haos_api_token" { type = string }
variable "pve_password" { type = string }
variable "clickhouse_password" { type = string } variable "clickhouse_password" { type = string }
variable "clickhouse_postgres_password" { type = string } variable "clickhouse_postgres_password" { type = string }
variable "wealthfolio_password_hash" { type = string } variable "wealthfolio_password_hash" { type = string }
@ -245,6 +246,7 @@ module "monitoring" {
alertmanager_slack_api_url = var.alertmanager_slack_api_url alertmanager_slack_api_url = var.alertmanager_slack_api_url
tiny_tuya_service_secret = var.tiny_tuya_service_secret tiny_tuya_service_secret = var.tiny_tuya_service_secret
haos_api_token = var.haos_api_token haos_api_token = var.haos_api_token
pve_password = var.pve_password
depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
} }

181
modules/kubernetes/monitoring/main.tf
View file

@ -12,6 +12,7 @@ variable "idrac_password" {
variable "alertmanager_slack_api_url" {} variable "alertmanager_slack_api_url" {}
variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_service_secret" { type = string }
variable "haos_api_token" { type = string } variable "haos_api_token" { type = string }
variable "pve_password" { type = string }
module "tls_secret" { module "tls_secret" {
source = "../setup_tls_secret" source = "../setup_tls_secret"
@ -547,6 +548,110 @@ module "snmp-exporter-ingress" {
port = 9116 port = 9116
} }
resource "kubernetes_secret" "pve_exporter_config" {
metadata {
name = "pve-exporter-config"
namespace = "monitoring"
}
data = {
"pve.yml" = <<-EOF
default:
user: "root@pam"
password: ${var.pve_password}
verify_ssl: false
timeout: 30
EOF
}
}
resource "kubernetes_deployment" "pve_exporter" {
metadata {
name = "proxmox-exporter"
namespace = "monitoring"
}
spec {
replicas = 1
selector {
match_labels = {
app = "proxmox-exporter"
}
}
template {
metadata {
labels = {
app = "proxmox-exporter"
}
}
spec {
container {
name = "proxmox-exporter"
image = "prompve/prometheus-pve-exporter:latest"
port {
container_port = 9221
}
# Mount the file into the container
volume_mount {
name = "config-volume"
mount_path = "/etc/prometheus"
read_only = true
}
}
volume {
name = "config-volume"
secret {
secret_name = kubernetes_secret.pve_exporter_config.metadata[0].name
items {
key = "pve.yml"
path = "pve.yml" # This results in /etc/prometheus/pve.yml
}
}
}
}
}
}
}
resource "kubernetes_service" "proxmox-exporter" {
metadata {
name = "proxmox-exporter"
namespace = "monitoring"
labels = {
"app" = "proxmox-exporter"
}
annotations = {
"prometheus.io/scrape" = "true"
"prometheus.io/port" = 9221
"prometheus.io/path" = "/pve"
"prometheus.io/param_target" = "192.168.1.127"
"prometheus.io/param_node" = "1"
"prometheus.io/param_cluster" = "1"
}
}
spec {
selector = {
"app" = "proxmox-exporter"
}
port {
name = "http"
port = 9221
target_port = 9221
}
}
}
# To monitor the pve node, use the node exporter and the playbook in this repo. from the root run:
# ansible-playbook -i ./playbooks/inventory.ini ./playbooks/deploy_node_exporter.yaml
# This installs the exporter binary
# resource "helm_release" "loki" { # resource "helm_release" "loki" {
# namespace = "monitoring" # namespace = "monitoring"
# create_namespace = true # create_namespace = true
@ -560,45 +665,45 @@ module "snmp-exporter-ingress" {
# timeout = 120 # timeout = 120
# } # }
resource "kubernetes_persistent_volume" "loki" { # resource "kubernetes_persistent_volume" "loki" {
metadata { # metadata {
name = "loki" # name = "loki"
} # }
spec { # spec {
capacity = { # capacity = {
storage = "15Gi" # storage = "15Gi"
} # }
access_modes = ["ReadWriteOnce"] # access_modes = ["ReadWriteOnce"]
persistent_volume_source { # persistent_volume_source {
nfs { # nfs {
path = "/mnt/main/loki/loki" # path = "/mnt/main/loki/loki"
server = "10.0.10.15" # server = "10.0.10.15"
} # }
} # }
persistent_volume_reclaim_policy = "Retain" # persistent_volume_reclaim_policy = "Retain"
volume_mode = "Filesystem" # volume_mode = "Filesystem"
} # }
} # }
resource "kubernetes_persistent_volume" "loki-minio" { # resource "kubernetes_persistent_volume" "loki-minio" {
metadata { # metadata {
name = "loki-minio" # name = "loki-minio"
} # }
spec { # spec {
capacity = { # capacity = {
storage = "15Gi" # storage = "15Gi"
} # }
access_modes = ["ReadWriteMany"] # access_modes = ["ReadWriteMany"]
persistent_volume_source { # persistent_volume_source {
nfs { # nfs {
path = "/mnt/main/loki/minio" # path = "/mnt/main/loki/minio"
server = "10.0.10.15" # server = "10.0.10.15"
} # }
} # }
persistent_volume_reclaim_policy = "Retain" # persistent_volume_reclaim_policy = "Retain"
volume_mode = "Filesystem" # volume_mode = "Filesystem"
} # }
} # }
# https://grafana.com/docs/alloy/latest/configure/kubernetes/ # https://grafana.com/docs/alloy/latest/configure/kubernetes/

70
playbooks/deploy_node_exporter.yaml Normal file
View file

@ -0,0 +1,70 @@
---
- name: Install Prometheus Node Exporter
hosts: all
become: true
vars:
node_exporter_version: "1.10.2"
architecture: "linux-amd64"
# Defines where the binary is downloaded/extracted
download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.{{ architecture }}.tar.gz"
tasks:
- name: Create node_exporter group
group:
name: node_exporter
state: present
- name: Create node_exporter user
user:
name: node_exporter
group: node_exporter
shell: /bin/false
create_home: no
- name: Download and unarchive Node Exporter
unarchive:
src: "{{ download_url }}"
dest: /tmp/
remote_src: yes
- name: Move binary to /usr/local/bin
copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.{{ architecture }}/node_exporter"
dest: /usr/local/bin/node_exporter
mode: '0755'
owner: node_exporter
group: node_exporter
remote_src: yes
- name: Create Systemd service file
copy:
dest: /etc/systemd/system/node_exporter.service
content: |
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target
[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter
[Install]
WantedBy=multi-user.target
- name: Force systemd to reread configs
systemd:
daemon_reload: yes
- name: Enable and start Node Exporter
systemd:
name: node_exporter
state: started
enabled: yes
- name: Clean up temporary files
file:
path: "/tmp/node_exporter-{{ node_exporter_version }}.{{ architecture }}"
state: absent

2
playbooks/inventory.ini Normal file
View file

@ -0,0 +1,2 @@
[keyserver]
192.168.1.127 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519