From ed63c8514f940942f852f44d1ad60b9c0a589407 Mon Sep 17 00:00:00 2001 From: Seth Call Date: Sun, 5 Oct 2025 17:43:16 -0500 Subject: [PATCH] healthcheck and monitoring --- NOTES.md | 1 + k8s/applications/values-staging.yaml | 1 + .../overlays/production/applications.yaml | 21 +++- k8s/argocd/overlays/staging/applications.yaml | 21 +++- k8s/monitoring/values-production.yaml | 71 +++++++++-- k8s/webrtc-be/templates/deployment.yml | 9 +- k8s/webrtc-be/values-staging.yaml | 2 +- scripts/check-udp-prd.sh | 2 +- scripts/describe-nodes | 39 ++++++ scripts/describe-nodes-verbose | 45 +++++++ scripts/exec-grafana | 37 ++++++ scripts/fix-webrtc-apps.sh | 27 ++++ scripts/get-grafana-password | 28 +++++ scripts/helm-update-webrtcbe | 2 + scripts/log-grafana-watch | 36 ++++++ scripts/redeploy-webrtc-pods-only | 4 + scripts/replace-webrtc | 4 +- terraform/.terraform.lock.hcl | 115 ++++-------------- terraform/lke.tf | 14 ++- terraform/terraform.tf | 14 ++- 20 files changed, 378 insertions(+), 115 deletions(-) create mode 100644 NOTES.md create mode 100755 scripts/describe-nodes create mode 100755 scripts/describe-nodes-verbose create mode 100755 scripts/exec-grafana create mode 100755 scripts/fix-webrtc-apps.sh create mode 100755 scripts/get-grafana-password create mode 100755 scripts/helm-update-webrtcbe create mode 100755 scripts/log-grafana-watch create mode 100755 scripts/redeploy-webrtc-pods-only diff --git a/NOTES.md b/NOTES.md new file mode 100644 index 0000000..9d64fa6 --- /dev/null +++ b/NOTES.md @@ -0,0 +1 @@ +https://monitoring.video.jamkazam.com/grafana/d/ca12da12-cfda-45a3-b4e8-8787bb042f37/video-health?orgId=1&from=now-7d&to=now&timezone=browser diff --git a/k8s/applications/values-staging.yaml b/k8s/applications/values-staging.yaml index 81cadf5..2367549 100644 --- a/k8s/applications/values-staging.yaml +++ b/k8s/applications/values-staging.yaml @@ -1,2 +1,3 @@ environment: "staging" gitBranch: "develop" +fullnameOverride: "video-server" diff --git a/k8s/argocd/overlays/production/applications.yaml b/k8s/argocd/overlays/production/applications.yaml index c64f69e..b7ee0d0 100644 --- a/k8s/argocd/overlays/production/applications.yaml +++ b/k8s/argocd/overlays/production/applications.yaml @@ -3,7 +3,26 @@ kind: Application metadata: name: applications spec: + destination: + namespace: argocd + server: 'https://kubernetes.default.svc' source: + path: k8s/applications + repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' + targetRevision: main helm: valueFiles: - - values-production.yaml \ No newline at end of file + - values-production.yaml + project: default + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + allowEmpty: false + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m \ No newline at end of file diff --git a/k8s/argocd/overlays/staging/applications.yaml b/k8s/argocd/overlays/staging/applications.yaml index 749654d..db146cf 100644 --- a/k8s/argocd/overlays/staging/applications.yaml +++ b/k8s/argocd/overlays/staging/applications.yaml @@ -3,7 +3,26 @@ kind: Application metadata: name: applications spec: + destination: + namespace: argocd + server: 'https://kubernetes.default.svc' source: + path: k8s/applications + repoURL: 'git@bitbucket.org:jamkazam/video-iac.git' + targetRevision: develop helm: valueFiles: - - values-staging.yaml \ No newline at end of file + - values-staging.yaml + project: default + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + allowEmpty: false + retry: + limit: 4 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/k8s/monitoring/values-production.yaml b/k8s/monitoring/values-production.yaml index 5ff6195..8de3d36 100644 --- a/k8s/monitoring/values-production.yaml +++ b/k8s/monitoring/values-production.yaml @@ -1,18 +1,19 @@ # Helm chart values for Prometheus Operator with HTTPS and basic auth +# Explicitly enable RBAC resource creation +rbac: + create: true + + kube-prometheus-stack: - nodeExporter: - enabled: true + + # Disable the default ServiceMonitor configuration paths to prevent duplicates + prometheus-node-exporter: serviceMonitor: - enabled: true - relabelings: - - sourceLabels: [__meta_kubernetes_pod_node_name] - targetLabel: instance - action: replace - # Optional Rule 2: If the original IP address needs to be retained - # as a separate label (e.g., 'ip_address'), this rule can be added: - - sourceLabels: [__address__] - targetLabel: ip_address - action: replace + enabled: false + nodeExporter: + serviceMonitor: + enabled: false + prometheus: ingress: enabled: true @@ -45,7 +46,53 @@ kube-prometheus-stack: resources: requests: storage: 30Gi + # 2. !!! CRUCIAL: Ensure the default ServiceMonitor is ignored !!! + # This prevents duplicate metrics by telling Prometheus to ignore the default SM. + serviceMonitorSelector: + matchExpressions: + # Exclude the default node-exporter ServiceMonitor + - key: app.kubernetes.io/name + operator: NotIn + values: + # Use the label identified above + - prometheus-node-exporter + # Add the manual scrape configuration + additionalScrapeConfigs: + - job_name: 'node-exporter' + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + # 1. Filter: Precisely target the node-exporter service in the monitoring namespace. + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name] + separator: '/' + # Assuming the service name is 'monitoring-prometheus-node-exporter' + regex: 'monitoring/monitoring-prometheus-node-exporter' + action: keep + + # 2. Filter: Ensure we are targeting the standard port (usually 9100) + - source_labels: [__address__] + regex: '.*:9100$' + action: keep + # 3. THE FIX: Set the instance label correctly + - source_labels: [__meta_kubernetes_endpoint_node_name] + target_label: instance + action: replace + - source_labels: [__address__] + target_label: ip_address + action: replace + + # 4. Replicate standard labels for dashboard compatibility + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + # Ensure standard labels are present for dashboard compatibility + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + - source_labels: [__meta_kubernetes_endpoint_node_name] + target_label: node alertmanager: ingress: enabled: true diff --git a/k8s/webrtc-be/templates/deployment.yml b/k8s/webrtc-be/templates/deployment.yml index cca8506..d3ca8bc 100644 --- a/k8s/webrtc-be/templates/deployment.yml +++ b/k8s/webrtc-be/templates/deployment.yml @@ -12,6 +12,7 @@ spec: replicas: 1 template: metadata: + generateName: webrtc-be- labels: app: webrtc-be spec: @@ -52,9 +53,11 @@ spec: timeoutSeconds: 5 failureThreshold: 3 readinessProbe: - tcpSocket: + httpGet: + path: /healthcheck port: 5001 - initialDelaySeconds: 5 + scheme: HTTP + initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 - failureThreshold: 3 + failureThreshold: 3 \ No newline at end of file diff --git a/k8s/webrtc-be/values-staging.yaml b/k8s/webrtc-be/values-staging.yaml index 8f5327b..6ffb124 100644 --- a/k8s/webrtc-be/values-staging.yaml +++ b/k8s/webrtc-be/values-staging.yaml @@ -4,4 +4,4 @@ domain: "webrtc-be.staging.video.jamkazam.com" backendUrl: "https://staging.jamkazam.com" # Webrtc_be image version webrtc_tag: 1.0.131 - +unused_tag: 1.0.0 diff --git a/scripts/check-udp-prd.sh b/scripts/check-udp-prd.sh index 4b07ad7..2711724 100755 --- a/scripts/check-udp-prd.sh +++ b/scripts/check-udp-prd.sh @@ -3,7 +3,7 @@ set -eu -o pipefail -KUBECONFIG=~/Downloads/prd-video-cluster-kubeconfig.yaml +KUBECONFIG=~/workspace/jamkazam/k8s/prd-video-cluster-kubeconfig.yaml POD=`kubectl --kubeconfig $KUBECONFIG --namespace webrtc-be get pod --no-headers -o custom-columns=":metadata.name"` diff --git a/scripts/describe-nodes b/scripts/describe-nodes new file mode 100755 index 0000000..dacb40e --- /dev/null +++ b/scripts/describe-nodes @@ -0,0 +1,39 @@ +#!/bin/bash + +# This script iterates through all nodes in a Kubernetes cluster and, for each node, +# provides a detailed description and lists all the pods running on it. + +# Set color codes for better readability +BLUE='\033[0;34m' +GREEN='\033[0;32m' +NC='\033[0m' # No Color + +echo -e "${BLUE}Fetching list of all nodes in the cluster...${NC}" + +# Get a list of all node names, skipping the header row. +# 'kubectl get nodes --no-headers' gets the node list without the header. +# 'awk '{print $1}'' prints only the first column (the node names). +NODE_LIST=$(kubectl get nodes --no-headers | awk '{print $1}') + +# Check if any nodes were found to prevent errors. +if [ -z "$NODE_LIST" ]; then + echo "Error: No nodes found in the cluster." + exit 1 +fi + +echo -e "${GREEN}Found nodes. Starting inspection...${NC}" + +# Loop through each node name in the list. +for node in $NODE_LIST; do + # Print a clear separator for each node's output. + echo -e "\n${BLUE}======================================================================${NC}" + echo -e "${GREEN}Processing Node: $node${NC}" + echo -e "${BLUE}======================================================================${NC}\n" + + echo -e "${GREEN}### Listing all pods on '$node'...${NC}" + kubectl get pods --all-namespaces --field-selector spec.nodeName="$node" + echo "" +done + +echo -e "${BLUE}Script finished processing all nodes.${NC}" + diff --git a/scripts/describe-nodes-verbose b/scripts/describe-nodes-verbose new file mode 100755 index 0000000..9b6c84a --- /dev/null +++ b/scripts/describe-nodes-verbose @@ -0,0 +1,45 @@ +#!/bin/bash + +# This script iterates through all nodes in a Kubernetes cluster and, for each node, +# provides a detailed description and lists all the pods running on it. + +# Set color codes for better readability +BLUE='\033[0;34m' +GREEN='\033[0;32m' +NC='\033[0m' # No Color + +echo -e "${BLUE}Fetching list of all nodes in the cluster...${NC}" + +# Get a list of all node names, skipping the header row. +# 'kubectl get nodes --no-headers' gets the node list without the header. +# 'awk '{print $1}'' prints only the first column (the node names). +NODE_LIST=$(kubectl get nodes --no-headers | awk '{print $1}') + +# Check if any nodes were found to prevent errors. +if [ -z "$NODE_LIST" ]; then + echo "Error: No nodes found in the cluster." + exit 1 +fi + +echo -e "${GREEN}Found nodes. Starting inspection...${NC}" + +# Loop through each node name in the list. +for node in $NODE_LIST; do + # Print a clear separator for each node's output. + echo -e "\n${BLUE}======================================================================${NC}" + echo -e "${GREEN}Processing Node: $node${NC}" + echo -e "${BLUE}======================================================================${NC}\n" + + # --- Command 1: Describe Node --- + echo -e "${GREEN}### Describing node details for '$node'...${NC}" + kubectl describe node "$node" + echo "" # Add a newline for spacing + + # --- Command 2: Get Pods on Node --- + echo -e "${GREEN}### Listing all pods on '$node'...${NC}" + kubectl get pods --all-namespaces --field-selector spec.nodeName="$node" + echo "" +done + +echo -e "${BLUE}Script finished processing all nodes.${NC}" + diff --git a/scripts/exec-grafana b/scripts/exec-grafana new file mode 100755 index 0000000..47cfb56 --- /dev/null +++ b/scripts/exec-grafana @@ -0,0 +1,37 @@ +#!/bin/bash + +# Script: exec_grafana_pod.sh +# Description: Finds the Grafana pod and opens a bash shell inside it. +# Usage: ./exec_grafana_pod.sh [namespace] + +# --- Configuration (can be overridden by command-line argument) --- +GRAFANA_NAMESPACE="${1:-monitoring}" # Default to 'monitoring' if no argument provided + +# --- Main Logic --- + +echo "Searching for Grafana pod in namespace '$GRAFANA_NAMESPACE'..." + +# Find the Grafana pod name. Use `head -n 1` in case multiple pods match. +GRAFANA_POD=$(kubectl get pods -n "$GRAFANA_NAMESPACE" -l app.kubernetes.io/name=grafana -o jsonpath='{.items[0].metadata.name}' 2>/dev/null) + +if [ -z "$GRAFANA_POD" ]; then + echo "Error: Grafana pod not found in namespace '$GRAFANA_NAMESPACE'." + echo "Please ensure Grafana is deployed and running, and the namespace is correct." + exit 1 +fi + +echo "Found Grafana pod: $GRAFANA_POD" +echo "--- Executing bash shell into Grafana pod ---" +echo "Type 'exit' to return to your local shell." + +# Execute bash shell into the pod. +kubectl exec -it -n "$GRAFANA_NAMESPACE" "$GRAFANA_POD" -- bash + +if [ $? -ne 0 ]; then + echo "Error: Could not exec into pod '$GRAFANA_POD'." + echo "Check kubectl permissions, if the pod is running, or if 'bash' is available in the container." + echo "You might try 'sh' instead of 'bash' if bash is not present: kubectl exec -it -n $GRAFANA_NAMESPACE $GRAFANA_POD -- sh" + exit 1 +fi + +echo "Exited Grafana pod shell." diff --git a/scripts/fix-webrtc-apps.sh b/scripts/fix-webrtc-apps.sh new file mode 100755 index 0000000..831382a --- /dev/null +++ b/scripts/fix-webrtc-apps.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +echo "Fixing webrtc ArgoCD applications..." + +# Set kubeconfig to staging +export KUBECONFIG=/Users/seth/workspace/video-iac/terraform/stg-kubeconfig.yaml + +echo "Current ArgoCD applications:" +kubectl get applications -n argocd | grep webrtc + +echo "Deleting webrtc-local if it exists..." +kubectl delete application webrtc-be-local -n argocd --ignore-not-found=true + +echo "Deleting webrtc-be if it exists..." +kubectl delete application webrtc-be -n argocd --ignore-not-found=true + +echo "Recreating applications..." +kubectl apply -f k8s/argocd/overlays/staging/applications.yaml + +echo "Waiting for applications to be created..." +sleep 10 + +echo "Checking application status..." +kubectl get applications -n argocd | grep webrtc + +echo "Done! Check ArgoCD UI to verify webrtc-be is syncing correctly." + diff --git a/scripts/get-grafana-password b/scripts/get-grafana-password new file mode 100755 index 0000000..0c27c32 --- /dev/null +++ b/scripts/get-grafana-password @@ -0,0 +1,28 @@ +#!/bin/bash + +# Script: get_grafana_password.sh +# Description: Retrieves the Grafana admin password from its Kubernetes Secret. +# Usage: ./get_grafana_password.sh [namespace] [secret_name] + +# --- Configuration (can be overridden by command-line arguments) --- +GRAFANA_NAMESPACE="${1:-monitoring}" # Default to 'monitoring' +GRAFANA_SECRET_NAME="${2:-monitoring-grafana}" # Default to 'monitoring-grafana' + +# --- Main Logic --- + +echo "Attempting to retrieve Grafana admin password from secret '$GRAFANA_SECRET_NAME' in namespace '$GRAFANA_NAMESPACE'..." + +# Retrieve and decode the password. `2>/dev/null` suppresses kubectl errors. +GRAFANA_PASSWORD=$(kubectl get secret -n "$GRAFANA_NAMESPACE" "$GRAFANA_SECRET_NAME" -o jsonpath="{.data.admin-password}" 2>/dev/null | base64 --decode 2>/dev/null) + +if [ -z "$GRAFANA_PASSWORD" ]; then + echo "Error: Could not retrieve Grafana admin password." + echo "Possible reasons:" + echo " - Secret '$GRAFANA_SECRET_NAME' not found in namespace '$GRAFANA_NAMESPACE'." + echo " - The key 'admin-password' is missing within the secret." + echo " - kubectl permissions are insufficient." + echo " - The secret or key names are incorrect. Verify with 'kubectl get secret -n $GRAFANA_NAMESPACE $GRAFANA_SECRET_NAME -o yaml'." + exit 1 +fi + +echo "Grafana Admin Password: $GRAFANA_PASSWORD" diff --git a/scripts/helm-update-webrtcbe b/scripts/helm-update-webrtcbe new file mode 100755 index 0000000..afab14f --- /dev/null +++ b/scripts/helm-update-webrtcbe @@ -0,0 +1,2 @@ +# run in k8s/monitoring folder +helm upgrade webrtc-be . --namespace webrtc-be -f values-staging.yaml diff --git a/scripts/log-grafana-watch b/scripts/log-grafana-watch new file mode 100755 index 0000000..cf259b3 --- /dev/null +++ b/scripts/log-grafana-watch @@ -0,0 +1,36 @@ +#!/bin/bash + +# Script: get_grafana_logs.sh +# Description: Finds the Grafana pod and displays its logs in real-time. +# Usage: ./get_grafana_logs.sh [namespace] + +# --- Configuration (can be overridden by command-line argument) --- +GRAFANA_NAMESPACE="${1:-monitoring}" # Default to 'monitoring' if no argument provided + +# --- Main Logic --- + +echo "Searching for Grafana pod in namespace '$GRAFANA_NAMESPACE'..." + +# Find the Grafana pod name. Use `head -n 1` in case multiple pods match, +# we'll take the first one. `2>/dev/null` suppresses kubectl errors if no pod is found. +GRAFANA_POD=$(kubectl get pods -n "$GRAFANA_NAMESPACE" -l app.kubernetes.io/name=grafana -o jsonpath='{.items[0].metadata.name}' 2>/dev/null) + +if [ -z "$GRAFANA_POD" ]; then + echo "Error: Grafana pod not found in namespace '$GRAFANA_NAMESPACE'." + echo "Please ensure Grafana is deployed and running, and the namespace is correct." + exit 1 +fi + +echo "Found Grafana pod: $GRAFANA_POD" +echo "--- Displaying real-time logs (Ctrl+C to stop) ---" + +# Display logs. `--follow` streams real-time logs. +kubectl logs "$GRAFANA_POD" -n "$GRAFANA_NAMESPACE" --follow + +if [ $? -ne 0 ]; then + echo "Error: Could not retrieve logs for pod '$GRAFANA_POD'." + echo "Check kubectl permissions or if the pod is actually running and healthy." + exit 1 +fi + +echo "Logs stream ended." diff --git a/scripts/redeploy-webrtc-pods-only b/scripts/redeploy-webrtc-pods-only new file mode 100755 index 0000000..3c1a863 --- /dev/null +++ b/scripts/redeploy-webrtc-pods-only @@ -0,0 +1,4 @@ +#!/bin/bash + +# useful for testing liveness probes +kubectl patch deployment webrtc-be --namespace webrtc-be -p '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'$(date +%Y-%m-%dT%H:%M:%S%z)'"}}}}}' diff --git a/scripts/replace-webrtc b/scripts/replace-webrtc index c1618f5..219d0c0 100755 --- a/scripts/replace-webrtc +++ b/scripts/replace-webrtc @@ -2,6 +2,8 @@ set -eu -o pipefail ENV=$1 # stg or prd -KUBECONFIG=~/Downloads/$ENV-video-cluster-kubeconfig.yaml +#KUBECONFIG=~/Downloads/$ENV-video-cluster-kubeconfig.yaml + +KUBECONFIG=~/workspace/jamkazam/k8s/prd-video-cluster-kubeconfig.yaml kubectl --kubeconfig $KUBECONFIG --namespace webrtc-be get pod -o yaml | kubectl --kubeconfig $KUBECONFIG --namespace webrtc-be replace --force -f - diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 8fd401e..bfaa08b 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,27 +1,11 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/gavinbunney/kubectl" { - version = "1.13.0" - constraints = ">= 1.7.0" - hashes = [ - "h1:rL7qqvUpmTiaZDi0b+GQC8mUMpme+RfRfWFzLsp3F0Q=", - "zh:088c99d7e079ba2be3abe1d5c5b2070eff85256178467783af125d11026f08b6", - "zh:0d3fa3bfb4768dd39e2f3af4d85e69fdb8f6abcbe92fece37fc78a97dedd7dc1", - "zh:227d9fb591a0cdcd482410b88c6d91f17922a85fb9caef9b73c2883f6964b483", - "zh:607bff8e6e03ae2b4d523c21377fa655d370cc8310812310ae61b409e7c271d5", - "zh:621d46414e23d5a7cfb1ba25275f1cac1fba78be5c1512f0a0614752425411cc", - "zh:76aace9adb7dc9c10abcc52b31947821335b60b7b335b485bd05f20a91debd63", - "zh:a9ff1f7c676d89cacd64605ad899749dd718f65cb879fabba8e15fcfd0a07629", - "zh:b122fa06ad1978ec3092cce48f16456aa820bf5786a101a8378323659ed11db3", - "zh:fcf5ad18fafe717739c5d40d8c4e4a70e123cf4296efc7286f9d98e3c42e410f", - ] -} - provider "registry.terraform.io/hashicorp/aws" { version = "3.65.0" hashes = [ "h1:GCDkcISN83t+JK2U+ie3vaECnyxK0Sr6GjO7IrBOVeo=", + "h1:hwHPvi/bvbNGOmMg2ECtU//klQBTgQBRFHAPaQ+LZoc=", "zh:108aeaf5e18087d9ac852737a5be1347a28e40825817cc1a29ec523d40268294", "zh:1a719c0c9754f906b2220d3bbf90d483ec0a74cf87768a464d2d657b7901ec6b", "zh:21acdc35ae70a626cbc81eff06181a78843f1ddc2d9200f80fabf2e0466ecbda", @@ -36,46 +20,12 @@ provider "registry.terraform.io/hashicorp/aws" { ] } -provider "registry.terraform.io/hashicorp/helm" { - version = "2.4.1" - hashes = [ - "h1:CLb4n9f/hLyqqq0zbc+h5SuNOB7KnO65qOOb+ohwsKA=", - "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14", - "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5", - "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526", - "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772", - "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd", - "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e", - "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0", - "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3", - "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f", - "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67", - "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e", - ] -} - -provider "registry.terraform.io/hashicorp/http" { - version = "2.1.0" - hashes = [ - "h1:GYoVrTtiSAE3AlP1fad3fFmHoPaXAPhm/DJyMcVCwZA=", - "zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826", - "zh:0704d02926393ddc0cfad0b87c3d51eafeeae5f9e27cc71e193c141079244a22", - "zh:095ea350ea94973e043dad2394f10bca4a4bf41be775ba59d19961d39141d150", - "zh:0b71ac44e87d6964ace82979fc3cbb09eb876ed8f954449481bcaa969ba29cb7", - "zh:0e255a170db598bd1142c396cefc59712ad6d4e1b0e08a840356a371e7b73bc4", - "zh:67c8091cfad226218c472c04881edf236db8f2dc149dc5ada878a1cd3c1de171", - "zh:75df05e25d14b5101d4bc6624ac4a01bb17af0263c9e8a740e739f8938b86ee3", - "zh:b4e36b2c4f33fdc44bf55fa1c9bb6864b5b77822f444bd56f0be7e9476674d0e", - "zh:b9b36b01d2ec4771838743517bc5f24ea27976634987c6d5529ac4223e44365d", - "zh:ca264a916e42e221fddb98d640148b12e42116046454b39ede99a77fc52f59f4", - "zh:fe373b2fb2cc94777a91ecd7ac5372e699748c455f44f6ea27e494de9e5e6f92", - ] -} - provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.6.1" + version = "2.6.1" + constraints = ">= 2.0.0" hashes = [ "h1:DWgawNO2C7IuXC2v9IjTSsqs1vZHSAbP4ilWQ0LdbwI=", + "h1:aw4mTyVx41Y/+lAGNJcRvylF2j0sRQD6up5/CXmj9ds=", "zh:081fbaf9441ebb278753dcf05f318fa7d445e9599a600d7c525e9a18b871d4c8", "zh:143bfbe871c628981d756ead47486e807fce876232d05607e0b8852ebee4eed8", "zh:34f413a644eb952e3f041d67ef19200f4c286d374eae87b60fafdd8bf6bb5654", @@ -94,6 +44,7 @@ provider "registry.terraform.io/hashicorp/local" { version = "2.1.0" hashes = [ "h1:KfieWtVyGWwplSoLIB5usKAUnrIkDQBkWaR5TI+4WYg=", + "h1:PaQTpxHMbZB9XV+c1od1eaUvndQle3ZZHx79hrI6C3k=", "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2", "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab", "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3", @@ -108,46 +59,24 @@ provider "registry.terraform.io/hashicorp/local" { ] } -provider "registry.terraform.io/kbst/kustomization" { - version = "0.6.0" - constraints = "0.6.0" - hashes = [ - "h1:abrUi8VhJAz8It7ZJrUMJU8Nf35zCvfCXYizeicYWCs=", - "zh:07ba6c329139d32411ba3b52c1da0af8cf393925f9dec5844853f45bc26d235c", - "zh:08a1885c1c603c39fbec8e74b762ad4002aea5ecb8c57db297fb9e935bada5eb", - "zh:149d1ac2ace6e5539f1abd2186ed470a94d3146639d758db7ecefffc6ea86942", - "zh:30c641789aff263a088944a7765f7c3e104704e15f45c4b828ef5341cf1f87b2", - "zh:5497d55248fa47050000b213dae7bb9c5b3c33e31b4f4c6862dd4a5e46295df1", - "zh:6d6fac9185d34828e6f7d7f92f31590d600064a373e4f38add053c53cf9db5cf", - "zh:7cad5e6b8cdac3eee3654b4777a0ffc1627c9d5712d85e12a6f73e7b9fb112b7", - "zh:8c5e4557e5d70bec0eb00a708e0c71f0ef082f012fe8af3b7d14b3be8454a9b9", - "zh:91b11fead24db03e54bf49ffaf1afaf229d2f4d59331597aeb513ec4f8d1a114", - "zh:ac986c7102f413fbfabea49735c5b0343d34f313e93d772e7d12d504cc7b221d", - "zh:afc046c3ecc121d1c4c35822cad6280db1cff1165b99ed545d15d5cde3e5a464", - "zh:b726fc46c30f4c90cc6e7f3e991b31cb058768ae78596432f39997f3ed3f2085", - "zh:c46b73f037b0fc2dbc4d3a137d2ff17a794ec61c9d185f2d0252a3d7cf688dae", - "zh:d0962c860edc9c6db7bdb261fa9c9a3b11ca5e62f19552232c0b29ff9ca8fe7c", - ] -} - provider "registry.terraform.io/linode/linode" { - version = "1.24.0" - constraints = "1.24.0" + version = "2.41.1" + constraints = "~> 2.0" hashes = [ - "h1:k1aiT3JCgzUvNxpT5EznQSRigqEdAwaSkQ4PoJVhXDM=", - "zh:06d87467ec78e7dc9c57bcdd1874a648c8e463ea067b158c00583e71aa26dfa1", - "zh:1ed95f626255e53dfa9df3b2a2c67a1445ae5224bbc9244c1bc4961e635aabfa", - "zh:3e6b338004f9cf82e7a6aaeffae7d0e064489b12ed1898400cf9c13703f0e5d0", - "zh:40e18d4fdeac61a06cf1e5208ad46bcf5d989083ad535c9450c46c425098dd4a", - "zh:4c35b67a148d0cac7a42c919c3cfd2198bc113ae3c12167b3ad8dc6aa785ec84", - "zh:5240744778bc865a8c2f14a71649b7a0097cdb681e48359ba3718f8b516fc577", - "zh:54af2b3cb45d17fc5563e7d1b86aafc38d3f4ac11b0aaf42ca9c74d53fdff7dc", - "zh:79c675e7251090761a4010aafaf144c4cea6940b49c4341f72d6a04126214543", - "zh:8538680134057d39fed6a010327faed12d26c8d33a369662766e2818777a7a8b", - "zh:8c8423769e0aae0f291fa381ab78e13c51d6c8f49336cbb7fd8a1a990a9f941f", - "zh:bcda0537da1ddccd2f05e9e123086a6b84aaeb11a22082d6734c777a95162ff0", - "zh:bfa7fc09a14c764b90280ab7414d376238515d80e940cdd0bc84fa1943e3b55c", - "zh:d44c1ba3514d19356c5654821ae43ede198bff1c1e5b5d496292f66fb750ca9f", - "zh:fae47b8424f7a38a844f78508f8b05cc69c2110b04fa9df666173d50761e855b", + "h1:gDA5DkRDuSgXdWoChx+ttbDeuB3Jv3VMV6ekS4GgWK8=", + "zh:0b76e77089c098171d09711bab3a13ffb65f8247876ef9f613b249004f04bddf", + "zh:0f060eb2558c28cce8d3cbc2add2028ba211c9d887606ca457b78b76819e0013", + "zh:29d74b53aa7899b6c31a629a37d2ccab166a21f25829f1dc13e5ecc240048df9", + "zh:2be5fb85c1d386dd370cf9c5ebf570ebf5841b8283592e0f94f2bb42090bf092", + "zh:893850f36c8ab5ccaec99164b3e51e54791e27cac7995d8cf9dce85156c5ec08", + "zh:9ed8515c25b6c2ed32c33c1b2d7631e530382fa44e950c694e55e599fa554a09", + "zh:a3e8a3b0cff767292fed8c8db6c071231b2565e64a8a48fb85b636bcdef74643", + "zh:a5a303ed5712502c8bdb7173ca3a9ab080a2a589a56a938b59e07c98086f6d97", + "zh:d13e06f2b34105d5755bacf3613710d9a05f1b81865dd8c62ec35ecee5895a0b", + "zh:d3c60ef1782a71c0eb6f64a57e398aa8536942277c42dca7ee9993e68c58e808", + "zh:f1a9fcf96bc428272345556b520d631220e7443efaa41929cf465c6f8944c2ba", + "zh:f3ef16df5913dbc73fb9a6debdb58e2fb85e7063d0d23d8c2be2562c1a0a7f3c", + "zh:fdc3c13f05f2d7563af84cd4ff20d07b8b3e8593110294357840d9f0e295fe97", + "zh:febe350bb0f7ff4755658def77552d78991783f247aeaa2e919cd3a558aaad7b", ] } diff --git a/terraform/lke.tf b/terraform/lke.tf index 4d7fe4b..cd89f63 100644 --- a/terraform/lke.tf +++ b/terraform/lke.tf @@ -8,7 +8,10 @@ resource "linode_lke_cluster" "stg-video-cluster" { pool { type = "g6-standard-2" - count = 6 + count = 3 + labels = { + "workload" = "any" + } autoscaler { min = 3 max = 10 @@ -36,17 +39,26 @@ resource "linode_lke_cluster" "prd-video-cluster" { pool { type = "g6-standard-2" count = 3 + labels = { + workload = "infra" + } } # WebRTC-BE pool pool { type = "g6-standard-2" count = 3 + labels = { + workload = "app" + } } # Coturn pool pool { type = "g6-standard-2" count = 3 + labels = { + workload = "media" + } } } diff --git a/terraform/terraform.tf b/terraform/terraform.tf index a0b3835..6e38552 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -10,8 +10,20 @@ terraform { required_providers { linode = { source = "linode/linode" - version = "1.24.0" + version = "~> 2.0" } + #hashicorplocal = { + # source = "hashicorp/local" + # version = "2.1.0" + #} + #hashicorpkubernetes = { + # source = "hashicorp/kubernetes" + # version = "2.6.1" + #} + #hashicorpaws = { + # source = "hashicorp/aws" + # version = "3.65.0" + #} } }