Merge pull request #70 from mumoshu/k8s-dd-example

Add Kubernetes and Datadog example deployment

example/kubernetes/.envrc

@@ -0,0 +1,7 @@
+dotenv .env.secret
+dotenv .env.config
+dotenv .env.local
+
+export KUBECONFIG="${PWD}/kubeconfig"
+
+aws eks update-kubeconfig --name "${CLUSTER_NAME}"

example/kubernetes/.gitignore

@@ -0,0 +1,2 @@
+.env.*
+kubeconfig

example/kubernetes/README.md

@@ -0,0 +1,77 @@
+# aws-checker Kubernetes and Datadog example
+
+This directory contains a set of files and scripts to deploy `aws-checker` onto AWS EKS (Auto Mode preferred), with the metrics collected and available in Datadog.
+
+## Contents
+
+- `aws-checker`: The file uploaded to S3 for `aws-checker` S3 checks
+- `aws-checker.yaml`: A Kubernetes manifest file containing a few static resources (DatadogAgent, ServiceAccount, Deplyoment)
+- `secret.sh`: The script to generate `Secret` resource manifest YAML
+- `configmap.sh`: The script to generate `ConfigMap` resource manifest YAML
+- `manifests.sh`: The script to generate and write all the resource manifest YAML to stdout, piped to `kubectl create -f` and `kubectl replace -f -`
+
+## Prerequisites
+
+- `direnv`
+- `kubectl`
+- `helm`
+- [Datadog Operator](https://docs.datadoghq.com/getting_started/containers/datadog_operator/)
+
+## Usage
+
+1. Create `.env.config` with the following contents:
+
+```shell
+S3_BUCKET=<S3 BUCKET NAME>
+S3_KEY=<S3 OBJECT KEY>
+DYNAMODB_TABLE=<DYNAMODB TABLE NAME>
+SQS_QUEUE_URL=https://sqs.<AWS REGION>.amazonaws.com/<AWS ACCOUNT ID>/<QUEUE NAME>
+CLUSTER_NAME=<EKS CLUSTER NAME>
+```
+
+2. Create AWS resources
+
+You need the following AWS resources in your AWS account:
+
+- A S3 bucket named `<S3 BUCKET NAME>`
+  - `aws s3 cp aws-checker s3://<S3 BUCKET NAME>/<S3 KEY>` to upload the object to pass the aws-checker S3 checks
+- A DynamoDB table named `<DYNAMODB TABLE NAME>`
+- A SQS queue named `<QUEUE NAME>`
+- An EKS cluster named `<EKS CLUSTER NAME>`
+
+3. Create `.env.secret` with the following contents:
+
+```shell
+AWS_REGION=<AWS REGION>
+```
+
+4. Create `.env.local` with the following contents:
+
+```shell
+export DD_API_KEY=<DATADOG API KEY>
+```
+
+5. Generate and create the resources:
+
+```shell
+direnv allow
+
+./manifests.sh | kubectl create -f -
+```
+
+6. Verify everything is working
+
+```shell
+$ kubectl get po
+NAME                                     READY   STATUS    RESTARTS   AGE
+aws-checker-5c79ff5f98-q9jvz             1/1     Running   0          17m
+datadog-agent-jzg7r                      3/3     Running   0          23m
+datadog-cluster-agent-78d79c5c55-t6xx5   1/1     Running   0          23m
+my-datadog-operator-7f56c485d9-zdvqw     1/1     Running   0          26m
+```
+
+7. Browse metrics
+
+Go to https://app.datadoghq.com/metric/explorer and select `aws_checker_example.aws_request_duration_seconds.count` metrics.
+
+Setting `sum by` to `method`, `status`, and `service` would be a good idea.

example/kubernetes/aws-checker

@@ -0,0 +1 @@
+AWS-CHECKER-TEST

example/kubernetes/aws-checker.yaml

@@ -0,0 +1,89 @@
+# This is an example Kubernetes deployment for aws-checker.
+# It exposes a Prometheus metrics endpoint on port 8080 for scraping from Datadog Agent.
+apiVersion: datadoghq.com/v2alpha1
+kind: DatadogAgent
+metadata:
+  name: datadog
+spec:
+  global:
+    credentials:
+      apiSecret:
+        secretName: datadog-secret
+        keyName: api-key
+  features:
+    prometheusScrape:
+      enabled: true
+      enableServiceEndpoints: true
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: aws-checker
+  namespace: default
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aws-checker
+  labels:
+    app: aws-checker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: aws-checker
+  template:
+    metadata:
+      labels:
+        app: aws-checker
+      annotations:
+         prometheus.io/scrape: "true"
+         ad.datadoghq.com/aws-checker.checks: |
+           {
+             "openmetrics": {
+               "instances": [
+                 {
+                   "openmetrics_endpoint": "http://%%host%%:%%port%%/metrics",
+                   "namespace": "aws-checker-example",
+                   "metrics": [
+                     "aws_request_duration_seconds"
+                   ],
+                   "collect_counters_with_distributions": true
+                 }
+               ]
+             }
+           }
+    spec:
+      serviceAccountName: aws-checker
+      containers:
+      - name: aws-checker
+        image: ghcr.io/chatwork/aws-checker:canary-amd64
+        ports:
+        - containerPort: 8080
+        env:
+        - name: AWS_REGION
+          valueFrom:
+            secretKeyRef:
+              name: aws-checker
+              key: AWS_REGION
+        - name: S3_BUCKET
+          valueFrom:
+            configMapKeyRef:
+              name: aws-checker
+              key: S3_BUCKET
+        - name: S3_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: aws-checker
+              key: S3_KEY
+        - name: DYNAMODB_TABLE
+          valueFrom:
+            configMapKeyRef:
+              name: aws-checker
+              key: DYNAMODB_TABLE
+        - name: SQS_QUEUE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: aws-checker
+              key: SQS_QUEUE_URL
+

example/kubernetes/configmap.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -e
+
+dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+env_file="${dir}/.env.config"
+
+kubectl create configmap aws-checker --dry-run=client --from-env-file="${env_file}" --output=yaml

example/kubernetes/manifests.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -e
+
+dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
+"$dir"/configmap.sh
+echo "---"
+"$dir"/secret.sh
+echo "---"
+cat "$dir"/aws-checker.yaml

example/kubernetes/secret.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -e
+
+dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+env_file="${dir}/.env.secret"
+
+kubectl create secret generic aws-checker --dry-run=client --from-env-file="${env_file}" --output=yaml
+
+echo "---"
+
+kubectl create secret generic datadog-secret --from-literal api-key="${DD_API_KEY}" --dry-run=client --output=yaml