138 lines
3.5 KiB
Python
138 lines
3.5 KiB
Python
import hashlib
|
|
import json
|
|
from typing import Any
|
|
|
|
import pulumi
|
|
import pulumi_std as std
|
|
import pulumi_aws as aws
|
|
import yaml
|
|
|
|
from dch_cloud.common import aws_region
|
|
from dch_cloud.default_vpc import s3_endpoint
|
|
from dch_cloud.ecs import cluster
|
|
|
|
|
|
Json = dict[str, Any]
|
|
|
|
|
|
def patch_container_def(ctrdef: list[Json], **args: Any) -> list[Json]:
|
|
for ctr in ctrdef:
|
|
if logcfg := ctr.get('logConfiguration'):
|
|
if logcfg['logDriver'] == 'awslogs':
|
|
logcfg['options'].setdefault('awslogs-region', aws_region)
|
|
if ctr['name'] == 'vmagent':
|
|
ctr['command'].append(
|
|
f'-promscrape.config=https://{args["bucket"]}.s3.{aws_region}.amazonaws.com/scrape.yml',
|
|
)
|
|
return ctrdef
|
|
|
|
|
|
log_group = aws.cloudwatch.LogGroup(
|
|
'blackbox',
|
|
name='ecs-blackbox',
|
|
)
|
|
|
|
config_bucket = aws.s3.BucketV2(
|
|
'config-bucket',
|
|
bucket_prefix='964e1f9c-',
|
|
)
|
|
|
|
scrape_yml = pulumi.FileAsset('blackbox/scrape.yml')
|
|
|
|
scrape_yml_hash = hashlib.blake2b(
|
|
std.file(scrape_yml.path).result.encode('utf-8')
|
|
).hexdigest()
|
|
|
|
s3_scrape_yml = aws.s3.BucketObject(
|
|
'scrape-yml',
|
|
bucket=config_bucket.id,
|
|
key='scrape.yml',
|
|
source=scrape_yml,
|
|
)
|
|
|
|
exporter_def = yaml.safe_load(std.file('blackbox/blackbox.yaml').result)
|
|
|
|
exporter_task = aws.ecs.TaskDefinition(
|
|
'blackbox-exporter',
|
|
family='blackbox',
|
|
container_definitions=json.dumps(patch_container_def(exporter_def)),
|
|
memory='64',
|
|
network_mode='host',
|
|
)
|
|
|
|
vmagent_def = yaml.safe_load(std.file('blackbox/vmagent.yaml').result)
|
|
|
|
vmagent_task = aws.ecs.TaskDefinition(
|
|
'vmagent',
|
|
family='vmagent',
|
|
container_definitions=config_bucket.id.apply(
|
|
lambda b: json.dumps(patch_container_def(vmagent_def, bucket=b))
|
|
),
|
|
memory='128',
|
|
network_mode='host',
|
|
volumes=[
|
|
aws.ecs.TaskDefinitionVolumeArgs(
|
|
name='vmagent-data',
|
|
docker_volume_configuration=aws.ecs.TaskDefinitionVolumeDockerVolumeConfigurationArgs(
|
|
autoprovision=True,
|
|
scope='shared',
|
|
),
|
|
),
|
|
],
|
|
)
|
|
|
|
exporter_svc = aws.ecs.Service(
|
|
'blackbox-exporter',
|
|
name='blackbox-exporter',
|
|
cluster=cluster.id,
|
|
task_definition=exporter_task.arn,
|
|
desired_count=1,
|
|
)
|
|
|
|
vmagent_svc = aws.ecs.Service(
|
|
'vmagent',
|
|
name='vmagent',
|
|
cluster=cluster.id,
|
|
task_definition=vmagent_task.arn,
|
|
desired_count=1,
|
|
scheduling_strategy='DAEMON',
|
|
force_new_deployment=True,
|
|
triggers={
|
|
'config': scrape_yml_hash,
|
|
},
|
|
opts=pulumi.ResourceOptions(
|
|
depends_on=s3_scrape_yml,
|
|
),
|
|
)
|
|
|
|
config_bucket_policy = aws.s3.BucketPolicy(
|
|
'config-bucket',
|
|
bucket=config_bucket.id,
|
|
policy=config_bucket.arn.apply(
|
|
lambda a: json.dumps(
|
|
{
|
|
'Version': '2012-10-17',
|
|
'Statement': [
|
|
{
|
|
'Principal': '*',
|
|
'Action': [
|
|
's3:GetObject',
|
|
's3:ListBucket',
|
|
],
|
|
'Effect': 'Allow',
|
|
'Resource': [
|
|
a,
|
|
f'{a}/*',
|
|
],
|
|
'Condition': {
|
|
'StringEquals': {
|
|
'aws:sourceVpce': s3_endpoint.id,
|
|
}
|
|
},
|
|
}
|
|
],
|
|
}
|
|
)
|
|
),
|
|
)
|