[TASK] Setup dashboards for CNPG Cluster for PostgreSQL Stats

.gitignore

@@ -35,3 +35,4 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+/infrastructure/.terraform.lock.hcl

infrastructure/main.tf

@@ -22,7 +22,7 @@ module "cluster-issuer" {
 
 # Complete Observability Stack Deployment
 module "observability" {
-  source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=main"
+  source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=task/90/cnpg-dashboards"
 
   // Certificates Details
   cluster_issuer_name = module.cluster-issuer.cluster-issuer-name
@@ -60,14 +60,17 @@ module "garage" {
 
 # Cloudnative PG Deployment for PostgreSQL Database Solution
 module "cnpg" {
-  source = "git::https://github.com/necro-cloud/modules//modules/cnpg?ref=main"
+  source = "git::https://github.com/necro-cloud/modules//modules/cnpg?ref=task/90/cnpg-dashboards"
 
   // Garage Cluster Details for configuration of PITR Backups
   garage_certificate_authority = module.garage.garage_internal_certificate_secret
   garage_namespace             = module.garage.garage_namespace
   garage_configuration         = "walbackups-credentials"
   backup_bucket_name           = "postgresql"
 
+  // Observability details
+  observability_namespace = module.observability.observability_namespace
+
   // Required client details to allow access and generate credentials and certificates for
   clients = [
     {
@@ -96,14 +99,17 @@ module "cnpg" {
 
 # FerretDB Deployment for MongoDB Database Solution
 module "ferretdb" {
-  source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=main"
+  source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=task/90/cnpg-dashboards"
 
   // Garage Cluster Details for configuration of PITR Backups
   garage_certificate_authority = module.garage.garage_internal_certificate_secret
   garage_namespace             = module.garage.garage_namespace
   garage_configuration         = "walbackups-credentials"
   backup_bucket_name           = "ferret"
 
+  // Observability details
+  observability_namespace = module.observability.observability_namespace
+
   // Required client details to allow access and generate credentials and certificates for
   clients = [
     {

modules/cnpg/README.md

@@ -82,6 +82,7 @@ Required Modules to deploy Cloudnative PG PostgreSQL Database:
 | <a name="input_kubernetes_api_port"></a> [kubernetes\_api\_port](#input\_kubernetes\_api\_port) | Port for the Kubernetes API | `number` | n/a | yes |
 | <a name="input_kubernetes_api_protocol"></a> [kubernetes\_api\_protocol](#input\_kubernetes\_api\_protocol) | Protocol for the Kubernetes API | `string` | n/a | yes |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace to be used for deploying PostgreSQL Database | `string` | `"postgres"` | no |
+| <a name="input_observability_namespace"></a> [observability\_namespace](#input\_observability\_namespace) | Namespace where all components for observability are deployed | `string` | n/a | yes |
 | <a name="input_organization_name"></a> [organization\_name](#input\_organization\_name) | Organization name for deploying PostgreSQL Database | `string` | `"cloud"` | no |
 | <a name="input_proxy_image"></a> [proxy\_image](#input\_proxy\_image) | Docker image to be used for deployment of PGAdmin NGINX Proxy for TLS | `string` | `"nginx"` | no |
 | <a name="input_proxy_repository"></a> [proxy\_repository](#input\_proxy\_repository) | Repository to be used for deployment of PGAdmin NGINX Proxy for TLS | `string` | `"docker.io/library"` | no |

modules/cnpg/cluster.tf

@@ -16,6 +16,11 @@ resource "kubernetes_manifest" "cluster" {
         "labels" = {
           "garage-access" = true
         }
+        "annotations" = {
+          "prometheus.io/scrape" = "true"
+          "prometheus.io/port"   = "9187"
+          "prometheus.io/path"   = "/metrics"
+        }
       }
       "topologySpreadConstraints" = [
         {

modules/cnpg/networkpolicy.tf

@@ -88,6 +88,29 @@ resource "kubernetes_network_policy" "cnpg_network_policy" {
       }
     }
 
+
+    # Rule 4: Allow OpenTelemetry Collector to scrape CNPG metrics
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            "kubernetes.io/metadata.name" = var.observability_namespace
+          }
+        }
+
+        pod_selector {
+          match_labels = {
+            "app.kubernetes.io/instance" = "otel-collector" 
+          }
+        }
+      }
+
+      ports {
+        protocol = "TCP"
+        port     = 9187
+      }
+    }
+
     # -------------- EGRESS RULES -------------- #
     # Rule 1: Allow egress to other CNPG pods
     egress {

modules/cnpg/variables.tf

@@ -30,6 +30,12 @@ variable "garage_namespace" {
   nullable    = false
 }
 
+variable "observability_namespace" {
+  description = "Namespace where all components for observability are deployed"
+  type        = string
+  nullable    = false
+}
+
 # --------------- CERTIFICATE VARIABLES --------------- #
 variable "garage_certificate_authority" {
   description = "Name of the Certificate Authority associated with the Garage Storage Solution"

modules/ferretdb/README.md

@@ -83,6 +83,7 @@ Required Modules to deploy FerretDB Database:
 | <a name="input_mongo_express_repository"></a> [mongo\_express\_repository](#input\_mongo\_express\_repository) | Repository to be used for deployment of Mongo Express UI | `string` | `"docker.io/library"` | no |
 | <a name="input_mongo_express_tag"></a> [mongo\_express\_tag](#input\_mongo\_express\_tag) | Docker tag to be used for deployment of Mongo Express UI | `string` | `"1.0.2-20-alpine3.19"` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace to be used for deploying Ferret Database | `string` | `"ferret"` | no |
+| <a name="input_observability_namespace"></a> [observability\_namespace](#input\_observability\_namespace) | Namespace where all components for observability are deployed | `string` | n/a | yes |
 | <a name="input_organization_name"></a> [organization\_name](#input\_organization\_name) | Organization name for deploying Ferret Database | `string` | `"cloud"` | no |
 | <a name="input_repository"></a> [repository](#input\_repository) | Repository to be used for deployment of FerretDB | `string` | `"ghcr.io/ferretdb"` | no |
 | <a name="input_server_certificate_authority_name"></a> [server\_certificate\_authority\_name](#input\_server\_certificate\_authority\_name) | Name of the Certificate Authority to be used with Ferret Server | `string` | `"ferretdb-server-certificate-authority"` | no |

modules/ferretdb/cluster.tf

@@ -16,6 +16,11 @@ resource "kubernetes_manifest" "cluster" {
         "labels" = {
           "garage-access" = true
         }
+        "annotations" = {
+          "prometheus.io/scrape" = "true"
+          "prometheus.io/port"   = "9187"
+          "prometheus.io/path"   = "/metrics"
+        }
       }
       "postgresUID" = 999
       "postgresGID" = 999

modules/ferretdb/networkpolicy.tf

@@ -88,6 +88,28 @@ resource "kubernetes_network_policy" "cnpg_network_policy" {
       }
     }
 
+    # Rule 4: Allow OpenTelemetry Collector to scrape CNPG metrics
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            "kubernetes.io/metadata.name" = var.observability_namespace
+          }
+        }
+
+        pod_selector {
+          match_labels = {
+            "app.kubernetes.io/instance" = "otel-collector" 
+          }
+        }
+      }
+
+      ports {
+        protocol = "TCP"
+        port     = 9187
+      }
+    }
+
     # -------------- EGRESS RULES -------------- #
     # Rule 1: Allow egress to other CNPG pods
     egress {

modules/ferretdb/variables.tf

@@ -30,6 +30,12 @@ variable "garage_namespace" {
   nullable    = false
 }
 
+variable "observability_namespace" {
+  description = "Namespace where all components for observability are deployed"
+  type        = string
+  nullable    = false
+}
+
 # --------------- CERTIFICATE VARIABLES --------------- #
 variable "garage_certificate_authority" {
   description = "Name of the Certificate Authority associated with the Garage Storage Solution"