feat: add Grafana dashboard (#68)

.github/workflows/cd.yml

@@ -81,8 +81,10 @@ jobs:
       name: infra/staging
       url: https://staging.keys.walletconnect.com/health
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
@@ -171,8 +173,10 @@ jobs:
       name: infra/prod
       url: https://keys.walletconnect.com/health
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:

.github/workflows/ci.yml

@@ -56,9 +56,9 @@ jobs:
       SCCACHE_CACHE_SIZE: 1G
       SCCACHE_DIR: ${{ matrix.sccache-path }}
     steps:
-      # Checkout code
-      - name: "Git checkout"
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
       # Install sccache
       - name: "Install sccache"

.github/workflows/ci_terraform.yml

@@ -21,17 +21,20 @@ jobs:
   fmt:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
       - id: fmt
         uses: WalletConnect/actions/actions/fmt-check-terraform/@master
 
   tfsec:
     name: tfsec
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
       - uses: aquasecurity/[email protected]
         with:
@@ -48,8 +51,9 @@ jobs:
           - 'terraform/ecs'
           - 'terraform/monitoring'
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
       - uses: actions/cache@v3
         name: Cache plugin dir
@@ -77,8 +81,10 @@ jobs:
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
       # Get latest release for image version
       - id: latest_release
         uses: pozetroninc/github-action-get-latest-release@master

.github/workflows/release.yml

@@ -27,6 +27,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
+          submodules: recursive
           fetch-depth: 0
           token: ${{ secrets.PAT }}
 
@@ -89,6 +90,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
+          submodules: recursive
           ref: ${{ needs.release.outputs.version }}
           fetch-depth: 0
 

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "terraform/monitoring/grafonnet-lib"]
+	path = terraform/monitoring/grafonnet-lib
+	url = [email protected]:WalletConnect/grafonnet-lib.git

.pre-commit-config.yaml

@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tflint
+#      - id: terraform_tfsec
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: detect-aws-credentials
+      - id: detect-private-key
+      - id: forbid-new-submodules
+      - id: no-commit-to-branch
+      - id: mixed-line-ending

terraform/ecs/outputs.tf

@@ -7,5 +7,11 @@ output "target_group_arn" {
 }
 
 output "load_balancer_arn" {
-  value = aws_alb.network_load_balancer.arn
+  description = "The ARN of the load balancer"
+  value       = aws_alb.network_load_balancer.arn
+}
+
+output "service_name" {
+  description = "The name of the service"
+  value       = aws_ecs_service.app_service.name
 }

terraform/main.tf

@@ -74,6 +74,9 @@ module "o11y" {
 
   prometheus_workspace_id = aws_prometheus_workspace.prometheus.id
   environment             = terraform.workspace
+  ecs_service_name        = module.ecs.service_name
+  load_balancer           = module.ecs.load_balancer_arn
+  docdb_cluster_id        = module.keystore-docdb.cluster_id
 }
 
 resource "aws_prometheus_workspace" "prometheus" {

terraform/monitoring/README.md

@@ -0,0 +1,50 @@
+# `monitoring` module
+
+Configure the Grafana dashboards for the application
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.0 |
+| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | ~> 1.24 |
+| <a name="requirement_jsonnet"></a> [jsonnet](#requirement\_jsonnet) | ~> 2.2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_grafana"></a> [grafana](#provider\_grafana) | ~> 1.24 |
+| <a name="provider_jsonnet"></a> [jsonnet](#provider\_jsonnet) | ~> 2.2.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [grafana_dashboard.main](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/dashboard) | resource |
+| [grafana_data_source.cloudwatch](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/data_source) | resource |
+| [grafana_data_source.prometheus](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/data_source) | resource |
+| [jsonnet_file.dashboard](https://registry.terraform.io/providers/alxrem/jsonnet/latest/docs/data-sources/file) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_docdb_cluster_id"></a> [docdb\_cluster\_id](#input\_docdb\_cluster\_id) | n/a | `string` | n/a | yes |
+| <a name="input_ecs_service_name"></a> [ecs\_service\_name](#input\_ecs\_service\_name) | n/a | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | n/a | yes |
+| <a name="input_load_balancer"></a> [load\_balancer](#input\_load\_balancer) | n/a | `string` | n/a | yes |
+| <a name="input_prometheus_workspace_id"></a> [prometheus\_workspace\_id](#input\_prometheus\_workspace\_id) | The workspace ID for the Prometheus workspace. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_dashboard_definition"></a> [dashboard\_definition](#output\_dashboard\_definition) | The JSON definition of the dashboard. |
+| <a name="output_prometheus_url"></a> [prometheus\_url](#output\_prometheus\_url) | The URL of the Prometheus server to use for this dashboard. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

terraform/monitoring/dashboard.jsonnet

@@ -0,0 +1,68 @@
+local grafana     = import 'grafonnet-lib/grafana.libsonnet';
+local panels      = import 'panels/panels.libsonnet';
+
+local dashboard   = grafana.dashboard;
+
+local ds    = {
+  prometheus: {
+    type: 'prometheus',
+    uid:  std.extVar('prometheus_uid'),
+  },
+  cloudwatch: {
+    type: 'cloudwatch',
+    uid:  std.extVar('cloudwatch_uid'),
+  }
+};
+local vars  = {
+  notifications:    std.parseJson(std.extVar('notifications')),
+  environment:      std.extVar('environment'),
+  ecs_service_name: std.extVar('ecs_service_name'),
+  load_balancer:    std.extVar('load_balancer'),
+  docdb_cluster_id: std.extVar('docdb_cluster_id'),
+};
+
+////////////////////////////////////////////////////////////////////////////////
+
+local height  = 8;
+local pos     = grafana.layout.pos(height);
+
+////////////////////////////////////////////////////////////////////////////////
+
+dashboard.new(
+  title         = std.extVar('dashboard_title'),
+  uid           = std.extVar('dashboard_uid'),
+  editable      = true,
+  graphTooltip  = dashboard.graphTooltips.sharedCrosshair,
+)
+.addAnnotation(
+  grafana.annotation.new(
+    target = {
+      limit:    100,
+      matchAny: false,
+      tags:     [],
+      type:     'dashboard',
+    },
+  )
+)
+.addPanels(
+  grafana.layout.generate_grid([
+    panels.app.app_cpu_memory(ds, vars)         { gridPos: pos._2     },
+    panels.app.healthy_hosts(ds, vars)          { gridPos: pos._2     },
+    panels.app.active_nlb_flows(ds, vars)       { gridPos: pos._2     },
+    panels.app.nlb_target_resets(ds, vars)      { gridPos: pos._2     },
+
+    ////////////////////////////////////////////////////////////////////////////
+    grafana.panels.text(
+      content     = '# DocumentDB',
+      transparent = true
+    )                                                 { gridPos: pos.title  },
+
+    panels.docdb.cpu(ds, vars)                        { gridPos: pos._3     },
+    panels.docdb.available_memory(ds, vars)           { gridPos: pos._3     },
+    panels.docdb.connections(ds, vars)                { gridPos: pos._3     },
+
+    panels.docdb.low_mem_op_throttled(ds, vars)       { gridPos: pos._3     },
+    panels.docdb.volume(ds, vars)                     { gridPos: pos._3     },
+    panels.docdb.buffer_cache_hit_ratio(ds, vars)     { gridPos: pos._3     },
+  ])
+)

terraform/monitoring/dashboard.tf

@@ -0,0 +1,25 @@
+data "jsonnet_file" "dashboard" {
+  source = "${path.module}/dashboard.jsonnet"
+
+  ext_str = {
+    dashboard_title = "${var.environment} - _keyserver"
+    dashboard_uid   = "${var.environment}-_keyserver"
+
+    prometheus_uid = grafana_data_source.prometheus.uid
+    cloudwatch_uid = grafana_data_source.cloudwatch.uid
+
+    notifications    = jsonencode(local.notifications)
+    environment      = var.environment
+    ecs_service_name = var.ecs_service_name
+    load_balancer    = var.load_balancer
+    docdb_cluster_id = var.docdb_cluster_id
+  }
+}
+
+# JSON Dashboard. When exporting from Grafana make sure that all
+# variables are replaced properly
+resource "grafana_dashboard" "main" {
+  overwrite   = true
+  message     = "Updated by Terraform"
+  config_json = data.jsonnet_file.dashboard.rendered
+}

terraform/monitoring/data_sources.tf

@@ -0,0 +1,25 @@
+locals {
+  prometheus_url = "https://aps-workspaces.eu-central-1.amazonaws.com/workspaces/${var.prometheus_workspace_id}/"
+}
+
+resource "grafana_data_source" "prometheus" {
+  type = "prometheus"
+  name = "${var.environment}-keyserver-amp"
+  url  = local.prometheus_url
+
+  json_data_encoded = jsonencode({
+    httpMethod    = "GET"
+    sigV4Auth     = true
+    sigV4AuthType = "workspace-iam-role"
+    sigV4Region   = "eu-central-1"
+  })
+}
+
+resource "grafana_data_source" "cloudwatch" {
+  type = "cloudwatch"
+  name = "${var.environment}-keyserver-cloudwatch"
+
+  json_data_encoded = jsonencode({
+    defaultRegion = "eu-central-1"
+  })
+}