[tmpnet] Enable monitoring of local kind cluster

Enable deployment of prometheus and promtail to kube to ensure
collection of logs and metrics from nodes deployed on the cluster.

Author: maru-ava

.github/workflows/ci.yml

@@ -95,6 +95,8 @@ jobs:
         shell: bash
         run: nix develop --command bash -x ./scripts/tests.e2e.kube.sh
         env:
+          TMPNET_START_COLLECTORS: ${{ secrets.PROMETHEUS_ID != '' }}
+          TMPNET_CHECK_MONITORING: ${{ secrets.PROMETHEUS_ID != '' }}
           PROMETHEUS_USERNAME: ${{ secrets.PROMETHEUS_ID || '' }}
           PROMETHEUS_PASSWORD: ${{ secrets.PROMETHEUS_PASSWORD || '' }}
           LOKI_USERNAME: ${{ secrets.LOKI_ID || '' }}

scripts/tests.e2e.kube.sh

@@ -14,6 +14,11 @@ fi
 
 export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/config}"
 
+# Enable collector start if credentials are set in the env
+if [[ -n "${PROMETHEUS_USERNAME:-}" ]]; then
+  export TMPNET_START_COLLECTORS=true
+fi
+
 ./bin/tmpnetctl start-kind-cluster
 
 if [[ -z "${SKIP_BUILD_IMAGE:-}" ]]; then

tests/fixture/e2e/env.go

@@ -87,7 +87,8 @@ func NewTestEnvironment(tc tests.TestContext, flagVars *FlagVars, desiredNetwork
 
 	// Consider monitoring flags for any command but stop
 	if !flagVars.StopNetwork() {
-		if flagVars.StartCollectors() {
+		// TODO(marun) Maybe unify collector deployment between process and kube runtimes?
+		if flagVars.StartCollectors() && flagVars.NodeRuntimeConfig().KubeRuntimeConfig == nil {
 			require.NoError(tmpnet.StartCollectors(tc.DefaultContext(), tc.Log()))
 		}
 		if flagVars.CheckMonitoring() {
@@ -175,7 +176,8 @@ func NewTestEnvironment(tc tests.TestContext, flagVars *FlagVars, desiredNetwork
 	}
 
 	// Once one or more nodes are running it should be safe to wait for promtail to report readiness
-	if flagVars.StartCollectors() {
+	// TODO(marun) Check the health of the kube collectors
+	if flagVars.StartCollectors() && flagVars.NodeRuntimeConfig().KubeRuntimeConfig == nil {
 		require.NoError(tmpnet.WaitForPromtailReadiness(tc.DefaultContext(), tc.Log()))
 	}
 

tests/fixture/e2e/flags.go

@@ -203,12 +203,7 @@ func RegisterFlags() *FlagVars {
 
 // Enable reuse by the upgrade job
 func SetMonitoringFlags(startCollectors *bool, checkMonitoring *bool) {
-	flag.BoolVar(
-		startCollectors,
-		"start-collectors",
-		cast.ToBool(tmpnet.GetEnvWithDefault("TMPNET_START_COLLECTORS", "false")),
-		"[optional] whether to start collectors of logs and metrics from nodes of the temporary network.",
-	)
+	SetStartCollectorsFlag(flag.BoolVar, startCollectors)
 	flag.BoolVar(
 		checkMonitoring,
 		"check-monitoring",
@@ -239,3 +234,15 @@ func SetKubeFlags(stringVar StringVarFunc, kubeConfigPath *string, kubeConfigCon
 		"The namespace in the target cluster to create nodes in",
 	)
 }
+
+// Enable reuse by tmpnetctl
+type BoolVarFunc func(p *bool, name string, value bool, usage string)
+
+func SetStartCollectorsFlag(boolVar BoolVarFunc, startCollectors *bool) {
+	boolVar(
+		startCollectors,
+		"start-collectors",
+		cast.ToBool(tmpnet.GetEnvWithDefault("TMPNET_START_COLLECTORS", "false")),
+		"[optional] whether to start collectors of logs and metrics from nodes of the temporary network.",
+	)
+}

tests/fixture/tmpnet/cmd/main.go

@@ -16,6 +16,7 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/ava-labs/avalanchego/tests"
+	"github.com/ava-labs/avalanchego/tests/fixture/e2e"
 	"github.com/ava-labs/avalanchego/tests/fixture/tmpnet"
 	"github.com/ava-labs/avalanchego/utils/logging"
 	"github.com/ava-labs/avalanchego/version"
@@ -273,6 +274,7 @@ func main() {
 	)
 	rootCmd.AddCommand(checkLogsCmd)
 
+	var startCollectors bool
 	startKindClusterCmd := &cobra.Command{
 		Use:   "start-kind-cluster",
 		Short: "Starts a local kind cluster with an integrated registry",
@@ -283,10 +285,11 @@ func main() {
 			if err != nil {
 				return err
 			}
-			return tmpnet.StartKindCluster(ctx, log, kubeConfigPath, kubeConfigContext)
+			return tmpnet.StartKindCluster(ctx, log, kubeConfigPath, kubeConfigContext, startCollectors)
 		},
 	}
 	SetKubeFlags(startKindClusterCmd.PersistentFlags(), &kubeConfigPath, &kubeConfigContext, &kubeNamespace)
+	e2e.SetStartCollectorsFlag(startKindClusterCmd.PersistentFlags().BoolVar, &startCollectors)
 	rootCmd.AddCommand(startKindClusterCmd)
 
 	if err := rootCmd.Execute(); err != nil {

tests/fixture/tmpnet/monitor_kube.go

@@ -0,0 +1,208 @@
+// Copyright (C) 2019-2024, Ava Labs, Inc. All rights reserved.
+// See the file LICENSE for licensing terms.
+
+package tmpnet
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"go.uber.org/zap"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/runtime/serializer/yaml"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
+
+	_ "embed"
+
+	"github.com/ava-labs/avalanchego/utils/logging"
+
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+//go:embed yaml/promtail-daemonset.yaml
+var promtailManifest []byte
+
+//go:embed yaml/prometheus-agent.yaml
+var prometheusManifest []byte
+
+// This must match the namespace defined in the manifests
+const monitoringNamespace = "ci-monitoring"
+
+type kubeCollectorConfig struct {
+	name         string
+	secretPrefix string
+	manifest     []byte
+}
+
+// DeployKubeCollectors deploys collectors of logs and metrics to a Kubernetes cluster.
+func DeployKubeCollectors(ctx context.Context, log logging.Logger, configPath string, configContext string) error {
+	log.Info("deploying kube collectors for logs and metrics")
+
+	clientConfig, err := GetClientConfig(log, configPath, configContext)
+	if err != nil {
+		return fmt.Errorf("failed to get client config: %w", err)
+	}
+	clientset, err := kubernetes.NewForConfig(clientConfig)
+	if err != nil {
+		return fmt.Errorf("failed to create clientset: %w", err)
+	}
+	dynamicClient, err := dynamic.NewForConfig(clientConfig)
+	if err != nil {
+		return fmt.Errorf("failed to create dynamic client: %w", err)
+	}
+
+	namespace := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: monitoringNamespace,
+		},
+	}
+	_, err = clientset.CoreV1().Namespaces().Create(ctx, namespace, metav1.CreateOptions{})
+	if err != nil && !apierrors.IsAlreadyExists(err) {
+		return fmt.Errorf("failed to create namespace %s: %w", monitoringNamespace, err)
+	}
+
+	collectorConfigs := []kubeCollectorConfig{
+		{
+			name:         promtailCmd,
+			secretPrefix: "loki",
+			manifest:     promtailManifest,
+		},
+		{
+			name:         prometheusCmd,
+			secretPrefix: prometheusCmd,
+			manifest:     prometheusManifest,
+		},
+	}
+	for _, collectorConfig := range collectorConfigs {
+		if err := deployKubeCollector(ctx, log, clientset, dynamicClient, collectorConfig); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// deployKubeCollector deploys a the named collector to a Kubernetes cluster via the provided manifest bytes.
+func deployKubeCollector(
+	ctx context.Context,
+	log logging.Logger,
+	clientset *kubernetes.Clientset,
+	dynamicClient dynamic.Interface,
+	collectorConfig kubeCollectorConfig,
+) error {
+	username, password, err := getCollectorCredentials(collectorConfig.name)
+	if err != nil {
+		return fmt.Errorf("failed to get credentials for %s: %w", collectorConfig.name, err)
+	}
+
+	if err := createCredentialSecret(ctx, log, clientset, collectorConfig.secretPrefix, username, password); err != nil {
+		return fmt.Errorf("failed to create credential secret for %s: %w", collectorConfig.name, err)
+	}
+
+	if err := applyManifest(ctx, log, dynamicClient, collectorConfig.manifest); err != nil {
+		return fmt.Errorf("failed to apply manifest for %s: %w", collectorConfig.name, err)
+	}
+	return nil
+}
+
+// createCredentialSecret creates a secret with the provided username and password for a collector
+func createCredentialSecret(
+	ctx context.Context,
+	log logging.Logger,
+	clientset *kubernetes.Clientset,
+	namePrefix string,
+	username string,
+	password string,
+) error {
+	secretName := namePrefix + "-credentials"
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: secretName,
+		},
+		StringData: map[string]string{
+			"username": username,
+			"password": password,
+		},
+	}
+	_, err := clientset.CoreV1().Secrets(monitoringNamespace).Create(ctx, secret, metav1.CreateOptions{})
+	if err != nil {
+		if apierrors.IsAlreadyExists(err) {
+			log.Info("secret already exists",
+				zap.String("namespace", monitoringNamespace),
+				zap.String("name", secretName),
+			)
+			return nil
+		}
+		return fmt.Errorf("failed to create secret %s/%s: %w", monitoringNamespace, secretName, err)
+	}
+
+	log.Info("created secret",
+		zap.String("namespace", monitoringNamespace),
+		zap.String("name", secretName),
+	)
+
+	return nil
+}
+
+// applyManifest creates the resources defined by the provided manifest in a manner similar to `kubectl apply -f`
+func applyManifest(
+	ctx context.Context,
+	log logging.Logger,
+	dynamicClient dynamic.Interface,
+	manifest []byte,
+) error {
+	// Split the manifest into individual resources
+	decoder := yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme)
+	documents := strings.Split(string(manifest), "\n---\n")
+
+	for _, doc := range documents {
+		doc := strings.TrimSpace(doc)
+		if strings.TrimSpace(doc) == "" || strings.HasPrefix(doc, "#") {
+			continue
+		}
+
+		obj := &unstructured.Unstructured{}
+		_, gvk, err := decoder.Decode([]byte(doc), nil, obj)
+		if err != nil {
+			return fmt.Errorf("failed to decode manifest: %w", err)
+		}
+
+		gvr := schema.GroupVersionResource{
+			Group:    gvk.Group,
+			Version:  gvk.Version,
+			Resource: strings.ToLower(gvk.Kind) + "s",
+		}
+
+		var resourceInterface dynamic.ResourceInterface
+		if strings.HasPrefix(gvk.Kind, "Cluster") || gvk.Kind == "Namespace" {
+			resourceInterface = dynamicClient.Resource(gvr)
+		} else {
+			resourceInterface = dynamicClient.Resource(gvr).Namespace(monitoringNamespace)
+		}
+
+		_, err = resourceInterface.Create(ctx, obj, metav1.CreateOptions{})
+		if err != nil {
+			if apierrors.IsAlreadyExists(err) {
+				log.Info("resource already exists",
+					zap.String("kind", gvk.Kind),
+					zap.String("namespace", monitoringNamespace),
+					zap.String("name", obj.GetName()),
+				)
+				continue
+			}
+			return fmt.Errorf("failed to create %s %s/%s: %w", gvk.Kind, monitoringNamespace, obj.GetName(), err)
+		}
+		log.Info("created resource",
+			zap.String("kind", gvk.Kind),
+			zap.String("namespace", monitoringNamespace),
+			zap.String("name", obj.GetName()),
+		)
+	}
+
+	return nil
+}

tests/fixture/tmpnet/start_kind_cluster.go

@@ -32,7 +32,13 @@ func CheckClusterRunning(log logging.Logger, configPath string, configContext st
 }
 
 // StartKindCluster starts a new kind cluster if one is not already running.
-func StartKindCluster(ctx context.Context, log logging.Logger, configPath string, configContext string) error {
+func StartKindCluster(
+	ctx context.Context,
+	log logging.Logger,
+	configPath string,
+	configContext string,
+	startCollectors bool,
+) error {
 	err := CheckClusterRunning(log, configPath, configContext)
 	if err == nil {
 		log.Info("kubernetes cluster already running",
@@ -75,5 +81,11 @@ func StartKindCluster(ctx context.Context, log logging.Logger, configPath string
 		zap.String("namespace", DefaultTmpnetNamespace),
 	)
 
+	if startCollectors {
+		if err := DeployKubeCollectors(ctx, log, configPath, configContext); err != nil {
+			return fmt.Errorf("failed to deploy kube collectors: %w", err)
+		}
+	}
+
 	return nil
 }