From 362e37c7ee7eadf737955ec46d4c87babe805838 Mon Sep 17 00:00:00 2001 From: Kyle Brown Date: Fri, 9 Aug 2024 14:42:13 -0600 Subject: [PATCH 1/2] init metrics commit adding some examples of collecting metrics for dedicated --- .../datadog/otel-config.yaml | 25 ++++++ authzed-dedicated-metrics/datadog/readme.md | 79 +++++++++++++++++++ .../otel-collector/env-vars.sh | 5 ++ .../otel-collector/otel-collector-config.yaml | 24 ++++++ .../otel-collector/readme.md | 58 ++++++++++++++ .../otel-collector/run-otel-collector.sh | 21 +++++ .../prometheus-grafana/README.md | 73 +++++++++++++++++ .../prometheus-grafana/compose.yaml | 25 ++++++ .../prometheus-grafana/grafana/datasource.yml | 9 +++ .../prometheus/prometheus.yml | 31 ++++++++ authzed-dedicated-metrics/readme.md | 18 +++++ 11 files changed, 368 insertions(+) create mode 100644 authzed-dedicated-metrics/datadog/otel-config.yaml create mode 100644 authzed-dedicated-metrics/datadog/readme.md create mode 100644 authzed-dedicated-metrics/otel-collector/env-vars.sh create mode 100644 authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml create mode 100644 authzed-dedicated-metrics/otel-collector/readme.md create mode 100644 authzed-dedicated-metrics/otel-collector/run-otel-collector.sh create mode 100644 authzed-dedicated-metrics/prometheus-grafana/README.md create mode 100644 authzed-dedicated-metrics/prometheus-grafana/compose.yaml create mode 100644 authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml create mode 100644 authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml create mode 100644 authzed-dedicated-metrics/readme.md diff --git a/authzed-dedicated-metrics/datadog/otel-config.yaml b/authzed-dedicated-metrics/datadog/otel-config.yaml new file mode 100644 index 0000000..2c2e309 --- /dev/null +++ b/authzed-dedicated-metrics/datadog/otel-config.yaml @@ -0,0 +1,25 @@ +receivers: + prometheus: + config: + scrape_configs: + - job_name: 'prometheus' + metrics_path: /api/v1alpha/metrics + scrape_interval: 15s + static_configs: + - targets: [''] + basic_auth: + username: '' + password: '' + +exporters: + datadog: + api: + site: "" + key: "" + +service: + pipelines: + metrics: + receivers: [prometheus] + processors: [] + exporters: [datadog] diff --git a/authzed-dedicated-metrics/datadog/readme.md b/authzed-dedicated-metrics/datadog/readme.md new file mode 100644 index 0000000..0cd6bd4 --- /dev/null +++ b/authzed-dedicated-metrics/datadog/readme.md @@ -0,0 +1,79 @@ + +# OpenTelemetry Collector for AuthZed Dedicated Metrics + +This guide explains how to deploy the OpenTelemetry Collector Contributor image to collect metrics from AuthZed Dedicated and push them to Datadog. + +## Prerequisites + +- Docker installed on your machine. +- Access to AuthZed Dedicated instance. +- Datadog API key. + +## Deployment + +### Step 1: Prepare the Configuration File + +Create a configuration file named `otel-config.yaml` with the following content. Be sure to replace the placeholders with your actual values: + +```yaml +receivers: + prometheus: + config: + scrape_configs: + - job_name: 'prometheus' + metrics_path: /api/v1alpha/metrics + scrape_interval: 15s + static_configs: + - targets: [''] + basic_auth: + username: '' + password: '' + +exporters: + datadog: + api: + site: "" + key: "" + +service: + pipelines: + metrics: + receivers: [prometheus] + processors: [] + exporters: [datadog] +``` + +### Step 2: Deploy the OpenTelemetry Collector + +Run the following Docker command to deploy the OpenTelemetry Collector: + +```bash +docker run --rm -d --name otel-collector -v "$(pwd)/otel-config.yaml:/otel-config.yaml" otel/opentelemetry-collector-contrib:latest --config=/otel-config.yaml +``` + +This command will start the OpenTelemetry Collector, which will begin scraping metrics from your AuthZed Dedicated instance and exporting them to Datadog. + +### Step 3: Verify the Metrics in Datadog + +Log in to your Datadog account and navigate to the metrics section. You should see the metrics from your AuthZed Dedicated instance being reported. + +## Configuration Details + +- ``: Replace with the URL of your AuthZed Dedicated instance (e.g., `example.app.aws.authzed.net`). +- `` and ``: Replace with the username and password for basic authentication to access your AuthZed metrics endpoint. +- ``: Replace with your Datadog site URL (e.g., `us5.datadoghq.com`). +- ``: Replace with your Datadog API key. + +## Troubleshooting + +If you encounter issues: + +- Ensure that the `otel-config.yaml` file is correctly configured and that all placeholders are replaced with actual values. +- Check the Docker container logs for any errors: + + ``` + docker logs otel-collector + ``` + +- Verify that your AuthZed Dedicated instance is accessible and that the credentials are correct. +- Confirm that your Datadog API key and site are correct. \ No newline at end of file diff --git a/authzed-dedicated-metrics/otel-collector/env-vars.sh b/authzed-dedicated-metrics/otel-collector/env-vars.sh new file mode 100644 index 0000000..f13eb63 --- /dev/null +++ b/authzed-dedicated-metrics/otel-collector/env-vars.sh @@ -0,0 +1,5 @@ + export PROMETHEUS_USERNAME='' + export PROMETHEUS_PASSWORD='' + export OTEL_EXPORTER_OTLP_ENDPOINT="https://:443" + export OTEL_EXPORTER_OTLP_HEADERS="your-service-key" + export OTEL_SERVICE_NAME="authzed-" \ No newline at end of file diff --git a/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml b/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml new file mode 100644 index 0000000..35a84f8 --- /dev/null +++ b/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml @@ -0,0 +1,24 @@ +receivers: + prometheus: + config: + scrape_configs: + - job_name: 'prometheus' + metrics_path: /api/v1alpha/metrics + scrape_interval: 15s + static_configs: + - targets: ['app.admin.demo.aws.authzed.net'] + basic_auth: + username: ${PROMETHEUS_USERNAME} + password: ${PROMETHEUS_PASSWORD} + +exporters: + otlp: + endpoint: ${OTEL_EXPORTER_OTLP_ENDPOINT} + headers: + x-honeycomb-team: ${OTEL_EXPORTER_OTLP_HEADERS} + +service: + pipelines: + metrics: + receivers: [prometheus] + exporters: [otlp] diff --git a/authzed-dedicated-metrics/otel-collector/readme.md b/authzed-dedicated-metrics/otel-collector/readme.md new file mode 100644 index 0000000..82bcbd1 --- /dev/null +++ b/authzed-dedicated-metrics/otel-collector/readme.md @@ -0,0 +1,58 @@ + +# OpenTelemetry Collector - AuthZed Dedicated + +This repository provides a simple setup for running the OpenTelemetry Collector in a Docker container, configured to scrape metrics from a Prometheus endpoint and export to a metrics collection service. + +## Prerequisites + +- Docker installed on your machine +- A Prometheus endpoint with valid credentials +- A metrics service account and API key + +## Setup + + +2. **Create the `env-vars.sh` File** + + Edit the file named `env-vars.sh` in the root of the repository with the following content: + + ```sh + export PROMETHEUS_USERNAME='' + export PROMETHEUS_PASSWORD='' + export OTEL_EXPORTER_OTLP_ENDPOINT="https://otel-metrics-service-url" + export OTEL_EXPORTER_OTLP_HEADERS="your-service-key" + export OTEL_SERVICE_NAME="authzed-" + ``` + + Replace the placeholder values with your actual credentials and configurations. + +3. **Create the Configuration File** + + Edit the file named `otel-collector-config.yaml` in the root of the repository. + +4. **Make the Script Executable** + + Make the `run-otel-collector.sh` script executable: + + ```bash + chmod +x run-otel-collector.sh + ``` + +5. **Run the Script** + + Run the script to start the OpenTelemetry Collector Docker container with the configured settings: + + ```bash + ./run-otel-collector.sh + ``` + +## Files + +- `env-vars.sh`: Contains the environment variables for Prometheus and Honeycomb configuration. +- `otel-collector-config.yaml`: Configuration file for the OpenTelemetry Collector. +- `run-otel-collector.sh`: Shell script to load environment variables and run the OpenTelemetry Collector Docker container. + + +## Contact + +If you have any questions or need further assistance, feel free to open an issue or contact support@authzed.com \ No newline at end of file diff --git a/authzed-dedicated-metrics/otel-collector/run-otel-collector.sh b/authzed-dedicated-metrics/otel-collector/run-otel-collector.sh new file mode 100644 index 0000000..0deebe3 --- /dev/null +++ b/authzed-dedicated-metrics/otel-collector/run-otel-collector.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Load environment variables from file +source ./env-vars.sh + +# Check if all necessary environment variables are set +if [[ -z "$PROMETHEUS_USERNAME" || -z "$PROMETHEUS_PASSWORD" || -z "$OTEL_EXPORTER_OTLP_ENDPOINT" || -z "$OTEL_EXPORTER_OTLP_HEADERS" || -z "$OTEL_SERVICE_NAME" ]]; then + echo "One or more environment variables are not set. Please check your env-vars.sh file." + exit 1 +fi + +# Run OpenTelemetry Collector Docker container +docker run --rm -it \ + -v $(pwd)/otel-collector-config.yaml:/otel-collector-config.yaml \ + -e PROMETHEUS_USERNAME="$PROMETHEUS_USERNAME" \ + -e PROMETHEUS_PASSWORD="$PROMETHEUS_PASSWORD" \ + -e OTEL_EXPORTER_OTLP_ENDPOINT="$OTEL_EXPORTER_OTLP_ENDPOINT" \ + -e OTEL_EXPORTER_OTLP_HEADERS="$OTEL_EXPORTER_OTLP_HEADERS" \ + -e OTEL_SERVICE_NAME="$OTEL_SERVICE_NAME" \ + otel/opentelemetry-collector:latest \ + --config otel-collector-config.yaml diff --git a/authzed-dedicated-metrics/prometheus-grafana/README.md b/authzed-dedicated-metrics/prometheus-grafana/README.md new file mode 100644 index 0000000..f81ec85 --- /dev/null +++ b/authzed-dedicated-metrics/prometheus-grafana/README.md @@ -0,0 +1,73 @@ +### AuthZed Dedicated - Prometheus & Grafana + +## Configuring Prometheus to Scrape Metrics from AuthZed Dedicated + +To enable Prometheus to scrape metrics from your permission system, configure the `scrape_config` section in prometheus.yml. + +1. Open `prometheus.yml` in an editor. + +2. Add the following `scrape_config` section to your configuration file, replacing the placeholder values with your specific details: + + ```yaml + scrape_configs: + - job_name: "exported-metrics-from-[permission-system]" + metrics_path: /api/v1alpha/metrics + basic_auth: + username: "[permission-system]" + password: "[token]" + static_configs: + - targets: + - "[authzed-dashboard-url]" + ``` + +### Required Values + +- **job_name**: Replace `[permission-system]` with the name of your permission system. This identifies the job in Prometheus. + - Example: `job_name: "exported-metrics-from-my-permission-system"` + +- **metrics_path**: Set to `/api/v1alpha/metrics`. + +- **basic_auth**: + - **username**: Replace `[permission-system]` with the permission system name used for basic authentication. + - Example: `username: "my-permission-system"` + - **password**: Replace `[token]` with the token for basic authentication. + - Example: `password: "doGXlyJdtjZHOdCw486t"` + +- **static_configs**: + - **targets**: Replace `[authzed-dashboard-url]` with the URL of your Authzed dashboard. + + - Example: `targets: ["https://app.demo.aws.authzed.net"]` + +### Example Configuration + +Here's an example of a filled-out configuration: + + ```yaml + scrape_configs: + - job_name: "exported-metrics-from-my-permission-system" + metrics_path: /api/v1alpha/metrics + basic_auth: + username: "my-permission-system" + password: "my-secret-token" + static_configs: + - targets: + - "https://app.demo.aws.authzed.net" + ``` + + +3. Save prometheus.yml + +4. Run `docker compose up` + + +### Ports: + +Prometheus: 9090 +Grafana: 3000 + + + + + + + diff --git a/authzed-dedicated-metrics/prometheus-grafana/compose.yaml b/authzed-dedicated-metrics/prometheus-grafana/compose.yaml new file mode 100644 index 0000000..85a6b82 --- /dev/null +++ b/authzed-dedicated-metrics/prometheus-grafana/compose.yaml @@ -0,0 +1,25 @@ +services: + prometheus: + image: prom/prometheus:latest + container_name: prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + ports: + - 9090:9090 + restart: unless-stopped + volumes: + - ./prometheus:/etc/prometheus + - prom_data:/prometheus + grafana: + image: grafana/grafana:latest + container_name: grafana + ports: + - 3000:3000 + restart: unless-stopped + environment: + - GF_SECURITY_ADMIN_USER=admin + - GF_SECURITY_ADMIN_PASSWORD=grafana + volumes: + - ./grafana:/etc/grafana/provisioning/datasources +volumes: + prom_data: diff --git a/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml b/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml new file mode 100644 index 0000000..d7b8286 --- /dev/null +++ b/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml @@ -0,0 +1,9 @@ +apiVersion: 1 + +datasources: +- name: Prometheus + type: prometheus + url: http://prometheus:9090 + isDefault: true + access: proxy + editable: true diff --git a/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml b/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml new file mode 100644 index 0000000..604423c --- /dev/null +++ b/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml @@ -0,0 +1,31 @@ +global: + scrape_interval: 15s + scrape_timeout: 10s + evaluation_interval: 15s + +alerting: + alertmanagers: + - static_configs: + - targets: [] + +scrape_configs: + - job_name: prometheus + honor_timestamps: true + scrape_interval: 15s + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + static_configs: + - targets: + - localhost:9090 + - job_name: "exported-metrics-from-[permission-system]" + metrics_path: /api/v1alpha/metrics + basic_auth: + username: "[permission-system]" + password: "[token]" + static_configs: + - targets: + - "[authzed-dashboard-url]" + + + diff --git a/authzed-dedicated-metrics/readme.md b/authzed-dedicated-metrics/readme.md new file mode 100644 index 0000000..7b7bb49 --- /dev/null +++ b/authzed-dedicated-metrics/readme.md @@ -0,0 +1,18 @@ +# AuthZed Dedicated Metrics + +This collection of examples is designed to help you collect metrics from AuthZed Dedicated instances. + + +## What's Inside + +- **OpenTelemetry Collector Configuration**: Examples on how to use the OpenTelemetry Collector to scrape metrics from AuthZed Dedicated and export them to monitoring platforms like Datadog. +- **Prometheus Configurations**: Preconfigured examples for setting up Prometheus to collect metrics from your AuthZed instances. +- **Grafana Dashboard**: Sample dashboards for visualizing the collected metrics, providing insights into the performance and health of your AuthZed Dedicated instance. + +## Contributing + +Contributions are welcome! If you have an example or improvement to share, feel free to submit a pull request. + +## Support + +If you encounter any issues or have questions, please open an issue in this repository or e-mail support@authzed.com From 18b4888a6094ee0cb9c95bf0e797d956d512b081 Mon Sep 17 00:00:00 2001 From: Alec Merdler Date: Mon, 12 Aug 2024 10:56:59 -0400 Subject: [PATCH 2/2] fixed yamllint errors --- .../datadog/otel-config.yaml | 19 ++++++------ .../otel-collector/env-vars.sh | 10 +++---- .../otel-collector/otel-collector-config.yaml | 23 +++++++-------- .../prometheus-grafana/README.md | 9 ------ .../prometheus-grafana/compose.yaml | 29 ++++++++++--------- .../prometheus-grafana/grafana/datasource.yml | 16 +++++----- .../prometheus/prometheus.yml | 28 ++++++++---------- 7 files changed, 60 insertions(+), 74 deletions(-) diff --git a/authzed-dedicated-metrics/datadog/otel-config.yaml b/authzed-dedicated-metrics/datadog/otel-config.yaml index 2c2e309..e8e0dd6 100644 --- a/authzed-dedicated-metrics/datadog/otel-config.yaml +++ b/authzed-dedicated-metrics/datadog/otel-config.yaml @@ -1,25 +1,24 @@ +--- receivers: prometheus: config: scrape_configs: - - job_name: 'prometheus' - metrics_path: /api/v1alpha/metrics - scrape_interval: 15s + - job_name: "prometheus" + metrics_path: "/api/v1alpha/metrics" + scrape_interval: "15s" static_configs: - - targets: [''] + - targets: [""] basic_auth: - username: '' - password: '' - + username: "" + password: "" exporters: datadog: api: site: "" key: "" - service: pipelines: metrics: - receivers: [prometheus] + receivers: ["prometheus"] processors: [] - exporters: [datadog] + exporters: ["datadog"] diff --git a/authzed-dedicated-metrics/otel-collector/env-vars.sh b/authzed-dedicated-metrics/otel-collector/env-vars.sh index f13eb63..844fa21 100644 --- a/authzed-dedicated-metrics/otel-collector/env-vars.sh +++ b/authzed-dedicated-metrics/otel-collector/env-vars.sh @@ -1,5 +1,5 @@ - export PROMETHEUS_USERNAME='' - export PROMETHEUS_PASSWORD='' - export OTEL_EXPORTER_OTLP_ENDPOINT="https://:443" - export OTEL_EXPORTER_OTLP_HEADERS="your-service-key" - export OTEL_SERVICE_NAME="authzed-" \ No newline at end of file +export PROMETHEUS_USERNAME='' +export PROMETHEUS_PASSWORD='' +export OTEL_EXPORTER_OTLP_ENDPOINT="https://:443" +export OTEL_EXPORTER_OTLP_HEADERS="your-service-key" +export OTEL_SERVICE_NAME="authzed-" diff --git a/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml b/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml index 35a84f8..af386f2 100644 --- a/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml +++ b/authzed-dedicated-metrics/otel-collector/otel-collector-config.yaml @@ -1,24 +1,23 @@ +--- receivers: prometheus: config: scrape_configs: - - job_name: 'prometheus' - metrics_path: /api/v1alpha/metrics - scrape_interval: 15s + - job_name: "prometheus" + metrics_path: "/api/v1alpha/metrics" + scrape_interval: "15s" static_configs: - - targets: ['app.admin.demo.aws.authzed.net'] + - targets: ["app.admin.demo.aws.authzed.net"] basic_auth: - username: ${PROMETHEUS_USERNAME} - password: ${PROMETHEUS_PASSWORD} - + username: ${PROMETHEUS_USERNAME} # yamllint disable-line rule:quoted-strings + password: ${PROMETHEUS_PASSWORD} # yamllint disable-line rule:quoted-strings exporters: otlp: - endpoint: ${OTEL_EXPORTER_OTLP_ENDPOINT} + endpoint: ${OTEL_EXPORTER_OTLP_ENDPOINT} # yamllint disable-line rule:quoted-strings headers: - x-honeycomb-team: ${OTEL_EXPORTER_OTLP_HEADERS} - + x-honeycomb-team: ${OTEL_EXPORTER_OTLP_HEADERS} # yamllint disable-line rule:quoted-strings service: pipelines: metrics: - receivers: [prometheus] - exporters: [otlp] + receivers: ["prometheus"] + exporters: ["otlp"] diff --git a/authzed-dedicated-metrics/prometheus-grafana/README.md b/authzed-dedicated-metrics/prometheus-grafana/README.md index f81ec85..71eb5d4 100644 --- a/authzed-dedicated-metrics/prometheus-grafana/README.md +++ b/authzed-dedicated-metrics/prometheus-grafana/README.md @@ -54,20 +54,11 @@ Here's an example of a filled-out configuration: - "https://app.demo.aws.authzed.net" ``` - 3. Save prometheus.yml 4. Run `docker compose up` - ### Ports: Prometheus: 9090 Grafana: 3000 - - - - - - - diff --git a/authzed-dedicated-metrics/prometheus-grafana/compose.yaml b/authzed-dedicated-metrics/prometheus-grafana/compose.yaml index 85a6b82..d27c8ab 100644 --- a/authzed-dedicated-metrics/prometheus-grafana/compose.yaml +++ b/authzed-dedicated-metrics/prometheus-grafana/compose.yaml @@ -1,25 +1,26 @@ +--- services: prometheus: - image: prom/prometheus:latest - container_name: prometheus + image: "prom/prometheus:latest" + container_name: "prometheus" command: - - '--config.file=/etc/prometheus/prometheus.yml' + - "--config.file=/etc/prometheus/prometheus.yml" ports: - - 9090:9090 - restart: unless-stopped + - "9090:9090" + restart: "unless-stopped" volumes: - - ./prometheus:/etc/prometheus - - prom_data:/prometheus + - "./prometheus:/etc/prometheus" + - "prom_data:/prometheus" grafana: - image: grafana/grafana:latest - container_name: grafana + image: "grafana/grafana:latest" + container_name: "grafana" ports: - - 3000:3000 - restart: unless-stopped + - "3000:3000" + restart: "unless-stopped" environment: - - GF_SECURITY_ADMIN_USER=admin - - GF_SECURITY_ADMIN_PASSWORD=grafana + - "GF_SECURITY_ADMIN_USER=admin" + - "GF_SECURITY_ADMIN_PASSWORD=grafana" volumes: - - ./grafana:/etc/grafana/provisioning/datasources + - "./grafana:/etc/grafana/provisioning/datasources" volumes: prom_data: diff --git a/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml b/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml index d7b8286..d7218aa 100644 --- a/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml +++ b/authzed-dedicated-metrics/prometheus-grafana/grafana/datasource.yml @@ -1,9 +1,9 @@ -apiVersion: 1 - +--- +apiVersion: "1" datasources: -- name: Prometheus - type: prometheus - url: http://prometheus:9090 - isDefault: true - access: proxy - editable: true + - name: "Prometheus" + type: "prometheus" + url: "http://prometheus:9090" + isDefault: true + access: "proxy" + editable: true diff --git a/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml b/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml index 604423c..637699e 100644 --- a/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml +++ b/authzed-dedicated-metrics/prometheus-grafana/prometheus/prometheus.yml @@ -1,31 +1,27 @@ +--- global: - scrape_interval: 15s - scrape_timeout: 10s - evaluation_interval: 15s - + scrape_interval: "15s" + scrape_timeout: "10s" + evaluation_interval: "15s" alerting: alertmanagers: - static_configs: - targets: [] - scrape_configs: - - job_name: prometheus + - job_name: "prometheus" honor_timestamps: true - scrape_interval: 15s - scrape_timeout: 10s - metrics_path: /metrics - scheme: http + scrape_interval: "15s" + scrape_timeout: "10s" + metrics_path: "/metrics" + scheme: "http" static_configs: - targets: - - localhost:9090 + - "localhost:9090" - job_name: "exported-metrics-from-[permission-system]" - metrics_path: /api/v1alpha/metrics + metrics_path: "/api/v1alpha/metrics" basic_auth: username: "[permission-system]" password: "[token]" static_configs: - targets: - - "[authzed-dashboard-url]" - - - + - "[authzed-dashboard-url]"