monitor

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ComposeFileName            = "compose.yaml"
	OtelConfigFileName         = "otel-config.yaml"
	PrometheusFileName         = "prometheus.yaml"
	OpenSearchBootstrapDirName = "opensearch-bootstrap"
)

Template file names for writing to disk

View Source 
const (
	OtelCollectorImage        = "otel/opentelemetry-collector-contrib:0.148.0@sha256:8164eab2e6bca9c9b0837a8d2f118a6618489008a839db7f9d6510e66be3923c"
	PrometheusImage           = "prom/prometheus:v3.10.0@sha256:4a61322ac1103a0e3aea2a61ef1718422a48fa046441f299d71e660a3bc71ae9"
	OpenSearchImage           = "opensearchproject/opensearch:3.6.0@sha256:57bd3c879ad27123a9a6cd75e2adba504189d3131d00a669f3baf9210bc4538c"
	OpenSearchDashboardsImage = "opensearchproject/opensearch-dashboards:3.6.0@sha256:9fe2cbf1d82c3f66a0860ed140415692ce55de4711ed7877ab738e5da1a357c0"
	// CurlImage is the throwaway shell the clawker-opensearch-bootstrap
	// service uses to PUT index templates / ISM policies and POST saved
	// objects against OpenSearch + Dashboards once they're healthy.
	// curlimages/curl is Alpine-based, ships /bin/sh + curl, ~10 MB.
	CurlImage = "curlimages/curl:8.17.0@sha256:935d9100e9ba842cdb060de42472c7ca90cfe9a7c96e4dacb55e79e560b3ff40"
)

Monitoring stack container images — pinned to version + SHA256 manifest-list digest. All digests are multi-arch (linux/amd64 + linux/arm64) — verify with `docker buildx imagetools inspect <pin>` before bumping.

Variables

View Source 
var ComposeTemplate string
View Source 
var OpenSearchBootstrapFS embed.FS

OpenSearchBootstrapFS embeds the bootstrap asset tree (script + index templates + ISM policies + saved objects). `monitor init` walks this FS and writes each file to <workdir>/opensearch-bootstrap/. Only `bootstrap.sh.tmpl` is templated; the JSON/NDJSON payloads ship verbatim so users can audit them as static config.

View Source 
var OtelConfigTemplate string
View Source 
var PrometheusTemplate string

Functions

func RenderTemplate added in v0.1.6 

func RenderTemplate(name, tmplContent string, data MonitorTemplateData) (string, error)

RenderTemplate renders a Go text/template with the given data.

func WriteOpenSearchBootstrap added in v0.9.0 

func WriteOpenSearchBootstrap(destDir string, data MonitorTemplateData) error

WriteOpenSearchBootstrap mirrors OpenSearchBootstrapFS into destDir, preserving directory structure. Files ending in `.tmpl` are rendered with MonitorTemplateData and written with the `.tmpl` suffix stripped; everything else (JSON, NDJSON) is copied verbatim.

The destination is the workdir subdir bind-mounted into the clawker-opensearch-bootstrap container at /opensearch-bootstrap, so the on-disk layout mirrors what the script reads at runtime. Callers (monitor init) should pass `<monitorDir>/<OpenSearchBootstrapDirName>`.

Idempotent: existing files are unconditionally overwritten. `monitor init` already enforces the `--force` gate at the top level, so when this runs the caller has decided to (re)render.

Types

type MonitorTemplateData added in v0.1.6 

type MonitorTemplateData struct {
	// Ports — single value drives both sides of the host:container
	// publish mapping AND the container's own listener config (Prometheus
	// --web.listen-address, OpenSearch http.port, Dashboards SERVER_PORT,
	// otel-collector receiver endpoints in otel-config.yaml.tmpl). User
	// changes one knob in Settings.Monitoring and host + internal move
	// together.
	OtelCollectorPort        int
	OtelGRPCPort             int // independent of HTTP port
	OtelInfraPort            int // mTLS-gated host-loopback receiver for trusted infra push (clawker-cp + firewall Envoy + CoreDNS)
	PrometheusPort           int
	PrometheusMetricsPort    int
	OpenSearchPort           int
	OpenSearchDashboardsPort int

	// OpenSearch JVM heap (MB) for both -Xms and -Xmx.
	OpenSearchHeapMB int

	// Service hostnames on clawker-net (compose service keys + cross-service
	// references). Mirror consts.MonitoringService*.
	OtelCollectorService        string
	PrometheusService           string
	OpenSearchNodeService       string
	OpenSearchDashboardsService string

	// Host-side paths for CLI-issued mTLS material that gates the
	// trusted otlp/infra receiver. Populated unconditionally by
	// `monitor init` from internal/consts after EnsureAuthMaterial
	// succeeds. The otel-config.yaml template renders the otlp/infra
	// receiver and trusted pipelines unconditionally — it has no
	// `{{ if }}` gate. Degradation is sender-side only: when an infra
	// sender (CP / Envoy / CoreDNS) lacks a valid client cert it stays
	// off this lane (see internal/monitor/CLAUDE.md "Trusted block
	// conditionality"). compose.yaml.tmpl gates the bind mounts + port
	// publish on OtelInfraPort, so a zero port suppresses the host-side
	// wiring even though the receiver block is still emitted into
	// otel-config.
	OtelServerCertHostPath string
	OtelServerKeyHostPath  string
	OtelCAHostPath         string

	// Host paths consumed by the otel-collector's hostmetrics +
	// docker_stats receivers. HostFilesystem is hardcoded to "/" — Linux
	// host root or Docker Desktop VM root; mounted RO at /hostfs.
	// DockerSocketPath comes from Settings.Docker.Socket (defaults to
	// /var/run/docker.sock); mounted RO at /var/run/docker.sock.
	HostFilesystem   string
	DockerSocketPath string

	// Container images — version + SHA256 pinned.
	OtelCollectorImage        string
	PrometheusImage           string
	OpenSearchImage           string
	OpenSearchDashboardsImage string
	CurlImage                 string

	// OpenSearchBootstrapDirName is the subdir of the rendered monitor
	// workdir that holds bootstrap.sh + index-templates/ + ism-policies/
	// + saved-objects/. Bind-mounted into the bootstrap container at
	// /opensearch-bootstrap. Lifted to a template field so the compose
	// volume mount and the on-disk layout stay in sync from one constant.
	OpenSearchBootstrapDirName string
}

MonitorTemplateData provides values for rendering monitoring stack templates.

Service hostnames are sourced from [consts.MonitoringService*] so the compose template, otel-config endpoints, and the CoreDNS internalHosts list in `internal/controlplane/firewall/coredns_config.go` cannot drift.

func NewMonitorTemplateData added in v0.1.6 

func NewMonitorTemplateData(s *config.Settings) MonitorTemplateData

NewMonitorTemplateData constructs template data from Settings. Service hostnames are populated from [consts.MonitoringService*] — changing a hostname in consts propagates here without further edits. Settings.Monitoring drives ports/heap; Settings.Docker.Socket feeds the otel-collector docker_stats receiver mount.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.