From 5de059d7ea91374732418da9430120f48988f7fb Mon Sep 17 00:00:00 2001 From: ATM Platform Date: Tue, 16 Jun 2026 21:44:56 +0000 Subject: [PATCH] feat: metricas backend (1.3) + ServiceMonitor + dashboard + netpol monitoring; rename ingress acme --- .../monitoring/athleticmap-dashboard.yaml | 51 +++++++++++++++++++ .../monitoring/backends-servicemonitor.yaml | 18 +++++++ tenants/acme/30-apps-stubs.yaml | 12 ++--- tenants/demo/30-apps-stubs.yaml | 10 ++-- tenants/piloto/00-namespace-quota-netpol.yaml | 3 ++ tenants/piloto/30-apps-stubs.yaml | 8 +-- 6 files changed, 87 insertions(+), 15 deletions(-) create mode 100644 platform/monitoring/athleticmap-dashboard.yaml create mode 100644 platform/monitoring/backends-servicemonitor.yaml diff --git a/platform/monitoring/athleticmap-dashboard.yaml b/platform/monitoring/athleticmap-dashboard.yaml new file mode 100644 index 0000000..6a999a1 --- /dev/null +++ b/platform/monitoring/athleticmap-dashboard.yaml @@ -0,0 +1,51 @@ +# Dashboard Grafana dos backends Athletic Map (auto-importado pelo sidecar via label grafana_dashboard) +apiVersion: v1 +kind: ConfigMap +metadata: + name: athleticmap-dashboard + namespace: monitoring + labels: + grafana_dashboard: "1" +data: + athleticmap-backends.json: | + { + "title": "Athletic Map — Backends", + "uid": "athleticmap-backends", + "tags": ["athleticmap"], + "timezone": "browser", + "schemaVersion": 39, + "version": 1, + "refresh": "30s", + "time": { "from": "now-6h", "to": "now" }, + "templating": { + "list": [ + { "name": "datasource", "type": "datasource", "query": "prometheus", "hide": 0, "current": {} } + ] + }, + "panels": [ + { + "type": "timeseries", "title": "HTTP req/s por tenant", + "gridPos": { "h": 8, "w": 12, "x": 0, "y": 0 }, + "datasource": { "type": "prometheus", "uid": "${datasource}" }, + "targets": [ { "expr": "sum(rate(http_server_requests_seconds_count[5m])) by (tenant)", "legendFormat": "{{tenant}}" } ] + }, + { + "type": "timeseries", "title": "p95 latencia (s) por tenant", + "gridPos": { "h": 8, "w": 12, "x": 12, "y": 0 }, + "datasource": { "type": "prometheus", "uid": "${datasource}" }, + "targets": [ { "expr": "histogram_quantile(0.95, sum(rate(http_server_requests_seconds_bucket[5m])) by (le,tenant))", "legendFormat": "{{tenant}}" } ] + }, + { + "type": "timeseries", "title": "JVM heap usado (bytes) por tenant", + "gridPos": { "h": 8, "w": 12, "x": 0, "y": 8 }, + "datasource": { "type": "prometheus", "uid": "${datasource}" }, + "targets": [ { "expr": "sum(jvm_memory_used_bytes{area=\"heap\"}) by (tenant)", "legendFormat": "{{tenant}}" } ] + }, + { + "type": "timeseries", "title": "CPU do processo por tenant", + "gridPos": { "h": 8, "w": 12, "x": 12, "y": 8 }, + "datasource": { "type": "prometheus", "uid": "${datasource}" }, + "targets": [ { "expr": "sum(process_cpu_usage) by (tenant)", "legendFormat": "{{tenant}}" } ] + } + ] + } diff --git a/platform/monitoring/backends-servicemonitor.yaml b/platform/monitoring/backends-servicemonitor.yaml new file mode 100644 index 0000000..76c6436 --- /dev/null +++ b/platform/monitoring/backends-servicemonitor.yaml @@ -0,0 +1,18 @@ +# Scrape das metricas Prometheus dos backends Spring Boot (qualquer tenant: service label app=backend) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: athleticmap-backends + namespace: monitoring + labels: + release: monitoring +spec: + namespaceSelector: + any: true + selector: + matchLabels: + app: backend + endpoints: + - port: http + path: /actuator/prometheus + interval: 30s diff --git a/tenants/acme/30-apps-stubs.yaml b/tenants/acme/30-apps-stubs.yaml index 6eeaeec..5386990 100644 --- a/tenants/acme/30-apps-stubs.yaml +++ b/tenants/acme/30-apps-stubs.yaml @@ -1,11 +1,11 @@ # Apps do tenant demo: -# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.2, porta 8083) +# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.3, porta 8083) # - frontend: SPA OIDC Authorization Code + PKCE (keycloak-js) chamando /api/me # - bff: stub (whoami) --- apiVersion: apps/v1 kind: Deployment -metadata: { name: backend, namespace: acme-prod } +metadata: { name: backend, namespace: acme-prod, labels: { app: backend } } spec: replicas: 1 selector: { matchLabels: { app: backend } } @@ -14,7 +14,7 @@ spec: spec: containers: - name: backend - image: docker.io/library/athletic-map-backend:1.2 + image: docker.io/library/athletic-map-backend:1.3 imagePullPolicy: Never env: - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" } @@ -29,10 +29,10 @@ spec: --- apiVersion: v1 kind: Service -metadata: { name: backend, namespace: acme-prod } +metadata: { name: backend, namespace: acme-prod, labels: { app: backend } } spec: selector: { app: backend } - ports: [{ port: 80, targetPort: 8083 }] + ports: [{ name: http, port: 80, targetPort: 8083 }] --- apiVersion: apps/v1 kind: Deployment @@ -126,7 +126,7 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: demo + name: acme namespace: acme-prod annotations: cert-manager.io/cluster-issuer: letsencrypt-prod diff --git a/tenants/demo/30-apps-stubs.yaml b/tenants/demo/30-apps-stubs.yaml index 313e503..69cdf8d 100644 --- a/tenants/demo/30-apps-stubs.yaml +++ b/tenants/demo/30-apps-stubs.yaml @@ -1,11 +1,11 @@ # Apps do tenant demo: -# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.2, porta 8083) +# - backend: Spring Boot OAuth2 Resource Server (imagem athletic-map-backend:1.3, porta 8083) # - frontend: SPA OIDC Authorization Code + PKCE (keycloak-js) chamando /api/me # - bff: stub (whoami) --- apiVersion: apps/v1 kind: Deployment -metadata: { name: backend, namespace: demo-prod } +metadata: { name: backend, namespace: demo-prod, labels: { app: backend } } spec: replicas: 1 selector: { matchLabels: { app: backend } } @@ -14,7 +14,7 @@ spec: spec: containers: - name: backend - image: docker.io/library/athletic-map-backend:1.2 + image: docker.io/library/athletic-map-backend:1.3 imagePullPolicy: Never env: - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" } @@ -29,10 +29,10 @@ spec: --- apiVersion: v1 kind: Service -metadata: { name: backend, namespace: demo-prod } +metadata: { name: backend, namespace: demo-prod, labels: { app: backend } } spec: selector: { app: backend } - ports: [{ port: 80, targetPort: 8083 }] + ports: [{ name: http, port: 80, targetPort: 8083 }] --- apiVersion: apps/v1 kind: Deployment diff --git a/tenants/piloto/00-namespace-quota-netpol.yaml b/tenants/piloto/00-namespace-quota-netpol.yaml index de41666..d3ecff4 100644 --- a/tenants/piloto/00-namespace-quota-netpol.yaml +++ b/tenants/piloto/00-namespace-quota-netpol.yaml @@ -55,6 +55,9 @@ spec: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system # Traefik (ingress) + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring egress: - to: # intra-namespace (pods) + ClusterIPs (VIP de service, pre-DNAT) - podSelector: {} diff --git a/tenants/piloto/30-apps-stubs.yaml b/tenants/piloto/30-apps-stubs.yaml index 45aa351..99e347c 100644 --- a/tenants/piloto/30-apps-stubs.yaml +++ b/tenants/piloto/30-apps-stubs.yaml @@ -5,7 +5,7 @@ --- apiVersion: apps/v1 kind: Deployment -metadata: { name: backend, namespace: piloto-prod } +metadata: { name: backend, namespace: piloto-prod, labels: { app: backend } } spec: replicas: 1 selector: { matchLabels: { app: backend } } @@ -14,7 +14,7 @@ spec: spec: containers: - name: backend - image: docker.io/library/athletic-map-backend:1.2 + image: docker.io/library/athletic-map-backend:1.3 imagePullPolicy: Never env: - { name: ATM_JWK_SET_URI, value: "http://keycloak:8080/realms/athleticmap/protocol/openid-connect/certs" } @@ -29,10 +29,10 @@ spec: --- apiVersion: v1 kind: Service -metadata: { name: backend, namespace: piloto-prod } +metadata: { name: backend, namespace: piloto-prod, labels: { app: backend } } spec: selector: { app: backend } - ports: [{ port: 80, targetPort: 8083 }] + ports: [{ name: http, port: 80, targetPort: 8083 }] --- apiVersion: apps/v1 kind: Deployment