first claude draft

k8s/base/aggregator/configmap.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aggregator-config
+data:
+  REDIS_URL: "redis://redis:6379"
+  TIMESCALE_HOST: "timescaledb"
+  TIMESCALE_PORT: "5432"
+  TIMESCALE_USER: "monitor"
+  TIMESCALE_DB: "monitor"
+  GRPC_PORT: "50051"
+  SERVICE_NAME: "aggregator"
+  EVENTS_BACKEND: "redis_pubsub"
+  LOG_LEVEL: "INFO"
+  LOG_FORMAT: "json"

k8s/base/aggregator/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aggregator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: aggregator
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: aggregator
+    spec:
+      containers:
+        - name: aggregator
+          image: sysmonstm/aggregator:latest
+          ports:
+            - containerPort: 50051
+              name: grpc
+          envFrom:
+            - configMapRef:
+                name: aggregator-config
+          env:
+            - name: TIMESCALE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: timescaledb-secret
+                  key: password
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "256Mi"
+              cpu: "500m"
+          livenessProbe:
+            exec:
+              command: ["/bin/grpc_health_probe", "-addr=:50051"]
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            exec:
+              command: ["/bin/grpc_health_probe", "-addr=:50051"]
+            initialDelaySeconds: 5
+            periodSeconds: 5

k8s/base/aggregator/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app.kubernetes.io/name: aggregator
+  app.kubernetes.io/component: backend
+
+resources:
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml

k8s/base/aggregator/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: aggregator
+spec:
+  selector:
+    app.kubernetes.io/name: aggregator
+  ports:
+    - port: 50051
+      targetPort: grpc
+      name: grpc

k8s/base/alerts/configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: alerts-config
+data:
+  REDIS_URL: "redis://redis:6379"
+  TIMESCALE_HOST: "timescaledb"
+  TIMESCALE_PORT: "5432"
+  TIMESCALE_USER: "monitor"
+  TIMESCALE_DB: "monitor"
+  SERVICE_NAME: "alerts"
+  EVENTS_BACKEND: "redis_pubsub"
+  LOG_LEVEL: "INFO"
+  LOG_FORMAT: "json"

k8s/base/alerts/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: alerts
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: alerts
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: alerts
+    spec:
+      containers:
+        - name: alerts
+          image: sysmonstm/alerts:latest
+          envFrom:
+            - configMapRef:
+                name: alerts-config
+          env:
+            - name: TIMESCALE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: timescaledb-secret
+                  key: password
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "128Mi"
+              cpu: "200m"

k8s/base/alerts/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app.kubernetes.io/name: alerts
+  app.kubernetes.io/component: backend
+
+resources:
+  - deployment.yaml
+  - configmap.yaml

k8s/base/gateway/configmap.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gateway-config
+data:
+  REDIS_URL: "redis://redis:6379"
+  TIMESCALE_HOST: "timescaledb"
+  TIMESCALE_PORT: "5432"
+  TIMESCALE_USER: "monitor"
+  TIMESCALE_DB: "monitor"
+  AGGREGATOR_URL: "aggregator:50051"
+  HTTP_PORT: "8000"
+  SERVICE_NAME: "gateway"
+  EVENTS_BACKEND: "redis_pubsub"
+  LOG_LEVEL: "INFO"
+  LOG_FORMAT: "json"

k8s/base/gateway/deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gateway
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gateway
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: gateway
+    spec:
+      containers:
+        - name: gateway
+          image: sysmonstm/gateway:latest
+          ports:
+            - containerPort: 8000
+              name: http
+          envFrom:
+            - configMapRef:
+                name: gateway-config
+          env:
+            - name: TIMESCALE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: timescaledb-secret
+                  key: password
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "256Mi"
+              cpu: "500m"
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5

k8s/base/gateway/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app.kubernetes.io/name: gateway
+  app.kubernetes.io/component: frontend
+
+resources:
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml

k8s/base/gateway/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gateway
+spec:
+  selector:
+    app.kubernetes.io/name: gateway
+  ports:
+    - port: 8000
+      targetPort: http
+      name: http

k8s/base/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: sysmonstm
+
+commonLabels:
+  app.kubernetes.io/part-of: sysmonstm
+  app.kubernetes.io/managed-by: kustomize
+
+resources:
+  - namespace.yaml
+  - redis/
+  - timescaledb/
+  - aggregator/
+  - gateway/
+  - alerts/
+  # collector is deployed separately on each machine

k8s/base/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sysmonstm
+  labels:
+    app.kubernetes.io/name: sysmonstm

k8s/base/redis/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: redis
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7-alpine
+          ports:
+            - containerPort: 6379
+              name: redis
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "128Mi"
+              cpu: "200m"
+          livenessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          readinessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+            initialDelaySeconds: 5
+            periodSeconds: 5

k8s/base/redis/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app.kubernetes.io/name: redis
+  app.kubernetes.io/component: cache
+
+resources:
+  - deployment.yaml
+  - service.yaml

k8s/base/redis/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  selector:
+    app.kubernetes.io/name: redis
+  ports:
+    - port: 6379
+      targetPort: redis
+      name: redis

k8s/base/timescaledb/configmap.yaml

@@ -0,0 +1,94 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: timescaledb-init
+data:
+  init.sql: |
+    -- TimescaleDB initialization script
+    CREATE EXTENSION IF NOT EXISTS timescaledb;
+
+    CREATE TABLE IF NOT EXISTS metrics_raw (
+        time        TIMESTAMPTZ NOT NULL,
+        machine_id  TEXT NOT NULL,
+        hostname    TEXT NOT NULL,
+        metric_type TEXT NOT NULL,
+        value       DOUBLE PRECISION NOT NULL,
+        labels      JSONB DEFAULT '{}'::jsonb
+    );
+
+    SELECT create_hypertable('metrics_raw', 'time',
+        chunk_time_interval => INTERVAL '1 hour',
+        if_not_exists => TRUE
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_metrics_raw_machine
+        ON metrics_raw (machine_id, time DESC);
+    CREATE INDEX IF NOT EXISTS idx_metrics_raw_type
+        ON metrics_raw (metric_type, time DESC);
+
+    CREATE TABLE IF NOT EXISTS metrics_1m (
+        time        TIMESTAMPTZ NOT NULL,
+        machine_id  TEXT NOT NULL,
+        hostname    TEXT NOT NULL,
+        metric_type TEXT NOT NULL,
+        avg_value   DOUBLE PRECISION NOT NULL,
+        min_value   DOUBLE PRECISION NOT NULL,
+        max_value   DOUBLE PRECISION NOT NULL,
+        sample_count INTEGER NOT NULL
+    );
+
+    SELECT create_hypertable('metrics_1m', 'time',
+        chunk_time_interval => INTERVAL '1 day',
+        if_not_exists => TRUE
+    );
+
+    CREATE TABLE IF NOT EXISTS machines (
+        machine_id  TEXT PRIMARY KEY,
+        hostname    TEXT NOT NULL,
+        first_seen  TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+        last_seen   TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+        metadata    JSONB DEFAULT '{}'::jsonb,
+        health      TEXT NOT NULL DEFAULT 'UNKNOWN'
+    );
+
+    CREATE TABLE IF NOT EXISTS alert_rules (
+        id          SERIAL PRIMARY KEY,
+        name        TEXT NOT NULL UNIQUE,
+        metric_type TEXT NOT NULL,
+        operator    TEXT NOT NULL,
+        threshold   DOUBLE PRECISION NOT NULL,
+        severity    TEXT NOT NULL,
+        enabled     BOOLEAN NOT NULL DEFAULT TRUE,
+        created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+        updated_at  TIMESTAMPTZ NOT NULL DEFAULT NOW()
+    );
+
+    CREATE TABLE IF NOT EXISTS alerts (
+        id          SERIAL,
+        time        TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+        machine_id  TEXT NOT NULL,
+        rule_id     INTEGER REFERENCES alert_rules(id),
+        rule_name   TEXT NOT NULL,
+        metric_type TEXT NOT NULL,
+        value       DOUBLE PRECISION NOT NULL,
+        threshold   DOUBLE PRECISION NOT NULL,
+        severity    TEXT NOT NULL,
+        resolved_at TIMESTAMPTZ,
+        PRIMARY KEY (id, time)
+    );
+
+    SELECT create_hypertable('alerts', 'time',
+        chunk_time_interval => INTERVAL '1 day',
+        if_not_exists => TRUE
+    );
+
+    SELECT add_retention_policy('metrics_raw', INTERVAL '24 hours', if_not_exists => TRUE);
+    SELECT add_retention_policy('alerts', INTERVAL '30 days', if_not_exists => TRUE);
+
+    INSERT INTO alert_rules (name, metric_type, operator, threshold, severity)
+    VALUES
+        ('High CPU Usage', 'CPU_PERCENT', 'gt', 80.0, 'warning'),
+        ('Critical CPU Usage', 'CPU_PERCENT', 'gt', 95.0, 'critical'),
+        ('High Memory Usage', 'MEMORY_PERCENT', 'gt', 85.0, 'warning'),
+        ('Critical Memory Usage', 'MEMORY_PERCENT', 'gt', 95.0, 'critical')
+    ON CONFLICT (name) DO NOTHING;

k8s/base/timescaledb/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  app.kubernetes.io/name: timescaledb
+  app.kubernetes.io/component: database
+
+resources:
+  - statefulset.yaml
+  - service.yaml
+  - configmap.yaml

k8s/base/timescaledb/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: timescaledb
+spec:
+  selector:
+    app.kubernetes.io/name: timescaledb
+  ports:
+    - port: 5432
+      targetPort: postgres
+      name: postgres
+  clusterIP: None  # Headless for StatefulSet

k8s/base/timescaledb/statefulset.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: timescaledb
+spec:
+  serviceName: timescaledb
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: timescaledb
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: timescaledb
+    spec:
+      containers:
+        - name: timescaledb
+          image: timescale/timescaledb:latest-pg15
+          ports:
+            - containerPort: 5432
+              name: postgres
+          env:
+            - name: POSTGRES_USER
+              value: monitor
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: timescaledb-secret
+                  key: password
+            - name: POSTGRES_DB
+              value: monitor
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+            - name: init-scripts
+              mountPath: /docker-entrypoint-initdb.d
+          livenessProbe:
+            exec:
+              command: ["pg_isready", "-U", "monitor", "-d", "monitor"]
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          readinessProbe:
+            exec:
+              command: ["pg_isready", "-U", "monitor", "-d", "monitor"]
+            initialDelaySeconds: 5
+            periodSeconds: 5
+      volumes:
+        - name: init-scripts
+          configMap:
+            name: timescaledb-init
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 5Gi

k8s/overlays/local/kustomization.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: sysmonstm
+
+resources:
+  - ../../base
+  - secrets.yaml
+
+patches:
+  - path: patches/reduce-resources.yaml
+
+images:
+  - name: sysmonstm/aggregator
+    newName: sysmonstm-aggregator
+    newTag: dev
+  - name: sysmonstm/gateway
+    newName: sysmonstm-gateway
+    newTag: dev
+  - name: sysmonstm/alerts
+    newName: sysmonstm-alerts
+    newTag: dev

k8s/overlays/local/patches/reduce-resources.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aggregator
+spec:
+  template:
+    spec:
+      containers:
+        - name: aggregator
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "128Mi"
+              cpu: "200m"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gateway
+spec:
+  template:
+    spec:
+      containers:
+        - name: gateway
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "128Mi"
+              cpu: "200m"
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: timescaledb
+spec:
+  template:
+    spec:
+      containers:
+        - name: timescaledb
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "50m"
+            limits:
+              memory: "256Mi"
+              cpu: "200m"

k8s/overlays/local/secrets.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: timescaledb-secret
+  namespace: sysmonstm
+type: Opaque
+stringData:
+  password: "monitor"  # Only for local dev!