From 1c00f748d6e75585d313c7ea334d5849836295e6 Mon Sep 17 00:00:00 2001
From: Alex Lemaresquier <alexandre.lemaresquier@fr.clara.net>
Date: Fri, 20 Jul 2018 23:09:38 +0200
Subject: [PATCH] MON-248-monitors-for-nginx-ingress-contr: add Nginx ingress
 controller 5xx monitor

---
 README.md                            |  3 ++
 caas/k8s/ingress/inputs.tf           | 63 ++++++++++++++++++++++++++++
 caas/k8s/ingress/monitors-ingress.tf | 42 +++++++++++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 caas/k8s/ingress/inputs.tf
 create mode 100644 caas/k8s/ingress/monitors-ingress.tf

diff --git a/README.md b/README.md
index 7090482..3be9395 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,9 @@ The `//` is very important, it's a terraform specific syntax used to separate gi
 
 ### Monitors summary ###
 
+- [caas](https://bitbucket.org/morea/terraform.feature.datadog/src/master/caas/)
+	- [k8s](https://bitbucket.org/morea/terraform.feature.datadog/src/master/caas/k8s/)
+		- [ingress](https://bitbucket.org/morea/terraform.feature.datadog/src/master/caas/k8s/ingress/)
 - [cloud](https://bitbucket.org/morea/terraform.feature.datadog/src/master/cloud/)
 	- [aws](https://bitbucket.org/morea/terraform.feature.datadog/src/master/cloud/aws/)
 		- [alb](https://bitbucket.org/morea/terraform.feature.datadog/src/master/cloud/aws/alb/)
diff --git a/caas/k8s/ingress/inputs.tf b/caas/k8s/ingress/inputs.tf
new file mode 100644
index 0000000..87e229a
--- /dev/null
+++ b/caas/k8s/ingress/inputs.tf
@@ -0,0 +1,63 @@
+# Global Terraform
+variable "team" {
+  type    = "string"
+  default = "k8s"
+}
+
+variable "environment" {
+  description = "Architecture Environment"
+  type        = "string"
+}
+
+# Global DataDog
+variable "delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 900
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+#Ingress
+variable "ingress_5xx_silenced" {
+  description = "Groups to mute for Ingress 5xx errors monitor"
+  type        = "map"
+  default     = {}
+}
+
+variable "ingress_5xx_message" {
+  description = "Message sent when an alert is triggered"
+  default     = ""
+}
+
+variable "ingress_5xx_timeframe" {
+  description = "Monitor timeframe for Ingress 5xx errors [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
+  type        = "string"
+  default     = "last_5m"
+}
+
+variable "ingress_5xx_threshold_critical" {
+  type    = "string"
+  default = "10"
+}
+
+variable "ingress_5xx_threshold_warning" {
+  type    = "string"
+  default = "5"
+}
+
+variable "artificial_requests_count" {
+  default     = 5
+  description = "Number of false requests used to mitigate false positive in case of low trafic"
+}
diff --git a/caas/k8s/ingress/monitors-ingress.tf b/caas/k8s/ingress/monitors-ingress.tf
new file mode 100644
index 0000000..fb4d64a
--- /dev/null
+++ b/caas/k8s/ingress/monitors-ingress.tf
@@ -0,0 +1,42 @@
+data "template_file" "filter" {
+  template = "$${filter}"
+
+  vars {
+    filter = "${var.filter_tags_use_defaults == "true" ? format("dd_monitoring:enabled,dd_k8s_ingress:enabled,env:%s", var.environment) : "${var.filter_tags_custom}"}"
+  }
+}
+
+resource "datadog_monitor" "Nginx_ingress_too_many_5xx" {
+  name    = "[${var.environment}] [${var.team}] Nginx Ingress 5xx errors too high for {{ingress_class.name}} on {{upstream.name}} {{#is_alert}}{{{comparator}}} {{threshold}}% ({{value}}%){{/is_alert}}{{#is_warning}}{{{comparator}}} {{warn_threshold}}% ({{value}}%){{/is_warning}}"
+  message = "${coalesce(var.ingress_5xx_message, var.message)}"
+
+  query = <<EOF
+    sum(${var.ingress_5xx_timeframe}): (
+      default(
+        avg:nginx_ingress.nginx_upstream_responses_total{status_code:5xx,${data.template_file.filter.rendered},!upstream:upstream-default-backend} by {upstream,ingress_class} /
+        (avg:nginx_ingress.nginx_upstream_requests_total{${data.template_file.filter.rendered},!upstream:upstream-default-backend} by {upstream,ingress_class} + ${var.artificial_requests_count}),
+      0) * 100
+    ) > ${var.ingress_5xx_threshold_critical}
+  EOF
+
+  type = "metric alert"
+
+  thresholds {
+    warning  = "${var.ingress_5xx_threshold_warning}"
+    critical = "${var.ingress_5xx_threshold_critical}"
+  }
+
+  notify_no_data      = false
+  evaluation_delay    = "${var.delay}"
+  renotify_interval   = 0
+  notify_audit        = false
+  timeout_h           = 0
+  include_tags        = true
+  locked              = false
+  require_full_window = false
+  new_host_delay      = "${var.delay}"
+
+  silenced = "${var.ingress_5xx_silenced}"
+
+  tags = ["env:${var.environment}", "resource:ingress", "team:${var.team}", "provider:k8s"]
+}