From ffb34156c625af5fd855014d4e0f66d300441ed3 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 11:48:40 +0530 Subject: [PATCH 1/8] feat(openbao): enable metrics scraping on openbao --- infrastructure/main.tf | 4 ++-- modules/openbao/config/openbao.hcl | 7 +++++++ modules/openbao/openbao.tf | 8 ++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/infrastructure/main.tf b/infrastructure/main.tf index f6b66a5..a71b953 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -22,7 +22,7 @@ module "cluster-issuer" { # Complete Observability Stack Deployment module "observability" { - source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=main" + source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=task/138/openbao-dashboard" // Cluster Secret Store Details cluster_secret_store_name = module.openbao.cluster_secret_store_name @@ -38,7 +38,7 @@ module "observability" { # OpenBao Secrets Management Solution deployment module "openbao" { - source = "git::https://github.com/necro-cloud/modules//modules/openbao?ref=main" + source = "git::https://github.com/necro-cloud/modules//modules/openbao?ref=task/138/openbao-dashboard" // Certificates Details cluster_issuer_name = module.cluster-issuer.cluster-issuer-name diff --git a/modules/openbao/config/openbao.hcl b/modules/openbao/config/openbao.hcl index b1bdaf9..bba0c7c 100644 --- a/modules/openbao/config/openbao.hcl +++ b/modules/openbao/config/openbao.hcl @@ -28,3 +28,10 @@ seal "static" { } service_registration "kubernetes" {} + +telemetry { + unauthenticated_metrics_access = true + prometheus_retention_time = "30m" + usage_gauge_period = "1m" + disable_hostname = true +} diff --git a/modules/openbao/openbao.tf b/modules/openbao/openbao.tf index 755e543..09d4081 100644 --- a/modules/openbao/openbao.tf +++ b/modules/openbao/openbao.tf @@ -21,6 +21,14 @@ resource "helm_release" "openbao" { server = { + // Allow OpenTelemetry Collector to scrape for metrics + annotations = { + "prometheus.io/scrape" = "true" + "prometheus.io/port" = "8200" + "prometheus.io/path" = "/v1/sys/metrics" + "prometheus.io/scheme" = "https" + } + // Resource Requests and Limits resources = { requests = { From 1a732c4b22c19d935770d7434e0af18b4cd2bf8e Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 12:02:10 +0530 Subject: [PATCH 2/8] feat(openbao): unauthenticated_metrics_access as true --- modules/openbao/config/openbao.hcl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/openbao/config/openbao.hcl b/modules/openbao/config/openbao.hcl index bba0c7c..4c9f186 100644 --- a/modules/openbao/config/openbao.hcl +++ b/modules/openbao/config/openbao.hcl @@ -9,6 +9,10 @@ listener "tcp" { tls_cert_file = "/openbao/userconfig/${cert_secret_name}/tls.crt" tls_key_file = "/openbao/userconfig/${cert_secret_name}/tls.key" tls_client_ca_file = "/openbao/userconfig/${cert_secret_name}/ca.crt" + + telemetry { + unauthenticated_metrics_access = true + } } storage "raft" { @@ -30,7 +34,6 @@ seal "static" { service_registration "kubernetes" {} telemetry { - unauthenticated_metrics_access = true prometheus_retention_time = "30m" usage_gauge_period = "1m" disable_hostname = true From 692a37b6437c5c7e9dab360ecd0c259e9e3971f6 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 13:06:30 +0530 Subject: [PATCH 3/8] feat(observabiltity): openbao dashboard --- modules/observability/dashboards/openbao.json | 1625 +++++++++++++++++ modules/observability/grafana.tf | 19 +- 2 files changed, 1642 insertions(+), 2 deletions(-) create mode 100644 modules/observability/dashboards/openbao.json diff --git a/modules/observability/dashboards/openbao.json b/modules/observability/dashboards/openbao.json new file mode 100644 index 0000000..3452377 --- /dev/null +++ b/modules/observability/dashboards/openbao.json @@ -0,0 +1,1625 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 12, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "High Level Status for the Cluster", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Indicates if the Vault is unlocked and ready to serve secrets. If this is Red (0), your applications cannot fetch passwords and will likely crash. This should always be 1.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [ + { + "options": { + "0": { + "color": "red", + "index": 1, + "text": "Sealed" + }, + "1": { + "color": "green", + "index": 0, + "text": "Unsealed" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 1, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "editorMode": "code", + "expr": "vault_core_unsealed", + "legendFormat": "{{ pod }}", + "range": true, + "refId": "A" + } + ], + "title": "Sealed Status", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Boolean gauge indicating cluster-wide health. 1 means Autopilot deems all nodes healthy; 0 means at least one node is unhealthy", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "0": { + "color": "red", + "index": 1, + "text": "Atleast one node is unhealthy" + }, + "1": { + "color": "green", + "index": 0, + "text": "Healthy" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 3, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "builder", + "expr": "vault_autopilot_healthy", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Cluster Health (Autopilot)", + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 4, + "panels": [], + "title": "Performance & Latency", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "The time required to complete a non-login request. High latency usually indicates disk I/O or CPU contention on the node.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 10 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_core_handle_request", + "legendFormat": "{{ pod }} - {{ quantile }}", + "range": true, + "refId": "A" + } + ], + "title": "Secret Request Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Time required to complete login requests", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 10 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_core_handle_login_request", + "legendFormat": "{{ pod }} - {{ quantile }}", + "range": true, + "refId": "A" + } + ], + "title": "Login Latency", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 8, + "panels": [], + "title": "Security & Infrastructure", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Critical! Non-zero means OpenBao cannot log requests, which causes them to fail.", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "No Audit Failures" + } + }, + "type": "value" + }, + { + "options": { + "from": 0, + "result": { + "index": 1 + } + }, + "type": "range" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 19 + }, + "id": 7, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "sum(rate(vault_audit_log_request_failure_total[5m])) + sum(rate(vault_audit_log_response_failure_total[5m]))", + "legendFormat": "Audit Failures", + "range": true, + "refId": "A" + } + ], + "title": "Audit Failures", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Total un-expired tokens available in the store.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 19 + }, + "id": 9, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_token_count", + "legendFormat": "{{ pod }}", + "range": true, + "refId": "A" + } + ], + "title": "Token Count", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Number of requests currently being processed.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 19 + }, + "id": 10, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_core_in_flight_requests", + "legendFormat": "{{ pod }}", + "range": true, + "refId": "A" + } + ], + "title": "In-Flight Requests", + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 27 + }, + "id": 11, + "panels": [], + "title": "Consensus & Replication Health", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "The number of peers in the Raft cluster configuration.", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 28 + }, + "id": 12, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_peers", + "hide": false, + "legendFormat": "{{pod}}", + "range": true, + "refId": "A" + } + ], + "title": "Raft Peer Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "The difference between the index applied by the leader and the index applied by the follower.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 28 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_storage_follower_applied_index_delta", + "legendFormat": "{{ peer_id }}", + "range": true, + "refId": "A" + } + ], + "title": "Follower Applied Index Delta", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Time since the leader was last able to contact follower nodes.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 28 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_leader_lastContact{quantile=\"0.99\"}", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Leader Last Contact", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 36 + }, + "id": 15, + "panels": [], + "title": "Write Performance", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Number of transactions in the configured interval. This is the best indicator of the actual write load on your internal storage.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 37 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "rate(vault_raft_apply_total[5m])", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Raft Apply Rate", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Time required to commit a new entry to the Raft log on the leader node.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 37 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_commitTime{quantile=\"0.99\"}", + "legendFormat": "{{pod}}", + "range": true, + "refId": "A" + } + ], + "title": "Raft Commit Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Number of Raft logs queued for the finite state machine (FSM) to apply.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "mappings": [ + { + "options": { + "0": { + "color": "green", + "index": 0, + "text": "No Pending Logs" + } + }, + "type": "value" + }, + { + "options": { + "from": 0, + "result": { + "index": 1, + "text": "Pending Logs Detected" + } + }, + "type": "range" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 37 + }, + "id": 18, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_storage_stats_fsm_pending", + "legendFormat": "{{pod}}", + "range": true, + "refId": "A" + } + ], + "title": "FSM Pending Logs", + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 45 + }, + "id": 19, + "panels": [], + "title": "BoltDB Internals", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Cumulative time the Bolt database has spent writing to disk.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 20, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "rate(vault_raft_storage_bolt_write_time_total[5m])", + "legendFormat": "{{ pod }} - {{ database }}", + "range": true, + "refId": "A" + } + ], + "title": "Disk Write Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Number of free pages in the Bolt database freelist", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 46 + }, + "id": 21, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_storage_bolt_freelist_free_pages", + "legendFormat": "{{pod}} - {{database}}", + "range": true, + "refId": "A" + } + ], + "title": "Free Pages", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P4169E866C3094E38" + }, + "description": "Total space allocated to the Bolt database . Use this to track if your 5Gi volume is reaching capacity.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 22, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "editorMode": "code", + "expr": "vault_raft_storage_bolt_page_bytes_allocated", + "legendFormat": "{{pod}} - {{database}}", + "range": true, + "refId": "A" + } + ], + "title": "Database Size", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 62 + }, + "id": 23, + "panels": [], + "title": "Logging", + "type": "row" + }, + { + "datasource": { + "type": "victoriametrics-logs-datasource", + "uid": "PD775F2863313E6C7" + }, + "description": "Logs for your nodes", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 63 + }, + "id": 24, + "options": { + "dedupStrategy": "none", + "enableInfiniteScrolling": false, + "enableLogDetails": true, + "prettifyLogMessage": true, + "showControls": true, + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "syntaxHighlighting": true, + "wrapLogMessage": true + }, + "pluginVersion": "12.3.3", + "targets": [ + { + "datasource": { + "type": "victoriametrics-logs-datasource", + "uid": "PD775F2863313E6C7" + }, + "editorMode": "code", + "expr": "k8s.pod.name: \"$node\"", + "queryType": "instant", + "refId": "A" + } + ], + "title": "Logs", + "type": "logs" + } + ], + "preload": false, + "schemaVersion": 42, + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "openbao", + "value": "openbao" + }, + "definition": "label_values(vault_core_unsealed,namespace)", + "description": "Namespace where OpenBao is currently deployed in", + "label": "Namespace for OpenBao", + "name": "namespace", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(vault_core_unsealed,namespace)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "type": "query" + }, + { + "current": { + "text": [ + "openbao-0" + ], + "value": [ + "openbao-0" + ] + }, + "definition": "label_values(vault_core_unsealed{namespace=\"$namespace\"},pod)", + "description": "OpenBao Node to display metrics for", + "includeAll": true, + "label": "OpenBao Node", + "multi": true, + "name": "node", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(vault_core_unsealed{namespace=\"$namespace\"},pod)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "type": "query" + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "OpenBao", + "uid": "obbjlwt", + "version": 1 +} \ No newline at end of file diff --git a/modules/observability/grafana.tf b/modules/observability/grafana.tf index 03c2ad7..844c17f 100644 --- a/modules/observability/grafana.tf +++ b/modules/observability/grafana.tf @@ -181,8 +181,18 @@ resource "helm_release" "grafana" { options = { path = "/var/lib/grafana/dashboards/network" }, - } - ] + }, + { + name = "OpenBao Secrets Management Monitoring Dashboard" + orgId = 1 + folder = "Secrets Management" + type = "file" + disableDeletion = false + editable = true + options = { + path = "/var/lib/grafana/dashboards/openbao" + }, + } ] } } @@ -223,6 +233,11 @@ resource "helm_release" "grafana" { json = file("${path.module}/dashboards/network.json") } } + openbao = { + network-dashboard = { + json = file("${path.module}/dashboards/openbao.json") + } + } } affinity = { From b2fd160f52110eeda25c534faded2ce4d18b2df3 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 13:10:21 +0530 Subject: [PATCH 4/8] feat(observabiltity): openbao dashboard --- modules/observability/dashboards/openbao.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/observability/dashboards/openbao.json b/modules/observability/dashboards/openbao.json index 3452377..5a76eb2 100644 --- a/modules/observability/dashboards/openbao.json +++ b/modules/observability/dashboards/openbao.json @@ -18,7 +18,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 12, + "id": 13, "links": [], "panels": [ { @@ -1619,7 +1619,7 @@ }, "timepicker": {}, "timezone": "browser", - "title": "OpenBao", + "title": "OpenBao Secrets Management Monitoring Dashboard", "uid": "obbjlwt", "version": 1 } \ No newline at end of file From 3fe32937717c5d1c768075f17addb0b525e48f19 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 13:14:00 +0530 Subject: [PATCH 5/8] feat(observabiltity): openbao dashboard --- modules/observability/grafana.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/observability/grafana.tf b/modules/observability/grafana.tf index 844c17f..5d563ae 100644 --- a/modules/observability/grafana.tf +++ b/modules/observability/grafana.tf @@ -185,7 +185,7 @@ resource "helm_release" "grafana" { { name = "OpenBao Secrets Management Monitoring Dashboard" orgId = 1 - folder = "Secrets Management" + folder = "Secrets Management Monitoring" type = "file" disableDeletion = false editable = true From 6d39b8eb697fae613afffbd8314f9b1fef825a13 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Sat, 21 Mar 2026 13:44:44 +0530 Subject: [PATCH 6/8] feat(infrastructure): some clear outputs for accessing services --- infrastructure/locals.tf | 6 ++++++ infrastructure/outputs.tf | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 infrastructure/outputs.tf diff --git a/infrastructure/locals.tf b/infrastructure/locals.tf index f6aeec3..f4d7e9a 100644 --- a/infrastructure/locals.tf +++ b/infrastructure/locals.tf @@ -11,4 +11,10 @@ locals { smtp_username = var.smtp_username smtp_password = var.smtp_password } + bold = "\\033[1m" + green = "\\033[32m" + yellow = "\\033[33m" + blue = "\\033[34m" + cyan = "\\033[36m" + reset = "\\033[0m" } diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf new file mode 100644 index 0000000..e81609b --- /dev/null +++ b/infrastructure/outputs.tf @@ -0,0 +1,31 @@ +output "deployment_summary" { + value = < Date: Sat, 21 Mar 2026 13:48:14 +0530 Subject: [PATCH 7/8] feat(infrastructure): some cleaner outputs for accessing services --- infrastructure/locals.tf | 6 ------ infrastructure/outputs.tf | 32 +++++++++++++++----------------- 2 files changed, 15 insertions(+), 23 deletions(-) diff --git a/infrastructure/locals.tf b/infrastructure/locals.tf index f4d7e9a..f6aeec3 100644 --- a/infrastructure/locals.tf +++ b/infrastructure/locals.tf @@ -11,10 +11,4 @@ locals { smtp_username = var.smtp_username smtp_password = var.smtp_password } - bold = "\\033[1m" - green = "\\033[32m" - yellow = "\\033[33m" - blue = "\\033[34m" - cyan = "\\033[36m" - reset = "\\033[0m" } diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf index e81609b..d322373 100644 --- a/infrastructure/outputs.tf +++ b/infrastructure/outputs.tf @@ -1,31 +1,29 @@ output "deployment_summary" { value = < Date: Sat, 21 Mar 2026 13:54:04 +0530 Subject: [PATCH 8/8] [INF] All modules switch to main branch --- infrastructure/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructure/main.tf b/infrastructure/main.tf index a71b953..f6b66a5 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -22,7 +22,7 @@ module "cluster-issuer" { # Complete Observability Stack Deployment module "observability" { - source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=task/138/openbao-dashboard" + source = "git::https://github.com/necro-cloud/modules//modules/observability?ref=main" // Cluster Secret Store Details cluster_secret_store_name = module.openbao.cluster_secret_store_name @@ -38,7 +38,7 @@ module "observability" { # OpenBao Secrets Management Solution deployment module "openbao" { - source = "git::https://github.com/necro-cloud/modules//modules/openbao?ref=task/138/openbao-dashboard" + source = "git::https://github.com/necro-cloud/modules//modules/openbao?ref=main" // Certificates Details cluster_issuer_name = module.cluster-issuer.cluster-issuer-name