WIP: Create pyroscope-monitoring

This contains a fully fledged observability deployment for
pyroscope-monitoring

Over time I would like to consoldidate our internal dashboards into this helm
chart. This also allows us to to tests at least features of OSS in a
local kind deployment.

Author: simonswine

Makefile

@@ -209,7 +209,7 @@ fmt: $(BIN)/golangci-lint $(BIN)/buf $(BIN)/tk ## Automatically fix some lint er
 	$(BIN)/golangci-lint run --fix
 	cd api/ && $(BIN)/buf format -w .
 	cd pkg && $(BIN)/buf format -w .
-	$(BIN)/tk fmt ./operations/pyroscope/jsonnet/ tools/monitoring/
+	$(BIN)/tk fmt ./operations/pyroscope/jsonnet/
 
 .PHONY: check/unstaged-changes
 check/unstaged-changes:
@@ -236,10 +236,15 @@ define deploy
 		--set pyroscope.image.repository=$(IMAGE_PREFIX)pyroscope \
 		--set pyroscope.podAnnotations.image-digest=$(shell cat .docker-image-digest-pyroscope) \
 		--set pyroscope.service.port_name=http-metrics \
-		--set pyroscope.podAnnotations."profiles\.grafana\.com\/memory\.port_name"=http-metrics \
-		--set pyroscope.podAnnotations."profiles\.grafana\.com\/cpu\.port_name"=http-metrics \
-		--set pyroscope.podAnnotations."profiles\.grafana\.com\/goroutine\.port_name"=http-metrics \
-		--set pyroscope.extraEnvVars.JAEGER_AGENT_HOST=jaeger.monitoring.svc.cluster.local. \
+		--set-string pyroscope.podAnnotations."profiles\.grafana\.com/memory\.port_name"=http-metrics \
+		--set-string pyroscope.podAnnotations."profiles\.grafana\.com/cpu\.port_name"=http-metrics \
+		--set-string pyroscope.podAnnotations."profiles\.grafana\.com/goroutine\.port_name"=http-metrics \
+		--set-string pyroscope.podAnnotations."k8s\.grafana\.com/scrape"=true \
+		--set-string pyroscope.podAnnotations."k8s\.grafana\.com/metrics\.portName"=http-metrics \
+		--set-string pyroscope.podAnnotations."k8s\.grafana\.com/metrics\.scrapeInterval"=15s \
+		--set-string pyroscope.extraEnvVars.JAEGER_AGENT_HOST=pyroscope-monitoring-alloy-receiver \
+		--set pyroscope.extraEnvVars.JAEGER_SAMPLER_TYPE=const \
+		--set pyroscope.extraEnvVars.JAEGER_SAMPLER_PARAM=1 \
 		--set pyroscope.extraArgs."pyroscopedb\.max-block-duration"=5m
 endef
 
@@ -394,15 +399,17 @@ $(BIN)/helm-docs: Makefile go.mod
 
 .PHONY: cve/check
 cve/check:
-	docker run -t -i --rm --volume "$(CURDIR)/:/repo" -u "$(shell id -u)" aquasec/trivy:0.45.1 filesystem --cache-dir /repo/.cache/trivy --scanners vuln --skip-dirs .tmp/ --skip-dirs node_modules/ --skip-dirs tools/monitoring/vendor/ /repo
+	docker run -t -i --rm --volume "$(CURDIR)/:/repo" -u "$(shell id -u)" aquasec/trivy:0.45.1 filesystem --cache-dir /repo/.cache/trivy --scanners vuln --skip-dirs .tmp/ --skip-dirs node_modules/ /repo
 
 .PHONY: helm/lint
 helm/lint: $(BIN)/helm
-	$(BIN)/helm lint ./operations/pyroscope/helm/pyroscope/
+	$(BIN)/helm lint ./operations/pyroscope/helm/pyroscope
+	$(BIN)/helm lint ./operations/pyroscope/helm/pyroscope-monitoring
 
 .PHONY: helm/docs
 helm/docs: $(BIN)/helm-docs
 	$(BIN)/helm-docs -c operations/pyroscope/helm/pyroscope
+	$(BIN)/helm-docs -c operations/pyroscope/helm/pyroscope-monitoring
 
 .PHONY: goreleaser/lint
 goreleaser/lint: $(BIN)/goreleaser
@@ -460,16 +467,9 @@ deploy-micro-services-v1: $(BIN)/kind $(BIN)/helm docker-image/pyroscope/build
 	$(call deploy,pyroscope-micro-services,$(HELM_FLAGS_V1_MICROSERVICES))
 
 .PHONY: deploy-monitoring
-deploy-monitoring: $(BIN)/tk $(BIN)/kind tools/monitoring/environments/default/spec.json
-	kubectl  --context="kind-$(KIND_CLUSTER)" create namespace monitoring --dry-run=client -o yaml | kubectl  --context="kind-$(KIND_CLUSTER)" apply -f -
-	$(BIN)/tk apply tools/monitoring/environments/default/main.jsonnet
-
-.PHONY: tools/monitoring/environments/default/spec.json # This is a phony target for now as the cluster might be not already created.
-tools/monitoring/environments/default/spec.json: $(BIN)/tk $(BIN)/kind
+deploy-monitoring: $(BIN)/kind $(BIN)/helm
 	$(BIN)/kind export kubeconfig --name $(KIND_CLUSTER) || $(BIN)/kind create cluster --name $(KIND_CLUSTER)
-	pushd tools/monitoring/ && rm -Rf vendor/ lib/ environments/default/spec.json  && PATH=$(BIN):$(PATH) $(BIN)/tk init -f
-	echo "import 'monitoring.libsonnet'" > tools/monitoring/environments/default/main.jsonnet
-	$(BIN)/tk env set tools/monitoring/environments/default --server=$(shell $(BIN)/kind get kubeconfig --name pyroscope-dev | grep server: | sed 's/server://g' | xargs) --namespace=monitoring
+	$(BIN)/helm upgrade --install pyroscope-monitoring ./operations/pyroscope/helm/pyroscope-monitoring
 
 include Makefile.examples
 

operations/pyroscope/helm/pyroscope-monitoring/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

operations/pyroscope/helm/pyroscope-monitoring/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: k8s-monitoring
+  repository: https://grafana.github.io/helm-charts
+  version: 3.5.3
+digest: sha256:08e8b457ff645e35c4193f93f51fb59b89246698756ab1df764a3133f8854969
+generated: "2025-10-13T16:40:28.118524+01:00"

operations/pyroscope/helm/pyroscope-monitoring/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: pyroscope-monitoring
+description: A Helm chart for monitoring Grafana Pyroscope
+type: application
+
+version: 0.1.0
+appVersion: "0.0.0"
+
+dependencies:
+  - name: k8s-monitoring
+    alias: monitoring
+    version: 3.5.3
+    repository: https://grafana.github.io/helm-charts
+    condition: monitoring.enabled

operations/pyroscope/helm/pyroscope-monitoring/README.md

@@ -0,0 +1,131 @@
+# pyroscope-monitoring
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+
+A Helm chart for monitoring Grafana Pyroscope
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://grafana.github.io/helm-charts | monitoring(k8s-monitoring) | 3.5.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| dashboards.cloudBackendGateway | bool | `false` |  |
+| dashboards.cloudBackendGatewaySelector | string | `"container=~\"cortex-gw(-internal)?\""` |  |
+| dashboards.cluster | string | `"pyroscope-dev"` |  |
+| dashboards.ingestSelector | string | `"container=~\"pyroscope|distributor|query-frontend\""` |  |
+| dashboards.namespace | string | `"default"` |  |
+| dashboards.namespaceRegex | string | `".*"` |  |
+| env[0].name | string | `"GF_PLUGINS_PREINSTALL"` |  |
+| env[0].value | string | `"grafana-exploretraces-app"` |  |
+| env[1].name | string | `"ENABLE_LOGS_GRAFANA"` |  |
+| env[1].value | string | `"true"` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"grafana/otel-lgtm"` |  |
+| image.tag | string | `"0.11.0"` |  |
+| imagePullSecrets | list | `[]` |  |
+| monitoring.alloy-logs.enabled | bool | `true` |  |
+| monitoring.alloy-metrics.enabled | bool | `true` |  |
+| monitoring.alloy-metrics.image.tag | string | `"v1.10.2"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[0].name | string | `"thrift-compact"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[0].port | int | `6831` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[0].protocol | string | `"UDP"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[0].targetPort | int | `6831` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[1].name | string | `"jaeger-binary"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[1].port | int | `6832` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[1].protocol | string | `"UDP"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[1].targetPort | int | `6832` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[2].name | string | `"jaeger-http"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[2].port | int | `14268` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[2].protocol | string | `"TCP"` |  |
+| monitoring.alloy-receiver.alloy.extraPorts[2].targetPort | int | `14268` |  |
+| monitoring.alloy-receiver.enabled | bool | `true` |  |
+| monitoring.alloy-singleton.enabled | bool | `true` |  |
+| monitoring.annotationAutodiscovery.enabled | bool | `true` |  |
+| monitoring.applicationObservability.enabled | bool | `true` |  |
+| monitoring.applicationObservability.receivers.jaeger.thriftBinary.enabled | bool | `true` |  |
+| monitoring.applicationObservability.receivers.jaeger.thriftCompact.enabled | bool | `true` |  |
+| monitoring.applicationObservability.receivers.jaeger.thriftHttp.enabled | bool | `true` |  |
+| monitoring.cluster.name | string | `"pyroscope-dev"` |  |
+| monitoring.clusterEvents.enabled | bool | `true` |  |
+| monitoring.clusterMetrics.enabled | bool | `true` |  |
+| monitoring.clusterMetrics.kepler.enabled | bool | `false` |  |
+| monitoring.clusterMetrics.opencost.enabled | bool | `false` |  |
+| monitoring.destinations[0].logs.enabled | bool | `true` |  |
+| monitoring.destinations[0].metrics.enabled | bool | `true` |  |
+| monitoring.destinations[0].name | string | `"otlp-gateway"` |  |
+| monitoring.destinations[0].protocol | string | `"http"` |  |
+| monitoring.destinations[0].traces.enabled | bool | `true` |  |
+| monitoring.destinations[0].type | string | `"otlp"` |  |
+| monitoring.destinations[0].url | string | `"http://pyroscope-monitoring:4318"` |  |
+| monitoring.destinations[1].metrics.enabled | bool | `true` |  |
+| monitoring.destinations[1].name | string | `"prometheus"` |  |
+| monitoring.destinations[1].sendNativeHistograms | bool | `true` |  |
+| monitoring.destinations[1].type | string | `"prometheus"` |  |
+| monitoring.destinations[1].url | string | `"http://pyroscope-monitoring:9090/api/v1/write"` |  |
+| monitoring.enabled | bool | `true` |  |
+| monitoring.global.scrapeClassicHistograms | bool | `true` |  |
+| monitoring.global.scrapeProtocols[0] | string | `"PrometheusProto"` |  |
+| monitoring.global.scrapeProtocols[1] | string | `"OpenMetricsText1.0.0"` |  |
+| monitoring.global.scrapeProtocols[2] | string | `"OpenMetricsText0.0.1"` |  |
+| monitoring.global.scrapeProtocols[3] | string | `"PrometheusText0.0.4"` |  |
+| monitoring.podLogs.enabled | bool | `true` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.ports[0].name | string | `"grafana"` |  |
+| service.ports[0].port | int | `3000` |  |
+| service.ports[0].protocol | string | `"TCP"` |  |
+| service.ports[0].targetPort | int | `3000` |  |
+| service.ports[1].name | string | `"otel-grpc"` |  |
+| service.ports[1].port | int | `4317` |  |
+| service.ports[1].protocol | string | `"TCP"` |  |
+| service.ports[1].targetPort | int | `4317` |  |
+| service.ports[2].name | string | `"otel-http"` |  |
+| service.ports[2].port | int | `4318` |  |
+| service.ports[2].protocol | string | `"TCP"` |  |
+| service.ports[2].targetPort | int | `4318` |  |
+| service.ports[3].name | string | `"prometheus"` |  |
+| service.ports[3].port | int | `9090` |  |
+| service.ports[3].protocol | string | `"TCP"` |  |
+| service.ports[3].targetPort | int | `9090` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |
+| volumeMounts[0].mountPath | string | `"/data/tempo"` |  |
+| volumeMounts[0].name | string | `"tempo-data"` |  |
+| volumeMounts[1].mountPath | string | `"/data/grafana"` |  |
+| volumeMounts[1].name | string | `"grafana-data"` |  |
+| volumeMounts[2].mountPath | string | `"/data/loki"` |  |
+| volumeMounts[2].name | string | `"loki-data"` |  |
+| volumeMounts[3].mountPath | string | `"/loki"` |  |
+| volumeMounts[3].name | string | `"loki-storage"` |  |
+| volumeMounts[4].mountPath | string | `"/data/prometheus"` |  |
+| volumeMounts[4].name | string | `"p8s-storage"` |  |
+| volumeMounts[5].mountPath | string | `"/data/pyroscope"` |  |
+| volumeMounts[5].name | string | `"pyroscope-storage"` |  |
+| volumeMounts[6].mountPath | string | `"/otel-lgtm/grafana/conf/provisioning/dashboards"` |  |
+| volumeMounts[6].name | string | `"dashboards"` |  |
+| volumes[0].emptyDir | object | `{}` |  |
+| volumes[0].name | string | `"tempo-data"` |  |
+| volumes[1].emptyDir | object | `{}` |  |
+| volumes[1].name | string | `"loki-data"` |  |
+| volumes[2].emptyDir | object | `{}` |  |
+| volumes[2].name | string | `"grafana-data"` |  |
+| volumes[3].emptyDir | object | `{}` |  |
+| volumes[3].name | string | `"loki-storage"` |  |
+| volumes[4].emptyDir | object | `{}` |  |
+| volumes[4].name | string | `"p8s-storage"` |  |
+| volumes[5].emptyDir | object | `{}` |  |
+| volumes[5].name | string | `"pyroscope-storage"` |  |
+

operations/pyroscope/helm/pyroscope-monitoring/charts/k8s-monitoring-3.5.3.tgz

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Goal of that script is to convert a grafana dashboard from internal GL environments so it can be used with this pyroscope-monitoring chart.
+
+set -eux
+set -o pipefail
+
+# loop over inputs
+for dashboard in "$@"
+do
+	filename="$(basename $dashboard)"
+	name="${filename%.*}"
+	destination="templates/_dashboard_${name}.yaml"
+
+	# create basic dashboard
+	echo "{{- define \"pyroscope-monitoring.dashboards.${name}\" -}}" > "${destination}"
+	cat "$dashboard" | js-yaml | sed 's/{{.*}}/{{"\0\"}}/g' >> "${destination}"
+	echo "{{- end }}" >> "${destination}"
+
+	# replace specific namespace
+	sed -i 's/profiles-ops-002/{{.Values.dashboards.namespace | quote}}/g' "${destination}"
+	sed -i 's/fire|profiles-\.\*/{{.Values.dashboards.namespaceRegex | quote}}/g' "${destination}"
+	sed -i 's/fire-\.\*|profiles-\.\*/{{.Values.dashboards.namespaceRegex | quote}}/g' "${destination}"
+
+	# replace default cluster
+	sed -i 's/ops-eu-south-0/{{.Values.dashboards.cluster | quote}}/g' "${destination}"
+
+	# replace cortex-gw selectors
+	sed -i 's/{job=~"$namespace\/cortex-gw(-internal)?"/{ {{ include "pyroscope-monitoring.dashboards-ingest-selector" . }}, namespace=~"$namespace"/g' "${destination}"
+	sed -i 's/job=~"$namespace\/cortex-gw(-internal)?"/{{ include "pyroscope-monitoring.dashboards-ingest-selector" . }}, namespace=~"$namespace"/g' "${destination}"
+
+done

operations/pyroscope/helm/pyroscope-monitoring/convert-dashboard.sh

@@ -0,0 +1,78 @@
+# this is intended for demo / testing purposes only, not for production usage
+apiVersion: v1
+kind: Service
+metadata:
+  name: lgtm
+spec:
+  selector:
+    app: lgtm
+  ports:
+    - name: grafana
+      protocol: TCP
+      port: 3000
+      targetPort: 3000
+    - name: otel-grpc
+      protocol: TCP
+      port: 4317
+      targetPort: 4317
+    - name: otel-http
+      protocol: TCP
+      port: 4318
+      targetPort: 4318
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lgtm
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lgtm
+  template:
+    metadata:
+      labels:
+        app: lgtm
+    spec:
+      containers:
+        - name: lgtm
+          image: grafana/otel-lgtm:latest
+          ports:
+            - containerPort: 3000
+            - containerPort: 4317
+            - containerPort: 4318
+          readinessProbe:
+            exec:
+              command:
+                - cat
+                - /tmp/ready
+          # NOTE: By default OpenShift does not allow writing the root directory.
+          # Thats why the data dirs for grafana, prometheus and loki can not be
+          # created and the pod never becomes ready.
+          # See: https://github.com/grafana/docker-otel-lgtm/issues/132
+          volumeMounts:
+            - name: tempo-data
+              mountPath: /data/tempo
+            - name: grafana-data
+              mountPath: /data/grafana
+            - name: loki-data
+              mountPath: /data/loki
+            - name: loki-storage
+              mountPath: /loki
+            - name: p8s-storage
+              mountPath: /data/prometheus
+            - name: pyroscope-storage
+              mountPath: /data/pyroscope
+      volumes:
+        - name: tempo-data
+          emptyDir: {}
+        - name: loki-data
+          emptyDir: {}
+        - name: grafana-data
+          emptyDir: {}
+        - name: loki-storage
+          emptyDir: {}
+        - name: p8s-storage
+          emptyDir: {}
+        - name: pyroscope-storage
+          emptyDir: {}

operations/pyroscope/helm/pyroscope-monitoring/lgtm.yaml

@@ -0,0 +1 @@
+# TODO: Pyroscope Monitoring helm chart