Create regional-go-reconciler and a reconciler dashboard. (#1089)

This creates a new streamlined mechanism for creating reconcilers.

The `reconciler` dashboard makes it easy to create a single dashboard
for the workqueue pieces as well as the reconciler service itself. It
also supports legacy services (e.g. syncer) that were stood up with
separate workqueue/syncer modules, but may want to take advantage of
this.

Based on:
#1088

---------

Signed-off-by: Matt Moore <[email protected]>
Co-authored-by: octo-sts[bot] <157150467+octo-sts[bot]@users.noreply.github.com>

Author: mattmoor

modules/dashboard/reconciler/README.md

@@ -0,0 +1,136 @@
+# Reconciler Dashboard Module
+
+This module creates a comprehensive dashboard for monitoring a reconciler that combines a workqueue with a reconciler service. It displays metrics from both the workqueue infrastructure (receiver and dispatcher) and the reconciler service itself.
+
+## Usage
+
+```hcl
+module "my-reconciler-dashboard" {
+  source = "chainguard-dev/terraform-infra-common//modules/dashboard/reconciler"
+
+  project_id = var.project_id
+  name       = "my-reconciler"
+
+  # Optional: Override service names if different from defaults
+  # service_name   = "custom-reconciler-name"  # defaults to ${name}-rec
+  # workqueue_name = "custom-workqueue-name"    # defaults to ${name}-wq
+
+  # Workqueue configuration
+  max_retry       = 100
+  concurrent_work = 20
+  scope           = "global"
+
+  # Optional sections
+  sections = {
+    github = false
+  }
+
+  notification_channels = [var.notification_channel]
+}
+```
+
+## Features
+
+The dashboard includes:
+
+### Workqueue Metrics
+- **Workqueue State**: Work in progress, queued, added, deduplication rates, completion attempts
+- **Processing Metrics**: Process latency, wait latency, time to completion
+- **Dead Letter Queue**: Failed tasks monitoring
+
+### Reconciler Service Metrics
+- **Error Reporting**: Error tracking and reporting for the reconciler (collapsed by default)
+- **Service Logs**: Reconciler service logs
+- **gRPC Metrics**: RPC rates, latencies, error rates
+- **GitHub API Metrics**: API usage and rate limiting (optional)
+- **Resources**: CPU, memory, and other resource utilization
+
+## Variables
+
+| Name | Description | Default |
+|------|-------------|---------|
+| `project_id` | The GCP project ID | Required |
+| `name` | Base name for the reconciler | Required |
+| `service_name` | Reconciler service name | `${name}-rec` |
+| `workqueue_name` | Workqueue name | `${name}-wq` |
+| `max_retry` | Maximum retry attempts for tasks | `100` |
+| `concurrent_work` | Concurrent work items | `20` |
+| `scope` | Workqueue scope (regional/global) | `global` |
+| `sections` | Optional dashboard sections | See variables.tf |
+| `notification_channels` | Alert notification channels | `[]` |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| `json` | The dashboard JSON configuration |
+
+## Integration with regional-go-reconciler
+
+This dashboard module is designed to work seamlessly with the `regional-go-reconciler` module:
+
+```hcl
+module "my-reconciler" {
+  source = "chainguard-dev/terraform-infra-common//modules/regional-go-reconciler"
+  # ... configuration ...
+}
+
+module "my-reconciler-dashboard" {
+  source = "chainguard-dev/terraform-infra-common//modules/dashboard/reconciler"
+
+  project_id      = var.project_id
+  name            = "my-reconciler"  # Same base name as the reconciler
+  max_retry       = module.my-reconciler.max-retry
+  concurrent_work = module.my-reconciler.concurrent-work
+  scope           = "global"
+}
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_alerts"></a> [alerts](#module\_alerts) | ../sections/alerts | n/a |
+| <a name="module_dashboard"></a> [dashboard](#module\_dashboard) | ../ | n/a |
+| <a name="module_errgrp"></a> [errgrp](#module\_errgrp) | ../sections/errgrp | n/a |
+| <a name="module_github"></a> [github](#module\_github) | ../sections/github | n/a |
+| <a name="module_grpc"></a> [grpc](#module\_grpc) | ../sections/grpc | n/a |
+| <a name="module_layout"></a> [layout](#module\_layout) | ../sections/layout | n/a |
+| <a name="module_reconciler-logs"></a> [reconciler-logs](#module\_reconciler-logs) | ../sections/logs | n/a |
+| <a name="module_resources"></a> [resources](#module\_resources) | ../sections/resources | n/a |
+| <a name="module_width"></a> [width](#module\_width) | ../sections/width | n/a |
+| <a name="module_workqueue-state"></a> [workqueue-state](#module\_workqueue-state) | ../sections/workqueue | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alerts"></a> [alerts](#input\_alerts) | Map of alert names to alert configurations | <pre>map(object({<br/>    displayName         = string<br/>    documentation       = string<br/>    userLabels          = map(string)<br/>    project             = string<br/>    notificationChannel = string<br/>  }))</pre> | `{}` | no |
+| <a name="input_concurrent_work"></a> [concurrent\_work](#input\_concurrent\_work) | The amount of concurrent work the workqueue dispatches | `number` | `20` | no |
+| <a name="input_labels"></a> [labels](#input\_labels) | Additional labels to add to the dashboard | `map(string)` | `{}` | no |
+| <a name="input_max_retry"></a> [max\_retry](#input\_max\_retry) | The maximum number of retry attempts for workqueue tasks | `number` | `100` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the reconciler (base name without suffixes) | `string` | n/a | yes |
+| <a name="input_notification_channels"></a> [notification\_channels](#input\_notification\_channels) | List of notification channels for alerts | `list(string)` | `[]` | no |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The GCP project ID | `string` | n/a | yes |
+| <a name="input_scope"></a> [scope](#input\_scope) | The scope of the workqueue (regional or global) | `string` | `"global"` | no |
+| <a name="input_sections"></a> [sections](#input\_sections) | Configure visibility of optional dashboard sections | <pre>object({<br/>    github = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_service_name"></a> [service\_name](#input\_service\_name) | The name of the reconciler service (defaults to name-rec) | `string` | `""` | no |
+| <a name="input_workqueue_name"></a> [workqueue\_name](#input\_workqueue\_name) | The name of the workqueue (defaults to name-wq) | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_json"></a> [json](#output\_json) | n/a |
+<!-- END_TF_DOCS -->

modules/dashboard/reconciler/dashboard.tf

@@ -0,0 +1,117 @@
+/*
+Copyright 2025 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+locals {
+  service_name   = var.service_name != "" ? var.service_name : "${var.name}-rec"
+  workqueue_name = var.workqueue_name != "" ? var.workqueue_name : "${var.name}-wq"
+}
+
+// Workqueue metrics section
+module "workqueue-state" {
+  source = "../sections/workqueue"
+
+  title           = "Workqueue State"
+  service_name    = local.workqueue_name
+  max_retry       = var.max_retry
+  concurrent_work = var.concurrent_work
+  scope           = var.scope
+  filter          = []
+  collapsed       = false
+}
+
+// Reconciler service sections
+module "errgrp" {
+  source       = "../sections/errgrp"
+  title        = "Reconciler Error Reporting"
+  project_id   = var.project_id
+  service_name = local.service_name
+  collapsed    = true
+}
+
+module "reconciler-logs" {
+  source        = "../sections/logs"
+  title         = "Reconciler Logs"
+  filter        = ["resource.labels.service_name=\"${local.service_name}\""]
+  cloudrun_type = "service"
+}
+
+module "grpc" {
+  source       = "../sections/grpc"
+  title        = "GRPC"
+  filter       = []
+  service_name = local.service_name
+}
+
+module "github" {
+  source = "../sections/github"
+  title  = "GitHub API"
+  filter = []
+}
+
+module "resources" {
+  source                = "../sections/resources"
+  title                 = "Reconciler Resources"
+  filter                = []
+  cloudrun_name         = local.service_name
+  cloudrun_type         = "service"
+  notification_channels = var.notification_channels
+}
+
+module "alerts" {
+  for_each = var.alerts
+
+  source = "../sections/alerts"
+  alert  = each.value
+  title  = "Alert: ${each.key}"
+}
+
+module "width" { source = "../sections/width" }
+
+module "layout" {
+  source = "../sections/layout"
+  sections = concat(
+    [for x in keys(var.alerts) : module.alerts[x].section],
+    [
+      module.workqueue-state.section,
+      module.errgrp.section,
+      module.reconciler-logs.section,
+      module.grpc.section,
+    ],
+    var.sections.github ? [module.github.section] : [],
+    [module.resources.section],
+  )
+}
+
+module "dashboard" {
+  source = "../"
+
+  object = {
+    displayName = "Reconciler: ${var.name}"
+    labels = merge({
+      "service" : ""
+      "reconciler" : ""
+    }, var.labels)
+    dashboardFilters = [
+      {
+        # for GCP Cloud Run built-in metrics
+        filterType  = "RESOURCE_LABEL"
+        stringValue = local.service_name
+        labelKey    = "service_name"
+      },
+      {
+        # for Prometheus user added metrics
+        filterType  = "METRIC_LABEL"
+        stringValue = local.service_name
+        labelKey    = "service_name"
+      },
+    ]
+
+    // https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards#mosaiclayout
+    mosaicLayout = {
+      columns = module.width.size
+      tiles   = module.layout.tiles,
+    }
+  }
+}

modules/dashboard/reconciler/outputs.tf

@@ -0,0 +1,8 @@
+/*
+Copyright 2025 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+output "json" {
+  value = module.dashboard.json
+}

modules/dashboard/reconciler/variables.tf

@@ -0,0 +1,79 @@
+/*
+Copyright 2025 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+variable "project_id" {
+  description = "The GCP project ID"
+  type        = string
+}
+
+variable "name" {
+  description = "The name of the reconciler (base name without suffixes)"
+  type        = string
+}
+
+variable "service_name" {
+  description = "The name of the reconciler service (defaults to name-rec)"
+  type        = string
+  default     = ""
+}
+
+variable "workqueue_name" {
+  description = "The name of the workqueue (defaults to name-wq)"
+  type        = string
+  default     = ""
+}
+
+// Workqueue configuration
+variable "max_retry" {
+  description = "The maximum number of retry attempts for workqueue tasks"
+  type        = number
+  default     = 100
+}
+
+variable "concurrent_work" {
+  description = "The amount of concurrent work the workqueue dispatches"
+  type        = number
+  default     = 20
+}
+
+variable "scope" {
+  description = "The scope of the workqueue (regional or global)"
+  type        = string
+  default     = "global"
+}
+
+// Section visibility
+variable "sections" {
+  description = "Configure visibility of optional dashboard sections"
+  type = object({
+    github = optional(bool, false)
+  })
+  default = {}
+}
+
+// Alert configuration
+variable "alerts" {
+  description = "Map of alert names to alert configurations"
+  type = map(object({
+    displayName         = string
+    documentation       = string
+    userLabels          = map(string)
+    project             = string
+    notificationChannel = string
+  }))
+  default = {}
+}
+
+variable "notification_channels" {
+  description = "List of notification channels for alerts"
+  type        = list(string)
+  default     = []
+}
+
+variable "labels" {
+  description = "Additional labels to add to the dashboard"
+  type        = map(string)
+  default     = {}
+}