chore: IRM updates (#17914)

- Migrate to using alloy instead of agent:
https://grafana.com/docs/agent/latest/
- Update naming to remove `testnet` and use namespace
- more robust scripts
- Add action for deploying IRM

Author: alexghr

.github/workflows/deploy-fisherman-network.yaml

@@ -156,20 +156,6 @@ jobs:
           ./scripts/install_deps.sh
           ./scripts/network_deploy.sh ignition-fisherman
 
-      - name: Setup IRM
-        env:
-          MONITORING_NAMESPACE: ${{ env.NETWORK }}-irm
-          INFURA_SECRET_NAME: infura-${{ env.L1_NETWORK }}-url
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-        run: |
-
-          echo "Setting up IRM for namespace: $NAMESPACE, monitoring namespace: $MONITORING_NAMESPACE"
-          echo "Network: $NETWORK"
-
-          echo "INFURA Secret Name: $INFURA_SECRET_NAME"
-
-          ./spartan/metrics/testnet-monitor/scripts/update-monitoring.sh $NAMESPACE ${{ env.MONITORING_NAMESPACE }} $NETWORK $INFURA_SECRET_NAME
-
       - name: Notify Slack on failure
         if: failure()
         env:
@@ -187,3 +173,23 @@ jobs:
               -H "Content-type: application/json" \
               --data "$data"
           fi
+
+  setup-irm-sepolia:
+    needs: deploy-fisherman
+    if: inputs.l1_network == 'sepolia'
+    uses: ./.github/workflows/deploy-irm.yml
+    secrets: inherit
+    with:
+      network: staging-ignition
+      namespace: ignition-fisherman-sepolia
+      l1_network: sepolia
+
+  setup-irm-mainnet:
+    needs: deploy-fisherman
+    if: inputs.l1_network == 'mainnet'
+    uses: ./.github/workflows/deploy-irm.yml
+    secrets: inherit
+    with:
+      network: mainnet
+      namespace: ignition-fisherman-mainnet
+      l1_network: mainnet

.github/workflows/deploy-irm.yml

@@ -0,0 +1,132 @@
+# Deploys the IRM to a given network
+
+name: Deploy IRM
+
+on:
+  workflow_call:
+    inputs:
+      network:
+        description: "Network that IRM will be monitoring e.g. testnet, staging-ignition..."
+        required: true
+        type: string
+        default: "testnet"
+      namespace:
+        description: "Namespace to use for fetching L1 contract addresses. Network name will be used if not provided."
+        required: false
+        type: string
+      monitoring_namespace:
+        description: "The IRM Namespace. Will default to {namespace}-irm if not provided."
+        required: false
+        type: string
+      l1_network:
+        description: "L1 network to deploy IRM to"
+        required: true
+        type: string
+        default: "sepolia"
+      cluster:
+        description: "The cluster to deploy to, e.g. aztec-gke-private"
+        required: true
+        type: string
+        default: "aztec-gke-private"
+  workflow_dispatch:
+    inputs:
+      network:
+        description: "Network that IRM will be monitoring e.g. testnet, staging-ignition..."
+        required: true
+        type: string
+        default: "testnet"
+      namespace:
+        description: "Namespace to use for fetching L1 contract addresses. Network name will be used if not provided."
+        required: false
+        type: string
+      monitoring_namespace:
+        description: "The IRM Namespace. Will default to {namespace}-irm if not provided."
+        required: false
+        type: string
+      l1_network:
+        description: "L1 network to deploy IRM to"
+        required: true
+        type: string
+        default: "sepolia"
+      cluster:
+        description: "The cluster to deploy to, e.g. aztec-gke-private"
+        required: true
+        type: string
+        default: "aztec-gke-private"
+
+jobs:
+  deploy-irm:
+    env:
+      CLUSTER_NAME: ${{ inputs.cluster }}
+      GKE_CLUSTER_CONTEXT: "gke_testnet-440309_us-west1-a_${{ inputs.cluster }}"
+      REGION: us-west1-a
+      INFURA_SECRET_NAME: infura-${{ inputs.l1_network }}-url
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ steps.checkout-ref.outputs.ref }}
+          persist-credentials: false
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a
+
+      - name: Install GKE Auth Plugin
+        run: |
+          gcloud components install gke-gcloud-auth-plugin --quiet
+
+      - name: Configure kubectl with GKE cluster
+        run: |
+          gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}
+
+      - name: Validate inputs
+        run: |
+          # Validate l1_network
+          if [[ "${{ inputs.l1_network }}" != "sepolia" && "${{ inputs.l1_network }}" != "mainnet" ]]; then
+            echo "Error: L1 network must be 'sepolia' or 'mainnet', got '${{ inputs.l1_network }}'"
+            exit 1
+          fi
+
+          # Validate namespace to monitor
+          # Determine namespace to monitor (defaults to network when not provided)
+          NAMESPACE_TO_MONITOR="${{ inputs.namespace }}"
+          if [[ -z "$NAMESPACE_TO_MONITOR" ]]; then
+            NAMESPACE_TO_MONITOR="${{ inputs.network }}"
+          fi
+
+          # Determine IRM namespace (defaults to {namespace}-irm when not provided)
+          EFFECTIVE_MONITORING_NAMESPACE="${{ inputs.monitoring_namespace }}"
+          if [[ -z "$EFFECTIVE_MONITORING_NAMESPACE" ]]; then
+            EFFECTIVE_MONITORING_NAMESPACE="${NAMESPACE_TO_MONITOR}-irm"
+          fi
+
+          echo "Namespace to monitor: ${NAMESPACE_TO_MONITOR}"
+          echo "IRM namespace: ${EFFECTIVE_MONITORING_NAMESPACE}"
+
+          # Ensure the namespace to monitor exists in the selected cluster
+          if ! kubectl get namespace "${NAMESPACE_TO_MONITOR}" >/dev/null 2>&1; then
+            echo "Error: Namespace '${NAMESPACE_TO_MONITOR}' does not exist in cluster '${CLUSTER_NAME}' (region '${REGION}')"
+            echo "Available namespaces:"
+            kubectl get namespaces -o name || true
+            exit 1
+          fi
+
+          # Export values for use in downstream steps
+          echo "NAMESPACE=${NAMESPACE_TO_MONITOR}" >> "$GITHUB_ENV"
+          echo "MONITORING_NAMESPACE=${EFFECTIVE_MONITORING_NAMESPACE}" >> "$GITHUB_ENV"
+
+      - name: Deploy IRM
+        run: |
+          echo "Deploying IRM to network: ${{ inputs.network }}"
+          echo "Namespace to monitor: ${NAMESPACE}"
+          echo "Monitoring namespace: ${MONITORING_NAMESPACE}"
+          echo "L1 network: ${{ inputs.l1_network }}"
+
+          ./spartan/metrics/irm-monitor/scripts/update-monitoring.sh $NAMESPACE $MONITORING_NAMESPACE ${{ inputs.network }} $INFURA_SECRET_NAME

.github/workflows/deploy-network.yml

@@ -6,39 +6,39 @@ on:
   workflow_call:
     inputs:
       network:
-        description: 'Network to deploy (e.g., staging-public, staging-ignition, testnet, next-net)'
+        description: "Network to deploy (e.g., staging-public, staging-ignition, testnet, next-net)"
         required: true
         type: string
       semver:
-        description: 'Semver version (e.g., 2.3.4)'
+        description: "Semver version (e.g., 2.3.4)"
         required: true
         type: string
       docker_image_tag:
-        description: 'Full docker image tag (optional, defaults to semver)'
+        description: "Full docker image tag (optional, defaults to semver)"
         required: false
         type: string
       ref:
-        description: 'Git ref to checkout'
+        description: "Git ref to checkout"
         required: false
         type: string
   workflow_dispatch:
     inputs:
       network:
-        description: 'Network to deploy (e.g., staging-public, staging-ignition, testnet, next-net)'
+        description: "Network to deploy (e.g., staging-public, staging-ignition, testnet, next-net)"
         required: true
         type: choice
         options:
-        - staging-public
-        - staging-ignition
-        - testnet
-        - next-net
-        - devnet
+          - staging-public
+          - staging-ignition
+          - testnet
+          - next-net
+          - devnet
       semver:
-        description: 'Semver version (e.g., 2.3.4)'
+        description: "Semver version (e.g., 2.3.4)"
         required: true
         type: string
       docker_image_tag:
-        description: 'Full docker image tag (optional, defaults to semver)'
+        description: "Full docker image tag (optional, defaults to semver)"
         required: false
         type: string
 
@@ -68,7 +68,7 @@ jobs:
           ref: ${{ steps.checkout-ref.outputs.ref }}
           fetch-depth: 0
           persist-credentials: false
-          submodules: recursive  # Initialize git submodules for l1-contracts dependencies
+          submodules: recursive # Initialize git submodules for l1-contracts dependencies
 
       - name: Validate inputs
         run: |
@@ -107,13 +107,13 @@ jobs:
       - name: Setup gcloud and install GKE auth plugin
         uses: google-github-actions/setup-gcloud@v2
         with:
-          install_components: 'gke-gcloud-auth-plugin'
+          install_components: "gke-gcloud-auth-plugin"
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
         with:
           terraform_version: "1.7.5"
-          terraform_wrapper: false  # Disable the wrapper that adds debug output, this messes with reading terraform output
+          terraform_wrapper: false # Disable the wrapper that adds debug output, this messes with reading terraform output
 
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
@@ -138,15 +138,6 @@ jobs:
           ./scripts/install_deps.sh
           ./scripts/network_deploy.sh "${{ inputs.network }}"
 
-      - name: Update testnet monitoring (testnet only)
-        if: inputs.network == 'testnet' && !contains(inputs.semver, '-')
-        env:
-          MONITORING_NAMESPACE: testnet-block-height-monitor
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-        run: |
-          echo "Updating monitoring app for testnet deployment..."
-          ./spartan/metrics/testnet-monitor/scripts/update-monitoring.sh testnet ${{ env.MONITORING_NAMESPACE }}
-
       - name: Notify Slack on failure
         if: failure()
         env:
@@ -164,3 +155,12 @@ jobs:
               -H "Content-type: application/json" \
               --data "$data"
           fi
+
+  update-irm:
+    needs: deploy-network
+    if: inputs.network == 'testnet' && !contains(inputs.semver, '-')
+    uses: ./.github/workflows/deploy-irm.yml
+    secrets: inherit
+    with:
+      network: testnet
+      l1_network: sepolia

spartan/metrics/testnet-monitor/.dockerignore renamed to spartan/metrics/irm-monitor/.dockerignore

@@ -18,7 +18,7 @@
   "editable": true,
   "fiscalYearStartMonth": 0,
   "graphTooltip": 0,
-  "id": 17,
+  "id": 0,
   "links": [],
   "panels": [
     {
@@ -102,7 +102,7 @@
           "sort": "none"
         }
       },
-      "pluginVersion": "12.3.0-18356121373.patch4",
+      "pluginVersion": "12.3.0-18686767985",
       "targets": [
         {
           "editorMode": "code",
@@ -215,7 +215,7 @@
           "sort": "none"
         }
       },
-      "pluginVersion": "12.3.0-18356121373.patch4",
+      "pluginVersion": "12.3.0-18686767985",
       "targets": [
         {
           "editorMode": "code",
@@ -309,7 +309,7 @@
           "sort": "none"
         }
       },
-      "pluginVersion": "12.3.0-18356121373.patch4",
+      "pluginVersion": "12.3.0-18686767985",
       "targets": [
         {
           "editorMode": "code",
@@ -331,12 +331,12 @@
     "list": []
   },
   "time": {
-    "from": "now-3h",
+    "from": "now-6h",
     "to": "now"
   },
   "timepicker": {},
   "timezone": "browser",
-  "title": "Aztec Testnet Block Height Monitor",
+  "title": "Aztec Network Block Height Monitor",
   "uid": "alpha-testnet-monitor",
-  "version": 11
+  "version": 12
 }

spartan/metrics/testnet-monitor/.yarnrc.yml renamed to spartan/metrics/irm-monitor/.yarnrc.yml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-alloy-config
+data:
+  config.alloy: |
+    // Scrape metrics from the irm-monitor service
+    prometheus.scrape "irm_monitor" {
+      targets = [{
+        __address__ = "localhost:8080",
+      }]
+      forward_to = [prometheus.remote_write.grafana_cloud.receiver]
+      job_name   = "irm-monitor"
+      metrics_path = "/metrics"
+      scrape_interval = "30s"
+    }
+
+    // Remote write to Grafana Cloud
+    prometheus.remote_write "grafana_cloud" {
+      endpoint {
+        url = "https://prometheus-prod-55-prod-gb-south-1.grafana.net/api/prom/push"
+        basic_auth {
+          username = "2476101"
+          password_file = "/etc/alloy/secret/grafana-cloud-password"
+        }
+      }
+    }