diff --git a/docs/add-ons/kube-prometheus-stack.md b/docs/add-ons/kube-prometheus-stack.md
new file mode 100644
index 0000000000..f6655f5d4e
--- /dev/null
+++ b/docs/add-ons/kube-prometheus-stack.md
@@ -0,0 +1,43 @@
+# kube-prometheus-stack
+[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)is a a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+
+Components installed by this chart in this package by default:
+
+ - [The Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
+ - Highly available [Prometheus](https://github.com/prometheus/prometheus)
+ - Highly available [Alertmanager](https://github.com/prometheus/alertmanager)
+ - [Prometheus node-exporter](https://github.com/prometheus/node_exporter)
+ - [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)
+ - [Grafana](https://github.com/grafana/grafana)
+
+
+## Usage
+
+The default values.yaml file in this add-on has disabled the components that are unreachable in EKS environments, and an EBS Volume for Persistent Storage.
+
+You can override the defaults using the `set` helm_config key, and set the admin password with `set_sensitive`:
+
+```hcl
+ enable_kube_prometheus_stack = true
+ kube_prometheus_stack_helm_config = {
+ set = [
+ {
+ name = "kubeProxy.enabled"
+ value = false
+ }
+ ],
+ set_sensitive = [
+ {
+ name = "grafana.adminPassword"
+ value = data.aws_secretsmanager_secret_version.admin_password_version.secret_string
+ }
+ ]
+ }
+```
+
+## Upgrading the Chart
+
+Be aware that it is likely necessary to update the CRDs when updating the Chart version. Refer to the Project documentation on upgrades for your specific versions: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#upgrading-chart
+
+
+For complete project documentation, please visit the [kube-prometheus-stack Github repository](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack).
diff --git a/modules/kubernetes-addons/README.md b/modules/kubernetes-addons/README.md
index 489324198c..642a361c86 100644
--- a/modules/kubernetes-addons/README.md
+++ b/modules/kubernetes-addons/README.md
@@ -48,6 +48,7 @@
| [ingress\_nginx](#module\_ingress\_nginx) | ./ingress-nginx | n/a |
| [karpenter](#module\_karpenter) | ./karpenter | n/a |
| [keda](#module\_keda) | ./keda | n/a |
+| [kube\_prometheus\_stack](#module\_kube\_prometheus\_stack) | ./kube-prometheus-stack | n/a |
| [kubernetes\_dashboard](#module\_kubernetes\_dashboard) | ./kubernetes-dashboard | n/a |
| [metrics\_server](#module\_metrics\_server) | ./metrics-server | n/a |
| [ondat](#module\_ondat) | ondat/ondat-addon/eksblueprints | 0.1.1 |
@@ -160,6 +161,7 @@
| [enable\_ipv6](#input\_enable\_ipv6) | Enable Ipv6 network. Attaches new VPC CNI policy to the IRSA role | `bool` | `false` | no |
| [enable\_karpenter](#input\_enable\_karpenter) | Enable Karpenter autoscaler add-on | `bool` | `false` | no |
| [enable\_keda](#input\_enable\_keda) | Enable KEDA Event-based autoscaler add-on | `bool` | `false` | no |
+| [enable\_kube\_prometheus\_stack](#input\_enable\_kube\_prometheus\_stack) | Enable Community kube-prometheus-stack add-on | `bool` | `false` | no |
| [enable\_kubernetes\_dashboard](#input\_enable\_kubernetes\_dashboard) | Enable Kubernetes Dashboard add-on | `bool` | `false` | no |
| [enable\_metrics\_server](#input\_enable\_metrics\_server) | Enable metrics server add-on | `bool` | `false` | no |
| [enable\_ondat](#input\_enable\_ondat) | Enable Ondat add-on | `bool` | `false` | no |
@@ -191,6 +193,7 @@
| [karpenter\_node\_iam\_instance\_profile](#input\_karpenter\_node\_iam\_instance\_profile) | Karpenter Node IAM Instance profile id | `string` | `""` | no |
| [keda\_helm\_config](#input\_keda\_helm\_config) | KEDA Event-based autoscaler add-on config | `any` | `{}` | no |
| [keda\_irsa\_policies](#input\_keda\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
+| [kube\_prometheus\_stack\_helm\_config](#input\_kube\_prometheus\_stack\_helm\_config) | Community kube-prometheus-stack Helm Chart config | `any` | `{}` | no |
| [kubernetes\_dashboard\_helm\_config](#input\_kubernetes\_dashboard\_helm\_config) | Kubernetes Dashboard Helm Chart config | `any` | `null` | no |
| [metrics\_server\_helm\_config](#input\_metrics\_server\_helm\_config) | Metrics Server Helm Chart config | `any` | `{}` | no |
| [ondat\_admin\_password](#input\_ondat\_admin\_password) | Password for Ondat admin user | `string` | `"storageos"` | no |
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/README.md b/modules/kubernetes-addons/kube-prometheus-stack/README.md
new file mode 100644
index 0000000000..5414d38fa5
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/README.md
@@ -0,0 +1,7 @@
+# kube-prometheus-stack Helm Chart
+
+## Introduction
+
+[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) is a a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+
+The default values.yaml file in this add-on has disabled the components that are unreachable in EKS environments, and an EBS Volume for Persistent Storage.
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/locals.tf b/modules/kubernetes-addons/kube-prometheus-stack/locals.tf
new file mode 100644
index 0000000000..74eae891a6
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/locals.tf
@@ -0,0 +1,23 @@
+locals {
+ name = "kube-prometheus-stack"
+ default_helm_config = {
+ name = local.name
+ chart = local.name
+ repository = "https://prometheus-community.github.io/helm-charts"
+ version = "36.0.3"
+ namespace = local.name
+ timeout = "1200"
+ values = local.default_helm_values
+ description = "kube-prometheus-stack helm Chart deployment configuration"
+ }
+
+ helm_config = merge(
+ local.default_helm_config,
+ var.helm_config
+ )
+
+ default_helm_values = [templatefile("${path.module}/values.yaml", {
+ aws_region = var.addon_context.aws_region_name
+ })]
+
+}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/main.tf b/modules/kubernetes-addons/kube-prometheus-stack/main.tf
new file mode 100644
index 0000000000..ad66b06d87
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/main.tf
@@ -0,0 +1,15 @@
+module "helm_addon" {
+ source = "../helm-addon"
+ helm_config = local.helm_config
+ addon_context = var.addon_context
+ depends_on = [kubernetes_namespace_v1.prometheus]
+}
+
+resource "kubernetes_namespace_v1" "prometheus" {
+ metadata {
+ name = local.helm_config["namespace"]
+ labels = {
+ "app.kubernetes.io/managed-by" = "terraform-aws-eks-blueprints"
+ }
+ }
+}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf b/modules/kubernetes-addons/kube-prometheus-stack/outputs.tf
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/values.yaml b/modules/kubernetes-addons/kube-prometheus-stack/values.yaml
new file mode 100644
index 0000000000..ebb5ea20c5
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/values.yaml
@@ -0,0 +1,34 @@
+## Create default rules for monitoring the cluster
+## Disable rules for unreachable components
+##
+defaultRules:
+ create: true
+ rules:
+ etcd: false
+ kubeScheduler: false
+
+## Disable component scraping for the kube controller manager, etcd, and kube-scheduler
+## These components are not reachable on EKS
+##
+kubeControllerManager:
+ enabled: false
+kubeEtcd:
+ enabled: false
+kubeScheduler:
+ enabled: false
+
+prometheus:
+ prometheusSpec:
+ ## Prometheus StorageSpec for persistent data on AWS EBS
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
+ ##
+ storageSpec:
+ volumeClaimTemplate:
+ spec:
+ storageClassName: gp2
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 20Gi
+
+## additional configuration options available here: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/variables.tf b/modules/kubernetes-addons/kube-prometheus-stack/variables.tf
new file mode 100644
index 0000000000..36b6461acf
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/variables.tf
@@ -0,0 +1,22 @@
+variable "helm_config" {
+ type = any
+ default = {}
+ description = "Helm Config for kube-prometheus-stack"
+}
+
+variable "addon_context" {
+ type = object({
+ aws_caller_identity_account_id = string
+ aws_caller_identity_arn = string
+ aws_eks_cluster_endpoint = string
+ aws_partition_id = string
+ aws_region_name = string
+ eks_cluster_id = string
+ eks_oidc_issuer_url = string
+ eks_oidc_provider_arn = string
+ tags = map(string)
+ irsa_iam_role_path = string
+ irsa_iam_permissions_boundary = string
+ })
+ description = "Input configuration for the addon"
+}
diff --git a/modules/kubernetes-addons/kube-prometheus-stack/versions.tf b/modules/kubernetes-addons/kube-prometheus-stack/versions.tf
new file mode 100644
index 0000000000..d2ddf87cc2
--- /dev/null
+++ b/modules/kubernetes-addons/kube-prometheus-stack/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.0.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 3.72"
+ }
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = ">= 2.10"
+ }
+ }
+}
diff --git a/modules/kubernetes-addons/main.tf b/modules/kubernetes-addons/main.tf
index ef025150c7..8350d3b778 100644
--- a/modules/kubernetes-addons/main.tf
+++ b/modules/kubernetes-addons/main.tf
@@ -265,6 +265,13 @@ module "ondat" {
admin_password = var.ondat_admin_password
}
+module "kube_prometheus_stack" {
+ count = var.enable_kube_prometheus_stack ? 1 : 0
+ source = "./kube-prometheus-stack"
+ helm_config = var.kube_prometheus_stack_helm_config
+ addon_context = local.addon_context
+}
+
module "prometheus" {
count = var.enable_prometheus ? 1 : 0
source = "./prometheus"
diff --git a/modules/kubernetes-addons/variables.tf b/modules/kubernetes-addons/variables.tf
index 0791ff65a2..6e13a19590 100644
--- a/modules/kubernetes-addons/variables.tf
+++ b/modules/kubernetes-addons/variables.tf
@@ -317,6 +317,19 @@ variable "prometheus_helm_config" {
default = {}
}
+#-----------KUBE-PROMETHEUS-STACK-------------
+variable "enable_kube_prometheus_stack" {
+ description = "Enable Community kube-prometheus-stack add-on"
+ type = bool
+ default = false
+}
+
+variable "kube_prometheus_stack_helm_config" {
+ description = "Community kube-prometheus-stack Helm Chart config"
+ type = any
+ default = {}
+}
+
#-----------METRIC SERVER-------------
variable "enable_metrics_server" {
description = "Enable metrics server add-on"