Add FinOps tools (#492)

* Grant SSO Devops role permissions on SecretsManager * Add kube-resource-report for cost optimization and fix externaldns chart repo * Add Cost Analyzer for FinOps * Add kube-resource-report for cost optimization and fix externaldns chart repo * Add Cost Analyzer for FinOps --------- Co-authored-by: Exequiel Barrirero <[email protected]>
binbashar · Mar 27, 2023 · 6184fd1 · 6184fd1
1 parent 3d3c452
commit 6184fd1
Show file tree

Hide file tree

Showing 9 changed files with 132 additions and 69 deletions.
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/.terraform.lock.hcl b/apps-devstg/us-east-1/k8s-eks-demoapps/cluster/.terraform.lock.hcl
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-cost.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-cost.tf
@@ -0,0 +1,37 @@
+#------------------------------------------------------------------------------
+# FinOps: Kubernetes Resource Report
+#------------------------------------------------------------------------------
+# To view the UI run:
+#   `k port-forward -n monitoring-tools svc/kube-resource-report 8080:80`
+# Then browse this URL:
+#   `http://localhost:8080
+#------------------------------------------------------------------------------
+resource "helm_release" "kube_resource_report" {
+  count      = var.cost_optimization.kube_resource_report ? 1 : 0
+  name       = "kube-resource-report"
+  namespace  = kubernetes_namespace.monitoring_tools[0].id
+  repository = "https://rlex.github.io/helm-charts"
+  chart      = "kube-resource-report"
+  version    = "0.10.1"
+}
+
+#------------------------------------------------------------------------------
+# FinOps: Cost Analyzer (KubeCost)
+#------------------------------------------------------------------------------
+# IMPORTANT: for now, Cost-Analyzer and the Prom-Stack can't be deployed at the
+# same time. This is because the former, by default, deploys its own Prometheus
+# stack. Additional tweaking is necessary to work around this issue.
+#------------------------------------------------------------------------------
+# To view the UI run:
+#   `kubectl port-forward -n kubecost deployment/kubecost-cost-analyzer 9090`
+# Then browse this URL:
+#   `http://localhost:9090
+#------------------------------------------------------------------------------
+resource "helm_release" "cost_analyzer" {
+  count      = var.cost_optimization.cost_analyzer && !var.enable_prometheus_stack ? 1 : 0
+  name       = "cost-analyzer"
+  namespace  = kubernetes_namespace.monitoring_tools[0].id
+  repository = "https://kubecost.github.io/cost-analyzer/"
+  chart      = "cost-analyzer"
+  version    = "1.101.3"
+}
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/monitoring-metrics.tf
@@ -41,7 +41,7 @@ resource "helm_release" "metrics_server" {
 # Prometheus Stack
 #------------------------------------------------------------------------------
 resource "helm_release" "kube_prometheus_stack" {
-  count      = var.enable_prometheus_stack ? 1 : 0
+  count      = var.enable_prometheus_stack && !var.cost_optimization.cost_analyzer ? 1 : 0
   name       = "kube-prometheus-stack"
   namespace  = kubernetes_namespace.prometheus[0].id
   repository = "https://prometheus-community.github.io/helm-charts"

diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/namespaces.tf
@@ -17,7 +17,7 @@ resource "kubernetes_namespace" "monitoring_logging" {
 }
 
 resource "kubernetes_namespace" "monitoring_tools" {
-  count = var.enable_kubernetes_dashboard || var.enable_vpa_scaling ? 1 : 0
+  count = var.enable_kubernetes_dashboard || var.enable_vpa_scaling || var.cost_optimization.kube_resource_report || var.cost_optimization.cost_analyzer ? 1 : 0
 
   metadata {
     labels = local.labels

diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-dns.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-dns.tf
@@ -1,28 +1,16 @@
 #------------------------------------------------------------------------------
-# This is a workaround since Terraform and Helm provider are having (reported)
-# issues with Bitnami
-#------------------------------------------------------------------------------
-resource "null_resource" "download" {
-  triggers = {
-    always_run = "${timestamp()}"
-  }
-  provisioner "local-exec" {
-    command = "curl -o external-dns-6.4.4.tgz -L https://charts.bitnami.com/bitnami/external-dns-6.4.4.tgz"
-  }
-}
-#------------------------------------------------------------------------------
 # External DNS (Private): Sync ingresses hosts with your DNS server.
 #------------------------------------------------------------------------------
 resource "helm_release" "externaldns_private" {
   count = var.enable_private_dns_sync ? 1 : 0
 
-  depends_on = [null_resource.download]
+  # depends_on = [null_resource.download]
 
-  name      = "externaldns-private"
-  namespace = kubernetes_namespace.externaldns[0].id
-  #repository = "https://charts.bitnami.com/bitnami"
-  chart   = "./external-dns-6.4.4.tgz"
-  version = "6.4.4"
+  name       = "externaldns-private"
+  namespace  = kubernetes_namespace.externaldns[0].id
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "external-dns"
+  version    = "6.14.4"
   values = [
     templatefile("chart-values/externaldns.yaml", {
       filteredDomain     = local.private_base_domain
@@ -42,13 +30,11 @@ resource "helm_release" "externaldns_private" {
 resource "helm_release" "externaldns_public" {
   count = var.enable_public_dns_sync ? 1 : 0
 
-  depends_on = [null_resource.download]
-
-  name      = "externaldns-public"
-  namespace = kubernetes_namespace.externaldns[0].id
-  #repository = "https://charts.bitnami.com/bitnami"
-  chart   = "./external-dns-6.4.4.tgz"
-  version = "6.4.4"
+  name       = "externaldns-public"
+  namespace  = kubernetes_namespace.externaldns[0].id
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "external-dns"
+  version    = "6.14.4"
   values = [
     templatefile("chart-values/externaldns.yaml", {
       filteredDomain     = local.public_base_domain

diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/terraform.tfvars
@@ -59,3 +59,12 @@ enable_datadog_agent = false
 enable_cicd                 = true
 enable_argocd_image_updater = true
 enable_argo_rollouts        = false
+
+
+#------------------------------------------------------------------------------
+# FinOps | Cost Optimizations Tools
+#------------------------------------------------------------------------------
+cost_optimization = {
+  kube_resource_report = false
+  cost_analyzer        = false
+}
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
@@ -144,3 +144,8 @@ variable "enable_datadog_agent" {
   type    = bool
   default = false
 }
+
+variable "cost_optimization" {
+  type    = any
+  default = {}
+}
diff --git a/build.env b/build.env
@@ -5,4 +5,4 @@ PROJECT=bb
 MFA_ENABLED=false
 
 # Terraform
-TERRAFORM_IMAGE_TAG=1.2.7-0.1.7
+TERRAFORM_IMAGE_TAG=1.2.7-0.1.7