diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 33e5fd6..04be952 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -90,7 +90,7 @@ jobs: - name: Generate TF Docs uses: terraform-docs/gh-actions@v1.0.0 with: - working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis,addons/prometheus,addons/grafana,addons/actions-runner-controller + working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis,addons/prometheus,addons/grafana,addons/actions-runner-controller,addons/prometheus-cloudwatch-exporter git-push: true template: |- diff --git a/_examples/complete/config/grafana/override-grafana.yaml b/_examples/complete/config/grafana/override-grafana.yaml index de95717..f33d35d 100644 --- a/_examples/complete/config/grafana/override-grafana.yaml +++ b/_examples/complete/config/grafana/override-grafana.yaml @@ -14,3 +14,16 @@ resources: requests: cpu: 50m memory: 150Mi + +# Uncomment belew code to use Prometheus Data Source for Grafana Dashboard as default +# datasources: +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-server.monitoring.svc.cluster.local:80 +# access: proxy +# isDefault: true +# uid: prometheus +# editable: true \ No newline at end of file diff --git a/_examples/complete/config/override-prometheus.yaml b/_examples/complete/config/override-prometheus.yaml index e83cbcf..ebe0704 100644 --- a/_examples/complete/config/override-prometheus.yaml +++ b/_examples/complete/config/override-prometheus.yaml @@ -33,4 +33,437 @@ prometheus-node-exporter: # Dependency for prometheus server enabled: true prometheus-pushgateway: # Dependency for prometheus server - enabled: true \ No newline at end of file + enabled: true + +serverFiles: + prometheus.yml: + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + ## Below two files are DEPRECATED will be removed from this default values file + - /etc/config/rules + - /etc/config/alerts + + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + - job_name: 'kubernetes-apiservers' + + kubernetes_sd_configs: + - role: endpoints + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + # Keep only the default/kubernetes service endpoints for the https port. This + # will add targets for each API server which Kubernetes adds an endpoint to + # the default/kubernetes service. + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + + - job_name: 'kubernetes-nodes' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics + + + - job_name: 'kubernetes-nodes-cadvisor' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + # This configuration will work only on kubelet 1.7.3+ + # As the scrape endpoints for cAdvisor have changed + # if you are using older version you need to change the replacement to + # replacement: /api/v1/nodes/$1:4194/proxy/metrics + # more info here https://github.com/coreos/prometheus-operator/issues/633 + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + + # Metric relabel configs to apply to samples before ingestion. + # [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + # metric_relabel_configs: + # - action: labeldrop + # regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of + # `true`, except if `prometheus.io/scrape-slow` is set to `true` as well. + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + # * `prometheus.io/param_`: If the metrics endpoint uses parameters + # then you can set any parameter + - job_name: 'kubernetes-service-endpoints' + honor_labels: true + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + # Scrape config for slow service endpoints; same as above, but with a larger + # timeout and a larger interval + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + # * `prometheus.io/param_`: If the metrics endpoint uses parameters + # then you can set any parameter + - job_name: 'kubernetes-service-endpoints-slow' + honor_labels: true + + scrape_interval: 5m + scrape_timeout: 30s + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + - job_name: 'prometheus-pushgateway' + honor_labels: true + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: pushgateway + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + honor_labels: true + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: service + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`, + # except if `prometheus.io/scrape-slow` is set to `true` as well. + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods' + honor_labels: true + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + # Example Scrape config for pods which should be scraped slower. An useful example + # would be stackriver-exporter which queries an API on every scrape of the pod + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods-slow' + honor_labels: true + + scrape_interval: 5m + scrape_timeout: 30s + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + target_label: __address__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_ip] + action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + # This is Scrape config for Prometheus Cloudwatch Exporter service to get scrape + # Uncomment Below Code to use prometheus Cloudwatch Exporter as a scrape config for prometheus + + # - job_name: cloudwatch-exporter + # static_configs: + # - targets: + # - 'prometheus-cloudwatch-exporter.monitoring.svc.cluster.local:9106' + # labels: + # csp: 'aws' + # cn: '' + # account_id: '' \ No newline at end of file diff --git a/_examples/complete/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml b/_examples/complete/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml new file mode 100644 index 0000000..8b1661e --- /dev/null +++ b/_examples/complete/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml @@ -0,0 +1,101 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +# Configuration is rendered with `tpl` function, therefore you can use any Helm variables and/or templates here +config: |- + # This is the default configuration for prometheus-cloudwatch-exporter + region: us-east-1 + metrics: + - aws_dimensions: + - InstanceId + aws_metric_name: CPUUtilization + aws_namespace: AWS/EC2 + aws_statistics: + - Average + aws_tag_select: + resource_type_selection: ec2:instance + resource_id_dimension: InstanceId + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkIn + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkOut + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkPacketsIn + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkPacketsOut + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: DiskWriteBytes + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: DiskReadBytes + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: CPUCreditBalance + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: CPUCreditUsage + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed + aws_namespace: AWS/EC2 + aws_statistics: + - Sum + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed_Instance + aws_namespace: AWS/EC2 + aws_statistics: + - Sum + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed_System + aws_namespace: AWS/EC2 + aws_statistics: + - Sum \ No newline at end of file diff --git a/_examples/complete/config/prometheus-cloudwatch-exporter/secret.yaml b/_examples/complete/config/prometheus-cloudwatch-exporter/secret.yaml new file mode 100644 index 0000000..434cb78 --- /dev/null +++ b/_examples/complete/config/prometheus-cloudwatch-exporter/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws + namespace: monitoring # Namespace of Prometheus Cloudwatch Exporter addon destination +type: Opaque +data: + access_key: QUiNNXXxXxzJKTDIzMzhOIOdidr= # Encoded AWS Access key - Enter Correct AWS Access Key Encoded with base64 + secret_key: RlBTUVdxZUxXxxxXxxXXx2JLSkVxxXxxXXXXxxxXXXxxxXXXazNZVQ== # Encoded AWS Secret Access key - Enter Correct AWS Secret Access Key Encoded with base64 + # Refer https://www.baeldung.com/linux/cli-base64-encode-decode this URL to Encode and Decode of String in Base64 \ No newline at end of file diff --git a/_examples/complete/locals.tf b/_examples/complete/locals.tf index e0fb2c9..5e831a8 100644 --- a/_examples/complete/locals.tf +++ b/_examples/complete/locals.tf @@ -1,4 +1,3 @@ - locals { name = "helm-addons" @@ -14,5 +13,5 @@ locals { GithubRepo = "terraform-helm-eks-addons" GithubOrg = "clouddrove" } - cluster_version = "1.26" + cluster_version = "1.29" } \ No newline at end of file diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index a5015db..2dafb59 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -152,30 +152,31 @@ module "addons" { eks_cluster_name = module.eks.cluster_name # -- Enable Addons - metrics_server = true - cluster_autoscaler = true - aws_load_balancer_controller = true - aws_node_termination_handler = true - aws_efs_csi_driver = true - aws_ebs_csi_driver = true - kube_state_metrics = true - karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. - calico_tigera = true - new_relic = true - kubeclarity = true - ingress_nginx = true - fluent_bit = true - velero = true - keda = true - certification_manager = true - filebeat = true - reloader = true - external_dns = true - redis = true - actions_runner_controller = true - prometheus = true - - # Grafaa Deployment + metrics_server = true + cluster_autoscaler = true + aws_load_balancer_controller = true + aws_node_termination_handler = true + aws_efs_csi_driver = true + aws_ebs_csi_driver = true + kube_state_metrics = true + karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. + calico_tigera = true + new_relic = true + kubeclarity = true + ingress_nginx = true + fluent_bit = true + velero = true + keda = true + certification_manager = true + filebeat = true + reloader = true + external_dns = true + redis = true + actions_runner_controller = true + prometheus = true + prometheus_cloudwatch_exporter = true + + # Grafana Deployment grafana = true grafana_helm_config = { values = [file("./config/grafana/override-grafana.yaml")] } grafana_manifests = var.grafana_manifests @@ -189,58 +190,61 @@ module "addons" { external_secrets = true # -- Path of override-values.yaml file - metrics_server_helm_config = { values = [file("./config/override-metrics-server.yaml")] } - cluster_autoscaler_helm_config = { values = [file("./config/override-cluster-autoscaler.yaml")] } - karpenter_helm_config = { values = [file("./config/override-karpenter.yaml")] } - aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] } - aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] } - aws_efs_csi_driver_helm_config = { values = [file("./config/override-aws-efs-csi-driver.yaml")] } - aws_ebs_csi_driver_helm_config = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] } - calico_tigera_helm_config = { values = [file("./config/calico-tigera-values.yaml")] } - istio_ingress_helm_config = { values = [file("./config/istio/override-values.yaml")] } - kiali_server_helm_config = { values = [file("./config/kiali/override-values.yaml")] } - external_secrets_helm_config = { values = [file("./config/external-secret/override-values.yaml")] } - ingress_nginx_helm_config = { values = [file("./config/override-ingress-nginx.yaml")] } - kubeclarity_helm_config = { values = [file("./config/override-kubeclarity.yaml")] } - fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } - velero_helm_config = { values = [file("./config/override-velero.yaml")] } - new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } - kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } - keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } - certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } - filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } - reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } - external_dns_helm_config = { values = [file("./config/override-external-dns.yaml")] } - redis_helm_config = { values = [file("./config/override-redis.yaml")] } - actions_runner_controller_helm_config = { values = [file("./config/override-actions-runner-controller.yaml")] } - prometheus_helm_config = { values = [file("./config/override-prometheus.yaml")] } + metrics_server_helm_config = { values = [file("./config/override-metrics-server.yaml")] } + cluster_autoscaler_helm_config = { values = [file("./config/override-cluster-autoscaler.yaml")] } + karpenter_helm_config = { values = [file("./config/override-karpenter.yaml")] } + aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] } + aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] } + aws_efs_csi_driver_helm_config = { values = [file("./config/override-aws-efs-csi-driver.yaml")] } + aws_ebs_csi_driver_helm_config = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] } + calico_tigera_helm_config = { values = [file("./config/calico-tigera-values.yaml")] } + istio_ingress_helm_config = { values = [file("./config/istio/override-values.yaml")] } + kiali_server_helm_config = { values = [file("./config/kiali/override-values.yaml")] } + external_secrets_helm_config = { values = [file("./config/external-secret/override-values.yaml")] } + ingress_nginx_helm_config = { values = [file("./config/override-ingress-nginx.yaml")] } + kubeclarity_helm_config = { values = [file("./config/override-kubeclarity.yaml")] } + fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } + velero_helm_config = { values = [file("./config/override-velero.yaml")] } + new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } + kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } + keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } + certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } + filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } + reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } + external_dns_helm_config = { values = [file("./config/override-external-dns.yaml")] } + redis_helm_config = { values = [file("./config/override-redis.yaml")] } + actions_runner_controller_helm_config = { values = [file("./config/override-actions-runner-controller.yaml")] } + prometheus_helm_config = { values = [file("./config/override-prometheus.yaml")] } + prometheus_cloudwatch_exporter_helm_config = { values = [file("./config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml")] } + prometheus_cloudwatch_exporter_secret_manifest = file("./config/prometheus-cloudwatch-exporter/secret.yaml") # Uncomment this to use Secret Based Authentication and Update Secret manifest with real credentials # -- Override Helm Release attributes - metrics_server_extra_configs = var.metrics_server_extra_configs - cluster_autoscaler_extra_configs = var.cluster_autoscaler_extra_configs - karpenter_extra_configs = var.karpenter_extra_configs - aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs - aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs - aws_efs_csi_driver_extra_configs = var.aws_efs_csi_driver_extra_configs - aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs - calico_tigera_extra_configs = var.calico_tigera_extra_configs - istio_ingress_extra_configs = var.istio_ingress_extra_configs - kiali_server_extra_configs = var.kiali_server_extra_configs - ingress_nginx_extra_configs = var.ingress_nginx_extra_configs - kubeclarity_extra_configs = var.kubeclarity_extra_configs - fluent_bit_extra_configs = var.fluent_bit_extra_configs - velero_extra_configs = var.velero_extra_configs - new_relic_extra_configs = var.new_relic_extra_configs - kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs - keda_extra_configs = var.keda_extra_configs - certification_manager_extra_configs = var.certification_manager_extra_configs - external_secrets_extra_configs = var.external_secrets_extra_configs - filebeat_extra_configs = var.filebeat_extra_configs - reloader_extra_configs = var.reloader_extra_configs - external_dns_extra_configs = var.external_dns_extra_configs - redis_extra_configs = var.redis_extra_configs - actions_runner_controller_extra_configs = var.actions_runner_controller_extra_configs - prometheus_extra_configs = var.prometheus_extra_configs + metrics_server_extra_configs = var.metrics_server_extra_configs + cluster_autoscaler_extra_configs = var.cluster_autoscaler_extra_configs + karpenter_extra_configs = var.karpenter_extra_configs + aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs + aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs + aws_efs_csi_driver_extra_configs = var.aws_efs_csi_driver_extra_configs + aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs + calico_tigera_extra_configs = var.calico_tigera_extra_configs + istio_ingress_extra_configs = var.istio_ingress_extra_configs + kiali_server_extra_configs = var.kiali_server_extra_configs + ingress_nginx_extra_configs = var.ingress_nginx_extra_configs + kubeclarity_extra_configs = var.kubeclarity_extra_configs + fluent_bit_extra_configs = var.fluent_bit_extra_configs + velero_extra_configs = var.velero_extra_configs + new_relic_extra_configs = var.new_relic_extra_configs + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs + keda_extra_configs = var.keda_extra_configs + certification_manager_extra_configs = var.certification_manager_extra_configs + external_secrets_extra_configs = var.external_secrets_extra_configs + filebeat_extra_configs = var.filebeat_extra_configs + reloader_extra_configs = var.reloader_extra_configs + external_dns_extra_configs = var.external_dns_extra_configs + redis_extra_configs = var.redis_extra_configs + actions_runner_controller_extra_configs = var.actions_runner_controller_extra_configs + prometheus_extra_configs = var.prometheus_extra_configs + prometheus_cloudwatch_exporter_extra_configs = var.prometheus_cloudwatch_exporter_extra_configs # -- Custom IAM Policy Json for Addon's ServiceAccount cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json") diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf index c9abc5c..ca87056 100644 --- a/_examples/complete/variables.tf +++ b/_examples/complete/variables.tf @@ -209,12 +209,19 @@ variable "actions_runner_controller_extra_configs" { default = {} } +# ---------------------- PROMETHEUS-CLOUDWATCH-EXPORTER ------------------------------------------------ +variable "prometheus_cloudwatch_exporter_extra_configs" { + type = any + default = { + atomic = true + } +} + # ------------------ PROMETHEUS -------------------------------------------------- variable "prometheus_extra_configs" { type = any default = { - atomic = true - namespace = "istio-system" + atomic = true } } @@ -231,6 +238,6 @@ variable "grafana_manifests" { grafana_virtualservice_file_path = string }) default = { - grafana_virtualservice_file_path = "./config/grafana/grafana-vs.yaml" + grafana_virtualservice_file_path = "" } } \ No newline at end of file diff --git a/_examples/external-eks/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml b/_examples/external-eks/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml new file mode 100644 index 0000000..1b0d32a --- /dev/null +++ b/_examples/external-eks/config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml @@ -0,0 +1,51 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +# Configuration is rendered with `tpl` function, therefore you can use any Helm variables and/or templates here +config: |- + # This is the default configuration for prometheus-cloudwatch-exporter + region: eu-west-1 + period_seconds: 240 + metrics: + - aws_namespace: AWS/ELB + aws_metric_name: HealthyHostCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: UnHealthyHostCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: RequestCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Sum] + + - aws_namespace: AWS/ELB + aws_metric_name: Latency + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: SurgeQueueLength + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Maximum, Sum] diff --git a/_examples/external-eks/config/prometheus-cloudwatch-exporter/secret.yaml b/_examples/external-eks/config/prometheus-cloudwatch-exporter/secret.yaml new file mode 100644 index 0000000..13df3ad --- /dev/null +++ b/_examples/external-eks/config/prometheus-cloudwatch-exporter/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws + namespace: monitoring # Namespace of Prometheus Cloudwatch Exporter addon destination +type: Opaque +data: + access_key: QUtJQVdGV0VLSlBTQU9INVlIRlQK # Encoded AWS Access key - Enter Correct AWS Access Key Encoded with base64 + secret_key: SjZLVDRTSkZIVG9leTQ1M2hadllmMWZpR2pYa0l1UkFmYkhLRHpUdAo= # Encoded AWS Secret Access key - Enter Correct AWS Secret Access Key Encoded with base64 + # Refer https://www.baeldung.com/linux/cli-base64-encode-decode this URL to Encode and Decode of String in Base64 \ No newline at end of file diff --git a/_examples/external-eks/main.tf b/_examples/external-eks/main.tf index 265f0fb..e8c3fb4 100644 --- a/_examples/external-eks/main.tf +++ b/_examples/external-eks/main.tf @@ -13,26 +13,27 @@ module "addons" { eks_cluster_name = local.name # -- Enable Addons - metrics_server = true - cluster_autoscaler = true - aws_load_balancer_controller = true - aws_node_termination_handler = true - aws_efs_csi_driver = true - aws_ebs_csi_driver = true - kube_state_metrics = true - karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. - calico_tigera = true - new_relic = true - kubeclarity = true - ingress_nginx = true - fluent_bit = true - velero = true - keda = true - certification_manager = true - filebeat = true - reloader = true - redis = true - prometheus = true + metrics_server = true + cluster_autoscaler = true + aws_load_balancer_controller = true + aws_node_termination_handler = true + aws_efs_csi_driver = true + aws_ebs_csi_driver = true + kube_state_metrics = true + karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. + calico_tigera = true + new_relic = true + kubeclarity = true + ingress_nginx = true + fluent_bit = true + velero = true + keda = true + certification_manager = true + filebeat = true + reloader = true + redis = true + prometheus = true + prometheus_cloudwatch_exporter = true # Grafana Deployment grafana = true @@ -48,54 +49,57 @@ module "addons" { external_secrets = true # -- Path of override-values.yaml file - metrics_server_helm_config = { values = [file("./config/override-metrics-server.yaml")] } - cluster_autoscaler_helm_config = { values = [file("./config/override-cluster-autoscaler.yaml")] } - karpenter_helm_config = { values = [file("./config/override-karpenter.yaml")] } - aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] } - aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] } - aws_efs_csi_driver_helm_config = { values = [file("./config/override-aws-efs-csi-driver.yaml")] } - aws_ebs_csi_driver_helm_config = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] } - calico_tigera_helm_config = { values = [file("./config/calico-tigera-values.yaml")] } - istio_ingress_helm_config = { values = [file("./config/istio/override-values.yaml")] } - kiali_server_helm_config = { values = [file("./config/kiali/override-values.yaml")] } - external_secrets_helm_config = { values = [file("./config/external-secret/override-values.yaml")] } - ingress_nginx_helm_config = { values = [file("./config/override-ingress-nginx.yaml")] } - kubeclarity_helm_config = { values = [file("./config/override-kubeclarity.yaml")] } - fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } - velero_helm_config = { values = [file("./config/override-velero.yaml")] } - new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } - kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } - keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } - certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } - filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } - reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } - redis_helm_config = { values = [file("./config/override-redis.yaml")] } - prometheus_helm_config = { values = [file("./config/override-prometheus.yaml")] } + metrics_server_helm_config = { values = [file("./config/override-metrics-server.yaml")] } + cluster_autoscaler_helm_config = { values = [file("./config/override-cluster-autoscaler.yaml")] } + karpenter_helm_config = { values = [file("./config/override-karpenter.yaml")] } + aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] } + aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] } + aws_efs_csi_driver_helm_config = { values = [file("./config/override-aws-efs-csi-driver.yaml")] } + aws_ebs_csi_driver_helm_config = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] } + calico_tigera_helm_config = { values = [file("./config/calico-tigera-values.yaml")] } + istio_ingress_helm_config = { values = [file("./config/istio/override-values.yaml")] } + kiali_server_helm_config = { values = [file("./config/kiali/override-values.yaml")] } + external_secrets_helm_config = { values = [file("./config/external-secret/override-values.yaml")] } + ingress_nginx_helm_config = { values = [file("./config/override-ingress-nginx.yaml")] } + kubeclarity_helm_config = { values = [file("./config/override-kubeclarity.yaml")] } + fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } + velero_helm_config = { values = [file("./config/override-velero.yaml")] } + new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } + kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } + keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } + certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } + filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } + reloader_helm_config = { values = [file("./config/reloader/override-reloader.yaml")] } + redis_helm_config = { values = [file("./config/override-redis.yaml")] } + prometheus_helm_config = { values = [file("./config/override-prometheus.yaml")] } + prometheus_cloudwatch_exporter_helm_config = { values = [file("./config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml")] } + prometheus_cloudwatch_exporter_secret_manifest = file("./config/prometheus-cloudwatch-exporter/secret.yaml") # -- Override Helm Release attributes - metrics_server_extra_configs = var.metrics_server_extra_configs - cluster_autoscaler_extra_configs = var.cluster_autoscaler_extra_configs - karpenter_extra_configs = var.karpenter_extra_configs - aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs - aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs - aws_efs_csi_driver_extra_configs = var.aws_efs_csi_driver_extra_configs - aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs - calico_tigera_extra_configs = var.calico_tigera_extra_configs - istio_ingress_extra_configs = var.istio_ingress_extra_configs - kiali_server_extra_configs = var.kiali_server_extra_configs - ingress_nginx_extra_configs = var.ingress_nginx_extra_configs - kubeclarity_extra_configs = var.kubeclarity_extra_configs - fluent_bit_extra_configs = var.fluent_bit_extra_configs - velero_extra_configs = var.velero_extra_configs - new_relic_extra_configs = var.new_relic_extra_configs - kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs - keda_extra_configs = var.keda_extra_configs - certification_manager_extra_configs = var.certification_manager_extra_configs - external_secrets_extra_configs = var.external_secrets_extra_configs - filebeat_extra_configs = var.filebeat_extra_configs - reloader_extra_configs = var.reloader_extra_configs - redis_extra_configs = var.redis_extra_configs - prometheus_extra_configs = var.prometheus_extra_configs + metrics_server_extra_configs = var.metrics_server_extra_configs + cluster_autoscaler_extra_configs = var.cluster_autoscaler_extra_configs + karpenter_extra_configs = var.karpenter_extra_configs + aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs + aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs + aws_efs_csi_driver_extra_configs = var.aws_efs_csi_driver_extra_configs + aws_ebs_csi_driver_extra_configs = var.aws_ebs_csi_driver_extra_configs + calico_tigera_extra_configs = var.calico_tigera_extra_configs + istio_ingress_extra_configs = var.istio_ingress_extra_configs + kiali_server_extra_configs = var.kiali_server_extra_configs + ingress_nginx_extra_configs = var.ingress_nginx_extra_configs + kubeclarity_extra_configs = var.kubeclarity_extra_configs + fluent_bit_extra_configs = var.fluent_bit_extra_configs + velero_extra_configs = var.velero_extra_configs + new_relic_extra_configs = var.new_relic_extra_configs + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs + keda_extra_configs = var.keda_extra_configs + certification_manager_extra_configs = var.certification_manager_extra_configs + external_secrets_extra_configs = var.external_secrets_extra_configs + filebeat_extra_configs = var.filebeat_extra_configs + reloader_extra_configs = var.reloader_extra_configs + redis_extra_configs = var.redis_extra_configs + prometheus_extra_configs = var.prometheus_extra_configs + prometheus_cloudwatch_exporter_extra_configs = var.prometheus_cloudwatch_exporter_extra_configs # -- Custom IAM Policy Json for Addon's ServiceAccount external_secrets_iampolicy_json_content = file("./custom-iam-policies/external-secrets.json") diff --git a/_examples/external-eks/variables.tf b/_examples/external-eks/variables.tf index 74ddd6b..b182e03 100644 --- a/_examples/external-eks/variables.tf +++ b/_examples/external-eks/variables.tf @@ -197,4 +197,10 @@ variable "grafana_manifests" { default = { grafana_virtualservice_file_path = "./config/grafana/grafana-vs.yaml" } +} + +# ---------------------- PROMETHEUS-CLOUDWATCH-EXPORTER ------------------------------------------------ +variable "prometheus_cloudwatch_exporter_extra_configs" { + type = any + default = {} } \ No newline at end of file diff --git a/addons/fluent-bit/README.md b/addons/fluent-bit/README.md index 2a32710..440e842 100644 --- a/addons/fluent-bit/README.md +++ b/addons/fluent-bit/README.md @@ -4,7 +4,7 @@ Fluent Bit is a lightweight log processor and forwarder that you use to collect ## Installation Below terraform script shows how to use FluentBit Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.4" diff --git a/addons/ingress-nginx/README.md b/addons/ingress-nginx/README.md index 2150d7c..e9857e0 100644 --- a/addons/ingress-nginx/README.md +++ b/addons/ingress-nginx/README.md @@ -9,7 +9,7 @@ Below terraform script shows how to use Ingress Nginx Terraform Addon, A complet user can change this behaviour according to their need. They just have to change values in `/_example/complete/config/override-ingress-nginx.yaml` file. User can also add annotations according to their need or they can add their own config file by the same name. - if user wants to change `namespace`, `chart version`, `timeout`, `atomic` and other helm artributes, A complete list of artributes is also given here [here](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/addons/helm/main.tf#L3-L32). then they can change this in `/_example/complate/variable.tf` at -```bash +```hcl #--------------INGRESS NGINX------------ variable "ingress_nginx_extra_configs" { type = any @@ -17,7 +17,7 @@ variable "ingress_nginx_extra_configs" { } ``` -```bash +```hcl module "addons" { source = "../../" depends_on = [null_resource.kubectl] diff --git a/addons/istio-ingress/README.md b/addons/istio-ingress/README.md index a32fa81..882d0b3 100644 --- a/addons/istio-ingress/README.md +++ b/addons/istio-ingress/README.md @@ -4,7 +4,7 @@ Istio is a service mesh—a modernized service networking layer that provides a ## Installation Below terraform script shows how to use Istio-Ingress Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/karpenter/README.md b/addons/karpenter/README.md index 45b008d..01420e9 100644 --- a/addons/karpenter/README.md +++ b/addons/karpenter/README.md @@ -4,7 +4,7 @@ Karpenter simplifies Kubernetes infrastructure with the right nodes at the right ## Installation Below terraform script shows how to use Karpenter Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/keda/README.md b/addons/keda/README.md index 1640429..d6e31ab 100644 --- a/addons/keda/README.md +++ b/addons/keda/README.md @@ -4,10 +4,9 @@ KEDA allows for fine grained autoscaling (including to/from zero) for event driv ## Installation Below terraform script shows how to use Keda Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" - version = "0.0.9" depends_on = [module.eks.cluster_id] eks_cluster_name = module.eks.cluster_name diff --git a/addons/kiali-server/README.md b/addons/kiali-server/README.md index 1443693..f387032 100644 --- a/addons/kiali-server/README.md +++ b/addons/kiali-server/README.md @@ -2,10 +2,9 @@ ## Installation Below terraform script shows how to use Kiali-Server Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" - version = "0.0.1" depends_on = [module.eks.cluster_id] eks_cluster_name = module.eks.cluster_name diff --git a/addons/kube-state-metrics/README.md b/addons/kube-state-metrics/README.md index 2f19738..4b87f15 100644 --- a/addons/kube-state-metrics/README.md +++ b/addons/kube-state-metrics/README.md @@ -10,7 +10,6 @@ Below terraform script shows how to use External Secrets Terraform Addon, A comp ```hcl module "addons" { source = "clouddrove/eks-addons/aws" - version = "0.0.6" depends_on = [module.eks] eks_cluster_name = module.eks.cluster_name diff --git a/addons/metrics-server/README.md b/addons/metrics-server/README.md index 767db5a..c6b25e5 100644 --- a/addons/metrics-server/README.md +++ b/addons/metrics-server/README.md @@ -7,7 +7,6 @@ Below terraform script shows how to use Metrics-Server Terraform Addon, A comple ```hcl module "addons" { source = "clouddrove/eks-addons/aws" - version = "0.0.1" depends_on = [module.eks.cluster_id] eks_cluster_name = module.eks.cluster_name diff --git a/addons/nri-bundle/README.md b/addons/nri-bundle/README.md index ebd3ac6..b07d430 100644 --- a/addons/nri-bundle/README.md +++ b/addons/nri-bundle/README.md @@ -7,7 +7,6 @@ Below terraform script shows how to use New-Relic Terraform Addon, A complete ex ```hcl module "addons" { source = "clouddrove/eks-addons/aws" - version = "0.0.1" depends_on = [module.eks.cluster_id] eks_cluster_name = module.eks.cluster_name diff --git a/addons/prometheus-cloudwatch-exporter/README.md b/addons/prometheus-cloudwatch-exporter/README.md new file mode 100644 index 0000000..1b53f6d --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/README.md @@ -0,0 +1,142 @@ +# Prometheus Cloudwatch Exporter Helm Chart + +The CloudWatch Exporter for Prometheus is a tool that allows you to export Amazon CloudWatch metrics in the Prometheus format. Amazon CloudWatch is a monitoring and observability service provided by AWS that provides metrics, logs, and traces from AWS resources and applications. + +## Installation +Below terraform script describes how to use Prometheus Cloudwatch Exporter Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). +```hcl +module "addons" { + source = "clouddrove/eks-addons/aws" + + depends_on = [module.eks.cluster_id] + eks_cluster_name = module.eks.cluster_name + + prometheus_cloudwatch_exporter = true +} +``` + +## Configuration +This documentation can help you to configure CloudWatch exporter to get the metrics from AWS. +Configuration examples for different namespaces can be found in [this](https://github.com/prometheus/cloudwatch_exporter/blob/master/examples) examples. +A configuration builder can be found [here](https://github.com/djloude/cloudwatch_exporter_metrics_config_builder). +Configure the exporter for namespaces accordingly and use it in the `./config/override-prometheus-cloudwatch-exporter-controller.yaml` override file like this. + +```yaml +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi +# This config is for AWS Load balancer +config: |- + # This is the default configuration for prometheus-cloudwatch-exporter + region: us-east-1 + metrics: + - aws_dimensions: + - InstanceId + aws_metric_name: CPUUtilization + aws_namespace: AWS/EC2 + aws_statistics: + - Average + aws_tag_select: + resource_type_selection: ec2:instance + resource_id_dimension: InstanceId + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkIn + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkOut + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkPacketsIn + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: NetworkPacketsOut + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: DiskWriteBytes + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: DiskReadBytes + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: CPUCreditBalance + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: CPUCreditUsage + aws_namespace: AWS/EC2 + aws_statistics: + - Average + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed + aws_namespace: AWS/EC2 + aws_statistics: + - Sum + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed_Instance + aws_namespace: AWS/EC2 + aws_statistics: + - Sum + - aws_dimensions: + - InstanceId + aws_metric_name: StatusCheckFailed_System + aws_namespace: AWS/EC2 + aws_statistics: + - Sum +``` + +## Authentication +- There are two methods to Authenticate with AWS + +### Using Secrets +- Update Access key and Secret Access keys from the config files provided in the examples. + +### Service Account (Default) +- Don't pass secret to use Service Based authentication. +- Minimal Required Permissions are allowed to the service account for Prometheus Cloudwatch Exporter. + +## Additional Configuration and Use +- Prometheus Cloudwatch Exporter is just a Exporter, that need to be used in prometheus as a exporter to scrape details from Exporter + +### Prometheus Scrape Config +- Checkout [this](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/_examples/complete/config/override-prometheus.yaml) Prometheus Configuration to add scrape config for Prometheus Cloudwatch Exporter. + + + diff --git a/addons/prometheus-cloudwatch-exporter/config/prometheus-cloudwatch-exporter.yaml b/addons/prometheus-cloudwatch-exporter/config/prometheus-cloudwatch-exporter.yaml new file mode 100644 index 0000000..42a63fe --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/config/prometheus-cloudwatch-exporter.yaml @@ -0,0 +1,245 @@ +# Default values for prometheus-cloudwatch-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: prom/cloudwatch-exporter + # if not set appVersion field from Chart.yaml is used + tag: + pullPolicy: IfNotPresent + pullSecrets: + # - name: "image-pull-secret" + +# Example proxy configuration: +# command: +# - 'java' +# - '-Dhttp.proxyHost=proxy.example.com' +# - '-Dhttp.proxyPort=3128' +# - '-Dhttps.proxyHost=proxy.example.com' +# - '-Dhttps.proxyPort=3128' +# - '-jar' +# - '/cloudwatch_exporter.jar' +# - '9106' +# - '/config/config.yml' + +command: [] + +containerPort: 9106 + +service: + type: ClusterIP + port: 9106 + portName: http + annotations: {} + labels: {} + +pod: + labels: {} + annotations: {} + +# Labels and annotations to attach to the deployment resource +deployment: + labels: {} + annotations: {} + +# Extra environment variables +extraEnv: + # - name: foo + # value: baa + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +aws: + role: + # Enables usage of regional STS endpoints rather than global which is default + stsRegional: + enabled: false + + # The name of a pre-created secret in which AWS credentials are stored. When + # set, aws_access_key_id is assumed to be in a field called access_key, + # aws_secret_access_key is assumed to be in a field called secret_key, and the + # session token, if it exists, is assumed to be in a field called + # security_token + secret: + name: + includesSessionToken: false + + # Note: Do not specify the aws_access_key_id and aws_secret_access_key if you specified role or secret.name before + aws_access_key_id: + aws_secret_access_key: + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # annotations: + # Will add the provided map to the annotations for the created serviceAccount + # e.g. + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::1234567890:role/prom-cloudwatch-exporter-oidc + # eks.amazonaws.com/sts-regional-endpoints: "true" + # Specifies whether to automount API credentials for the ServiceAccount. + automountServiceAccountToken: true + +rbac: + # Specifies whether RBAC resources should be created + create: true + +# Configuration is rendered with `tpl` function, therefore you can use any Helm variables and/or templates here +config: |- + # This is the default configuration for prometheus-cloudwatch-exporter + region: eu-west-1 + period_seconds: 240 + metrics: + - aws_namespace: AWS/ELB + aws_metric_name: HealthyHostCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: UnHealthyHostCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: RequestCount + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Sum] + + - aws_namespace: AWS/ELB + aws_metric_name: Latency + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Average] + + - aws_namespace: AWS/ELB + aws_metric_name: SurgeQueueLength + aws_dimensions: [AvailabilityZone, LoadBalancerName] + aws_statistics: [Maximum, Sum] + + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Configurable health checks against the /healthy and /ready endpoints +livenessProbe: + path: /-/healthy + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + path: /-/ready + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +serviceMonitor: + # When set true then use a ServiceMonitor to configure scraping + enabled: false + # Set the namespace the ServiceMonitor should be deployed + # namespace: monitoring + # Set how frequently Prometheus should scrape + # interval: 30s + # Set path to cloudwatch-exporter telemtery-path + # telemetryPath: /metrics + # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # labels: + # Set timeout for scrape + # timeout: 10s + # Set relabelings for the ServiceMonitor, use to apply to samples before scraping + # relabelings: [] + # Set metricRelabelings for the ServiceMonitor, use to apply to samples for ingestion + # metricRelabelings: [] + # + # Example - note the Kubernetes convention of camelCase instead of Prometheus' snake_case + # metricRelabelings: + # - sourceLabels: [dbinstance_identifier] + # action: replace + # replacement: mydbname + # targetLabel: dbname + +prometheusRule: + # Specifies whether a PrometheusRule should be created + enabled: false + # Set the namespace the PrometheusRule should be deployed + # namespace: monitoring + # Set labels for the PrometheusRule, use this to define your scrape label for Prometheus Operator + # labels: + # Example - note the Kubernetes convention of camelCase instead of Prometheus' + # rules: + # - alert: ELB-Low-BurstBalance + # annotations: + # message: The ELB BurstBalance during the last 10 minutes is lower than 80%. + # expr: aws_ebs_burst_balance_average < 80 + # for: 10m + # labels: + # severity: warning + # - alert: ELB-Low-BurstBalance + # annotations: + # message: The ELB BurstBalance during the last 10 minutes is lower than 50%. + # expr: aws_ebs_burst_balance_average < 50 + # for: 10m + # labels: + # severity: warning + # - alert: ELB-Low-BurstBalance + # annotations: + # message: The ELB BurstBalance during the last 10 minutes is lower than 30%. + # expr: aws_ebs_burst_balance_average < 30 + # for: 10m + # labels: + # severity: critical + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + # pathType is only for k8s >= 1.18 + pathType: Prefix + +securityContext: + runAsUser: 65534 # run as nobody user instead of root + fsGroup: 65534 # necessary to be able to read the EKS IAM token + +containerSecurityContext: {} + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: true + +# Leverage a PriorityClass to ensure your pods survive resource shortages +# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +# priorityClassName: system-cluster-critical +priorityClassName: "" diff --git a/addons/prometheus-cloudwatch-exporter/locals.tf b/addons/prometheus-cloudwatch-exporter/locals.tf new file mode 100644 index 0000000..9b8643d --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/locals.tf @@ -0,0 +1,41 @@ +locals { + name = "prometheus-cloudwatch-exporter" + + default_helm_config = { + name = try(var.prometheus_cloudwatch_exporter_extra_configs.name, local.name) + chart = try(var.prometheus_cloudwatch_exporter_extra_configs.chart, local.name) + repository = try(var.prometheus_cloudwatch_exporter_extra_configs.repository, "https://prometheus-community.github.io/helm-charts") + version = try(var.prometheus_cloudwatch_exporter_extra_configs.version, "0.25.2") + namespace = try(var.prometheus_cloudwatch_exporter_extra_configs.namespace, "monitoring") + create_namespace = try(var.prometheus_cloudwatch_exporter_extra_configs.create_namespace, true) + description = "Prometheus Cloudwatch-Exporter helm Chart deployment configuration" + timeout = try(var.prometheus_cloudwatch_exporter_extra_configs.timeout, "600") + lint = try(var.prometheus_cloudwatch_exporter_extra_configs.lint, "false") + repository_key_file = try(var.prometheus_cloudwatch_exporter_extra_configs.repository_key_file, "") + repository_cert_file = try(var.prometheus_cloudwatch_exporter_extra_configs.repository_cert_file, "") + repository_username = try(var.prometheus_cloudwatch_exporter_extra_configs.repository_username, "") + repository_password = try(var.prometheus_cloudwatch_exporter_extra_configs.repository_password, "") + verify = try(var.prometheus_cloudwatch_exporter_extra_configs.verify, "false") + keyring = try(var.prometheus_cloudwatch_exporter_extra_configs.keyring, "") + disable_webhooks = try(var.prometheus_cloudwatch_exporter_extra_configs.disable_webhooks, "false") + reuse_values = try(var.prometheus_cloudwatch_exporter_extra_configs.reuse_values, "false") + reset_values = try(var.prometheus_cloudwatch_exporter_extra_configs.reset_values, "false") + force_update = try(var.prometheus_cloudwatch_exporter_extra_configs.force_update, "false") + recreate_pods = try(var.prometheus_cloudwatch_exporter_extra_configs.recreate_pods, "false") + cleanup_on_fail = try(var.prometheus_cloudwatch_exporter_extra_configs.cleanup_on_fail, "false") + max_history = try(var.prometheus_cloudwatch_exporter_extra_configs.max_history, "0") + atomic = try(var.prometheus_cloudwatch_exporter_extra_configs.atomic, "false") + skip_crds = try(var.prometheus_cloudwatch_exporter_extra_configs.skip_crds, "false") + render_subchart_notes = try(var.prometheus_cloudwatch_exporter_extra_configs.render_subchart_notes, "true") + disable_openapi_validation = try(var.prometheus_cloudwatch_exporter_extra_configs.disable_openapi_validation, "false") + wait = try(var.prometheus_cloudwatch_exporter_extra_configs.wait, "true") + wait_for_jobs = try(var.prometheus_cloudwatch_exporter_extra_configs.wait_for_jobs, "false") + dependency_update = try(var.prometheus_cloudwatch_exporter_extra_configs.dependency_update, "false") + replace = try(var.prometheus_cloudwatch_exporter_extra_configs.replace, "false") + } + + helm_config = merge( + local.default_helm_config, + var.helm_config + ) +} diff --git a/addons/prometheus-cloudwatch-exporter/main.tf b/addons/prometheus-cloudwatch-exporter/main.tf new file mode 100644 index 0000000..d19605f --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/main.tf @@ -0,0 +1,91 @@ +module "prometheus_cloudwatch_exporter_secret" { + count = var.secret_manifest != null ? 1 : 0 + source = "../helm" + + manage_via_gitops = var.manage_via_gitops + helm_config = local.helm_config + addon_context = var.addon_context + + set_values = [ + { + name = "aws.secret.name" + value = "aws" + } + ] + depends_on = [kubectl_manifest.secret_manifest] +} + +module "prometheus_cloudwatch_exporter_role" { + count = var.secret_manifest == null ? 1 : 0 + source = "../helm" + + manage_via_gitops = var.manage_via_gitops + helm_config = local.helm_config + addon_context = var.addon_context + + set_values = [ + { + name = "serviceAccount.create" + value = "false" + }, + { + name = "serviceAccount.name" + value = "${local.name}-sa" + } + ] + + # -- IRSA Configurations + irsa_config = { + irsa_iam_policies = [aws_iam_policy.policy.arn] + irsa_iam_role_name = "${local.name}-${var.eks_cluster_name}" + create_kubernetes_namespace = false + kubernetes_service_account = "${local.name}-sa" + kubernetes_namespace = local.default_helm_config.namespace + eks_oidc_provider_arn = var.addon_context.eks_oidc_provider_arn + account_id = var.addon_context.aws_caller_identity_account_id + } +} + +# Secret for AWS Authentication with cloudwatch exporter +resource "kubectl_manifest" "secret_manifest" { + count = var.secret_manifest != null ? 1 : 0 + yaml_body = var.secret_manifest + depends_on = [kubernetes_namespace.prometheus_cloudwatch_exporter_namespace] +} + +resource "kubernetes_namespace" "prometheus_cloudwatch_exporter_namespace" { + metadata { + name = local.default_helm_config.namespace + } +} + +resource "aws_iam_policy" "policy" { + name = "${local.name}-${var.eks_cluster_name}" + path = "/" + description = "IAM Policy used by ${local.name}-${var.eks_cluster_name} IAM Role" + policy = var.iampolicy_json_content != null ? var.iampolicy_json_content : <<-EOT +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowCloudwatch", + "Effect": "Allow", + "Action": [ + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData" + ], + "Resource": "*" + }, + { + "Sid": "AllowResourceTagging", + "Effect": "Allow", + "Action": [ + "tag:GetResources" + ], + "Resource": "*" + } + ] +} +EOT +} \ No newline at end of file diff --git a/addons/prometheus-cloudwatch-exporter/outputs.tf b/addons/prometheus-cloudwatch-exporter/outputs.tf new file mode 100644 index 0000000..a3832b1 --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/outputs.tf @@ -0,0 +1,11 @@ +output "namespace" { + value = local.default_helm_config.namespace +} + +output "chart_version" { + value = local.default_helm_config.version +} + +output "repository" { + value = local.default_helm_config.repository +} \ No newline at end of file diff --git a/addons/prometheus-cloudwatch-exporter/variables.tf b/addons/prometheus-cloudwatch-exporter/variables.tf new file mode 100644 index 0000000..7382fbe --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/variables.tf @@ -0,0 +1,49 @@ +variable "helm_config" { + description = "Helm provider config for Prometheus Cloudwatch Exporter" + type = any + default = {} +} + +variable "manage_via_gitops" { + description = "Determines if the add-on should be managed via GitOps" + type = bool + default = false +} + +variable "addon_context" { + description = "Input configuration for the addon" + type = object({ + aws_caller_identity_account_id = string + aws_caller_identity_arn = string + aws_eks_cluster_endpoint = string + aws_partition_id = string + aws_region_name = string + eks_cluster_id = string + eks_oidc_issuer_url = string + eks_oidc_provider_arn = string + tags = map(string) + }) +} + +variable "prometheus_cloudwatch_exporter_extra_configs" { + description = "Override attributes of helm_release terraform resource" + type = any + default = {} +} + +variable "secret_manifest" { + description = "Path of Ingress and Gateway yaml manifests" + type = string + default = null +} + +variable "eks_cluster_name" { + type = string + default = "" +} + +variable "iampolicy_json_content" { + description = "Custom IAM Policy for Prometheus Cloudwatch Exporter's Role" + type = string + default = null +} \ No newline at end of file diff --git a/addons/prometheus-cloudwatch-exporter/versions.tf b/addons/prometheus-cloudwatch-exporter/versions.tf new file mode 100644 index 0000000..dc04845 --- /dev/null +++ b/addons/prometheus-cloudwatch-exporter/versions.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.23" + } + aws = { + source = "hashicorp/aws" + version = ">= 5.29" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.12" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.13.0" + } + } +} diff --git a/addons/prometheus/README.md b/addons/prometheus/README.md index 299a673..969eb50 100644 --- a/addons/prometheus/README.md +++ b/addons/prometheus/README.md @@ -25,6 +25,10 @@ module "addons" { } ``` +## Configuration +- Prometheus is a data scraper that will scrape the config from target and store it in Volume or Storge. +- Prometheus is used for Monitoring and Logging with Grafana servic. Checkout [this](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/_examples/complete/config/grafana/override-grafana.yaml) Grafana default configuration to add Prometheus URL as a data-source for Grafana dashboard. + ## Requirements diff --git a/addons/reloader/README.md b/addons/reloader/README.md index 7139920..21a3d5b 100644 --- a/addons/reloader/README.md +++ b/addons/reloader/README.md @@ -5,7 +5,7 @@ Reloader manages the following AWS resources ## Installation Below terraform script shows how to use Reloader Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.1.0" diff --git a/main.tf b/main.tf index 4635d91..2b11d0a 100644 --- a/main.tf +++ b/main.tf @@ -266,4 +266,16 @@ module "grafana" { addon_context = local.addon_context grafana_manifests = var.grafana_manifests grafana_extra_configs = var.grafana_extra_configs +} + +module "prometheus_cloudwatch_exporter" { + count = var.prometheus_cloudwatch_exporter ? 1 : 0 + source = "./addons/prometheus-cloudwatch-exporter" + helm_config = var.prometheus_cloudwatch_exporter_helm_config != null ? var.prometheus_cloudwatch_exporter_helm_config : { values = [local_file.prometheus_cloudwatch_exporter_helm_config[count.index].content] } + manage_via_gitops = var.manage_via_gitops + addon_context = local.addon_context + prometheus_cloudwatch_exporter_extra_configs = var.prometheus_cloudwatch_exporter_extra_configs + secret_manifest = var.prometheus_cloudwatch_exporter_secret_manifest + eks_cluster_name = data.aws_eks_cluster.eks_cluster.name + iampolicy_json_content = var.prometheus_cloudwatch_exporter_role_iampolicy_json_content } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index add080b..c8cb1f9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -410,4 +410,18 @@ output "grafana_chart_version" { output "grafana_repository" { value = module.grafana[*].repository description = "Helm chart repository of the grafana." +} + +#----------- Prometheus Cloudwatch Exporter ------------------------ +output "prometheus_cloudwatch_exporter_namespace" { + value = module.prometheus_cloudwatch_exporter[*].namespace + description = "The namespace where Prometheus Cloudwatch Exporter is deployed." +} +output "prometheus_cloudwatch_exporter_chart_version" { + value = module.prometheus_cloudwatch_exporter[*].chart_version + description = "Chart version of the Prometheus Cloudwatch Exporter Helm Chart." +} +output "prometheus_cloudwatch_exporter_repository" { + value = module.prometheus_cloudwatch_exporter[*].repository + description = "Helm chart repository of the Prometheus Cloudwatch Exporter." } \ No newline at end of file diff --git a/override_values.tf b/override_values.tf index e1411a8..90f48bb 100644 --- a/override_values.tf +++ b/override_values.tf @@ -881,4 +881,31 @@ resources: memory: 150Mi EOT filename = "${path.module}/override_vales/grafana.yaml" +} + +#-----------PROMETHEUS-CLOUDWATCH-EXPORTER-------------------- +resource "local_file" "prometheus_cloudwatch_exporter_helm_config" { + count = var.prometheus_cloudwatch_exporter && (var.prometheus_cloudwatch_exporter_helm_config == null) ? 1 : 0 + content = <