diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf deleted file mode 100644 index 4174af2..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf +++ /dev/null @@ -1,80 +0,0 @@ -locals { - charts = { - "cert-manager" = { - name = "cert-manager" - repository = "https://charts.jetstack.io" - version = var.cert_manager_helm_chart - use_remote = true - } - } -} - -resource "kubernetes_namespace" "cert-manager" { - metadata { - name = "cert-manager" - } -} - -resource "helm_release" "cert-manager" { - chart = "cert-manager" - name = "cert-manager" - namespace = kubernetes_namespace.cert-manager.metadata[0].name - repository = local.charts["cert-manager"].use_remote ? local.charts["cert-manager"].repository : "${path.module}/charts" - version = local.charts["cert-manager"].use_remote ? local.charts["cert-manager"].version : null - - - set { - name = "installCRDs" - value = "true" - } - set { - name = "extraArgs" - value = "{--enable-certificate-owner-ref=true}" - } - - set { - name = "image.repository" - value = split(":", module.images.images[local.cert-manager_control_key].dest_full_path)[0] - } - - set { - name = "image.tag" - value = split(":", module.images.images[local.cert-manager_control_key].dest_full_path)[1] - } - - set { - name = "cainjector.image.repository" - #value = module.images.images[local.cert-manager-cainjector_key].dest_full_path - value = split(":", module.images.images[local.cert-manager-cainjector_key].dest_full_path)[0] - } - - set { - name = "cainjector.image.tag" - value = split(":", module.images.images[local.cert-manager-cainjector_key].dest_full_path)[1] - } - - set { - name = "webhook.image.repository" - value = split(":", module.images.images[local.cert-manager-webhook_key].dest_full_path)[0] - } - - set { - name = "webhook.image.tag" - value = split(":", module.images.images[local.cert-manager-webhook_key].dest_full_path)[1] - } - - set { - name = "startupapicheck.image.repository" - value = split(":", module.images.images[local.cert-manager-ctl_key].dest_full_path)[0] - } - - set { - name = "startupapicheck.image.tag" - value = split(":", module.images.images[local.cert-manager-ctl_key].dest_full_path)[1] - } - timeout = 180 -} - -# output "cert_manager_control_key" { -# value = module.images.images[local.cert-manager-cainjector_key].dest_registry -# } \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf deleted file mode 100644 index fe21d38..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf +++ /dev/null @@ -1,78 +0,0 @@ -data "aws_ecr_authorization_token" "token" {} - - - -locals { - cert-manager_control_key = format("%v#%v", "jetstack/cert-manager-controller", var.cert_manager_controller_tag) - cert-manager-cainjector_key = format("%v#%v", "jetstack/cert-manager-cainjector", var.cert_manager_cainjector_tag) - cert-manager-webhook_key = format("%v#%v", "jetstack/cert-manager-webhook", var.cert_manager_webhook_tag) - cert-manager-ctl_key = format("%v#%v", "jetstack/cert-manager-ctl", var.cert_manager_ctl_tag) - - #account_id = data.aws_caller_identity.current.account_id - repo_parent_name = format("eks/%v", var.cluster_name) - -# account_ecr_registry = format("%v.dkr.ecr.%v.amazonaws.com", local.account_id, var.region) -# account_ecr = format("%v/%v", local.account_ecr_registry, local.repo_parent_name) - -image_config = [ - { - enabled = true - dest_path = null - name = "jetstack/cert-manager-controller" - source_image = "jetstack/cert-manager-controller" - source_registry = "quay.io" - source_tag = var.cert_manager_controller_tag - tag = var.cert_manager_controller_tag - }, - { - enabled = true - dest_path = null - name = "jetstack/cert-manager-cainjector" - source_image = "jetstack/cert-manager-cainjector" - source_registry = "quay.io" - source_tag = var.cert_manager_cainjector_tag - tag = var.cert_manager_cainjector_tag - }, - { - enabled = true - dest_path = null - name = "jetstack/cert-manager-webhook" - source_image = "jetstack/cert-manager-webhook" - source_registry = "quay.io" - source_tag = var.cert_manager_webhook_tag - tag = var.cert_manager_webhook_tag - }, - { - enabled = true - dest_path = null - name = "jetstack/cert-manager-ctl" - source_image = "jetstack/cert-manager-ctl" - source_registry = "quay.io" - source_tag = var.cert_manager_ctl_tag - tag = var.cert_manager_ctl_tag - }, - ] -} - -module "images" { - source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2" - - profile = var.profile - application_name = var.cluster_name - image_config = local.image_config - tags = {} - - ### optional - ## account_alias = "" - ## account_id = "" - ## destination_password = "" - ## destination_username = "" - ## override_prefixes = {} - region = var.region - ## source_password = "" - ## source_username = "" -} - -output "image-config-output" { - value = local.image_config -} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl deleted file mode 100644 index 0b38e7b..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl +++ /dev/null @@ -1,22 +0,0 @@ -terraform { -# source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager" - source = "./cert-mgr.tf" - -# cluster_name = var.cluster_name -# contact_email = var.cluster_mailing_list - -# tags = merge( -# local.base_tags, -# local.common_tags, -# var.application_tags, -# ) -} - -dependency "eks" { - config_path = "../eks" -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - contact_email = "srinivasa.nangunuri@census.gov" -} diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf deleted file mode 100644 index c765cb4..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf +++ /dev/null @@ -1,53 +0,0 @@ -variable "cluster_name" { - description = "Name of the cluster" - type = string - default = "platform-eng-eks-test" -} - -variable "cluster_mailing_list" { - description = "cluster mailing list" - type = string - default = "srinivasa.nangunuri@census.gov" -} - -variable "cert_manager_helm_chart" { - description = "cert_manager_helm_chart" - type = string - default = "1.13.1" -} - -variable "cert_manager_cainjector_tag" { - description = "cert_manager_cainjector_tag" - type = string - default = "v1.13.1" -} - -variable "cert_manager_controller_tag" { - description = "cert_manager_controller_tag" - type = string - default = "v1.13.1" -} - -variable "cert_manager_webhook_tag" { - description = "cert_manager_webhook_tag" - type = string - default = "v1.13.1" -} - -variable "cert_manager_ctl_tag" { - description = "cert-manager-ctl_tag" - type = string - default = "v1.13.1" -} - -variable "region" { - description = "region name" - type = string - default = "us-gov-east-1" -} - -variable "profile" { - description = "AWS_PROFILE to use to apply the terraform script." - type = string - default = "" -} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-prometheus/README.md b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/README.md new file mode 100644 index 0000000..d06d9bf --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/README.md @@ -0,0 +1,55 @@ +## eks-prometheus +This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. +This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. + 1. prometheus-alert-manager + 2. prometheus-node-exporter + 3. prometheus-pushgateway + 4. prometheus-server + +### Dependencies +This module is dependent on EKS module (eks). The cluster should exist already for this module to work. + +### Inputs + cluster_name + profile + prometheus_chart_version + prometheus_server_tag + prometheus_config_reloader_tag + alertmanager_tag + kube_state_metrics_tag + node_exporter_tag + pushgateway_tag + rwo_storage_class + +### Outputs + alertmanager_internal_endpoint + alertmanager_headless_internal_endpoint + pushgateway_internal_endpoint + prometheus_server_internal_endpoint + +### Issues observed/fixed + 1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" + 2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" + 3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" + 4. The alertmanager_tag value had to be updated from + 5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: + ``` + set { + name = "kube-state-metrics.image.registry" + value = module.images.images[local.ksm_key].dest_registry + } + set { + name = "kube-state-metrics.image.repository" + value = module.images.images[local.ksm_key].dest_repository + } + ``` + 6. In some other cases the image ecr repository had to be split by the colon separatory (:) + ``` + set { + name = "alertmanager.configmapReload.image.repository" + value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] + } + ``` + + + diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/provider.tf similarity index 96% rename from lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/provider.tf rename to lab/us-gov-east-1/vpc/cluster/eks-prometheus/provider.tf index cdeb79f..a451c11 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/provider.tf +++ b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/provider.tf @@ -1,3 +1,4 @@ +# provider.tf provider "aws" { region = "us-gov-east-1" profile = "224384469011-lab-dev-gov.inf-admin-t3" diff --git a/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl new file mode 100644 index 0000000..098dd53 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl @@ -0,0 +1,31 @@ +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=platform-changes" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-prometheus/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + cluster_name = dependency.eks.inputs.cluster_name + region = "us-gov-east-1" +}