diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f451b69..2675093 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -49,7 +49,7 @@ repos:
# Terraform Hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.97.3 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt
args:
diff --git a/.tflint.hcl b/.tflint.hcl
index 684d807..ab8ea66 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -4,18 +4,18 @@ config {
disabled_by_default = false
}
-rule "aws_instance_invalid_type" {
- enabled = true
-}
+# rule "aws_instance_invalid_type" {
+# enabled = true
+# }
-plugin "aws" {
- enabled = true
- version = "0.32.0"
- source = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+# enabled = true
+# version = "0.32.0"
+# source = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
-plugin "terraform" {
- enabled = true
- version = "0.9.0"
- source = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+# enabled = true
+# version = "0.9.0"
+# source = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
diff --git a/README.md b/README.md
index f6b633b..e02ee99 100644
--- a/README.md
+++ b/README.md
@@ -25,9 +25,9 @@ to loki.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.73.0 |
-| [helm](#provider\_helm) | 2.16.1 |
-| [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| [aws](#provider\_aws) | 5.87.0 |
+| [helm](#provider\_helm) | 2.17.0 |
+| [kubernetes](#provider\_kubernetes) | 2.35.1 |
## Modules
@@ -45,7 +45,6 @@ to loki.
| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_s3_bucket.s3_server_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |
-| [kubernetes_namespace.existing_ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
## Inputs
@@ -53,7 +52,6 @@ to loki.
|------|-------------|------|---------|:--------:|
| [canary\_tag](#input\_canary\_tag) | The tag of the grafana/loki-canary image to use. | `string` | `"3.0.0"` | no |
| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `string` | `"true"` | no |
| [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no |
| [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.4"` | no |
| [gateway\_tag](#input\_gateway\_tag) | The version of nginxinc/nginx-unprivileged to use for the gateway. | `string` | `"1.25.2-alpine"` | no |
diff --git a/main.tf b/main.tf
index 5fe7ce2..30f30ae 100644
--- a/main.tf
+++ b/main.tf
@@ -1,12 +1,10 @@
locals {
- gateway_internal_hostname = format("loki-gateway.%v.svc.cluster.local", local.ns)
+ gateway_internal_hostname = format("loki-gateway.%v.svc.cluster.local", kubernetes_namespace.ns.metadata[0].name)
gateway_internal_port_number = "80"
gateway_internal_url = format("http://%v:%v/", local.gateway_internal_hostname, local.gateway_internal_port_number)
}
resource "kubernetes_namespace" "ns" {
- count = var.create_namespace == "true" ? 1 : 0
-
metadata {
name = var.namespace
labels = {
@@ -15,14 +13,6 @@ resource "kubernetes_namespace" "ns" {
}
}
-data "kubernetes_namespace" "existing_ns" {
- count = var.create_namespace == "true" ? 0 : 1
-
- metadata {
- name = var.namespace
- }
-}
-
locals {
tags = merge({
"boc:eks-cluster-name" = var.cluster_name
@@ -32,7 +22,6 @@ locals {
CostAllocation = var.tag_costallocation
}, var.tags)
- ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing_ns[0].metadata[0].name)
}
module "loki_irsa_role" {
@@ -41,7 +30,7 @@ module "loki_irsa_role" {
# tflint-ignore: terraform_module_pinned_source
source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git"
- role_name = "${var.cluster_name}-loki"
+ role_name = "r-${var.cluster_name}-loki"
attach_s3_bucket_owner_policy = true
attach_encrypted_object_manager_policy = true
@@ -67,18 +56,20 @@ resource "helm_release" "loki" {
chart = "loki"
version = var.loki_chart_version
name = "loki"
- namespace = local.ns
+ namespace = kubernetes_namespace.ns.metadata[0].name
repository = "https://grafana.github.io/helm-charts"
- timeout = 900
wait = true
- ##### Globals #####
+ values = [
+ file("${path.module}/values/loki.yaml")
+ ]
+
+ # Dynamic values that depend on Terraform variables or computed values
set {
name = "global.image.registry"
value = module.images.images[local.loki_key].dest_registry
}
- ##### Loki Image #####
set {
name = "loki.image.repository"
value = module.images.images[local.loki_key].dest_repository
@@ -88,81 +79,12 @@ resource "helm_release" "loki" {
value = module.images.images[local.loki_key].tag
}
- ##### Provisioner (nginx) Image #####
- set {
- name = "loki.provisioner.image.repository"
- value = split(":", module.images.images[local.provisioner_key].dest_full_path)[0]
- }
- set {
- name = "loki.provisioner.image.tag"
- value = module.images.images[local.provisioner_key].tag
- }
-
- #### Gateway Image #####
- set {
- name = "gateway.image.repository"
- value = module.images.images[local.gateway_key].dest_repository
- }
- set {
- name = "gateway.image.tag"
- value = module.images.images[local.gateway_key].tag
- }
-
- ##### grafana/loki-canary #####
- set {
- name = "lokiCanary.image.repository"
- value = module.images.images[local.canary_key].dest_repository
- }
- set {
- name = "lokiCanary.image.tag"
- value = module.images.images[local.canary_key].tag
- }
-
- ##### kiwigrid/k8s-sidecar #####
- set {
- name = "sidecar.image.repository"
- value = split(":", module.images.images[local.sidecar_key].dest_full_path)[0]
- }
- set {
- name = "sidecar.image.tag"
- value = module.images.images[local.sidecar_key].tag
- }
-
- ##### memcached #####
- set {
- name = "memcached.image.repository"
- value = split(":", module.images.images[local.memcached_key].dest_full_path)[0]
- }
- set {
- name = "memcached.image.tag"
- value = module.images.images[local.memcached_key].tag
- }
-
- ##### memcachedExporter #####
- set {
- name = "memcachedExporter.image.repository"
- value = split(":", module.images.images[local.exporter_key].dest_full_path)[0]
- }
- set {
- name = "memcachedExporter.image.tag"
- value = module.images.images[local.exporter_key].tag
- }
-
- ##### Auth #####
- set {
- name = "loki.auth_enabled"
- value = "true"
- }
set {
name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
value = module.loki_irsa_role.iam_role_arn
}
- set {
- name = "memberlist.service.publishNotReadyAddresses"
- value = "true"
- }
- ##### Storage #####
+ # Storage-related dynamic configurations
set {
name = "loki.storage.bucketNames.chunks"
value = module.loki_s3.s3_requested_bucket_name
@@ -194,19 +116,8 @@ resource "helm_release" "loki" {
module.loki_s3.s3_requested_bucket_name
)
}
- set {
- name = "write.extraVolumesMounts[0].name"
- value = "data"
- }
- set {
- name = "write.extraVolumesMounts[0].mountPath"
- value = "/loki"
- }
- set {
- name = "write.extraVolumes[0].name"
- value = "loki"
- }
+ # Storage class configurations
set {
name = "write.persistence.storageClass"
value = var.rwo_storage_class
@@ -215,135 +126,63 @@ resource "helm_release" "loki" {
name = "backend.persistence.storageClass"
value = var.rwo_storage_class
}
-
- ##### AutoScaling #####
- set {
- name = "write.autoscaling.enabled"
- value = true
- }
- set {
- name = "read.autoscaling.enabled"
- value = true
- }
set {
- name = "backend.autoscaling.enabled"
- value = true
- }
- set {
- name = "ingester.autoscaling.enabled"
- value = true
- }
- set {
- name = "distributor.autoscaling.enabled"
- value = true
- }
- set {
- name = "querier.autoscaling.enabled"
- value = true
- }
- set {
- name = "queryFrontend.autoscaling.enabled"
- value = true
+ name = "read.persistence.storageClass"
+ value = var.rwo_storage_class
}
- ##### Schema Config #####
+ # Image configurations for additional components
set {
- name = "loki.schemaConfig.configs[0].from"
- value = "2024-04-01"
- }
- set {
- name = "loki.schemaConfig.configs[0].index.period"
- value = "24h"
- }
- set {
- name = "loki.schemaConfig.configs[0].index.prefix"
- value = "loki_sb_index_"
- }
- set {
- name = "loki.schemaConfig.configs[0].object_store"
- value = "s3"
- }
- set {
- name = "loki.schemaConfig.configs[0].schema"
- value = "v13"
- }
- set {
- name = "loki.schemaConfig.configs[0].store"
- value = "tsdb"
+ name = "loki.provisioner.image.repository"
+ value = split(":", module.images.images[local.provisioner_key].dest_full_path)[0]
}
set {
- name = "test.enabled"
- value = "false"
+ name = "loki.provisioner.image.tag"
+ value = module.images.images[local.provisioner_key].tag
}
- ##### Compactor Config #####
- set {
- name = "compactor.working_directory"
- value = "/loki/compactor"
- }
set {
- name = "compactor.shared_store"
- value = "s3"
- }
- set {
- name = "compactor.compaction_interval"
- value = "10m"
- }
- set {
- name = "compactor.retention_enabled"
- value = "true"
- }
- set {
- name = "compactor.retention_delete_delay"
- value = "2h"
+ name = "gateway.image.repository"
+ value = module.images.images[local.gateway_key].dest_repository
}
set {
- name = "compactor.retention_delete_worker_count"
- value = "150"
+ name = "gateway.image.tag"
+ value = module.images.images[local.gateway_key].tag
}
- ##### Limits #####
- set {
- name = "loki.limits_config.ingestion_rate_strategy"
- value = "local"
- }
set {
- name = "loki.limits_config.max_global_streams_per_user"
- value = "5000"
- }
- set {
- name = "loki.limits_config.max_query_parallelism"
- value = "32"
+ name = "lokiCanary.image.repository"
+ value = module.images.images[local.canary_key].dest_repository
}
set {
- name = "loki.limits_config.max_streams_per_user"
- value = "10000"
+ name = "lokiCanary.image.tag"
+ value = module.images.images[local.canary_key].tag
}
- ##### Monitoring #####
set {
- name = "loki.analytics.reporting_enabled"
- value = "false"
+ name = "sidecar.image.repository"
+ value = split(":", module.images.images[local.sidecar_key].dest_full_path)[0]
}
set {
- name = "monitoring.dashboards.enabled"
- value = "false"
+ name = "sidecar.image.tag"
+ value = module.images.images[local.sidecar_key].tag
}
+
set {
- name = "monitoring.rules.enabled"
- value = "false"
+ name = "memcached.image.repository"
+ value = split(":", module.images.images[local.memcached_key].dest_full_path)[0]
}
set {
- name = "monitoring.serviceMonitor.enabled"
- value = "false"
+ name = "memcached.image.tag"
+ value = module.images.images[local.memcached_key].tag
}
+
set {
- name = "monitoring.selfMonitoring.enabled"
- value = "false"
+ name = "memcachedExporter.image.repository"
+ value = split(":", module.images.images[local.exporter_key].dest_full_path)[0]
}
set {
- name = "monitoring.lokiCanary.enabled"
- value = "false"
+ name = "memcachedExporter.image.tag"
+ value = module.images.images[local.exporter_key].tag
}
-
}
diff --git a/values/loki.yaml b/values/loki.yaml
new file mode 100644
index 0000000..ab5e963
--- /dev/null
+++ b/values/loki.yaml
@@ -0,0 +1,104 @@
+---
+loki:
+ auth_enabled: false
+ analytics:
+ reporting_enabled: true
+
+ schemaConfig:
+ configs:
+ - from: 2024-04-01
+ index:
+ period: 24h
+ prefix: loki_sb_index_
+ object_store: s3
+ schema: v13
+ store: tsdb
+
+ limits_config:
+ ingestion_rate_strategy: local
+ max_global_streams_per_user: 5000
+ max_query_parallelism: 32
+ max_streams_per_user: 10000
+
+write:
+ persistence:
+ enabled: true
+ autoscaling:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ extraVolumesMounts:
+ - name: data
+ mountPath: /loki
+ extraVolumes:
+ - name: loki
+
+read:
+ persistence:
+ enabled: true
+ autoscaling:
+ enabled: true
+ minReplicas: 1
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+backend:
+ autoscaling:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+gateway:
+ resources:
+ requests:
+ cpu: 50m
+ memory: 64Mi
+
+compactor:
+ working_directory: /loki/compactor
+ shared_store: s3
+ compaction_interval: 10m
+ retention_enabled: true
+ retention_delete_delay: 2h
+ retention_delete_worker_count: 150
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+sidecar:
+ resources:
+ requests:
+ cpu: 500m
+ memory: 512Mi
+
+ruler:
+ resources:
+ requests:
+ cpu: 500m
+ memory: 512Mi
+
+monitoring:
+ dashboards:
+ enabled: false
+ rules:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ selfMonitoring:
+ enabled: false
+ lokiCanary:
+ enabled: false
+
+memberlist:
+ service:
+ publishNotReadyAddresses: false
+
+test:
+ enabled: false
diff --git a/variables.tf b/variables.tf
index 31e18bb..650fac4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,12 +32,6 @@ variable "namespace" {
default = "loki"
}
-variable "create_namespace" {
- description = "Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`)"
- type = string
- default = "true"
-}
-
variable "oidc_provider_arn" {
description = "The ARN in the EKS cluster for the OpenID Connect identity provider."
type = string