diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7c1cae9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,38 @@ +# Local .terraform directories +**/.terraform/* + +# terraform lock file. +**/.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, +# such as password, private keys, and other secrets. These should not be +# part of version control as they are data points which are potentially +# sensitive and subject to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources +# locally and so are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + diff --git a/README.md b/README.md new file mode 100644 index 0000000..7238472 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# tfmod-prometheus diff --git a/copy_images.tf b/copy_images.tf new file mode 100644 index 0000000..99c301f --- /dev/null +++ b/copy_images.tf @@ -0,0 +1,96 @@ +locals { + prom_config_reload_name = "prometheus/prometheus-config-reloader" + prom_config_reload_key = format("%v#%v", local.prom_config_reload_name, var.prometheus_config_reloader_tag) + + prom_name = "prometheus/prometheus" + prom_key = format("%v#%v", local.prom_name, var.prometheus_server_tag) + + alertman_name = "prometheus/alertmanager" + alertman_key = format("%v#%v", local.alertman_name, var.alertmanager_tag) + + ksm_name = "prometheus/kube-state-metrics" + ksm_key = format("%v#%v", local.ksm_name, var.kube_state_metrics_tag) + + node_exporter_name = "prometheus/node-exporter" + node_exporter_key = format("%v#%v", local.node_exporter_name, var.node_exporter_tag) + + pushgateway_name = "prometheus/pushgateway" + pushgateway_key = format("%v#%v", local.pushgateway_name, var.pushgateway_tag) + + image_config = [ + { + enabled = true + dest_path = null + name = local.prom_config_reload_name + source_image = "prometheus-operator/prometheus-config-reloader" + source_registry = "quay.io" + source_tag = var.prometheus_config_reloader_tag + tag = var.prometheus_config_reloader_tag + }, + { + enabled = true + dest_path = null + name = local.prom_name + source_image = "prometheus/prometheus" + source_registry = "quay.io" + source_tag = var.prometheus_server_tag + tag = var.prometheus_server_tag + }, + { + enabled = true + dest_path = null + name = local.alertman_name + source_image = "prometheus/alertmanager" + source_registry = "quay.io" + source_tag = var.alertmanager_tag + tag = var.alertmanager_tag + }, + { + enabled = true + dest_path = null + name = local.ksm_name + source_image = "kube-state-metrics/kube-state-metrics" + source_registry = "registry.k8s.io" + source_tag = var.kube_state_metrics_tag + tag = var.kube_state_metrics_tag + }, + { + enabled = true + dest_path = null + name = local.node_exporter_name + source_image = "prometheus/node-exporter" + source_registry = "quay.io" + source_tag = var.node_exporter_tag + tag = var.node_exporter_tag + }, + { + enabled = true + dest_path = null + name = local.pushgateway_name + source_image = "prometheus/pushgateway" + source_registry = "quay.io" + source_tag = var.pushgateway_tag + tag = var.pushgateway_tag + }, + ] +} + +module "images" { + source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2" + + profile = var.profile + application_name = var.cluster_name + image_config = local.image_config + tags = {} + + ### optional + ## account_alias = "" + ## account_id = "" + ## destination_password = "" + ## destination_username = "" + ## override_prefixes = {} + ## region = "" + ## source_password = "" + ## source_username = "" +} + diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..e9ffe29 --- /dev/null +++ b/main.tf @@ -0,0 +1,109 @@ + +resource "kubernetes_namespace" "ns" { + metadata { + name = var.namespace + } +} + +resource "helm_release" "prometheus" { + chart = "prometheus" + name = "prometheus" + namespace = kubernetes_namespace.ns.metadata[0].name + version = var.prometheus_chart_version + repository = "https://prometheus-community.github.io/helm-charts" + + # Prometheus chart: + set { + name = "configmapReload.prometheus.image.repository" + value = format("%v/%v", + module.images.images[local.prom_config_reload_key].dest_registry, + module.images.images[local.prom_config_reload_key].dest_repository + ) + } + set { + name = "configmapReload.prometheus.image.tag" + value = module.images.images[local.prom_config_reload_key].tag + } + set { + name = "server.image.repository" + value = format("%v/%v", + module.images.images[local.prom_key].dest_registry, + module.images.images[local.prom_key].dest_repository + ) + } + set { + name = "server.image.tag" + value = module.images.images[local.prom_key].tag + } + set { + name = "server.persistentVolume.storageClass" + value = var.rwo_storage_class + } + + # alertmanager subchart: + set { + name = "alertmanager.image.repository" + value = format("%v/%v", + module.images.images[local.alertman_key].dest_registry, + module.images.images[local.alertman_key].dest_repository + ) + } + set { + name = "alertmanager.image.tag" + value = module.images.images[local.alertman_key].tag + } + set { + name = "alertmanager.configmapReload.image.repository" + value = format("%v/%v", + module.images.images[local.prom_config_reload_key].dest_registry, + module.images.images[local.prom_config_reload_key].dest_repository + ) + } + set { + name = "alertmanager.configmapReload.image.tag" + value = module.images.images[local.prom_config_reload_key].tag + } + set { + name = "alertmanager.persistence.storageClass" + value = var.rwo_storage_class + } + + # kube-state-metrics subchart: + set { + name = "kube-state-metrics.image.repository" + value = format("%v/%v", + module.images.images[local.ksm_key].dest_registry, + module.images.images[local.ksm_key].dest_repository + ) + } + set { + name = "kube-state-metrics.image.tag" + value = module.images.images[local.ksm_key].tag + } + + # prometheus-node-exporter subject: + set { + name = "prometheus-node-exporter.image.repository" + value = format("%v/%v", + module.images.images[local.node_exporter_key].dest_registry, + module.images.images[local.node_exporter_key].dest_repository + ) + } + set { + name = "prometheus-node-exporter.image.tag" + value = module.images.images[local.node_exporter_key].tag + } + + # prometheus-pushgateway + set { + name = "prometheus-pushgateway.image.repository" + value = format("%v/%v", + module.images.images[local.pushgateway_key].dest_registry, + module.images.images[local.pushgateway_key].dest_repository + ) + } + set { + name = "prometheus-pushgateway.image.tag" + value = module.images.images[local.pushgateway_key].tag + } +} diff --git a/requirements.tf b/requirements.tf new file mode 100644 index 0000000..32e5c6f --- /dev/null +++ b/requirements.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.14.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.11.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.23.0" + } + null = { + source = "hashicorp/null" + version = ">= 3.2.1" + } + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..cd6e568 --- /dev/null +++ b/variables.tf @@ -0,0 +1,80 @@ +variable "profile" { + description = "AWS_PROFILE to use to apply the terraform script." + default = "" +} + +variable "cluster_name" { + description = "The name of the cluster into which istio will be installed." + type = string +} + +variable "region" { + description = "The region in which the cluster is running." + type = string +} + +variable "namespace" { + description = "The namespace to install the prometheus components. Defaults to 'prometheus'" + type = string + default = "prometheus" +} + +# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +# helm search repo prometheus-community/prometheus | head -2 +variable "prometheus_chart_version" { + description = "The version of prometheus to install into the cluster." + type = string + default = "24.3.0" +} + +# The `APP VERSION` of the output found while determining the chart version +variable "prometheus_server_tag" { + description = "The image tag of prometheus server to install into the cluster." + type = string + default = "v2.46.0" +} + +# helm show values prometheus-community/prometheus | less +variable "prometheus_config_reloader_tag" { + description = "The image tag of the prometheus-config-reloader image." + type = string + default = "v0.67.0" +} + +# The `APP VERSION` of the output: +# helm search repo prometheus-community/alertmanager +variable "alertmanager_tag" { + description = "The image tag of the alertmanager image." + type = string + default = "v0.26.0" +} + +# The `APP VERSION` of the output: +# helm search repo prometheus-community/kube-state-metrics +variable "kube_state_metrics_tag" { + description = "The image tag of the kube-state-metrics image." + type = string + default = "2.10.0" +} + +# The `APP VERSION` of the output: +# helm search repo prometheus-community/prometheus-node-exporter +variable "node_exporter_tag" { + description = "The image tag of the node-exporter image." + type = string + default = "1.6.1" +} + +# The `APP VERSION` of the output: +# helm search repo prometheus-community/prometheus-pushgateway +variable "pushgateway_tag" { + description = "The image tag of the pushgateway image." + type = string + default = "v1.6.0" +} + +variable "rwo_storage_class" { + description = "Specify the storage class for read/write/once persistent volumes." + type = string + default = "gp3" +}