diff --git a/examples/efk/.tf-control b/examples/efk/.tf-control new file mode 100644 index 0000000..2420f8d --- /dev/null +++ b/examples/efk/.tf-control @@ -0,0 +1,4 @@ +TFCOMMAND="terraform_latest" +#TFCOMMAND="terraform_0.13.7" +#TFCOMMAND="terraform_0.14.11" +#TF_CLI_CONFIG_FILE=.tf-control.tfrc diff --git a/examples/efk/.tf-control.tfrc b/examples/efk/.tf-control.tfrc new file mode 100644 index 0000000..d4b0b15 --- /dev/null +++ b/examples/efk/.tf-control.tfrc @@ -0,0 +1,23 @@ +# https://www.terraform.io/docs/cli/config/config-file.html + +plugin_cache_dir = "/data/terraform/terraform.d/plugin-cache" +#disable_checkpoint = true + +provider_installation { +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "*/*/*" ] +# } + filesystem_mirror { + path = "/data/terraform/terraform.d/providers" + include = [ "*/*/*" ] + } +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "external.terraform.census.gov/*/*" ] +# } + direct { + include = [ "*/*/*" ] + } +} + diff --git a/examples/efk/expose-kibana.tf b/examples/efk/expose-kibana.tf new file mode 100644 index 0000000..39dfb07 --- /dev/null +++ b/examples/efk/expose-kibana.tf @@ -0,0 +1,134 @@ +resource "kubernetes_manifest" "vs_certificate" { + manifest = { + apiVersion = "cert-manager.io/v1" + kind = "Certificate" + + metadata = { + name = "kibana-cert" + namespace = "istio-system" + } + spec = { + secretName = "kibana-cert" + commonName = format("%v.%v", "kibana", var.domain) + dnsNames = [format("%v.%v", "kibana", var.domain)] + subject = { + countries = ["US"] + organizations = ["U.S. Census Bureau"] + organizationalUnits = ["Services"] + } + usages = [ + "digital signature", + "key encipherment", + "server auth", + "client auth", + ] + issuerRef = { + kind = "ClusterIssuer" + name = "clusterissuer" + } + } + } +} + +resource "kubernetes_manifest" "vs_gateway" { + manifest = { + apiVersion = "networking.istio.io/v1beta1" + kind = "Gateway" + + metadata = { + name = "kibana" + namespace = "istio-system" + } + spec = { + selector = { + istio = "ingressgateway" + } + servers = [ + { port = { + number = 80 + name = "http" + protocol = "HTTP" + } + tls = { + httpsRedirect = true + } + hosts = [format("%v.%v", "kibana", var.domain)] + }, + { port = { + number = 443 + name = "https" + protocol = "HTTPS" + } + tls = { + mode = "SIMPLE" + credentialName = "kibana-cert" + } + hosts = [format("%v.%v", "kibana", var.domain)] + } + ] + } + } +} + +resource "kubernetes_manifest" "vs_virtualservice" { + manifest = { + apiVersion = "networking.istio.io/v1beta1" + kind = "VirtualService" + + metadata = { + name = "kibana-route" + namespace = "istio-system" + } + spec = { + gateways = [ + "kibana" + ] + hosts = [format("%v.%v", "kibana", var.domain)] + http = [ + { name = "kibana-route" + match = [ + { uri = { prefix = "/" } } + ] + headers = { + request = { + set = { X-Forwarded-Port = "443" } + } + } + route = [ + { destination = { + host = "kibana-kibana.logging.svc.cluster.local" + port = { number = 5601 } + } + } + ] + } + ] + } + } +} + +## apiVersion: networking.istio.io/v1beta1 +## kind: VirtualService +## metadata: +## name: kibana-routes +## namespace: istio-system +## spec: +## gateways: +## - 'kibana' +## hosts: +## - 'kibana.test4.sandbox.csp2.census.gov' +## http: +## - name: "kibana-route" +## match: +## - uri: +## prefix: "/" +## headers: +## request: +## set: +## X-Forwarded-Port: "443" +## route: +## - destination: +## host: kibana-kibana.logging.svc.cluster.local +## port: +## number: 5601 +## diff --git a/examples/efk/expose-kibana.yaml b/examples/efk/expose-kibana.yaml.orig similarity index 100% rename from examples/efk/expose-kibana.yaml rename to examples/efk/expose-kibana.yaml.orig diff --git a/examples/efk/main.tf b/examples/efk/main.tf index 1d7c631..16e1fc9 100644 --- a/examples/efk/main.tf +++ b/examples/efk/main.tf @@ -1,4 +1,4 @@ -resource "null_resource" "eks_cluster" { } +resource "null_resource" "eks_cluster" {} resource "kubernetes_namespace" "logging" { # depends_on = [null_resource.copy_images] @@ -97,7 +97,7 @@ resource "helm_release" "elasticsearch" { # value = "false" # } -# timeout = 300 + # timeout = 300 timeout = 600 } @@ -155,7 +155,7 @@ resource "helm_release" "kibana" { # value = "false" # } -# timeout = 180 + # timeout = 180 timeout = 300 } @@ -177,7 +177,7 @@ resource "helm_release" "fluentd" { value = each.value.image_tag } -# timeout = 180 + # timeout = 180 timeout = 300 } @@ -189,7 +189,7 @@ resource "kubernetes_config_map" "elasticsearch-output" { } data = { - "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf",path.root,"elasticsearch-output")) + "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf", path.root, "elasticsearch-output")) } } @@ -200,6 +200,6 @@ resource "kubernetes_config_map" "apache-log-parser" { } data = { - "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf",path.root,"apache-log-parser")) + "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf", path.root, "apache-log-parser")) } } diff --git a/examples/efk/versions.tf b/examples/efk/versions.tf new file mode 100644 index 0000000..931b5db --- /dev/null +++ b/examples/efk/versions.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + helm = { + source = "hashicorp/helm" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + null = { + source = "hashicorp/null" + } + } + required_version = ">= 0.13" +}