From e2a1861340ce0adbe9d3ca0eeb774532791d6f91 Mon Sep 17 00:00:00 2001 From: Nilesh Gadgi Date: Wed, 27 Sep 2023 18:57:52 +0530 Subject: [PATCH] =?UTF-8?q?Feat:=20=F0=9F=9A=80=20Prepared=20addon=20for?= =?UTF-8?q?=20Kube-State-Matrics=20(#29)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Prepared kube-state-metrics * feat: remove unnecessary vars and tflint warnings * fix: fix main.tf error, remove cluster name * fix: update velero readme * fix: update node group name and readme * fix: remove useless resources * fix: remove extra conf arg * fix: remove dependency error --- .github/workflows/readme.yml | 2 +- .tflint.hcl | 112 ----- .../config/override-kube-state-matrics.yaml | 24 + _examples/complete/main.tf | 3 + _examples/complete/variables.tf | 5 + addons/kube-state-metrics/README.md | 25 + .../config/kube-state-metrics.yaml | 444 ++++++++++++++++++ addons/kube-state-metrics/locals.tf | 43 ++ addons/kube-state-metrics/main.tf | 7 + addons/kube-state-metrics/outputs.tf | 11 + addons/kube-state-metrics/variables.tf | 32 ++ addons/kube-state-metrics/versions.tf | 22 + addons/velero/README.md | 5 +- addons/velero/locals.tf | 2 - addons/velero/versions.tf | 12 + main.tf | 9 + outputs.tf | 14 + override_values.tf | 27 ++ variables.tf | 19 + 19 files changed, 701 insertions(+), 117 deletions(-) delete mode 100644 .tflint.hcl create mode 100644 _examples/complete/config/override-kube-state-matrics.yaml create mode 100644 addons/kube-state-metrics/README.md create mode 100644 addons/kube-state-metrics/config/kube-state-metrics.yaml create mode 100644 addons/kube-state-metrics/locals.tf create mode 100644 addons/kube-state-metrics/main.tf create mode 100644 addons/kube-state-metrics/outputs.tf create mode 100644 addons/kube-state-metrics/variables.tf create mode 100644 addons/kube-state-metrics/versions.tf diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 24075de..156a5ec 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -68,7 +68,7 @@ jobs: - name: Generate TF Docs uses: terraform-docs/gh-actions@v1.0.0 with: - working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle # config,modules/guardduty,modules/inspector + working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics git-push: true template: |- diff --git a/.tflint.hcl b/.tflint.hcl deleted file mode 100644 index 8d9dd1e..0000000 --- a/.tflint.hcl +++ /dev/null @@ -1,112 +0,0 @@ -plugin "aws" { - enabled = true - version = "0.21.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} - -config { -#Enables module inspection -module = false -force = false -} - -# Required that all AWS resources have specified tags. -rule "aws_resource_missing_tags" { - enabled = true - tags = [ - "Name", - "Environment", - ] -} - -# Disallow deprecated (0.11-style) interpolation -rule "terraform_deprecated_interpolation" { -enabled = true -} - -# Disallow legacy dot index syntax. -rule "terraform_deprecated_index" { -enabled = true -} - -# Disallow variables, data sources, and locals that are declared but never used. -rule "terraform_unused_declarations" { -enabled = true -} - -# Disallow // comments in favor of #. -rule "terraform_comment_syntax" { -enabled = false -} - -# Disallow output declarations without description. -rule "terraform_documented_outputs" { -enabled = true -} - -# Disallow variable declarations without description. -rule "terraform_documented_variables" { -enabled = true -} - -# Disallow variable declarations without type. -rule "terraform_typed_variables" { -enabled = true -} - -# Disallow specifying a git or mercurial repository as a module source without pinning to a version. -rule "terraform_module_pinned_source" { -enabled = true -} - -# Enforces naming conventions -rule "terraform_naming_convention" { -enabled = true - -#Require specific naming structure -variable { -format = "snake_case" -} - -locals { -format = "snake_case" -} - -output { -format = "snake_case" -} - -#Allow any format -resource { -format = "none" -} - -module { -format = "none" -} - -data { -format = "none" -} - -} - -# Disallow terraform declarations without require_version. -# rule "terraform_required_version" { -# enabled = true -# } - -# Require that all providers have version constraints through required_providers. -rule "terraform_required_providers" { -enabled = true -} - -# Ensure that a module complies with the Terraform Standard Module Structure -rule "terraform_standard_module_structure" { -enabled = true -} - -# terraform.workspace should not be used with a "remote" backend with remote execution. -rule "terraform_workspace_remote" { -enabled = true -} diff --git a/_examples/complete/config/override-kube-state-matrics.yaml b/_examples/complete/config/override-kube-state-matrics.yaml new file mode 100644 index 0000000..38a7302 --- /dev/null +++ b/_examples/complete/config/override-kube-state-matrics.yaml @@ -0,0 +1,24 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + +## Using limits and requests +resources: + limits: + cpu: 300m + memory: 250Mi + requests: + cpu: 50m + memory: 150Mi + +podAnnotations: + co.elastic.logs/enabled: "true" diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index e630f79..be510b6 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -159,6 +159,7 @@ module "addons" { aws_node_termination_handler = true aws_efs_csi_driver = true aws_ebs_csi_driver = true + kube_state_metrics = true # karpenter = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform. calico_tigera = true new_relic = true @@ -192,6 +193,7 @@ module "addons" { fluent_bit_helm_config = { values = [file("./config/override-fluent-bit.yaml")] } velero_helm_config = { values = [file("./config/override-velero.yaml")] } new_relic_helm_config = { values = [file("./config/override-new-relic.yaml")] } + kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } # -- Override Helm Release attributes metrics_server_extra_configs = var.metrics_server_extra_configs @@ -210,6 +212,7 @@ module "addons" { fluent_bit_extra_configs = var.fluent_bit_extra_configs velero_extra_configs = var.velero_extra_configs new_relic_extra_configs = var.new_relic_extra_configs + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs # -- Custom IAM Policy Json for Addon's ServiceAccount cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json") diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf index 6750779..9882ed3 100644 --- a/_examples/complete/variables.tf +++ b/_examples/complete/variables.tf @@ -129,4 +129,9 @@ variable "velero_extra_configs" { variable "new_relic_extra_configs" { type = any default = {} +} + +variable "kube_state_metrics_extra_configs" { + type = any + default = {} } \ No newline at end of file diff --git a/addons/kube-state-metrics/README.md b/addons/kube-state-metrics/README.md new file mode 100644 index 0000000..46d9b6a --- /dev/null +++ b/addons/kube-state-metrics/README.md @@ -0,0 +1,25 @@ +# Kube-State-Metrics Helm Chart + +kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. (See examples in the Metrics section below.) It is not focused on the health of the individual Kubernetes components, but rather on the health of the various objects inside, such as deployments, nodes and pods. Look into this [official Doc](https://github.com/kubernetes/kube-state-metrics) of Kube-State-Metrics for more further information. + + +## Installation +Below terraform script shows how to use External Secrets Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). + + +```hcl +module "addons" { + source = "clouddrove/eks-addons/aws" + version = "0.0.6" + + depends_on = [module.eks] + eks_cluster_name = module.eks.cluster_name + + kube_state_metrics = true + kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } +} +``` + + + + \ No newline at end of file diff --git a/addons/kube-state-metrics/config/kube-state-metrics.yaml b/addons/kube-state-metrics/config/kube-state-metrics.yaml new file mode 100644 index 0000000..29f5952 --- /dev/null +++ b/addons/kube-state-metrics/config/kube-state-metrics.yaml @@ -0,0 +1,444 @@ +# Default values for kube-state-metrics. +prometheusScrape: true +image: + registry: registry.k8s.io + repository: kube-state-metrics/kube-state-metrics + # If unset use v + .Charts.appVersion + tag: "" + sha: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +global: + # To help compatibility with other charts which use global.imagePullSecrets. + # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). + # global: + # imagePullSecrets: + # - name: pullSecret1 + # - name: pullSecret2 + # or + # global: + # imagePullSecrets: + # - pullSecret1 + # - pullSecret2 + imagePullSecrets: [] + # + # Allow parent charts to override registry hostname + imageRegistry: "" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# Change the deployment strategy when autosharding is disabled +# updateStrategy: Recreate + +# Number of old history to retain to allow rollback +# Default Kubernetes value is set to 10 +revisionHistoryLimit: 10 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + # Only allow access to the loadBalancerIP from these IPs + loadBalancerSourceRanges: [] + clusterIP: "" + annotations: {} + +## Additional labels to add to all resources +customLabels: {} + # app: kube-state-metrics + +## Override selector labels +selectorOverride: {} + +## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box +releaseLabel: false + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + + # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration + # Example: + # - apiGroups: ["monitoring.coreos.com"] + # resources: ["prometheuses"] + # verbs: ["list", "watch"] + extraRules: [] + +# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). +# The requests are served through the same service but requests are then HTTPS. +kubeRBACProxy: + enabled: false + image: + registry: quay.io + repository: brancz/kube-rbac-proxy + tag: v0.14.0 + sha: "" + pullPolicy: IfNotPresent + + # List of additional cli arguments to configure kube-rbac-prxy + # for example: --tls-cipher-suites, --log-file, etc. + # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage + extraArgs: [] + + ## Specify security settings for a Container + ## Allows overrides and additional options compared to (Pod) securityContext + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + containerSecurityContext: {} + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## volumeMounts enables mounting custom volumes in rbac-proxy containers + ## Useful for TLS certificates and keys + volumeMounts: [] + # - mountPath: /etc/tls + # name: kube-rbac-proxy-tls + # readOnly: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + annotations: {} + additionalLabels: {} + namespace: "" + namespaceSelector: [] + jobLabel: "" + targetLabels: [] + podTargetLabels: [] + interval: "" + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + scrapeTimeout: "" + proxyUrl: "" + selectorOverride: {} + honorLabels: false + metricRelabelings: [] + relabelings: [] + scheme: "" + ## File to read bearer token for scraping targets + bearerTokenFile: "" + ## Secret to mount to read bearer token for scraping targets. The secret needs + ## to be in the same namespace as the service monitor and accessible by the + ## Prometheus Operator + bearerTokenSecret: {} + # name: secret-name + # key: key-name + tlsConfig: {} + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +## Configure network policy for kube-state-metrics +networkPolicy: + enabled: false + # networkPolicy.flavor -- Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes + + ## Configure the cilium network policy kube-apiserver selector + # cilium: + # kubeApiServerSelector: + # - toEntities: + # - kube-apiserver + + # egress: + # - {} + # ingress: + # - {} + # podSelector: + # matchLabels: + # app.kubernetes.io/name: kube-state-metrics + +securityContext: + enabled: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +## Specify security settings for a Container +## Allows overrides and additional options compared to (Pod) securityContext +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Topology spread constraints for pod assignment +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +topologySpreadConstraints: [] + +# Annotations to be added to the deployment/statefulset +annotations: {} + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Comma-separated list of metrics to be exposed. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricAllowlist: [] + +# Comma-separated list of metrics not to be enabled. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricDenylist: [] + +# Comma-separated list of additional Kubernetes label keys that will be used in the resource's +# labels metric. By default the metric contains only name and namespace labels. +# To include additional labels, provide a list of resource names in their plural form and Kubernetes +# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. +# A single '*' can be provided per resource instead to allow any labels, but that has +# severe performance implications (Example: '=pods=[*]'). +metricLabelsAllowlist: [] + # - namespaces=[k8s-label-1,k8s-label-n] + +# Comma-separated list of Kubernetes annotations keys that will be used in the resource' +# labels metric. By default the metric contains only name and namespace labels. +# To include additional annotations provide a list of resource names in their plural form and Kubernetes +# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. +# A single '*' can be provided per resource instead to allow any annotations, but that has +# severe performance implications (Example: '=pods=[*]'). +metricAnnotationsAllowList: [] + # - pods=[k8s-annotation-1,k8s-annotation-n] + +# Available collectors for kube-state-metrics. +# By default, all available resources are enabled, comment out to disable. +collectors: + - certificatesigningrequests + - configmaps + - cronjobs + - daemonsets + - deployments + - endpoints + - horizontalpodautoscalers + - ingresses + - jobs + - leases + - limitranges + - mutatingwebhookconfigurations + - namespaces + - networkpolicies + - nodes + - persistentvolumeclaims + - persistentvolumes + - poddisruptionbudgets + - pods + - replicasets + - replicationcontrollers + - resourcequotas + - secrets + - services + - statefulsets + - storageclasses + - validatingwebhookconfigurations + - volumeattachments + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics +customResourceState: + enabled: false + # Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules + config: {} + +# Enable only the release namespace for collecting resources. By default all namespaces are collected. +# If releaseNamespace and namespaces are both set a merged list will be collected. +releaseNamespace: false + +# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. +namespaces: "" + +# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, +# only namespaces that are excluded in namespaces-denylist will be used. +namespacesDenylist: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overridden +# If you set telemetryNodePort, you must also set service.type to NodePort +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 + # telemetryNodePort: 0 + +# Enable vertical pod autoscaler support for kube-state-metrics +verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: [] + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + # updatePolicy: + # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction + # minReplicas: 1 + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". + # updateMode: Auto + +# volumeMounts are used to add custom volume mounts to deployment. +# See example below +volumeMounts: [] +# - mountPath: /etc/config +# name: config-volume + +# volumes are used to add custom volumes to deployment +# See example below +volumes: [] +# - configMap: +# name: cm-for-volume +# name: config-volume + +# Extra manifests to deploy as an array +extraManifests: [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # labels: + # name: prometheus-extra + # data: + # extra-data: "value" diff --git a/addons/kube-state-metrics/locals.tf b/addons/kube-state-metrics/locals.tf new file mode 100644 index 0000000..5dee59a --- /dev/null +++ b/addons/kube-state-metrics/locals.tf @@ -0,0 +1,43 @@ +locals { + name = "kube-state-metrics" + + default_helm_config = { + name = try(var.kube_state_metrics_extra_configs.name, local.name) + chart = try(var.kube_state_metrics_extra_configs.chart, local.name) + repository = try(var.kube_state_metrics_extra_configs.repository, "https://prometheus-community.github.io/helm-charts") + version = try(var.kube_state_metrics_extra_configs.version, "5.13.0") + namespace = try(var.kube_state_metrics_extra_configs.namespace, "kube-system") + create_namespace = try(var.kube_state_metrics_extra_configs.create_namespace, false) + description = "Kube-State-Metrics helm Chart deployment configuration" + timeout = try(var.kube_state_metrics_extra_configs.timeout, "600") + lint = try(var.kube_state_metrics_extra_configs.lint, "false") + repository_key_file = try(var.kube_state_metrics_extra_configs.repository_key_file, "") + repository_cert_file = try(var.kube_state_metrics_extra_configs.repository_cert_file, "") + repository_username = try(var.kube_state_metrics_extra_configs.repository_password, "") + repository_password = try(var.kube_state_metrics_extra_configs.repository_password, "") + verify = try(var.kube_state_metrics_extra_configs.verify, "false") + keyring = try(var.kube_state_metrics_extra_configs.keyring, "") + disable_webhooks = try(var.kube_state_metrics_extra_configs.disable_webhooks, "false") + reuse_values = try(var.kube_state_metrics_extra_configs.reuse_values, "false") + reset_values = try(var.kube_state_metrics_extra_configs.reset_values, "false") + force_update = try(var.kube_state_metrics_extra_configs.force_update, "false") + recreate_pods = try(var.kube_state_metrics_extra_configs.recreate_pods, "false") + cleanup_on_fail = try(var.kube_state_metrics_extra_configs.cleanup_on_fail, "false") + max_history = try(var.kube_state_metrics_extra_configs.max_history, "0") + atomic = try(var.kube_state_metrics_extra_configs.atomic, "false") + skip_crds = try(var.kube_state_metrics_extra_configs.skip_crds, "false") + render_subchart_notes = try(var.kube_state_metrics_extra_configs.render_subchart_notes, "true") + disable_openapi_validation = try(var.kube_state_metrics_extra_configs.disable_openapi_validation, "false") + wait = try(var.kube_state_metrics_extra_configs.wait, "true") + wait_for_jobs = try(var.kube_state_metrics_extra_configs.wait_for_jobs, "false") + dependency_update = try(var.kube_state_metrics_extra_configs.dependency_update, "false") + replace = try(var.kube_state_metrics_extra_configs.replace, "false") + } + + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs + + helm_config = merge( + local.default_helm_config, + var.helm_config + ) +} diff --git a/addons/kube-state-metrics/main.tf b/addons/kube-state-metrics/main.tf new file mode 100644 index 0000000..1c7f1a8 --- /dev/null +++ b/addons/kube-state-metrics/main.tf @@ -0,0 +1,7 @@ +module "helm_addon" { + source = "../helm" + + manage_via_gitops = var.manage_via_gitops + helm_config = local.helm_config + addon_context = var.addon_context +} \ No newline at end of file diff --git a/addons/kube-state-metrics/outputs.tf b/addons/kube-state-metrics/outputs.tf new file mode 100644 index 0000000..a3832b1 --- /dev/null +++ b/addons/kube-state-metrics/outputs.tf @@ -0,0 +1,11 @@ +output "namespace" { + value = local.default_helm_config.namespace +} + +output "chart_version" { + value = local.default_helm_config.version +} + +output "repository" { + value = local.default_helm_config.repository +} \ No newline at end of file diff --git a/addons/kube-state-metrics/variables.tf b/addons/kube-state-metrics/variables.tf new file mode 100644 index 0000000..803fa9e --- /dev/null +++ b/addons/kube-state-metrics/variables.tf @@ -0,0 +1,32 @@ +variable "helm_config" { + description = "Helm provider config for Kube State Metrics" + type = any + default = {} +} + +variable "manage_via_gitops" { + description = "Determines if the add-on should be managed via GitOps" + type = bool + default = false +} + +variable "addon_context" { + description = "Input configuration for the addon" + type = object({ + aws_caller_identity_account_id = string + aws_caller_identity_arn = string + aws_eks_cluster_endpoint = string + aws_partition_id = string + aws_region_name = string + eks_cluster_id = string + eks_oidc_issuer_url = string + eks_oidc_provider_arn = string + tags = map(string) + }) +} + +variable "kube_state_metrics_extra_configs" { + description = "Override attributes of helm_release terraform resource" + type = any + default = {} +} \ No newline at end of file diff --git a/addons/kube-state-metrics/versions.tf b/addons/kube-state-metrics/versions.tf new file mode 100644 index 0000000..d9a6049 --- /dev/null +++ b/addons/kube-state-metrics/versions.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.10" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + aws = { + source = "hashicorp/aws" + version = ">= 3.72" + } + } +} diff --git a/addons/velero/README.md b/addons/velero/README.md index 65ebc28..06e0029 100644 --- a/addons/velero/README.md +++ b/addons/velero/README.md @@ -1,12 +1,12 @@ # Velero Helm Chart - Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. + ## Installation Below terraform script shows how to use Velero Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.6" @@ -19,4 +19,5 @@ module "addons" { } ``` + diff --git a/addons/velero/locals.tf b/addons/velero/locals.tf index 535715e..29b97dc 100644 --- a/addons/velero/locals.tf +++ b/addons/velero/locals.tf @@ -34,8 +34,6 @@ locals { replace = try(var.velero_extra_configs.replace, "false") } - velero_extra_configs = var.velero_extra_configs - helm_config = merge( local.default_helm_config, var.helm_config, diff --git a/addons/velero/versions.tf b/addons/velero/versions.tf index 55fba73..d9a6049 100644 --- a/addons/velero/versions.tf +++ b/addons/velero/versions.tf @@ -6,5 +6,17 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.10" } + helm = { + source = "hashicorp/helm" + version = ">= 2.6" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + aws = { + source = "hashicorp/aws" + version = ">= 3.72" + } } } diff --git a/main.tf b/main.tf index 691b8b4..f3027c5 100644 --- a/main.tf +++ b/main.tf @@ -170,4 +170,13 @@ module "velero" { account_id = data.aws_caller_identity.current.account_id velero_extra_configs = var.velero_extra_configs iampolicy_json_content = var.velero_iampolicy_json_content +} + +module "kube_state_metrics" { + count = var.kube_state_metrics ? 1 : 0 + source = "./addons/kube-state-metrics" + helm_config = var.kube_state_metrics_helm_config != null ? var.kube_state_metrics_helm_config : { values = [local_file.kube_state_metrics_helm_config[count.index].content] } + manage_via_gitops = var.manage_via_gitops + addon_context = local.addon_context + kube_state_metrics_extra_configs = var.kube_state_metrics_extra_configs } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 6170cf7..16e3a63 100644 --- a/outputs.tf +++ b/outputs.tf @@ -209,4 +209,18 @@ output "velero_chart_version" { } output "velero_repository" { value = module.velero[*].repository +} + +#----------- KUBE-STATE-METRICS ------------------------ +output "kube_state_metrics_namespace" { + value = module.kube_state_metrics[*].namespace + description = "The namespace where Kube-State-Metrics is deployed." +} +output "kube_state_metrics_chart_version" { + value = module.kube_state_metrics[*].chart_version + description = "Chart version of the Kube-State-Metrics Helm Chart." +} +output "kube_state_metrics_repository" { + value = module.kube_state_metrics[*].repository + description = "Helm chart repository of the Kube-State-Metrics." } \ No newline at end of file diff --git a/override_values.tf b/override_values.tf index 2bb1f92..503d277 100644 --- a/override_values.tf +++ b/override_values.tf @@ -581,3 +581,30 @@ nodeAgent: EOT filename = "${path.module}/override_values/velero.yaml" } + +#----------- KUBE STATE METRICS ---------------- +resource "local_file" "kube_state_metrics_helm_config" { + count = var.kube_state_metrics && (var.kube_state_metrics_helm_config == null) ? 1 : 0 + content = <