Skip to content

Commit

Permalink
Enable otel collectors to be externally accessible (#60)
Browse files Browse the repository at this point in the history
  • Loading branch information
@samidbb
samidbb authored Aug 29, 2024
1 parent b57b826 commit 53962b1
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 2 deletions.
7 changes: 7 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 2.9.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.14.0 |
| <a name="requirement_onepassword"></a> [onepassword](#requirement\_onepassword) | >= 2.1.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.2 |

## Providers

Expand All @@ -16,7 +17,9 @@
| <a name="provider_grafana.cloud"></a> [grafana.cloud](#provider\_grafana.cloud) | >= 2.9.0 |
| <a name="provider_grafana.stack"></a> [grafana.stack](#provider\_grafana.stack) | >= 2.9.0 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.14.0 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
| <a name="provider_onepassword"></a> [onepassword](#provider\_onepassword) | >= 2.1.0 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |

## Modules

Expand Down Expand Up @@ -56,7 +59,10 @@ No modules.
| [grafana_synthetic_monitoring_installation.this](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/synthetic_monitoring_installation) | resource |
| [grafana_team.this](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/team) | resource |
| [helm_release.otel_collector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_manifest.ingress_route](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
| [kubernetes_manifest.middleware](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
| [onepassword_item.stack_vault_item](https://registry.terraform.io/providers/1Password/onepassword/latest/docs/resources/item) | resource |
| [random_password.collector_token](https://registry.terraform.io/providers/hashicorp/random/3.6.2/docs/resources/password) | resource |
| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
| [grafana_cloud_stack.this](https://registry.terraform.io/providers/grafana/grafana/latest/docs/data-sources/cloud_stack) | data source |
| [grafana_role.this](https://registry.terraform.io/providers/grafana/grafana/latest/docs/data-sources/role) | data source |
Expand All @@ -68,6 +74,7 @@ No modules.
| <a name="input_create_read_only_token"></a> [create\_read\_only\_token](#input\_create\_read\_only\_token) | Whether to create a read-only token | `bool` | `false` | no |
| <a name="input_create_write_only_token"></a> [create\_write\_only\_token](#input\_create\_write\_only\_token) | Whether to create a write-only token | `bool` | `false` | no |
| <a name="input_deploy_otel_agent_k8s"></a> [deploy\_otel\_agent\_k8s](#input\_deploy\_otel\_agent\_k8s) | Whether to deploy the OpenTelemetry agent into a Kubernetes cluster | `bool` | `false` | no |
| <a name="input_enable_collector_for_external_access"></a> [enable\_collector\_for\_external\_access](#input\_enable\_collector\_for\_external\_access) | Whether to enable external access to the OpenTelemetry agent from outside the Kubernetes cluster | `bool` | `false` | no |
| <a name="input_enable_sso_saml"></a> [enable\_sso\_saml](#input\_enable\_sso\_saml) | Enable SSO SAML | `bool` | `false` | no |
| <a name="input_grafana_folders"></a> [grafana\_folders](#input\_grafana\_folders) | List of grafana folders to be created | `list(string)` | `[]` | no |
| <a name="input_hosted_zone_name"></a> [hosted\_zone\_name](#input\_hosted\_zone\_name) | Name of the hosted zone to contain the route53 record. If unspecified no route53 record is created. | `string` | `null` | no |
Expand Down
11 changes: 11 additions & 0 deletions onepassword-item.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,19 @@ resource "onepassword_item" "stack_vault_item" {
type = "STRING"
value = "otel-${var.route53_record_name}.${var.otel_collector_namespace}.svc.cluster.local:4317"
}
field {
label = var.enable_collector_for_external_access ? "Collector ingress URL" : "Collector ingress URL (disabled)"
type = "STRING"
value = var.enable_collector_for_external_access ? "otel.dfds.cloud/${var.route53_record_name}" : "PLACEHOLDER"
}
field {
label = var.enable_collector_for_external_access ? "Collector token": "Collector token (disabled)"
type = "CONCEALED"
value = local.collecot_token_base64
}
}
}

section {
label = "OpenTelemetry connection details (Remote):"
field {
Expand Down
63 changes: 63 additions & 0 deletions otel-collector.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
locals {
otlp_auth_header = var.create_write_only_token ? base64encode("${grafana_cloud_stack.this.id}:${grafana_cloud_access_policy_token.write_only[0].token}") : ""
collecot_token_base64 = var.deploy_otel_agent_k8s && var.enable_collector_for_external_access ? base64encode(random_password.collector_token[0].result) : "PLACEHOLDER"
}

resource "helm_release" "otel_collector" {
Expand All @@ -17,6 +18,68 @@ resource "helm_release" "otel_collector" {
name = "otel-${var.route53_record_name}"
owner = "CloudEngineering"
stack = var.slug
collector_token = local.collecot_token_base64
})
]
}


resource "random_password" "collector_token" {
count = var.deploy_otel_agent_k8s && var.enable_collector_for_external_access ? 1 : 0
length = 40
special = true
override_special = "!#$%&*()-_=+?"
}

resource "kubernetes_manifest" "ingress_route" {
count = var.deploy_otel_agent_k8s && var.enable_collector_for_external_access ? 1 : 0
manifest = {
"apiVersion" = "traefik.io/v1alpha1"
"kind" = "IngressRoute"
"metadata" = {
"name" = "otel-${var.route53_record_name}"
"namespace" = var.otel_collector_namespace
}
"spec" = {
"entryPoints" = []
"routes" = [
{
"kind" = "Rule"
"match" = "Host(`otel.dfds.cloud`) && PathPrefix(`/${var.route53_record_name}`)"
"middlewares" = [
{
"name" = "otel-${var.route53_record_name}"
"priority" = 0
}
]
"services" = [
{
"kind" = "Service"
"name" = "otel-${var.route53_record_name}"
"port" = "external"
}
]
}
]
}
}
}

resource "kubernetes_manifest" "middleware" {
count = var.deploy_otel_agent_k8s && var.enable_collector_for_external_access ? 1 : 0
manifest = {
"apiVersion" = "traefik.io/v1alpha1"
"kind" = "Middleware"
"metadata" = {
"name" = "otel-${var.route53_record_name}"
"namespace" = var.otel_collector_namespace
}
"spec" = {
"stripPrefix" = {
"prefixes" = [
"/${var.route53_record_name}"
]
}
}
}
}
20 changes: 19 additions & 1 deletion otel-collector/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,24 @@ config:
match_undefined: true
# If set to null, will be overridden with values based on k8s resource limits
# memory_limiter: null
extensions:
bearertokenauth:
token: ${collector_token}
receivers:
jaeger: null
prometheus: null
zipkin: null
otlp:
protocols:
grpc:
endpoint: $${env:MY_POD_IP}:4317
http:
endpoint: $${env:MY_POD_IP}:4318
auth:
authenticator: bearertokenauth

service:
extensions: [bearertokenauth, health_check]
pipelines:
logs:
exporters:
Expand Down Expand Up @@ -83,7 +96,12 @@ ports:
enabled: false
zipkin:
enabled: false

external:
enabled: true
containerPort: 4318
servicePort: 80
hostPort: 4318
protocol: TCP
# Resource limits & requests. Update according to your own use case as these values might be too low for a typical deployment.
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions providers.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,5 @@ provider "grafana" {
url = grafana_cloud_stack.this.url
auth = grafana_cloud_stack_service_account_token.this.key
}

provider "random" {}
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,12 @@ variable "deploy_otel_agent_k8s" {
default = false
}

variable "enable_collector_for_external_access" {
type = bool
description = "Whether to enable external access to the OpenTelemetry agent from outside the Kubernetes cluster"
default = false
}

variable "otel_collector_namespace" {
type = string
description = "Namespace to deploy the OpenTelemetry agent into"
Expand Down
6 changes: 5 additions & 1 deletion versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,9 @@ terraform {
source = "1Password/onepassword"
version = ">= 2.1.0"
}
random = {
source = "hashicorp/random"
version = "3.6.2"
}
}
}
}

0 comments on commit 53962b1

Please sign in to comment.