/cloud-platform-terraform-monitoring

Terraform Monitoring module

Primary LanguageHCL

cloud-platform-terraform-monitoring

Terraform module that deploy cloud-platform monitoring solution. It has support for components like: proxy, thanos, cloudwatch datasource for grafana, side-car, etc

Usage

module "monitoring" {
  source = "github.com/ministryofjustice/cloud-platform-terraform-monitoring?ref=0.1.3"

  alertmanager_slack_receivers               = var.alertmanager_slack_receivers
  pagerduty_config                           = var.pagerduty_config
  enable_ecr_exporter                        = terraform.workspace == local.live_workspace ? true : false
  enable_cloudwatch_exporter                 = terraform.workspace == local.live_workspace ? true : false
  enable_thanos_helm_chart                   = terraform.workspace == local.live_workspace ? true : false
  enable_prometheus_affinity_and_tolerations = terraform.workspace == local.live_workspace ? true : false
  
  cluster_domain_name           = data.terraform_remote_state.cluster.outputs.cluster_domain_name
  oidc_components_client_id     = data.terraform_remote_state.cluster.outputs.oidc_components_client_id
  oidc_components_client_secret = data.terraform_remote_state.cluster.outputs.oidc_components_client_secret
  oidc_issuer_url               = data.terraform_remote_state.cluster.outputs.oidc_issuer_url
}

Requirements

Name Version
terraform >= 1.2.5
aws >=4.24.0
helm >=2.6.0
http >=3.2.1
kubectl >=1.13.2
kubernetes >=2.12.1
random >=3.4.3
template >=2.2.0

Providers

Name Version
aws >=4.24.0
helm >=2.6.0
http >=3.2.1
kubectl >=1.13.2
kubernetes >=2.12.1
random >=3.4.3
template >=2.2.0

Modules

Name Source Version
iam_assumable_role_cloudwatch_exporter terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 4.24.1
iam_assumable_role_ecr_exporter terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0
iam_assumable_role_monitoring terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0

Resources

Name Type
aws_iam_policy.cloudwatch_exporter resource
aws_iam_policy.ecr_exporter resource
aws_iam_policy.grafana_datasource resource
aws_iam_policy.monitoring resource
aws_iam_role.grafana_role resource
aws_iam_role_policy_attachment.custom resource
helm_release.alertmanager_proxy resource
helm_release.cloudwatch_exporter resource
helm_release.ecr_exporter resource
helm_release.kibana_audit_proxy resource
helm_release.kibana_proxy resource
helm_release.metrics_server resource
helm_release.prometheus_operator_eks resource
helm_release.prometheus_proxy resource
helm_release.thanos resource
helm_release.thanos_proxy resource
kubectl_manifest.prometheus_operator_crds resource
kubernetes_ingress_v1.ingress_redirect_grafana resource
kubernetes_limit_range.monitoring resource
kubernetes_namespace.monitoring resource
kubernetes_network_policy.allow_alertmanager_api resource
kubernetes_network_policy.allow_ingress_controllers resource
kubernetes_network_policy.allow_kube_api resource
kubernetes_network_policy.default resource
kubernetes_resource_quota.monitoring resource
kubernetes_secret.dockerhub_credentials resource
kubernetes_secret.grafana_secret resource
kubernetes_secret.thanos_config resource
random_id.password resource
random_id.session_secret resource
random_id.username resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role_with_oidc data source
aws_iam_policy_document.cloudwatch_exporter data source
aws_iam_policy_document.ecr_exporter data source
aws_iam_policy_document.grafana_datasource_irsa data source
aws_iam_policy_document.monitoring data source
http_http.prometheus_crd_yamls data source
template_file.alertmanager_proxy data source
template_file.alertmanager_receivers data source
template_file.alertmanager_routes data source
template_file.kibana_audit_proxy data source
template_file.kibana_proxy data source
template_file.prometheus_proxy data source
template_file.thanos_proxy data source

Inputs

Name Description Type Default Required
alertmanager_slack_receivers A list of configuration values for Slack receivers list(any) n/a yes
cluster_domain_name The cluster domain - used by externalDNS and certmanager to create URLs any n/a yes
dockerhub_username DockerHub username - required to avoid hitting Dockerhub API limits in EKS clusters string "" no
eks_cluster_oidc_issuer_url This is going to be used when we create the IAM OIDC role string "" no
enable_cloudwatch_exporter Enable or not Cloudwatch exporter bool false no
enable_ecr_exporter Enable or not ECR exporter bool false no
enable_kibana_audit_proxy Enable or not Kibana-audit proxy for authentication bool false no
enable_kibana_proxy Enable or not Kibana proxy for authentication bool false no
enable_large_nodesgroup Due to Prometheus resource consumption, enabling this will set k8s Prometheus resources to higher values bool false no
enable_prometheus_affinity_and_tolerations Enable or not Prometheus node affinity (check helm values for the expressions) bool false no
enable_thanos_compact Enable or not Thanos Compact - not semantically concurrency safe and must be deployed as a singleton against a bucket bool false no
enable_thanos_helm_chart Enable or not Thanos Helm Chart - (do NOT confuse this with thanos sidecar within prometheus-operator) bool false no
enable_thanos_sidecar Enable or not Thanos sidecar. Basically defines if we want to send cluster metrics to thanos's S3 bucket bool false no
kibana_audit_upstream ES upstream for audit logs string "" no
kibana_upstream ES upstream for logs string "" no
oidc_components_client_id OIDC ClientID used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
oidc_components_client_secret OIDC ClientSecret used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
oidc_issuer_url Issuer URL used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
pagerduty_config Add PagerDuty key to allow integration with a PD service. any n/a yes
prometheus_operator_crd_version The version of the prometheus operator crds matching the prometheus chart that is installed in monitoring module string "v0.60.1" no

Outputs

Name Description
helm_prometheus_operator_eks_status n/a
prometheus_operator_crds_status n/a