Giter Site home page Giter Site logo

cloud-platform-terraform-monitoring's Introduction

cloud-platform-terraform-monitoring

Terraform module that deploy cloud-platform monitoring solution. It has support for components like: proxy, thanos, cloudwatch datasource for grafana, side-car, etc

Usage

module "monitoring" {
  source = "github.com/ministryofjustice/cloud-platform-terraform-monitoring?ref=0.1.3"

  alertmanager_slack_receivers               = var.alertmanager_slack_receivers
  pagerduty_config                           = var.pagerduty_config
  enable_ecr_exporter                        = terraform.workspace == local.live_workspace ? true : false
  enable_cloudwatch_exporter                 = terraform.workspace == local.live_workspace ? true : false
  enable_thanos_helm_chart                   = terraform.workspace == local.live_workspace ? true : false
  enable_prometheus_affinity_and_tolerations = terraform.workspace == local.live_workspace ? true : false
  
  cluster_domain_name           = data.terraform_remote_state.cluster.outputs.cluster_domain_name
  oidc_components_client_id     = data.terraform_remote_state.cluster.outputs.oidc_components_client_id
  oidc_components_client_secret = data.terraform_remote_state.cluster.outputs.oidc_components_client_secret
  oidc_issuer_url               = data.terraform_remote_state.cluster.outputs.oidc_issuer_url

  dependence_opa    = module.opa.helm_opa_status
}

Requirements

Name Version
terraform >= 0.14
helm ~> 2.6.0

Providers

Name Version
aws n/a
helm ~> 2.6.0
http n/a
kubectl n/a
kubernetes n/a
random n/a
template n/a

Modules

Name Source Version
iam_assumable_role_cloudwatch_exporter terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0
iam_assumable_role_ecr_exporter terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0
iam_assumable_role_grafana_datasource terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0
iam_assumable_role_monitoring terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc 3.13.0

Resources

Name Type
aws_iam_policy.cloudwatch_exporter resource
aws_iam_policy.ecr_exporter resource
aws_iam_policy.grafana_datasource resource
aws_iam_policy.monitoring resource
helm_release.alertmanager_proxy resource
helm_release.cloudwatch_exporter resource
helm_release.ecr_exporter resource
helm_release.kibana_audit_proxy resource
helm_release.kibana_proxy resource
helm_release.metrics_server resource
helm_release.prometheus_operator_eks resource
helm_release.prometheus_proxy resource
helm_release.thanos resource
helm_release.thanos_proxy resource
kubectl_manifest.prometheus_operator_crds resource
kubernetes_ingress_v1.ingress_redirect_grafana resource
kubernetes_limit_range.monitoring resource
kubernetes_namespace.monitoring resource
kubernetes_network_policy.allow_alertmanager_api resource
kubernetes_network_policy.allow_ingress_controllers resource
kubernetes_network_policy.allow_kube_api resource
kubernetes_network_policy.default resource
kubernetes_resource_quota.monitoring resource
kubernetes_secret.dockerhub_credentials resource
kubernetes_secret.grafana_secret resource
kubernetes_secret.thanos_config resource
random_id.password resource
random_id.session_secret resource
random_id.username resource
aws_iam_policy_document.cloudwatch_exporter data source
aws_iam_policy_document.ecr_exporter data source
aws_iam_policy_document.grafana_datasource_irsa data source
aws_iam_policy_document.monitoring data source
http_http.prometheus_crd_yamls data source
template_file.alertmanager_proxy data source
template_file.alertmanager_receivers data source
template_file.alertmanager_routes data source
template_file.kibana_audit_proxy data source
template_file.kibana_proxy data source
template_file.prometheus_proxy data source
template_file.thanos_proxy data source

Inputs

Name Description Type Default Required
alertmanager_slack_receivers A list of configuration values for Slack receivers list(any) n/a yes
cluster_domain_name The cluster domain - used by externalDNS and certmanager to create URLs any n/a yes
dependence_ingress_controller Ingress controller module dependences in order to be executed. list(string) n/a yes
dockerhub_password DockerHub password - required to avoid hitting Dockerhub API limits in EKS clusters string "" no
dockerhub_username DockerHub username - required to avoid hitting Dockerhub API limits in EKS clusters string "" no
eks_cluster_oidc_issuer_url This is going to be used when we create the IAM OIDC role string "" no
enable_cloudwatch_exporter Enable or not Cloudwatch exporter bool false no
enable_ecr_exporter Enable or not ECR exporter bool false no
enable_kibana_audit_proxy Enable or not Kibana-audit proxy for authentication bool false no
enable_kibana_proxy Enable or not Kibana proxy for authentication bool false no
enable_large_nodesgroup Due to Prometheus resource consumption, enabling this will set k8s Prometheus resources to higher values bool false no
enable_prometheus_affinity_and_tolerations Enable or not Prometheus node affinity (check helm values for the expressions) bool false no
enable_thanos_compact Enable or not Thanos Compact - not semantically concurrency safe and must be deployed as a singleton against a bucket bool false no
enable_thanos_helm_chart Enable or not Thanos Helm Chart - (do NOT confuse this with thanos sidecar within prometheus-operator) bool false no
enable_thanos_sidecar Enable or not Thanos sidecar. Basically defines if we want to send cluster metrics to thanos's S3 bucket bool false no
grafana_ingress_redirect_url grafana url to use live_domain, 'cloud-platform.service.justice.gov.uk' string "" no
ingress_redirect Enable ingress_redirect, to use live_domain, 'cloud-platform.service.justice.gov.uk' bool false no
kibana_audit_upstream ES upstream for audit logs string "" no
kibana_upstream ES upstream for logs string "" no
oidc_components_client_id OIDC ClientID used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
oidc_components_client_secret OIDC ClientSecret used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
oidc_issuer_url Issuer URL used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy) any n/a yes
pagerduty_config Add PagerDuty key to allow integration with a PD service. any n/a yes
prometheus_operator_crd_version The version of the prometheus operator crds matching the prometheus chart that is installed in monitoring module string "v0.53.1" no

Outputs

Name Description
helm_prometheus_operator_eks_status n/a
prometheus_operator_crds_status n/a

cloud-platform-terraform-monitoring's People

Contributors

mogaal avatar vijay-veeranki avatar poornima-krishnasamy avatar sablumiah avatar pwyborn avatar razvan-moj avatar jasonbirchall avatar github-actions[bot] avatar sj-williams avatar mattops avatar mtrbls avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.