From 5b9a7946488437664ad4d5f2bd278f3d932ff1d0 Mon Sep 17 00:00:00 2001 From: Jomcy Date: Thu, 29 Jul 2021 09:04:50 +0530 Subject: [PATCH] Added kube-state-metrics --- Makefile | 2 +- .../kube-state-metrics-with-eks.tf | 224 +++++++++++ helm/agones/README.md | 6 +- helm/aws-for-fluent-bit/README.md | 6 +- helm/cluster_autoscaler/README.md | 2 +- helm/helm.tf | 12 +- helm/kube_state_metrics/README.md | 89 +++++ helm/kube_state_metrics/main.tf | 37 ++ helm/kube_state_metrics/templates/values.yaml | 359 ++++++++++++++++++ helm/kube_state_metrics/variables.tf | 27 ++ helm/lb_ingress_controller/README.md | 6 +- helm/metrics_server/README.md | 2 +- helm/prometheus/README.md | 2 +- helm/traefik_ingress/README.md | 2 +- helm/variables.tf | 12 +- .../eu-west-1/application/dev/base.tfvars | 9 +- modules/s3/main.tf | 5 +- source/README.md | 31 +- source/main.tf | 6 + source/variables.tf | 15 + 20 files changed, 821 insertions(+), 33 deletions(-) create mode 100644 examples/eks-with-kube-state-metrics/kube-state-metrics-with-eks.tf create mode 100644 helm/kube_state_metrics/README.md create mode 100644 helm/kube_state_metrics/main.tf create mode 100644 helm/kube_state_metrics/templates/values.yaml create mode 100644 helm/kube_state_metrics/variables.tf diff --git a/Makefile b/Makefile index c313a90106..0cc16df731 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ tf-plan-eks: .PHONY: tf-apply-eks tf-apply-eks: - export AWS_REGION=${region} && terraform -chdir=source init -backend-config ../live/${env}/${region}/${account}/${subenv}/backend.conf -reconfigure && terraform -chdir=source validate && terraform -chdir=source apply -var-file ../live/${env}/${region}/${account}/${subenv}/base.tfvars -auto-approve + export AWS_REGION=${region} && terraform -chdir=source init -backend-config ../live/${env}/${region}/${account}/${subenv}/backend.conf -reconfigure && terraform -chdir=source validate && terraform -chdir=source apply -var-file ../live/${env}/${region}/${account}/${subenv}/base.tfvars .PHONY: tf-destroy-eks tf-destroy-eks: diff --git a/examples/eks-with-kube-state-metrics/kube-state-metrics-with-eks.tf b/examples/eks-with-kube-state-metrics/kube-state-metrics-with-eks.tf new file mode 100644 index 0000000000..f4fa69f5d1 --- /dev/null +++ b/examples/eks-with-kube-state-metrics/kube-state-metrics-with-eks.tf @@ -0,0 +1,224 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: MIT-0 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of this + * software and associated documentation files (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, copy, modify, + * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ /* + + +#---------------------------------------------------------# +# EKS CLUSTER CORE VARIABLES +#---------------------------------------------------------# +#Following fields used in tagging resources and building the name of the cluster +#e.g., eks cluster name will be {tenant}-{environment}-{zone}-{resource} +#---------------------------------------------------------# +org = "aws" # Organization Name. Used to tag resources +tenant = "aws001" # AWS account name or unique id for tenant +environment = "preprod" # Environment area eg., preprod or prod +zone = "dev" # Environment with in one sub_tenant or business unit +terraform_version = "Terraform v1.0.1" +#---------------------------------------------------------# +# VPC and PRIVATE SUBNET DETAILS for EKS Cluster +#---------------------------------------------------------# +#This provides two options Option1 and Option2. You should choose either of one to provide VPC details to the EKS cluster +#Option1: Creates a new VPC, private Subnets and VPC Endpoints by taking the inputs of vpc_cidr_block and private_subnets_cidr. VPC Endpoints are S3, SSM , EC2, ECR API, ECR DKR, KMS, CloudWatch Logs, STS, Elastic Load Balancing, Autoscaling +#Option2: Provide an existing vpc_id and private_subnet_ids + +#---------------------------------------------------------# +# OPTION 1 +#---------------------------------------------------------# +create_vpc = true +enable_private_subnets = true +enable_public_subnets = true + +# Enable or Disable NAT Gateqay and Internet Gateway for Public Subnets +enable_nat_gateway = true +single_nat_gateway = true +create_igw = true + +vpc_cidr_block = "10.1.0.0/18" +private_subnets_cidr = ["10.1.0.0/22", "10.1.4.0/22", "10.1.8.0/22"] +public_subnets_cidr = ["10.1.12.0/22", "10.1.16.0/22", "10.1.20.0/22"] + +# Change this to true when you want to create VPC endpoints for Private subnets +create_vpc_endpoints = true +#---------------------------------------------------------# +# OPTION 2 +#---------------------------------------------------------# +//create_vpc = false +//vpc_id = "xxxxxx" +//private_subnet_ids = ['xxxxxx','xxxxxx','xxxxxx'] + +#---------------------------------------------------------# +# EKS CONTROL PLANE VARIABLES +# API server endpoint access options +# Endpoint public access: true - Your cluster API server is accessible from the internet. You can, optionally, limit the CIDR blocks that can access the public endpoint. +# Endpoint private access: true - Kubernetes API requests within your cluster's VPC (such as node to control plane communication) use the private VPC endpoint. +#---------------------------------------------------------# +kubernetes_version = "1.20" +endpoint_private_access = true +endpoint_public_access = true + +# Enable IAM Roles for Service Accounts (IRSA) on the EKS cluster +enable_irsa = true + +enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"] +cluster_log_retention_period = 7 + +enable_vpc_cni_addon = true +vpc_cni_addon_version = "v1.8.0-eksbuild.1" + +enable_coredns_addon = true +coredns_addon_version = "v1.8.3-eksbuild.1" + +enable_kube_proxy_addon = true +kube_proxy_addon_version = "v1.20.4-eksbuild.2" + + +#---------------------------------------------------------# +# WORKER NODE GROUPS SECTION +# Define the following parameters to create EKS Node groups. If you need to two Node groups then you may need to duplicate the with different instance type +# NOTE: Also ensure Node groups config that you defined below needs to exist in this file . +# Comment out the node groups in file if you are not defining below. +# This is a limitation at this moment that the change needs ot be done in two places. This will be improved later +#---------------------------------------------------------# +#---------------------------------------------------------# +# MANAGED WORKER NODE INPUT VARIABLES FOR ON DEMAND INSTANCES - Worker Group1 +#---------------------------------------------------------# +on_demand_node_group_name = "mg-m5-on-demand" +on_demand_ami_type = "AL2_x86_64" +on_demand_disk_size = 50 +on_demand_instance_type = ["t3.medium"] //["m5.large"] +on_demand_desired_size = 2 +on_demand_max_size = 3 +on_demand_min_size = 1 +#---------------------------------------------------------# +# BOTTLEROCKET - Worker Group3 +#---------------------------------------------------------# +# Amazon EKS optimized Bottlerocket AMI ID for a region and Kubernetes version. +# https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html +# /aws/service/bottlerocket/aws-k8s-1.20/x86_64/latest/image_id + +bottlerocket_node_group_name = "mg-m5-bottlerocket" +bottlerocket_ami = "ami-0574bb6d7d985b8f7" +bottlerocket_disk_size = 50 +bottlerocket_instance_type = ["m5.large"] +bottlerocket_desired_size = 3 +bottlerocket_max_size = 3 +bottlerocket_min_size = 3 + +#---------------------------------------------------------# +# MANAGED WORKER NODE INPUT VARIABLES FOR SPOT INSTANCES - Worker Group2 +#---------------------------------------------------------# + +spot_node_group_name = "mg-m5-spot" +spot_instance_type = ["c5.large", "m5a.large"] +spot_ami_type = "AL2_x86_64" +spot_desired_size = 3 +spot_max_size = 6 +spot_min_size = 3 + +#---------------------------------------------------------# +# SELF-MANAGED WINDOWS NODE GROUP (WORKER GROUP) +#---------------------------------------------------------# +# enable_self_managed_nodegroups = false +# enable_windows_support = true +# self_managed_nodegroup_name = "ng-windows" + +#---------------------------------------------------------# +# Creates a Fargate profile for default namespace +#---------------------------------------------------------# +fargate_profile_namespace = "default" +# Enable logging only when you create a Fargate profile +fargate_fluent_bit_enable = false + +#---------------------------------------------------------# +# ENABLE HELM MODULES +# Please note that you may need to download the docker images for each +# helm module and push it to ECR if you create fully private EKS Clusters with no access to internet to fetch docker images. +# README with instructions available in each HELM module under helm/ +#---------------------------------------------------------# +# Enable this if worker Node groups has access to internet to download the docker images +# Or Make it false and set the private contianer image repo url in source/main.tf; currently this defaults to ECR +public_docker_repo = true + +#---------------------------------------------------------# +# ENABLE METRICS SERVER +#---------------------------------------------------------# +metrics_server_enable = true +metric_server_image_tag = "v0.4.2" +metric_server_helm_chart_version = "2.12.1" +#---------------------------------------------------------# +# ENABLE CLUSTER AUTOSCALER +#---------------------------------------------------------# +cluster_autoscaler_enable = true +cluster_autoscaler_image_tag = "v1.20.0" +cluster_autoscaler_helm_version = "9.9.2" + +#---------------------------------------------------------// +# ENABLE AWS LB INGRESS CONTROLLER +#---------------------------------------------------------// +lb_ingress_controller_enable = true +aws_lb_image_tag = "v2.2.1" +aws_lb_helm_chart_version = "1.2.3" + +#---------------------------------------------------------// +# ENABLE PROMETHEUS +#---------------------------------------------------------// +# Creates the AMP workspace and all the relevent IAM Roles +aws_managed_prometheus_enable = true + +# Deploys Pometheus server with remote write to AWS AMP Workspace +prometheus_enable = false +prometheus_helm_chart_version = "14.4.0" +prometheus_image_tag = "v2.26.0" +alert_manager_image_tag = "v0.21.0" +configmap_reload_image_tag = "v0.5.0" +node_exporter_image_tag = "v1.1.2" +pushgateway_image_tag = "v1.3.1" + +#---------------------------------------------------------# +# ENABLE AWS_FLUENT-BIT +#---------------------------------------------------------# +aws_for_fluent_bit_enable = true +ekslog_retention_in_days = 7 +aws_for_fluent_bit_image_tag = "2.17.0" +aws_for_fluent_bit_helm_chart_version = "0.1.11" + +#---------------------------------------------------------# +# ENABLE TRAEFIK INGRESS CONTROLLER +#---------------------------------------------------------# +traefik_ingress_controller_enable = false +traefik_helm_chart_version = "10.0.0" +traefik_image_tag = "v2.4.9" + + + +#---------------------------------------------------------// +# ENABLE AGONES GAMING CONTROLLER +# A library for hosting, running and scaling dedicated game servers on Kubernetes +# This chart installs the Agones application and defines deployment on a cluster +# NOTE: Edit Rules to add a new Custom UDP Rule with a 7000-8000 port range and an appropriate Source CIDR range (0.0.0.0/0 allows all traffic) (sec group e.g., gaming-preprod-test-eks-eks_worker_sg) +# By default Agones prefers to be scheduled on nodes labeled with agones.dev/agones-system=true and tolerates the node taint agones.dev/agones-system=true:NoExecute. +# If no dedicated nodes are available, Agones will run on regular nodes. +#---------------------------------------------------------// +//agones_enable = true +//expose_udp = true + +#---------------------------------------------------------# +# ENABLE KUBE-STATE-METRICS +#---------------------------------------------------------# +kube_state_metrics_enable = true +kube_state_metrics_helm_chart_version = "2.1.2" +kube_state_metrics_image_tag = "2.1.0"*/ diff --git a/helm/agones/README.md b/helm/agones/README.md index abf2b74abc..26417c8704 100644 --- a/helm/agones/README.md +++ b/helm/agones/README.md @@ -62,9 +62,9 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.49.0 | -| [helm](#provider\_helm) | 2.2.0 | -| [kubernetes](#provider\_kubernetes) | 2.3.2 | +| [aws](#provider\_aws) | n/a | +| [helm](#provider\_helm) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | ## Modules diff --git a/helm/aws-for-fluent-bit/README.md b/helm/aws-for-fluent-bit/README.md index 95dad301b7..83ea0c97ea 100644 --- a/helm/aws-for-fluent-bit/README.md +++ b/helm/aws-for-fluent-bit/README.md @@ -62,9 +62,9 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.49.0 | -| [helm](#provider\_helm) | 2.2.0 | -| [kubernetes](#provider\_kubernetes) | 2.3.2 | +| [aws](#provider\_aws) | n/a | +| [helm](#provider\_helm) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | ## Modules diff --git a/helm/cluster_autoscaler/README.md b/helm/cluster_autoscaler/README.md index f6cfd69438..d28e8ed225 100644 --- a/helm/cluster_autoscaler/README.md +++ b/helm/cluster_autoscaler/README.md @@ -68,7 +68,7 @@ No requirements. | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.2.0 | +| [helm](#provider\_helm) | n/a | ## Modules diff --git a/helm/helm.tf b/helm/helm.tf index 81dd8aaa71..382058dab3 100644 --- a/helm/helm.tf +++ b/helm/helm.tf @@ -113,4 +113,14 @@ module "prometheus" { amp_ingest_role_arn = var.amp_ingest_role_arn amp_workspace_id = var.amp_workspace_id region = var.region -} \ No newline at end of file +} + +module "kube_state_metrics" { + count = var.kube_state_metrics_enable == true ? 1 : 0 + source = "./kube_state_metrics" + private_container_repo_url = var.private_container_repo_url + public_docker_repo = var.public_docker_repo + kube_state_metrics_image_tag = var.kube_state_metrics_image_tag + kube_state_metrics_helm_chart_version = var.kube_state_metrics_helm_chart_version +} + diff --git a/helm/kube_state_metrics/README.md b/helm/kube_state_metrics/README.md new file mode 100644 index 0000000000..24d7be5fbb --- /dev/null +++ b/helm/kube_state_metrics/README.md @@ -0,0 +1,89 @@ +# kube-state-metrics Helm Chart + +#Introduction +kube-state-metrics is a service that listens to the Kubernetes API server and generates metrics about the state of the objects + +# Helm Chart + +### Instructions to use Helm Charts + + helm repo add bitnami https://charts.bitnami.com/bitnami + https://github.com/bitnami/bitnami-docker-kube-state-metrics + https://artifacthub.io/packages/helm/bitnami/kube-state-metrics + +###### Instructions to upload kube-state-metrics Docker image to AWS ECR +# Docker Image + +Step1: Download the docker image to your local Mac/Laptop + + $ docker pull bitnami/kube-state-metrics:2.1.0 + +Step2: Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI: + + $ aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin .dkr.ecr.eu-west-1.amazonaws.com + +Step3: Create an ECR repo for kube-state-metrics if you don't have one + + $ aws ecr create-repository --repository-name bitnami/kube-state-metrics--image-scanning-configuration scanOnPush=true + +Step4: After the build completes, tag your image so, you can push the image to this repository: + + $ docker tag bitnami/kube-state-metrics:2.1.0 .dkr.ecr.eu-west-1.amazonaws.com/bitnami/kube-state-metrics:2.1.0 + +Step5: Run the following command to push this image to your newly created AWS repository: + + $ docker push .dkr.ecr.eu-west-1.amazonaws.com/bitnami/kube-state-metrics:2.1.0 + + + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 + +Permission is hereby granted, free of charge, to any person obtaining a copy of this +software and associated documentation files (the "Software"), to deal in the Software +without restriction, including without limitation the rights to use, copy, modify, +merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [helm](#provider\_helm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [helm_release.kube-state-metrics](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [image\_repo\_name](#input\_image\_repo\_name) | n/a | `string` | `"bitnami/kube-state-metrics"` | no | +| [kube\_state\_metrics\_helm\_chart\_version](#input\_kube\_state\_metrics\_helm\_chart\_version) | n/a | `any` | n/a | yes | +| [kube\_state\_metrics\_image\_tag](#input\_kube\_state\_metrics\_image\_tag) | n/a | `any` | n/a | yes | +| [private\_container\_repo\_url](#input\_private\_container\_repo\_url) | n/a | `any` | n/a | yes | +| [public\_docker\_repo](#input\_public\_docker\_repo) | n/a | `any` | n/a | yes | + +## Outputs + +No outputs. + + diff --git a/helm/kube_state_metrics/main.tf b/helm/kube_state_metrics/main.tf new file mode 100644 index 0000000000..036390dcba --- /dev/null +++ b/helm/kube_state_metrics/main.tf @@ -0,0 +1,37 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: MIT-0 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of this + * software and associated documentation files (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, copy, modify, + * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +locals { + image_url = var.public_docker_repo ? var.image_repo_name : "${var.private_container_repo_url}${var.image_repo_name}" +} + +resource "helm_release" "kube-state-metrics" { + name = "kube-state-metrics" + repository = "https://charts.bitnami.com/bitnami" + chart = "kube-state-metrics" + version = "2.1.2" + namespace = "kube-system" + timeout = "1200" + values = [templatefile("${path.module}/templates/values.yaml", { + image = local.image_url + tag = var.kube_state_metrics_image_tag + })] + +} + + diff --git a/helm/kube_state_metrics/templates/values.yaml b/helm/kube_state_metrics/templates/values.yaml new file mode 100644 index 0000000000..74598921e3 --- /dev/null +++ b/helm/kube_state_metrics/templates/values.yaml @@ -0,0 +1,359 @@ + ## @section Global parameters + ## Global Docker image parameters + ## Please, note that this will override the image parameters, including dependencies, configured to use the global value + ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + + ## @param global.imageRegistry Global Docker image registry + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## @param global.storageClass Global StorageClass for Persistent Volume(s) + ## + global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: + + ## @section Common parameters + + ## @param nameOverride String to partially override `kube-state-metrics.name` template with a string (will prepend the release name) + ## + nameOverride: + ## @param fullnameOverride String to fully override `kube-state-metrics.fullname` template with a string + ## + fullnameOverride: + ## @param commonLabels Add labels to all the deployed resources + ## + commonLabels: {} + ## @param commonAnnotations Add annotations to all the deployed resources + ## + commonAnnotations: {} + + ## @section kube-state-metrics parameters + + ## @param hostAliases Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## Role Based Access + ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ + ## + rbac: + ## @param rbac.create Whether to create & use RBAC resources or not + ## + create: true + ## @param rbac.apiVersion Version of the RBAC API + ## + apiVersion: v1beta1 + ## @param rbac.pspEnabled PodSecurityPolicy + ## + pspEnabled: true + ## Service account for kube-state-metrics to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Specify whether to create a ServiceAccount for kube-state-metrics + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-state-metrics.fullname template + name: + ## Bitnami kube-state-metrics image version + ## ref: https://hub.docker.com/r/bitnami/kube-state-metrics/tags/ + ## @param image.registry kube-state-metrics image registry + ## @param image.repository kube-state-metrics image repository + ## @param image.tag kube-state-metrics Image tag (immutable tags are recommended) + ## @param image.pullPolicy kube-state-metrics image pull policy + ## @param image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: ${image} #bitnami/kube-state-metrics + tag: ${tag} #2.1.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param extraArgs Additional command line arguments to pass to kube-state-metrics + ## + extraArgs: {} + ## @param namespaces Comma-separated list of namespaces to be enabled. Defaults to all namespaces + ## + namespaces: + ## kube-state-metrics resources to be enabled + ## @param kubeResources.certificatesigningrequests Enable the `certificatesigningrequests` resource + ## @param kubeResources.configmaps Enable the `configmaps` resource + ## @param kubeResources.cronjobs Enable the `cronjobs` resource + ## @param kubeResources.daemonsets Enable the `daemonsets` resource + ## @param kubeResources.deployments Enable the `deployments` resource + ## @param kubeResources.endpoints Enable the `endpoints` resource + ## @param kubeResources.horizontalpodautoscalers Enable the `horizontalpodautoscalers` resource + ## @param kubeResources.ingresses Enable the `ingresses` resource + ## @param kubeResources.jobs Enable the `jobs` resource + ## @param kubeResources.limitranges Enable the `limitranges` resource + ## @param kubeResources.mutatingwebhookconfigurations Enable the `mutatingwebhookconfigurations` resource + ## @param kubeResources.namespaces Enable the `namespaces` resource + ## @param kubeResources.networkpolicies Enable the `networkpolicies` resource + ## @param kubeResources.nodes Enable the `nodes` resource + ## @param kubeResources.persistentvolumeclaims Enable the `persistentvolumeclaims` resource + ## @param kubeResources.persistentvolumes Enable the `persistentvolumes` resource + ## @param kubeResources.poddisruptionbudgets Enable the `poddisruptionbudgets` resource + ## @param kubeResources.pods Enable the `pods` resource + ## @param kubeResources.replicasets Enable the `replicasets` resource + ## @param kubeResources.replicationcontrollers Enable the `replicationcontrollers` resource + ## @param kubeResources.resourcequotas Enable the `resourcequotas` resource + ## @param kubeResources.secrets Enable the `secrets` resource + ## @param kubeResources.services Enable the `services` resource + ## @param kubeResources.statefulsets Enable the `statefulsets` resource + ## @param kubeResources.storageclasses Enable the `storageclasses` resource + ## @param kubeResources.verticalpodautoscalers Enable the `verticalpodautoscalers` resource + ## @param kubeResources.validatingwebhookconfigurations Enable the `validatingwebhookconfigurations` resource + ## @param kubeResources.volumeattachments Enable the `volumeattachments` resource + ## + kubeResources: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + verticalpodautoscalers: false + validatingwebhookconfigurations: false + volumeattachments: true + ## @param securityContext.enabled Enable security context + ## @param securityContext.fsGroup Group ID for the container filesystem + ## @param securityContext.runAsUser User ID for the container + ## + securityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## kube-state-metrics Service + ## + service: + ## @param service.type Kubernetes service type + ## + type: ClusterIP + ## @param service.port kube-state-metrics service port + ## + port: 8080 + ## @param service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service + ## e.g: + ## clusterIP: None + ## + clusterIP: + ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## e.g: + ## nodePort: 30080 + ## + nodePort: + ## @param service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: + ## @param service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.annotations Additional annotations for kube-state-metrics service + ## + annotations: {} + ## @param service.labels Additional labels for kube-state-metrics service + ## + labels: {} + ## @param hostNetwork Enable hostNetwork mode + ## + hostNetwork: false + ## @param priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## Resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param resources.limits The resources limits for the container + ## @param resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + ## @param replicaCount Desired number of controller pods + ## + replicaCount: 2 + ## @param podLabels Pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param podAnnotations Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param updateStrategy Allows setting of `RollingUpdate` strategy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: {} + ## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param affinity Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param nodeSelector Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param livenessProbe.enabled Turn on and off liveness probe + ## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param livenessProbe.periodSeconds How often to perform the probe + ## @param livenessProbe.timeoutSeconds When the probe times out + ## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param readinessProbe.enabled Turn on and off readiness probe + ## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param readinessProbe.periodSeconds How often to perform the probe + ## @param readinessProbe.timeoutSeconds When the probe times out + ## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## ServiceMonitor configuration + ## + serviceMonitor: + ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics + ## + enabled: false + ## @param serviceMonitor.namespace Namespace in which Prometheus is running + ## e.g: + ## namespace: monitoring + ## + namespace: + ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: + ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: + ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: + ## @param serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## honorLabels: false + ## + honorLabels: + ## @param serviceMonitor.relabelings ServiceMonitor relabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] \ No newline at end of file diff --git a/helm/kube_state_metrics/variables.tf b/helm/kube_state_metrics/variables.tf new file mode 100644 index 0000000000..a75c7c342b --- /dev/null +++ b/helm/kube_state_metrics/variables.tf @@ -0,0 +1,27 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: MIT-0 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of this + * software and associated documentation files (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, copy, modify, + * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +variable "private_container_repo_url" {} +variable "image_repo_name" { + default = "bitnami/kube-state-metrics" +} +variable "kube_state_metrics_image_tag" { +} +variable "kube_state_metrics_helm_chart_version" { +} +variable "public_docker_repo" {} \ No newline at end of file diff --git a/helm/lb_ingress_controller/README.md b/helm/lb_ingress_controller/README.md index 8812ec3ecb..e4b992d68b 100644 --- a/helm/lb_ingress_controller/README.md +++ b/helm/lb_ingress_controller/README.md @@ -82,9 +82,9 @@ No requirements. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.49.0 | -| [helm](#provider\_helm) | 2.2.0 | -| [kubernetes](#provider\_kubernetes) | 2.3.2 | +| [aws](#provider\_aws) | n/a | +| [helm](#provider\_helm) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | ## Modules diff --git a/helm/metrics_server/README.md b/helm/metrics_server/README.md index 1011a3eeb8..ca338aae5a 100644 --- a/helm/metrics_server/README.md +++ b/helm/metrics_server/README.md @@ -64,7 +64,7 @@ No requirements. | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.2.0 | +| [helm](#provider\_helm) | n/a | ## Modules diff --git a/helm/prometheus/README.md b/helm/prometheus/README.md index 126ef6995c..4d423f68f1 100644 --- a/helm/prometheus/README.md +++ b/helm/prometheus/README.md @@ -71,7 +71,7 @@ No requirements. | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.2.0 | +| [helm](#provider\_helm) | n/a | ## Modules diff --git a/helm/traefik_ingress/README.md b/helm/traefik_ingress/README.md index cf6911c64d..deed7d71bd 100644 --- a/helm/traefik_ingress/README.md +++ b/helm/traefik_ingress/README.md @@ -88,7 +88,7 @@ No requirements. | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.2.0 | +| [helm](#provider\_helm) | n/a | ## Modules diff --git a/helm/variables.tf b/helm/variables.tf index d5549305c7..63ec131857 100644 --- a/helm/variables.tf +++ b/helm/variables.tf @@ -56,6 +56,12 @@ variable "fargate_fluent_bit_enable" { description = "Enabling fargate_fluent_bit on eks cluster" } +variable "kube_state_metrics_enable" { + type = bool + default = false + description = "Enabling kube_state_metrics on eks cluster" +} + variable "fargate_iam_role" {} variable "s3_nlb_logs" { @@ -137,4 +143,8 @@ variable "nginx_image_tag" {} variable "aws_for_fluent_bit_image_tag" {} -variable "aws_for_fluent_bit_helm_chart_version" {} \ No newline at end of file +variable "aws_for_fluent_bit_helm_chart_version" {} + +variable "kube_state_metrics_image_tag" {} + +variable "kube_state_metrics_helm_chart_version" {} \ No newline at end of file diff --git a/live/preprod/eu-west-1/application/dev/base.tfvars b/live/preprod/eu-west-1/application/dev/base.tfvars index e93d0f8c60..49397a8055 100644 --- a/live/preprod/eu-west-1/application/dev/base.tfvars +++ b/live/preprod/eu-west-1/application/dev/base.tfvars @@ -212,4 +212,11 @@ traefik_image_tag = "v2.4.9" # If no dedicated nodes are available, Agones will run on regular nodes. #---------------------------------------------------------// //agones_enable = true -//expose_udp = true \ No newline at end of file +//expose_udp = true + +#---------------------------------------------------------# +# ENABLE KUBE-STATE-METRICS +#---------------------------------------------------------# +kube_state_metrics_enable = true +kube_state_metrics_helm_chart_version = "2.1.2" +kube_state_metrics_image_tag = "2.1.0" \ No newline at end of file diff --git a/modules/s3/main.tf b/modules/s3/main.tf index 8626179ada..5ccfe9c3f0 100644 --- a/modules/s3/main.tf +++ b/modules/s3/main.tf @@ -62,8 +62,9 @@ POLICY } resource "aws_s3_bucket" "s3_logs_bucket" { - bucket = var.s3_bucket_name - acl = "private" + bucket = var.s3_bucket_name + acl = "private" + force_destroy = true server_side_encryption_configuration { rule { apply_server_side_encryption_by_default { diff --git a/source/README.md b/source/README.md index 0007a991ce..c8af05f7a4 100644 --- a/source/README.md +++ b/source/README.md @@ -34,24 +34,24 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | Name | Source | Version | |------|--------|---------| -| [aws-eks-addon](#module\_aws-eks-addon) | ../modules/aws-eks-addon | n/a | -| [aws\_managed\_prometheus](#module\_aws\_managed\_prometheus) | ../modules/aws_managed_prometheus | n/a | +| [aws-eks-addon](#module\_aws-eks-addon) | ../modules/aws-eks-addon | | +| [aws\_managed\_prometheus](#module\_aws\_managed\_prometheus) | ../modules/aws_managed_prometheus | | | [eks](#module\_eks) | terraform-aws-modules/eks/aws | 17.1.0 | -| [eks-label](#module\_eks-label) | ../modules/aws-resource-label | n/a | +| [eks-label](#module\_eks-label) | ../modules/aws-resource-label | | | [endpoints\_interface](#module\_endpoints\_interface) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | v3.2.0 | -| [helm](#module\_helm) | ../helm | n/a | -| [iam](#module\_iam) | ../modules/iam | n/a | -| [launch-templates-bottlerocket](#module\_launch-templates-bottlerocket) | ../modules/launch-templates | n/a | -| [launch-templates-on-demand](#module\_launch-templates-on-demand) | ../modules/launch-templates | n/a | -| [launch-templates-spot](#module\_launch-templates-spot) | ../modules/launch-templates | n/a | -| [public-launch-templates-on-demand](#module\_public-launch-templates-on-demand) | ../modules/launch-templates | n/a | -| [rbac](#module\_rbac) | ../modules/rbac | n/a | -| [s3](#module\_s3) | ../modules/s3 | n/a | +| [helm](#module\_helm) | ../helm | | +| [iam](#module\_iam) | ../modules/iam | | +| [launch-templates-bottlerocket](#module\_launch-templates-bottlerocket) | ../modules/launch-templates | | +| [launch-templates-on-demand](#module\_launch-templates-on-demand) | ../modules/launch-templates | | +| [launch-templates-spot](#module\_launch-templates-spot) | ../modules/launch-templates | | +| [public-launch-templates-on-demand](#module\_public-launch-templates-on-demand) | ../modules/launch-templates | | +| [rbac](#module\_rbac) | ../modules/rbac | | +| [s3](#module\_s3) | ../modules/s3 | | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | v3.2.0 | -| [vpc-label](#module\_vpc-label) | ../modules/aws-resource-label | n/a | +| [vpc-label](#module\_vpc-label) | ../modules/aws-resource-label | | | [vpc\_endpoints\_gateway](#module\_vpc\_endpoints\_gateway) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | v3.2.0 | -| [windows\_support\_iam](#module\_windows\_support\_iam) | ../modules/windows-support/iam | n/a | -| [windows\_support\_vpc\_resources](#module\_windows\_support\_vpc\_resources) | ../modules/windows-support/vpc-resources | n/a | +| [windows\_support\_iam](#module\_windows\_support\_iam) | ../modules/windows-support/iam | | +| [windows\_support\_vpc\_resources](#module\_windows\_support\_vpc\_resources) | ../modules/windows-support/vpc-resources | | ## Resources @@ -115,6 +115,9 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | [fargate\_fluent\_bit\_enable](#input\_fargate\_fluent\_bit\_enable) | Enabling fargate\_fluent\_bit module on eks cluster | `bool` | `false` | no | | [fargate\_profile\_namespace](#input\_fargate\_profile\_namespace) | AWS fargate profile Namespace | `string` | `"default"` | no | | [kube\_proxy\_addon\_version](#input\_kube\_proxy\_addon\_version) | KubeProxy Addon verison | `string` | `"v1.20.4-eksbuild.2"` | no | +| [kube\_state\_metrics\_enable](#input\_kube\_state\_metrics\_enable) | Enabling kube\_state\_metrics module on eks cluster | `bool` | `false` | no | +| [kube\_state\_metrics\_helm\_chart\_version](#input\_kube\_state\_metrics\_helm\_chart\_version) | Helm chart version for kube\_state\_metrics | `string` | `"2.1.2"` | no | +| [kube\_state\_metrics\_image\_tag](#input\_kube\_state\_metrics\_image\_tag) | Docker image tag for kube\_state\_metrics from bitnami | `string` | `"2.1.0"` | no | | [kubernetes\_labels](#input\_kubernetes\_labels) | Key-value mapping of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed | `map(string)` | `{}` | no | | [kubernetes\_version](#input\_kubernetes\_version) | Desired Kubernetes master version. If you do not specify a value, the latest available version is used | `string` | `"1.20"` | no | | [lb\_ingress\_controller\_enable](#input\_lb\_ingress\_controller\_enable) | enabling LB Ingress Controller on eks cluster | `bool` | `false` | no | diff --git a/source/main.tf b/source/main.tf index b66c4af876..c84fb58604 100644 --- a/source/main.tf +++ b/source/main.tf @@ -719,5 +719,11 @@ module "helm" { amp_workspace_id = var.prometheus_enable ? module.aws_managed_prometheus[0].amp_workspace_id : "" region = data.aws_region.current.id + # ------- Kube_state_metrics --------- + kube_state_metrics_enable = var.kube_state_metrics_enable + kube_state_metrics_image_tag = var.kube_state_metrics_image_tag + kube_state_metrics_helm_chart_version = var.kube_state_metrics_helm_chart_version + + depends_on = [module.eks] } diff --git a/source/variables.tf b/source/variables.tf index 7c0b7570dd..360a1c420d 100644 --- a/source/variables.tf +++ b/source/variables.tf @@ -420,6 +420,11 @@ variable "fargate_fluent_bit_enable" { default = false description = "Enabling fargate_fluent_bit module on eks cluster" } +variable "kube_state_metrics_enable" { + type = bool + default = false + description = "Enabling kube_state_metrics module on eks cluster" +} variable "ekslog_retention_in_days" { default = 90 @@ -525,4 +530,14 @@ variable "aws_for_fluent_bit_image_tag" { variable "aws_for_fluent_bit_helm_chart_version" { default = "0.1.11" description = "Helm chart version for aws_for_fluent_bit" +} + +variable "kube_state_metrics_image_tag" { + default = "2.1.0" + description = "Docker image tag for kube_state_metrics from bitnami" +} + +variable "kube_state_metrics_helm_chart_version" { + default = "2.1.2" + description = "Helm chart version for kube_state_metrics" } \ No newline at end of file