diff --git a/modules/eks-monitoring/README.md b/modules/eks-monitoring/README.md index 3c2b787f..01b3a244 100644 --- a/modules/eks-monitoring/README.md +++ b/modules/eks-monitoring/README.md @@ -111,6 +111,7 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this | [helm\_config](#input\_helm\_config) | Helm Config for Prometheus | `any` | `{}` | no | | [irsa\_iam\_additional\_policies](#input\_irsa\_iam\_additional\_policies) | IAM additional policies for IRSA roles | `list(string)` | `[]` | no | | [irsa\_iam\_permissions\_boundary](#input\_irsa\_iam\_permissions\_boundary) | IAM permissions boundary for IRSA roles | `string` | `null` | no | +| [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA roles | `string` | `""` | no | | [irsa\_iam\_role\_path](#input\_irsa\_iam\_role\_path) | IAM role path for IRSA roles | `string` | `"/"` | no | | [istio\_config](#input\_istio\_config) | Configuration object for ISTIO monitoring |
object({
enable_alerting_rules = bool
enable_recording_rules = bool
enable_dashboards = bool
scrape_sample_limit = number

flux_gitrepository_name = string
flux_gitrepository_url = string
flux_gitrepository_branch = string
flux_kustomization_name = string
flux_kustomization_path = string

managed_prometheus_workspace_id = string
prometheus_metrics_endpoint = string

dashboards = object({
cp = string
mesh = string
performance = string
service = string
})
})
| `null` | no | | [java\_config](#input\_java\_config) | Configuration object for Java/JMX monitoring |
object({
enable_alerting_rules = bool
enable_recording_rules = bool
enable_dashboards = bool
scrape_sample_limit = number


flux_gitrepository_name = string
flux_gitrepository_url = string
flux_gitrepository_branch = string
flux_kustomization_name = string
flux_kustomization_path = string

grafana_dashboard_url = string

prometheus_metrics_endpoint = string
})
| `null` | no | diff --git a/modules/eks-monitoring/locals.tf b/modules/eks-monitoring/locals.tf index 3fd532d6..3cd86b04 100644 --- a/modules/eks-monitoring/locals.tf +++ b/modules/eks-monitoring/locals.tf @@ -9,8 +9,9 @@ data "aws_eks_cluster" "eks_cluster" { } locals { - name = "adot-collector-kubeprometheus" - namespace = try(var.helm_config.namespace, local.name) + name = "adot-collector-kubeprometheus" + kube_service_account_name = try(var.helm_config.service_account, local.name) + namespace = try(var.helm_config.namespace, local.name) eks_oidc_issuer_url = replace(data.aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer, "https://", "") eks_cluster_endpoint = data.aws_eks_cluster.eks_cluster.endpoint diff --git a/modules/eks-monitoring/main.tf b/modules/eks-monitoring/main.tf index b80e86bb..0d6f201e 100644 --- a/modules/eks-monitoring/main.tf +++ b/modules/eks-monitoring/main.tf @@ -188,15 +188,23 @@ module "helm_addon" { { name = "enableAdotcollectorMetrics" value = var.enable_adotcollector_metrics + }, + { + name = "serviceAccount" + value = local.kube_service_account_name + }, + { + name = "namespace" + value = local.namespace } - ] + irsa_iam_role_name = var.irsa_iam_role_name irsa_config = { create_kubernetes_namespace = true kubernetes_namespace = local.namespace create_kubernetes_service_account = true - kubernetes_service_account = try(var.helm_config.service_account, local.name) + kubernetes_service_account = local.kube_service_account_name irsa_iam_policies = flatten([ "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess", diff --git a/modules/eks-monitoring/otel-config/templates/clusterrolebinding.yaml b/modules/eks-monitoring/otel-config/templates/clusterrolebinding.yaml index 992d7696..165e2aa9 100644 --- a/modules/eks-monitoring/otel-config/templates/clusterrolebinding.yaml +++ b/modules/eks-monitoring/otel-config/templates/clusterrolebinding.yaml @@ -8,5 +8,5 @@ roleRef: name: otel-prometheus-role subjects: - kind: ServiceAccount - name: adot-collector-kubeprometheus - namespace: adot-collector-kubeprometheus + name: {{ default "adot-collector-kubeprometheus" .Values.serviceAccount }} + namespace: {{ default "adot-collector-kubeprometheus" .Values.namespace }} diff --git a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml index 22b9c3a1..a2aa43a6 100644 --- a/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml +++ b/modules/eks-monitoring/otel-config/templates/opentelemetrycollector.yaml @@ -4,7 +4,7 @@ metadata: name: adot spec: mode: deployment - serviceAccount: adot-collector-kubeprometheus + serviceAccount: {{ default "adot-collector-kubeprometheus" .Values.serviceAccount }} env: - name: "K8S_NODE_NAME" valueFrom: diff --git a/modules/eks-monitoring/otel-config/values.yaml b/modules/eks-monitoring/otel-config/values.yaml index 263ce211..d274557d 100644 --- a/modules/eks-monitoring/otel-config/values.yaml +++ b/modules/eks-monitoring/otel-config/values.yaml @@ -34,3 +34,6 @@ istioPrometheusMetricsEndpoint: ${istio_prometheus_metrics_endpoint} adotLoglevel: ${adot_loglevel} enableAdotcollectorMetrics: ${enable_adotcollector_metrics} + +serviceAccount: ${service_account} +namespace: ${namespace} diff --git a/modules/eks-monitoring/variables.tf b/modules/eks-monitoring/variables.tf index ed37a02d..4c8f1eb9 100644 --- a/modules/eks-monitoring/variables.tf +++ b/modules/eks-monitoring/variables.tf @@ -21,6 +21,12 @@ variable "helm_config" { default = {} } +variable "irsa_iam_role_name" { + description = "IAM role name for IRSA roles" + type = string + default = "" +} + variable "irsa_iam_role_path" { description = "IAM role path for IRSA roles" type = string