feat: merge feature

Signed-off-by: Kevin Lefevre <[email protected]>
clusterfrak-dynamics · Nov 5, 2019 · a11ac26 · a11ac26
1 parent b607967
commit a11ac26
Show file tree

Hide file tree

Showing 10 changed files with 252 additions and 70 deletions.
diff --git a/elasticache.tf b/elasticache.tf
@@ -0,0 +1,77 @@
+resource "random_uuid" "redis_token" {
+  count = var.redis_token_enabled ? 1 : 0
+}
+
+resource "aws_elasticache_subnet_group" "redis_subnet_group" {
+  name       = "tf-redis-${var.redis_id}-${var.env}"
+  subnet_ids = var.redis_subnets
+}
+
+resource "aws_elasticache_replication_group" "redis" {
+  count                         = var.redis_cluster_mode["enabled"] ? 0 : 1
+  automatic_failover_enabled    = var.redis_automatic_failover_enabled
+  availability_zones            = var.redis_azs
+  replication_group_id          = "${var.redis_id}-${var.env}"
+  replication_group_description = "${var.redis_id}-${var.env}"
+  node_type                     = var.redis_node_type
+  number_cache_clusters         = var.redis_number_cache_clusters
+  parameter_group_name          = var.redis_parameter_group_name
+  port                          = var.redis_port
+  engine                        = var.redis_engine
+  engine_version                = var.redis_engine_version
+  subnet_group_name             = aws_elasticache_subnet_group.redis_subnet_group.name
+  security_group_ids            = var.redis_security_group_ids
+  at_rest_encryption_enabled    = var.redis_at_rest_encryption_enabled
+  transit_encryption_enabled    = var.redis_transit_encryption_enabled
+  auth_token                    = var.redis_token_enabled ? random_uuid.redis_token[0].result : null
+  snapshot_window               = var.redis_snapshot_window
+  maintenance_window            = var.redis_maintenance_window
+  snapshot_retention_limit      = var.redis_snapshot_retention_limit
+  apply_immediately             = var.redis_apply_immediately
+  tags                          = var.tags
+}
+
+resource "aws_elasticache_replication_group" "redis_cluster" {
+  count                         = var.redis_cluster_mode["enabled"] ? 1 : 0
+  automatic_failover_enabled    = true
+  availability_zones            = var.redis_azs
+  replication_group_id          = "${var.redis_id}-${var.env}"
+  replication_group_description = "${var.redis_id}-${var.env}"
+  node_type                     = var.redis_node_type
+  parameter_group_name          = var.redis_parameter_group_name
+  port                          = var.redis_port
+  engine                        = var.redis_engine
+  engine_version                = var.redis_engine_version
+  subnet_group_name             = aws_elasticache_subnet_group.redis_subnet_group.name
+  security_group_ids            = var.redis_security_group_ids
+  at_rest_encryption_enabled    = var.redis_at_rest_encryption_enabled
+  transit_encryption_enabled    = var.redis_transit_encryption_enabled
+  auth_token                    = var.redis_token_enabled ? random_uuid.redis_token[0].result : null
+  snapshot_window               = var.redis_snapshot_window
+  maintenance_window            = var.redis_maintenance_window
+  snapshot_retention_limit      = var.redis_snapshot_retention_limit
+  apply_immediately             = var.redis_apply_immediately
+  tags                          = var.tags
+
+  cluster_mode {
+    replicas_per_node_group = var.redis_cluster_mode["replicas_per_node_group"]
+    num_node_groups         = var.redis_cluster_mode["num_node_groups"]
+  }
+}
+
+resource "kubernetes_secret" "redis_secrets" {
+  count = length(var.inject_secret_into_ns)
+
+  metadata {
+    name      = "redis-${var.redis_cluster_mode["enabled"] ? aws_elasticache_replication_group.redis_cluster[0].id : aws_elasticache_replication_group.redis[0].id}"
+    namespace = var.inject_secret_into_ns[count.index]
+  }
+
+  data                                   =  {
+    REDIS_PRIMARY_ENDPOINT_ADDRESS       = var.redis_cluster_mode["enabled"] ? aws_elasticache_replication_group.redis_cluster[0].primary_endpoint_address : aws_elasticache_replication_group.redis[0].primary_endpoint_address
+    REDIS_CONFIGURATION_ENDPOINT_ADDRESS = var.redis_cluster_mode["enabled"] ? aws_elasticache_replication_group.redis_cluster[0].configuration_endpoint_address : aws_elasticache_replication_group.redis[0].configuration_endpoint_address
+    REDIS_MEMBER_CLUSTERS                = join(",",var.redis_cluster_mode["enabled"] ? aws_elasticache_replication_group.redis_cluster[0].member_clusters : aws_elasticache_replication_group.redis[0].member_clusters)
+    REDIS_PORT                           = var.redis_port
+    REDIS_AUTH                           = var.redis_token_enabled ? random_uuid.redis_token[0].result : null
+  }
+}
diff --git a/files/servicemonitor.yaml b/files/servicemonitor.yaml
@@ -0,0 +1,15 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: redis-exporter-servicemonitor
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      app: prometheus-redis-exporter
+  namespaceSelector:
+    matchNames:
+      - monitoring
+  endpoints:
+  - port: redis-exporter
+  sampleLimit: 50000
diff --git a/helm_repositories.tf b/helm_repositories.tf
@@ -0,0 +1,4 @@
+data "helm_repository" "stable" {
+  name = "stable"
+  url  = "https://kubernetes-charts.storage.googleapis.com/"
+}
diff --git a/main.tf b/main.tf
diff --git a/outputs.tf b/outputs.tf
diff --git a/providers.tf b/providers.tf
@@ -1,18 +1,29 @@
+#
+# Provider Configuration
+#
+terraform {
+  backend "s3" {
+  }
+}
+
 provider "aws" {
   region = var.aws["region"]
 }
 
-terraform {
-  backend "s3" {
+provider "helm" {
+  install_tiller                  = true
+  service_account                 = "tiller"
+  tiller_image                    = "gcr.io/kubernetes-helm/tiller:v2.15.2"
+  automount_service_account_token = true
+
+  kubernetes {
+    config_path = var.eks["kubeconfig_path"]
   }
 }
 
-data "aws_region" "current" {
-}
 
 data "aws_availability_zones" "available" {
 }
 
 data "aws_caller_identity" "current" {
 }
-
diff --git a/redis-exporter.tf b/redis-exporter.tf
@@ -0,0 +1,40 @@
+locals {
+  values_redis_exporter = <<VALUES
+image:
+  tag: "${var.redis_exporter["version"]}"
+redisAddress: redis://127.0.0.1:6379
+env:
+  - name: REDIS_PASSWORD
+    value: "${var.redis_token_enabled ? random_uuid.redis_token[0].result : ""}"
+VALUES
+}
+
+resource "helm_release" "redis_exporter" {
+  count      = var.redis_exporter["enabled"] ? 1 : 0
+  repository = data.helm_repository.stable.metadata[0].name
+  name       = "${var.redis_id}-${var.env}"
+  chart      = "prometheus-redis-exporter"
+  version    = var.redis_exporter["chart_version"]
+  values     = concat([local.values_redis_exporter], [var.redis_exporter["extra_values"]])
+  namespace  = var.redis_exporter["namespace"]
+
+  provisioner "local-exec" {
+    command = "kubectl --kubeconfig=kubeconfig -n monitoring apply -f files/servicemonitor.yaml"
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl --kubeconfig=kubeconfig -n monitoring patch deployments ${var.redis_id}-${var.env}-prometheus-redis-exporter --patch '${templatefile("templates/patch.tpl", { configmap_name = "${var.redis_id}-${var.env}-stunnel-config" })}'"
+  }
+}
+
+resource "kubernetes_config_map" "stunnel" {
+  count      = var.redis_exporter["enabled"] ? 1 : 0
+  metadata {
+    name      = "${var.redis_id}-${var.env}-stunnel-config"
+    namespace = "monitoring"
+  }
+
+  data             = {
+    "stunnel.conf" = "${templatefile("templates/stunnel.tpl", { redis_host = var.redis_cluster_mode["enabled"] ? aws_elasticache_replication_group.redis_cluster[0].configuration_endpoint_address : aws_elasticache_replication_group.redis[0].primary_endpoint_address, redis_port =var.redis_port})}"
+  }
+}
diff --git a/templates/patch.tpl b/templates/patch.tpl
@@ -0,0 +1,15 @@
+spec:
+  template:
+    spec:
+      containers:
+      - name: stunnel
+        image: dweomer/stunnel
+        volumeMounts:
+        - name: stunnel-config
+          mountPath: /etc/stunnel
+        command:
+        - stunnel
+      volumes:
+      - name: stunnel-config
+        configMap:
+          name: ${configmap_name}
diff --git a/templates/stunnel.tpl b/templates/stunnel.tpl
@@ -0,0 +1,11 @@
+pid = /var/run/stunnel/stunnel.pid
+debug = 7
+delay = yes
+options = NO_SSLv3
+foreground = yes
+setuid = stunnel
+setgid = stunnel
+[redis-cli]
+   client = yes
+   accept = 127.0.0.1:6379
+   connect = ${redis_host}:${redis_port}
diff --git a/variables.tf b/variables.tf
@@ -1,71 +1,108 @@
-variable "redis_cluster" {
-  description = "Count of nodes in cluster"
+variable "aws" {
+  type    = any
+  default = {}
 }
 
-variable "redis_node_type" {
-  description = "The type of node to create in the node group"
+variable "eks" {
+  type    = any
+  default = {}
 }
 
-variable "redis_failover" {
-  description = "Automatic failover (Not available for T1/T2 instances)"
-  default     = false
+variable "env" {
 }
 
-variable "redis_version" {
-  description = "The version number of the cache engine to be used for the cache clusters in this replication group"
+variable "redis_id" {
+  default = "redis"
 }
 
-variable "redis_at_rest_encryption_enabled" {
-  description = "(Optional) Whether to enable encryption at rest"
-  default     = true
+variable "redis_engine" {
+  default = "redis"
 }
 
-variable "redis_transit_encryption_enabled" {
-  description = "(Optional) Whether to enable encryption in transit"
-  default     = true
+variable "redis_engine_version" {
+  default = "5.0.5"
 }
 
-variable "tags" {
-  description = "Tags for redis nodes"
-  type        = any
-  default     = {}
+variable "redis_automatic_failover_enabled" {
+  default = false
 }
 
-variable "vpc_id" {
-  description = "VPC ID where subnets will be created (e.g. `vpc-aceb2723`)"
+variable "redis_node_type" {
+  default = "cache.t2.medium"
 }
 
-variable "redis_port" {
-  description = "Redis port"
-  default     = 6379
+variable "redis_number_cache_clusters" {
+  default = 1
 }
 
-variable "name" {
-  description = "Name for the Redis replication group i.e. UserObject"
+variable "redis_parameter_group_name" {
+  default = "default.redis5.0"
 }
 
-variable "env" {
-  description = "Kind of environment we are going to launch the Service"
+variable "redis_port" {
+  default = 6379
+}
+
+variable "redis_security_group_ids" {
+  type = list
+  default = []
 }
 
-variable "subnets" {
-  description = "List of VPC Subnet IDs for the cache subnet group"
-  type        = list(string)
+variable "redis_at_rest_encryption_enabled" {
+  default = true
 }
 
-variable "redis_security_group" {
-  description = "Security Groups from EKS Worker Node"
+variable "redis_transit_encryption_enabled" {
+  default = true
 }
 
-variable "redis_apply_immediately" {
-  description = "Apply changes immediately"
+variable "redis_snapshot_window" {
+  default = "02:00-04:00"
 }
 
 variable "redis_maintenance_window" {
-  description = "Maintenance window"
+  default = "sun:00:00-sun:02:00"
 }
 
-variable "aws" {
+variable "redis_snapshot_retention_limit" {
+  default = null
+}
+
+variable "redis_apply_immediately" {
+  default = false
+}
+
+variable "tags" {
   type    = any
   default = {}
 }
+
+variable "redis_cluster_mode" {
+  type                      = any
+  default                   = {
+    enabled                 = false
+  }
+}
+
+variable "redis_azs" {
+  default = null
+  type    = list
+}
+
+variable "inject_secret_into_ns" {
+  default = []
+  type    = list
+}
+
+variable "redis_exporter" {
+  type    = any
+}
+
+variable "redis_token_enabled" {
+  default = false
+}
+
+variable "redis_subnets" {
+  type = list
+  default = []
+}