From 711a8b6bfaacd6c0a0bc7f6c8943e5f42de6fab3 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 24 Mar 2025 23:51:20 +0000 Subject: [PATCH 01/33] feat: initial module + DA --- .catalog-onboard-pipeline.yaml | 13 + .secrets.baseline | 15 +- CODEOWNERS | 2 + README.md | 177 ++++++------- cra-config.yaml | 19 +- cra-tf-validate-ignore-rules.json | 21 +- examples/advanced/README.md | 4 - examples/advanced/main.tf | 32 --- examples/advanced/outputs.tf | 38 --- examples/advanced/variables.tf | 39 --- examples/advanced/version.tf | 16 -- examples/basic/README.md | 11 - examples/basic/main.tf | 31 --- examples/basic/outputs.tf | 38 --- examples/basic/provider.tf | 8 - examples/basic/variables.tf | 39 --- examples/basic/version.tf | 16 -- examples/obs-agent-iks/README.md | 10 + examples/obs-agent-iks/main.tf | 135 ++++++++++ examples/obs-agent-iks/outputs.tf | 11 + examples/obs-agent-iks/provider.tf | 24 ++ examples/obs-agent-iks/variables.tf | 41 +++ examples/obs-agent-iks/version.tf | 26 ++ examples/obs-agent-ocp/README.md | 11 + examples/obs-agent-ocp/main.tf | 129 ++++++++++ examples/obs-agent-ocp/outputs.tf | 11 + examples/obs-agent-ocp/provider.tf | 24 ++ examples/obs-agent-ocp/variables.tf | 47 ++++ examples/obs-agent-ocp/version.tf | 20 ++ main.tf | 127 ++++++++- outputs.tf | 30 +-- solutions/fully-configurable/README.md | 11 + .../catalogValidationValues.json.template | 3 + .../fully-configurable/kubeconfig/.gitignore | 6 + .../fully-configurable/kubeconfig/README.md | 2 + solutions/fully-configurable/main.tf | 35 +++ .../fully-configurable/outputs.tf | 8 +- solutions/fully-configurable/provider.tf | 37 +++ solutions/fully-configurable/variables.tf | 136 ++++++++++ solutions/fully-configurable/version.tf | 20 ++ tests/README.md | 3 + tests/other_test.go | 16 ++ tests/pr_test.go | 240 ++++++++++++++++-- ...ation-deploy-slz-roks-and-obs-instances.sh | 20 ++ ...ation-deploy-slz-roks-and-obs-instances.sh | 54 ++++ variables.tf | 173 +++++++++++-- version.tf | 8 +- 47 files changed, 1454 insertions(+), 483 deletions(-) create mode 100644 .catalog-onboard-pipeline.yaml create mode 100644 CODEOWNERS delete mode 100644 examples/advanced/README.md delete mode 100644 examples/advanced/main.tf delete mode 100644 examples/advanced/outputs.tf delete mode 100644 examples/advanced/variables.tf delete mode 100644 examples/advanced/version.tf delete mode 100644 examples/basic/README.md delete mode 100644 examples/basic/main.tf delete mode 100644 examples/basic/outputs.tf delete mode 100644 examples/basic/provider.tf delete mode 100644 examples/basic/variables.tf delete mode 100644 examples/basic/version.tf create mode 100644 examples/obs-agent-iks/README.md create mode 100644 examples/obs-agent-iks/main.tf create mode 100644 examples/obs-agent-iks/outputs.tf create mode 100644 examples/obs-agent-iks/provider.tf create mode 100644 examples/obs-agent-iks/variables.tf create mode 100644 examples/obs-agent-iks/version.tf create mode 100644 examples/obs-agent-ocp/README.md create mode 100644 examples/obs-agent-ocp/main.tf create mode 100644 examples/obs-agent-ocp/outputs.tf create mode 100644 examples/obs-agent-ocp/provider.tf create mode 100644 examples/obs-agent-ocp/variables.tf create mode 100644 examples/obs-agent-ocp/version.tf create mode 100644 solutions/fully-configurable/README.md create mode 100644 solutions/fully-configurable/catalogValidationValues.json.template create mode 100644 solutions/fully-configurable/kubeconfig/.gitignore create mode 100644 solutions/fully-configurable/kubeconfig/README.md create mode 100644 solutions/fully-configurable/main.tf rename examples/advanced/provider.tf => solutions/fully-configurable/outputs.tf (58%) create mode 100644 solutions/fully-configurable/provider.tf create mode 100644 solutions/fully-configurable/variables.tf create mode 100644 solutions/fully-configurable/version.tf create mode 100755 tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh create mode 100755 tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml new file mode 100644 index 00000000..a9f07004 --- /dev/null +++ b/.catalog-onboard-pipeline.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +offerings: + - name: deploy-arch-ibm-monitoring-agent + kind: solution + catalog_id: _ + offering_id: _ + variations: + - name: fully-configurable + mark_ready: true + install_type: fullstack + pre_validation: "tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh" + post_validation: "tests/scripts/post-validation-destroy-slz-roks-and-obs-instances.sh" diff --git a/.secrets.baseline b/.secrets.baseline index 0a4efa4a..147f1608 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-11-22T17:36:38Z", + "generated_at": "2025-03-24T23:50:51Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -76,18 +76,7 @@ "name": "TwilioKeyDetector" } ], - "results": { - "README.md": [ - { - "hashed_secret": "ff9ee043d85595eb255c05dfe32ece02a53efbb2", - "is_secret": false, - "is_verified": false, - "line_number": 74, - "type": "Secret Keyword", - "verified_result": null - } - ] - }, + "results": {}, "version": "0.13.1+ibm.62.dss", "word_list": { "file": null, diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..713bd26e --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,2 @@ +# Primary owner should be listed first in list of global owners, followed by any secondary owners +* @jor2 @Aashiq-J diff --git a/README.md b/README.md index 73b5c749..b1b60279 100644 --- a/README.md +++ b/README.md @@ -1,129 +1,95 @@ - -# Terraform modules template project - - -[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) -[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-monitoring-agent?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/releases/latest) +# Terraform IBM Monitoring agent module + +[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) +[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-monitoring-agent?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/releases/latest) [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release) - +- [Monitoring agent](https://cloud.ibm.com/docs/monitoring?topic=monitoring-about-collect-metrics) -TODO: Replace this with a description of the modules in this repo. - - - + ## Overview * [terraform-ibm-monitoring-agent](#terraform-ibm-monitoring-agent) * [Examples](./examples) - * [Advanced example](./examples/advanced) - * [Basic example](./examples/basic) + * [Monitoring agent on Kubernetes using CSE ingress endpoint with an apikey](./examples/obs-agent-iks) + * [Monitoring agent](./examples/obs-agent-ocp) * [Contributing](#contributing) - - - - - - ## terraform-ibm-monitoring-agent ### Usage - - ```hcl -terraform { - required_version = ">= 1.9.0" - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - version = "X.Y.Z" # Lock into a provider version that satisfies the module constraints - } - } -} +# ############################################################################ +# Init cluster config for helm +# ############################################################################ -locals { - region = "us-south" +data "ibm_container_cluster_config" "cluster_config" { + # update this value with the Id of the cluster where these agents will be provisioned + cluster_name_id = "cluster_id" } +# ############################################################################ +# Config providers +# ############################################################################ + provider "ibm" { - ibmcloud_api_key = "XXXXXXXXXX" # replace with apikey value - region = local.region + # update this value with your IBM Cloud API key value + ibmcloud_api_key = "XXXXXXXXXXXXXXXXX" # pragma: allowlist secret } -module "module_template" { - source = "terraform-ibm-modules//ibm" - version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release - region = local.region - name = "instance-name" - resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" # Replace with the actual ID of resource group to use +provider "helm" { + kubernetes { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate + } + # IBM Cloud credentials are required to authenticate to the helm repo + registry { + url = "oci://icr.io/ibm/observe/monitoring-agent-helm" + username = "iamapikey" + password = "XXXXXXXXXXXXXXXXX" # replace with an IBM cloud apikey # pragma: allowlist secret + } } -``` - -### Required access policies - +# ############################################################################ +# Install observability agents +# ############################################################################ + +module "observability_agents" { + source = "terraform-ibm-modules/observability-agents/ibm" + version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release + is_vpc_cluster = true # Change to false if target cluster is running on classic infrastructure + cluster_id = "cluster id" # update this with your cluster id where the agents will be installed + cluster_resource_group_id = "resource group id" # update this with the Id of your IBM Cloud resource group + cloud_monitoring_access_key = "XXXXXXXX" + cloud_monitoring_instance_region = "us-south" +} +``` - - - - - - - ### Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.9.0 | -| [ibm](#requirement\_ibm) | >= 1.71.2, < 2.0.0 | +| [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 | +| [ibm](#requirement\_ibm) | >= 1.76.1, <2.0.0 | ### Modules @@ -133,28 +99,41 @@ No modules. | Name | Type | |------|------| -| [ibm_resource_instance.cos_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource | +| [helm_release.cloud_monitoring_agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [ibm_container_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster) | data source | +| [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_config) | data source | +| [ibm_container_vpc_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_vpc_cluster) | data source | ### Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [name](#input\_name) | A descriptive name used to identify the resource instance. | `string` | n/a | yes | -| [plan](#input\_plan) | The name of the plan type supported by service. | `string` | `"standard"` | no | -| [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group where you want to create the service. | `string` | n/a | yes | -| [resource\_tags](#input\_resource\_tags) | List of resource tag to associate with the instance. | `list(string)` | `[]` | no | +| [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | +| [cloud\_monitoring\_add\_cluster\_name](#input\_cloud\_monitoring\_add\_cluster\_name) | If true, configure the cloud monitoring agent to attach a tag containing the cluster name to all metric data. | `bool` | `true` | no | +| [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | +| [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | +| [cloud\_monitoring\_agent\_tags](#input\_cloud\_monitoring\_agent\_tags) | List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud\_monitoring\_add\_cluster\_name' variable to add the cluster name as a tag. | `list(string)` | `[]` | no | +| [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | +| [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | +| [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no | +| [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | +| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no | +| [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | +| [cloud\_monitoring\_secret\_name](#input\_cloud\_monitoring\_secret\_name) | The name of the secret which will store the access key. | `string` | `"sysdig-agent"` | no | +| [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | +| [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agents in | `string` | n/a | yes | +| [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes | +| [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | +| [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no | +| [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no | ### Outputs -| Name | Description | -|------|-------------| -| [account\_id](#output\_account\_id) | An alpha-numeric value identifying the account ID. | -| [crn](#output\_crn) | The CRN of the resource instance. | -| [guid](#output\_guid) | The GUID of the resource instance. | -| [id](#output\_id) | The unique identifier of the resource instance. | +No outputs. - + + ## Contributing You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md). diff --git a/cra-config.yaml b/cra-config.yaml index 9a4c7faa..05b674a5 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -1,17 +1,6 @@ -# -# Developer tips: -# - CRA = Code Risk Analyzer (more info on CRA: https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin) -# - Multiple directories can be scanned by CRA. Ensure if there are any deployable architecture in the repository that they are all scanned -# - More info about supported configurations at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml -# - +# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml version: "v1" CRA_TARGETS: - - CRA_TARGET: "examples/advanced" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. - CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" - PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). - # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used. - # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used. - CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs. - TF_VAR_prefix: "mock" - TF_VAR_region: "us-south" + - CRA_TARGET: "examples/obs-agent-ocp" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. + CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json` + PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). diff --git a/cra-tf-validate-ignore-rules.json b/cra-tf-validate-ignore-rules.json index adbff6e0..1904716b 100644 --- a/cra-tf-validate-ignore-rules.json +++ b/cra-tf-validate-ignore-rules.json @@ -1,3 +1,22 @@ { - "scc_rules": [] + "scc_rules": [ + { + "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9", + "description": "Check whether Flow Logs for VPC are enabled", + "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource that is used in the example that is scanned", + "is_valid": false + }, + { + "scc_rule_id": "rule-2325054a-c338-474a-9740-0b7034487e40", + "description:": "Check whether OpenShift clusters are accessible only by using private endpoints", + "ignore_reason": "This rule is not relevant to the module itself, just the cluster resource that is used in the example that is scanned", + "is_valid": false + }, + { + "scc_rule_id": "rule-64c0bea0-8760-4a6b-a56c-ee375a48961e", + "description:": "Check whether Virtual Private Cloud (VPC) has no public gateways attached", + "ignore_reason": "This rule is not relevant to the module itself, just the VPC resource that is used in the example that is scanned", + "is_valid": false + } + ] } diff --git a/examples/advanced/README.md b/examples/advanced/README.md deleted file mode 100644 index d52511a3..00000000 --- a/examples/advanced/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Advanced example - - - diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf deleted file mode 100644 index 29e41045..00000000 --- a/examples/advanced/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -######################################################################################################################## -# Resource group -######################################################################################################################## - -module "resource_group" { - source = "terraform-ibm-modules/resource-group/ibm" - version = "1.1.6" - # if an existing resource group is not set (null) create a new one using prefix - resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null - existing_resource_group_name = var.resource_group -} - -######################################################################################################################## -# COS -######################################################################################################################## - -# -# Developer tips: -# - Call the local module / modules in the example to show how they can be consumed -# - Include the actual module source as a code comment like below so consumers know how to consume from correct location -# - -module "cos" { - source = "../.." - # remove the above line and uncomment the below 2 lines to consume the module from the registry - # source = "terraform-ibm-modules//ibm" - # version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release - name = "${var.prefix}-cos" - resource_group_id = module.resource_group.resource_group_id - resource_tags = var.resource_tags - plan = "cos-one-rate-plan" -} diff --git a/examples/advanced/outputs.tf b/examples/advanced/outputs.tf deleted file mode 100644 index 316751fb..00000000 --- a/examples/advanced/outputs.tf +++ /dev/null @@ -1,38 +0,0 @@ -############################################################################## -# Outputs -############################################################################## - -# -# Developer tips: -# - Include all relevant outputs from the modules being called in the example -# - -output "account_id" { - description = "An alpha-numeric value identifying the account ID." - value = module.cos.account_id -} - -output "guid" { - description = "The GUID of the resource instance." - value = module.cos.account_id -} - -output "id" { - description = "The unique identifier of the resource instance." - value = module.cos.id -} - -output "crn" { - description = "The CRN of the resource instance." - value = module.cos.crn -} - -output "resource_group_name" { - description = "Resource group name." - value = module.resource_group.resource_group_name -} - -output "resource_group_id" { - description = "Resource group ID." - value = module.resource_group.resource_group_id -} diff --git a/examples/advanced/variables.tf b/examples/advanced/variables.tf deleted file mode 100644 index d4603642..00000000 --- a/examples/advanced/variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -######################################################################################################################## -# Input variables -######################################################################################################################## - -# -# Module developer tips: -# - Examples are references that consumers can use to see how the module can be consumed. They are not designed to be -# flexible re-usable solutions for general consumption, so do not expose any more variables here and instead hard -# code things in the example main.tf with code comments explaining the different configurations. -# - For the same reason as above, do not add default values to the example inputs. -# - -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud API Key." - sensitive = true -} - -variable "region" { - type = string - description = "Region to provision all resources created by this example." -} - -variable "prefix" { - type = string - description = "A string value to prefix to all resources created by this example." -} - -variable "resource_group" { - type = string - description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable." - default = null -} - -variable "resource_tags" { - type = list(string) - description = "List of resource tag to associate with all resource instances created by this example." - default = [] -} diff --git a/examples/advanced/version.tf b/examples/advanced/version.tf deleted file mode 100644 index ecfa9780..00000000 --- a/examples/advanced/version.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_version = ">= 1.9.0" - - # - # Developer tips: - # - Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version. - # - - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - version = ">= 1.71.2, < 2.0.0" - } - } -} diff --git a/examples/basic/README.md b/examples/basic/README.md deleted file mode 100644 index e5977ae2..00000000 --- a/examples/basic/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Basic example - - - -An end-to-end basic example that will provision the following: -- A new resource group if one is not passed in. -- A new standard plan Cloud Object Storage instance using the root level module. diff --git a/examples/basic/main.tf b/examples/basic/main.tf deleted file mode 100644 index 410054ad..00000000 --- a/examples/basic/main.tf +++ /dev/null @@ -1,31 +0,0 @@ -######################################################################################################################## -# Resource group -######################################################################################################################## - -module "resource_group" { - source = "terraform-ibm-modules/resource-group/ibm" - version = "1.1.6" - # if an existing resource group is not set (null) create a new one using prefix - resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null - existing_resource_group_name = var.resource_group -} - -######################################################################################################################## -# COS -######################################################################################################################## - -# -# Developer tips: -# - Call the local module / modules in the example to show how they can be consumed -# - include the actual module source as a code comment like below so consumers know how to consume from correct location -# - -module "cos" { - source = "../.." - # remove the above line and uncomment the below 2 lines to consume the module from the registry - # source = "terraform-ibm-modules//ibm" - # version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release - name = "${var.prefix}-cos" - resource_group_id = module.resource_group.resource_group_id - resource_tags = var.resource_tags -} diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf deleted file mode 100644 index 552db482..00000000 --- a/examples/basic/outputs.tf +++ /dev/null @@ -1,38 +0,0 @@ -######################################################################################################################## -# Outputs -######################################################################################################################## - -# -# Developer tips: -# - Include all relevant outputs from the modules being called in the example -# - -output "account_id" { - description = "An alpha-numeric value identifying the account ID." - value = module.cos.account_id -} - -output "guid" { - description = "The GUID of the resource instance." - value = module.cos.account_id -} - -output "id" { - description = "The unique identifier of the resource instance." - value = module.cos.id -} - -output "crn" { - description = "The CRN of the resource instance." - value = module.cos.crn -} - -output "resource_group_name" { - description = "Resource group name." - value = module.resource_group.resource_group_name -} - -output "resource_group_id" { - description = "Resource group ID." - value = module.resource_group.resource_group_id -} diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf deleted file mode 100644 index 84b69850..00000000 --- a/examples/basic/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -######################################################################################################################## -# Provider config -######################################################################################################################## - -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.region -} diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf deleted file mode 100644 index d4603642..00000000 --- a/examples/basic/variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -######################################################################################################################## -# Input variables -######################################################################################################################## - -# -# Module developer tips: -# - Examples are references that consumers can use to see how the module can be consumed. They are not designed to be -# flexible re-usable solutions for general consumption, so do not expose any more variables here and instead hard -# code things in the example main.tf with code comments explaining the different configurations. -# - For the same reason as above, do not add default values to the example inputs. -# - -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud API Key." - sensitive = true -} - -variable "region" { - type = string - description = "Region to provision all resources created by this example." -} - -variable "prefix" { - type = string - description = "A string value to prefix to all resources created by this example." -} - -variable "resource_group" { - type = string - description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable." - default = null -} - -variable "resource_tags" { - type = list(string) - description = "List of resource tag to associate with all resource instances created by this example." - default = [] -} diff --git a/examples/basic/version.tf b/examples/basic/version.tf deleted file mode 100644 index 401504c5..00000000 --- a/examples/basic/version.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_version = ">= 1.9.0" - - # - # Developer tips: - # - Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version. - # - - required_providers { - ibm = { - source = "IBM-Cloud/ibm" - version = "1.71.2" - } - } -} diff --git a/examples/obs-agent-iks/README.md b/examples/obs-agent-iks/README.md new file mode 100644 index 00000000..66baa8c3 --- /dev/null +++ b/examples/obs-agent-iks/README.md @@ -0,0 +1,10 @@ +# Monitoring agent on Kubernetes using CSE ingress endpoint with an apikey + +An example that shows how to deploy a Monitoring agent in a Kubernetes cluster to send Logs directly to IBM a Cloud Monitoring instance. + +The example provisions the following resources: +- A new resource group, if an existing one is not passed in. +- A basic VPC (if `is_vpc_cluster` is true). +- A Kubernetes cluster. +- An IBM Cloud Monitoring instance +- Monitoring agent diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf new file mode 100644 index 00000000..2f79ab4a --- /dev/null +++ b/examples/obs-agent-iks/main.tf @@ -0,0 +1,135 @@ +############################################################################## +# Resource Group +############################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.6" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} + +############################################################################## +# Create VPC and IKS Cluster +############################################################################## + +resource "ibm_is_vpc" "example_vpc" { + count = var.is_vpc_cluster ? 1 : 0 + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + tags = var.resource_tags +} + +resource "ibm_is_subnet" "testacc_subnet" { + count = var.is_vpc_cluster ? 1 : 0 + name = "${var.prefix}-subnet" + vpc = ibm_is_vpc.example_vpc[0].id + zone = "${var.region}-1" + total_ipv4_address_count = 256 + resource_group = module.resource_group.resource_group_id +} + +# Lookup the current default kube version +data "ibm_container_cluster_versions" "cluster_versions" {} +locals { + default_version = data.ibm_container_cluster_versions.cluster_versions.default_kube_version +} + +resource "ibm_container_vpc_cluster" "cluster" { + count = var.is_vpc_cluster ? 1 : 0 + name = var.prefix + vpc_id = ibm_is_vpc.example_vpc[0].id + kube_version = local.default_version + flavor = "bx2.4x16" + worker_count = "2" + force_delete_storage = true + wait_till = "IngressReady" + zones { + subnet_id = ibm_is_subnet.testacc_subnet[0].id + name = "${var.region}-1" + } + resource_group_id = module.resource_group.resource_group_id + tags = var.resource_tags +} + +resource "ibm_container_cluster" "cluster" { + #checkov:skip=CKV2_IBM_7:Public endpoint is required for testing purposes + count = var.is_vpc_cluster ? 0 : 1 + name = var.prefix + datacenter = var.datacenter + default_pool_size = 2 + hardware = "shared" + kube_version = local.default_version + force_delete_storage = true + machine_type = "b3c.4x16" + public_vlan_id = ibm_network_vlan.public_vlan[0].id + private_vlan_id = ibm_network_vlan.private_vlan[0].id + wait_till = "Normal" + resource_group_id = module.resource_group.resource_group_id + tags = var.resource_tags + + timeouts { + delete = "2h" + create = "3h" + } +} + +locals { + cluster_name_id = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id +} + +resource "ibm_network_vlan" "public_vlan" { + count = var.is_vpc_cluster ? 0 : 1 + datacenter = var.datacenter + type = "PUBLIC" +} + +resource "ibm_network_vlan" "private_vlan" { + count = var.is_vpc_cluster ? 0 : 1 + datacenter = var.datacenter + type = "PRIVATE" +} + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = local.cluster_name_id + resource_group_id = module.resource_group.resource_group_id +} + +# Sleep to allow RBAC sync on cluster +resource "time_sleep" "wait_operators" { + depends_on = [data.ibm_container_cluster_config.cluster_config] + create_duration = "45s" +} + +############################################################################## +# Observability Instance +############################################################################## + +module "observability_instances" { + source = "terraform-ibm-modules/observability-instances/ibm" + version = "3.5.0" + resource_group_id = module.resource_group.resource_group_id + region = var.region + cloud_logs_plan = "standard" + cloud_monitoring_plan = "graduated-tier" + enable_platform_metrics = false + cloud_logs_instance_name = "${var.prefix}-cloud-logs" + cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring" +} + +############################################################################## +# Observability Agents +############################################################################## + +module "observability_agents" { + source = "../.." + depends_on = [time_sleep.wait_operators] + cluster_id = local.cluster_name_id + is_vpc_cluster = var.is_vpc_cluster + cluster_resource_group_id = module.resource_group.resource_group_id + # # Monitoring agent + cloud_monitoring_enabled = true + cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key + cloud_monitoring_instance_region = module.observability_instances.region +} diff --git a/examples/obs-agent-iks/outputs.tf b/examples/obs-agent-iks/outputs.tf new file mode 100644 index 00000000..135186b7 --- /dev/null +++ b/examples/obs-agent-iks/outputs.tf @@ -0,0 +1,11 @@ +############################################################################## +# Outputs +############################################################################## + +#output "myoutput" { +# description = "Description of my output" +# value = "value" +# depends_on = [] +#} + +############################################################################## diff --git a/examples/obs-agent-iks/provider.tf b/examples/obs-agent-iks/provider.tf new file mode 100644 index 00000000..9d119362 --- /dev/null +++ b/examples/obs-agent-iks/provider.tf @@ -0,0 +1,24 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region +} + +provider "helm" { + kubernetes { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate + } + # IBM Cloud credentials are required to authenticate to the helm repo + registry { + url = "oci://icr.io/ibm/observe/monitoring-agent-helm" + username = "iamapikey" + password = var.ibmcloud_api_key + } +} + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate +} diff --git a/examples/obs-agent-iks/variables.tf b/examples/obs-agent-iks/variables.tf new file mode 100644 index 00000000..0f42a3c5 --- /dev/null +++ b/examples/obs-agent-iks/variables.tf @@ -0,0 +1,41 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud api token" + sensitive = true +} + +variable "prefix" { + type = string + description = "A prefix for the name of all resources that are created by this example" + default = "obs-agent-iks" +} + +variable "resource_group" { + type = string + description = "An existing resource group name to use for this example. If not specified, a new resource group is created." + default = null +} + +variable "resource_tags" { + type = list(string) + description = "A list of tags to add to the resources that are created." + default = [] +} + +variable "region" { + type = string + description = "The region where the resources are created." + default = "au-syd" +} + +variable "is_vpc_cluster" { + type = bool + description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is classic cluster." + default = true +} + +variable "datacenter" { + type = string + description = "If creating a classic cluster, the data center where the cluster is created" + default = "syd01" +} diff --git a/examples/obs-agent-iks/version.tf b/examples/obs-agent-iks/version.tf new file mode 100644 index 00000000..7f0ae1ec --- /dev/null +++ b/examples/obs-agent-iks/version.tf @@ -0,0 +1,26 @@ +terraform { + required_version = ">= 1.3.0" + + # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main + # module's version.tf (this example), and 1 example that will always use the latest provider version (obs-agent-ocp). + required_providers { + ibm = { + source = "ibm-cloud/ibm" + version = "1.70.0" + } + helm = { + source = "hashicorp/helm" + version = "2.15.0" + } + # The kubernetes provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.16.1" + } + # The time provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version + time = { + source = "hashicorp/time" + version = ">= 0.9.1" + } + } +} diff --git a/examples/obs-agent-ocp/README.md b/examples/obs-agent-ocp/README.md new file mode 100644 index 00000000..1c29c3aa --- /dev/null +++ b/examples/obs-agent-ocp/README.md @@ -0,0 +1,11 @@ +# Monitoring agent + +An example that shows how to deploy Monitoring agent in an Red Hat OpenShift container platform cluster to send Logs directly to a Cloud Monitoring instance. + +The example provisions the following resources: + +- A new resource group, if an existing one is not passed in. +- A basic VPC. +- A Red Hat OpenShift Container Platform VPC cluster. +- An IBM Cloud Monitoring instance. +- Monitoring agent diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf new file mode 100644 index 00000000..dcefdc07 --- /dev/null +++ b/examples/obs-agent-ocp/main.tf @@ -0,0 +1,129 @@ +############################################################################## +# Resource Group +############################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.6" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} + +######################################################################################################################## +# VPC + Subnet + Public Gateway +# +# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow +# all traffic ingress/egress by default. +# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and +# ACLs/Security Groups for network security. +######################################################################################################################## + +resource "ibm_is_vpc" "vpc" { + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + address_prefix_management = "auto" + tags = var.resource_tags +} + +resource "ibm_is_public_gateway" "gateway" { + name = "${var.prefix}-gateway-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" +} + +resource "ibm_is_subnet" "subnet_zone_1" { + name = "${var.prefix}-subnet-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" + total_ipv4_address_count = 256 + public_gateway = ibm_is_public_gateway.gateway.id +} + +######################################################################################################################## +# OCP VPC cluster (single zone) +######################################################################################################################## + +locals { + cluster_vpc_subnets = { + default = [ + { + id = ibm_is_subnet.subnet_zone_1.id + cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block + zone = ibm_is_subnet.subnet_zone_1.zone + } + ] + } + + worker_pools = [ + { + subnet_prefix = "default" + pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) + machine_type = "bx2.4x16" + operating_system = "REDHAT_8_64" + workers_per_zone = 2 # minimum of 2 is allowed when using single zone + } + ] +} + +module "ocp_base" { + source = "terraform-ibm-modules/base-ocp-vpc/ibm" + version = "3.41.7" + resource_group_id = module.resource_group.resource_group_id + region = var.region + tags = var.resource_tags + cluster_name = var.prefix + force_delete_storage = true + vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = local.cluster_vpc_subnets + ocp_version = var.ocp_version + worker_pools = local.worker_pools + access_tags = var.access_tags + ocp_entitlement = var.ocp_entitlement +} + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = module.ocp_base.cluster_id + resource_group_id = module.resource_group.resource_group_id +} + +############################################################################## +# Observability Instance +############################################################################## + +module "observability_instances" { + source = "terraform-ibm-modules/observability-instances/ibm" + version = "3.5.0" + resource_group_id = module.resource_group.resource_group_id + region = var.region + cloud_logs_plan = "standard" + cloud_monitoring_plan = "graduated-tier" + enable_platform_metrics = false + cloud_logs_instance_name = "${var.prefix}-cloud-logs" + cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring" +} + +data "ibm_is_security_groups" "vpc_security_groups" { + depends_on = [module.ocp_base] + vpc_id = ibm_is_vpc.vpc.id +} + +############################################################################## +# Observability Agents +############################################################################## + +module "observability_agents" { + source = "../.." + depends_on = [module.vpe] + cluster_id = module.ocp_base.cluster_id + cluster_resource_group_id = module.resource_group.resource_group_id + # Monitoring agent + cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key + # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics + cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] + cloud_monitoring_container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] + cloud_monitoring_agent_tags = var.resource_tags + cloud_monitoring_instance_region = module.observability_instances.region +} diff --git a/examples/obs-agent-ocp/outputs.tf b/examples/obs-agent-ocp/outputs.tf new file mode 100644 index 00000000..135186b7 --- /dev/null +++ b/examples/obs-agent-ocp/outputs.tf @@ -0,0 +1,11 @@ +############################################################################## +# Outputs +############################################################################## + +#output "myoutput" { +# description = "Description of my output" +# value = "value" +# depends_on = [] +#} + +############################################################################## diff --git a/examples/obs-agent-ocp/provider.tf b/examples/obs-agent-ocp/provider.tf new file mode 100644 index 00000000..9d119362 --- /dev/null +++ b/examples/obs-agent-ocp/provider.tf @@ -0,0 +1,24 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region +} + +provider "helm" { + kubernetes { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate + } + # IBM Cloud credentials are required to authenticate to the helm repo + registry { + url = "oci://icr.io/ibm/observe/monitoring-agent-helm" + username = "iamapikey" + password = var.ibmcloud_api_key + } +} + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate +} diff --git a/examples/obs-agent-ocp/variables.tf b/examples/obs-agent-ocp/variables.tf new file mode 100644 index 00000000..9795d32e --- /dev/null +++ b/examples/obs-agent-ocp/variables.tf @@ -0,0 +1,47 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud api token" + sensitive = true +} + +variable "prefix" { + type = string + description = "A prefix for the name of all resources that are created by this example" + default = "obs-agent-ocp" +} + +variable "resource_group" { + type = string + description = "An existing resource group name to use for this example. If not specified, a new resource group is created." + default = null +} + +variable "resource_tags" { + type = list(string) + description = "A list of tags to add to the resources that are created." + default = [] +} + +variable "access_tags" { + type = list(string) + description = "Optional list of access management tags to add to resources that are created" + default = [] +} + +variable "region" { + type = string + description = "The region where the resources are created." + default = "au-syd" +} + +variable "ocp_version" { + type = string + description = "Version of the OCP cluster to provision" + default = null +} + +variable "ocp_entitlement" { + type = string + description = "Value that is applied to the entitlements for OCP cluster provisioning" + default = null +} diff --git a/examples/obs-agent-ocp/version.tf b/examples/obs-agent-ocp/version.tf new file mode 100644 index 00000000..10709c5e --- /dev/null +++ b/examples/obs-agent-ocp/version.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.3.0" + + # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main + # module's version.tf (obs-agent-iks), and 1 example that will always use the latest provider version (this exammple). + required_providers { + ibm = { + source = "ibm-cloud/ibm" + version = ">= 1.71.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.15.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.16.1" + } + } +} diff --git a/main.tf b/main.tf index b6b879e2..ac910508 100644 --- a/main.tf +++ b/main.tf @@ -1,13 +1,116 @@ -# -# Developer tips: -# - Below code should be replaced with the code for the root level module -# - -resource "ibm_resource_instance" "cos_instance" { - name = var.name - resource_group_id = var.resource_group_id - service = "cloud-object-storage" - plan = var.plan - location = "global" - tags = var.resource_tags +############################################################################## +# terraform-ibm-monitoring-agent +############################################################################## + +# Lookup cluster name from ID. The is_vpc_cluster variable defines whether to use the VPC data block or the Classic data block +data "ibm_container_vpc_cluster" "cluster" { + count = var.is_vpc_cluster ? 1 : 0 + name = var.cluster_id + resource_group_id = var.cluster_resource_group_id + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout +} + +data "ibm_container_cluster" "cluster" { + count = var.is_vpc_cluster ? 0 : 1 + name = var.cluster_id + resource_group_id = var.cluster_resource_group_id + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout +} + +# Download cluster config which is required to connect to cluster +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name + resource_group_id = var.cluster_resource_group_id + config_dir = "${path.module}/kubeconfig" + endpoint_type = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null # null value represents default +} + +locals { + # LOCALS + cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 + cloud_monitoring_chart_location = "${path.module}/chart/sysdig-agent" + cloud_monitoring_image_tag_digest = "13.8.0@sha256:58dc3f3ed78352954767810672497ceda516eb9450a5c6dd3c801e57ff3a8ffc" # datasource: icr.io/ext/sysdig/agent + cloud_monitoring_agent_registry = "icr.io/ext/sysdig/agent" + cloud_monitoring_agent_tags = var.cloud_monitoring_add_cluster_name ? concat(["ibm.containers-kubernetes.cluster.name:${local.cluster_name}"], var.cloud_monitoring_agent_tags) : var.cloud_monitoring_agent_tags + cloud_monitoring_host = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null + + # TODO: Move this into variable.tf since module requires 1.9 now + # VARIABLE VALIDATION + cloud_monitoring_key_validate_condition = var.cloud_monitoring_enabled == true && var.cloud_monitoring_instance_region == null && var.cloud_monitoring_access_key == null + cloud_monitoring_key_validate_msg = "Values for 'cloud_monitoring_access_key' and 'log_analysis_instance_region' variables must be passed when 'cloud_monitoring_enabled = true'" + # tflint-ignore: terraform_unused_declarations + cloud_monitoring_key_validate_check = regex("^${local.cloud_monitoring_key_validate_msg}$", (!local.cloud_monitoring_key_validate_condition ? local.cloud_monitoring_key_validate_msg : "")) +} + +resource "helm_release" "cloud_monitoring_agent" { + count = var.cloud_monitoring_enabled ? 1 : 0 + + name = var.cloud_monitoring_agent_name + chart = local.cloud_monitoring_chart_location + namespace = var.cloud_monitoring_agent_namespace + create_namespace = true + timeout = 1200 + wait = true + recreate_pods = true + force_update = true + reset_values = true + + set { + name = "metadata.name" + type = "string" + value = var.cloud_monitoring_agent_name + } + set { + name = "image.version" + type = "string" + value = local.cloud_monitoring_image_tag_digest + } + set { + name = "image.registry" + type = "string" + value = local.cloud_monitoring_agent_registry + } + set { + name = "config.clustername" + type = "string" + value = local.cluster_name + } + set { + name = "config.host" + type = "string" + value = local.cloud_monitoring_host + } + set { + name = "secret.name" + type = "string" + value = var.cloud_monitoring_secret_name + } + set_sensitive { + name = "secret.key" + type = "string" + value = var.cloud_monitoring_access_key + } + set { + name = "config.tags" + type = "string" + value = join("\\,", local.cloud_monitoring_agent_tags) + } + + values = [yamlencode({ + metrics_filter = var.cloud_monitoring_metrics_filter + }), yamlencode({ + tolerations = var.cloud_monitoring_agent_tolerations + }), yamlencode({ + container_filter = var.cloud_monitoring_container_filter + })] + + provisioner "local-exec" { + command = "${path.module}/scripts/confirm-rollout-status.sh ${var.cloud_monitoring_agent_name} ${var.cloud_monitoring_agent_namespace}" + interpreter = ["/bin/bash", "-c"] + environment = { + KUBECONFIG = data.ibm_container_cluster_config.cluster_config.config_file_path + } + } } diff --git a/outputs.tf b/outputs.tf index 1c0cf4cc..586e7dd2 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,30 +1,6 @@ -######################################################################################################################## +############################################################################## # Outputs -######################################################################################################################## +############################################################################## -# -# Developer tips: -# - Below are some good practise sample outputs -# - They should be updated for outputs applicable to the module being added -# - Use variable validation when possible -# -output "account_id" { - description = "An alpha-numeric value identifying the account ID." - value = ibm_resource_instance.cos_instance.account_id -} - -output "guid" { - description = "The GUID of the resource instance." - value = ibm_resource_instance.cos_instance.account_id -} - -output "id" { - description = "The unique identifier of the resource instance." - value = ibm_resource_instance.cos_instance.id -} - -output "crn" { - description = "The CRN of the resource instance." - value = ibm_resource_instance.cos_instance.crn -} +############################################################################## diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md new file mode 100644 index 00000000..053e3de9 --- /dev/null +++ b/solutions/fully-configurable/README.md @@ -0,0 +1,11 @@ +# Cloud automation for Cloud Monitoring Agent + +This architecture deploys the following observability agent on a Red Hat OpenShift cluster: + +* Cloud Monitoring agent + +## Before you begin + +* Make sure that the Red Hat OpenShift Cluster is deployed. + +* Make sure that the Cloud Monitoring for which specific agent are required are deployed. diff --git a/solutions/fully-configurable/catalogValidationValues.json.template b/solutions/fully-configurable/catalogValidationValues.json.template new file mode 100644 index 00000000..f48a7e33 --- /dev/null +++ b/solutions/fully-configurable/catalogValidationValues.json.template @@ -0,0 +1,3 @@ +{ + "ibmcloud_api_key": $VALIDATION_APIKEY +} diff --git a/solutions/fully-configurable/kubeconfig/.gitignore b/solutions/fully-configurable/kubeconfig/.gitignore new file mode 100644 index 00000000..632a28fb --- /dev/null +++ b/solutions/fully-configurable/kubeconfig/.gitignore @@ -0,0 +1,6 @@ +# Ignore everything +* + +# But not these files... +!.gitignore +!README.md diff --git a/solutions/fully-configurable/kubeconfig/README.md b/solutions/fully-configurable/kubeconfig/README.md new file mode 100644 index 00000000..e85afee8 --- /dev/null +++ b/solutions/fully-configurable/kubeconfig/README.md @@ -0,0 +1,2 @@ +This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the +config.yml used to connect to a kubernetes cluster. diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf new file mode 100644 index 00000000..65b13b02 --- /dev/null +++ b/solutions/fully-configurable/main.tf @@ -0,0 +1,35 @@ +############################################################################## +# Observability Agents +############################################################################## + +locals { + cluster_config_endpoint_type = var.cluster_config_endpoint_type + is_vpc_cluster = var.is_vpc_cluster +} + +data "ibm_container_cluster_config" "cluster_config" { + cluster_name_id = local.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name + resource_group_id = var.cluster_resource_group_id + config_dir = "${path.module}/kubeconfig" + endpoint_type = local.cluster_config_endpoint_type != "default" ? local.cluster_config_endpoint_type : null +} + +module "observability_agents" { + source = "../.." + cluster_id = var.cluster_id + cluster_resource_group_id = var.cluster_resource_group_id + cluster_config_endpoint_type = local.cluster_config_endpoint_type + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout + # Cloud Monitoring (Sysdig) Agent + cloud_monitoring_agent_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_agent_name}" : var.cloud_monitoring_agent_name + cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace + cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type + cloud_monitoring_access_key = var.cloud_monitoring_access_key + cloud_monitoring_secret_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_secret_name}" : var.cloud_monitoring_secret_name + cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter + cloud_monitoring_agent_tags = var.cloud_monitoring_agent_tags + cloud_monitoring_instance_region = var.cloud_monitoring_instance_region + cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations + cloud_monitoring_add_cluster_name = var.cloud_monitoring_add_cluster_name +} diff --git a/examples/advanced/provider.tf b/solutions/fully-configurable/outputs.tf similarity index 58% rename from examples/advanced/provider.tf rename to solutions/fully-configurable/outputs.tf index 2080946b..586e7dd2 100644 --- a/examples/advanced/provider.tf +++ b/solutions/fully-configurable/outputs.tf @@ -1,8 +1,6 @@ ############################################################################## -# Provider config +# Outputs ############################################################################## -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.region -} + +############################################################################## diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf new file mode 100644 index 00000000..d92f74e3 --- /dev/null +++ b/solutions/fully-configurable/provider.tf @@ -0,0 +1,37 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key +} + +provider "kubernetes" { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token +} + +provider "helm" { + kubernetes { + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + } + # IBM Cloud credentials are required to authenticate to the helm repo + registry { + url = "oci://icr.io/ibm/observe/monitoring-agent-helm" + username = "iamapikey" + password = var.ibmcloud_api_key + } +} + +# Retrieve information about an existing VPC cluster +data "ibm_container_vpc_cluster" "cluster" { + count = local.is_vpc_cluster ? 1 : 0 + name = var.cluster_id + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout +} + +# Retrieve information about an existing Classic cluster +data "ibm_container_cluster" "cluster" { + count = local.is_vpc_cluster ? 0 : 1 + name = var.cluster_id + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout +} diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf new file mode 100644 index 00000000..cf2c264e --- /dev/null +++ b/solutions/fully-configurable/variables.tf @@ -0,0 +1,136 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud API key." + sensitive = true +} + +variable "prefix" { + type = string + description = "The prefix for resources created by this solution." + default = null +} + +############################################################################## +# Cluster variables +############################################################################## + +variable "cluster_id" { + type = string + description = "The ID of the cluster to deploy the agents in." +} + +variable "cluster_resource_group_id" { + type = string + description = "The resource group ID of the cluster." +} + +variable "cluster_config_endpoint_type" { + description = "Specify the type of endpoint to use to access the cluster configuration. Possible values: `default`, `private`, `vpe`, `link`. The `default` value uses the default endpoint of the cluster." + type = string + default = "private" + nullable = false # use default if null is passed in +} + +variable "is_vpc_cluster" { + type = bool + description = "Specify true if the target cluster for the DA is a VPC cluster, false if it is classic cluster." + default = true +} + +variable "wait_till" { + description = "Specify the stage when Terraform should mark the cluster resource creation as completed. Supported values: `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady`, `Normal`." + type = string + default = "Normal" +} + +variable "wait_till_timeout" { + description = "Timeout for wait_till in minutes." + type = number + default = 90 +} + +############################################################################## +# Cloud Monitoring variables +############################################################################## + +variable "cloud_monitoring_access_key" { + type = string + description = "The access key that is used by the IBM Cloud Monitoring agent to communicate with the instance." + sensitive = true + default = null +} + +variable "cloud_monitoring_secret_name" { + type = string + description = "The name of the secret that will store the access key. If a prefix input variable is passed, the secret name is prefixed to the value in the `-` format." + default = "sysdig-agent" + nullable = false +} + +variable "cloud_monitoring_instance_region" { + type = string + description = "The name of the region where the IBM Cloud Monitoring instance is created. This name is used to construct the ingestion endpoint." + default = null +} + +variable "cloud_monitoring_endpoint_type" { + type = string + description = "Specify the IBM Cloud Monitoring instance endpoint type (`public` or `private`) to use to construct the ingestion endpoint." + default = "private" +} + +variable "cloud_monitoring_metrics_filter" { + type = list(object({ + type = string + name = string + })) + description = "To filter on custom metrics, specify the IBM Cloud Monitoring metrics to include or exclude. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics) and [here](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/solutions/fully-configurable/DA-types.md)." + default = [] # [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] +} + +variable "cloud_monitoring_agent_tags" { + type = list(string) + description = "A list of the tags to associate with the metrics that the IBM Cloud Monitoring agent collects. To add the cluster name as a tag, use the `cloud_monitoring_add_cluster_name` variable." + default = [] + nullable = false +} + +variable "cloud_monitoring_add_cluster_name" { + type = bool + description = "Whether to attach a tag to log messages. Set to `true` to configure the IBM Cloud Monitoring agent to attach a tag that contains the cluster name to all log messages." + default = true +} + +variable "cloud_monitoring_agent_name" { + description = "The name of the IBM Cloud Monitoring agent that is used to name the Kubernetes and Helm resources on the cluster. If a prefix input variable is passed, the name of the IBM Cloud Monitoring agent is prefixed to the value in the `-` format." + type = string + default = "sysdig-agent" +} + +variable "cloud_monitoring_agent_namespace" { + type = string + description = "The namespace to deploy the IBM Cloud Monitoring agent in. Default value: `ibm-observe`." + default = "ibm-observe" + nullable = false +} + +variable "cloud_monitoring_agent_tolerations" { + description = "The list of tolerations to apply to the IBM Cloud Monitoring agent. The default operator value `Exists` matches any taint on any node except the master node. [Learn more](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)" + type = list(object({ + key = optional(string) + operator = optional(string) + value = optional(string) + effect = optional(string) + tolerationSeconds = optional(number) + })) + default = [ + { + operator = "Exists" + }, + { + operator = "Exists" + effect = "NoSchedule" + key = "node-role.kubernetes.io/master" + } + ] +} diff --git a/solutions/fully-configurable/version.tf b/solutions/fully-configurable/version.tf new file mode 100644 index 00000000..ef2dbfc9 --- /dev/null +++ b/solutions/fully-configurable/version.tf @@ -0,0 +1,20 @@ +terraform { + # module uses nullable feature which is only available in versions >= 1.1.0 + required_version = ">= 1.9.0" + + required_providers { + # Lock DA into an exact provider version - renovate automation will keep it updated + ibm = { + source = "ibm-cloud/ibm" + version = "1.76.1" + } + helm = { + source = "hashicorp/helm" + version = "2.16.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.33.0" + } + } +} diff --git a/tests/README.md b/tests/README.md index dfd68426..581aa046 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,5 +1,8 @@ + + # Tests For information about how to create and run tests, see [Validation tests](https://terraform-ibm-modules.github.io/documentation/#/tests) in the project documentation. + diff --git a/tests/other_test.go b/tests/other_test.go index 88d360d3..1d650238 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -1,2 +1,18 @@ // Tests in this file are NOT run in the PR pipeline. They are run in the continuous testing pipeline along with the ones in pr_test.go package test + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestRunAgentClassicKubernetes(t *testing.T) { + t.Parallel() + + options := setupOptions(t, "obs-agent-iks", terraformDirMonitoringAgentIKS) + options.TerraformVars["is_vpc_cluster"] = false + output, err := options.RunTestConsistency() + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") +} diff --git a/tests/pr_test.go b/tests/pr_test.go index 8867ed00..39555667 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -1,56 +1,262 @@ -// Tests in this file are run in the PR pipeline and the continuous testing pipeline +// Tests in this file are run in the PR pipeline package test import ( + "fmt" + "math/rand/v2" + "os" + "strings" "testing" + "github.com/gruntwork-io/terratest/modules/files" + "github.com/gruntwork-io/terratest/modules/logger" + "github.com/gruntwork-io/terratest/modules/random" + "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) -// Use existing resource group -const resourceGroup = "geretain-test-resources" +const resourceGroup = "geretain-test-observability-agents" +const fullyConfigurableSolutionDir = "solutions/fully-configurable" +const fullyConfigurableSolutionKubeconfigDir = "solutions/fully-configurable/kubeconfig" +const terraformDirMonitoringAgentIKS = "examples/obs-agent-iks" +const terraformDirMonitoringAgentROKS = "examples/obs-agent-ocp" -// Ensure every example directory has a corresponding test -const advancedExampleDir = "examples/advanced" -const basicExampleDir = "examples/basic" +var sharedInfoSvc *cloudinfo.CloudInfoService + +// Currently only including regions that Event Notification support +var validRegions = []string{ + "au-syd", + "eu-gb", + "eu-de", + "eu-es", + "us-south", +} + +// TestMain will be run before any parallel tests, used to set up a shared InfoService object to track region usage +// for multiple tests +func TestMain(m *testing.M) { + sharedInfoSvc, _ = cloudinfo.NewCloudInfoServiceFromEnv("TF_VAR_ibmcloud_api_key", cloudinfo.CloudInfoServiceOptions{}) + + os.Exit(m.Run()) +} + +func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.TestOptions { -func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions { options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ Testing: t, - TerraformDir: dir, + TerraformDir: terraformDir, Prefix: prefix, ResourceGroup: resourceGroup, + IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check + List: []string{ + "module.monitoring_agent.helm_release.cloud_monitoring_agent", + }, + }, + CloudInfoService: sharedInfoSvc, }) + + // add ocp entitlement to keep costs down for tests + if terraformDir == terraformDirMonitoringAgentROKS { + options.TerraformVars["ocp_entitlement"] = "cloud_pak" + } + return options } -// Consistency test for the basic example -func TestRunBasicExample(t *testing.T) { +func TestFullyConfigurableSolution(t *testing.T) { + t.Parallel() + + var region = validRegions[rand.IntN(len(validRegions))] + // ------------------------------------------------------------------------------------------------------ + // Deploy SLZ ROKS Cluster and Observability instances since it is needed to deploy Monitoring Agent + // ------------------------------------------------------------------------------------------------------ + + prefix := fmt.Sprintf("slz-%s", strings.ToLower(random.UniqueId())) + realTerraformDir := "./resources" + tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) + + // Verify ibmcloud_api_key variable is set + checkVariable := "TF_VAR_ibmcloud_api_key" + val, present := os.LookupEnv(checkVariable) + require.True(t, present, checkVariable+" environment variable not set") + require.NotEqual(t, "", val, checkVariable+" environment variable is empty") + + logger.Log(t, "Tempdir: ", tempTerraformDir) + existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: tempTerraformDir, + Vars: map[string]any{ + "prefix": prefix, + "region": region, + }, + // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. + // This is the same as setting the -upgrade=true flag with terraform. + Upgrade: true, + }) + + terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) + _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) + + if existErr != nil { + assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Observability Instances) failed") + } else { + + options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ + Testing: t, + Prefix: "monitoring-agent", + TarIncludePatterns: []string{ + "*.tf", + "kubeconfig/*.*", + "scripts/*.*", + fullyConfigurableSolutionDir + "/*.*", + fullyConfigurableSolutionKubeconfigDir + "/*.*", + }, + IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check + List: []string{ + "module.monitoring_agent.helm_release.cloud_monitoring_agent", + }, + }, + ResourceGroup: resourceGroup, + TemplateFolder: fullyConfigurableSolutionDir, + Tags: []string{"test-schematic"}, + DeleteWorkspaceOnFail: false, + WaitJobCompleteMinutes: 60, + Region: region, + }) + + options.TerraformVars = []testschematic.TestSchematicTerraformVar{ + {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, + {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, + {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "workload_cluster_id"), DataType: "string"}, + {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, + {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, + {Name: "prefix", Value: options.Prefix, DataType: "string"}, + } + + err := options.RunSchematicTest() + assert.Nil(t, err, "This should not have errored") + } + + // Check if "DO_NOT_DESTROY_ON_FAILURE" is set + envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") + // Destroy the temporary existing resources if required + if t.Failed() && strings.ToLower(envVal) == "true" { + fmt.Println("Terratest failed. Debug the test and delete resources manually.") + } else { + logger.Log(t, "START: Destroy (existing resources)") + terraform.Destroy(t, existingTerraformOptions) + terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) + logger.Log(t, "END: Destroy (existing resources)") + } +} + +func TestFullyConfigurableUpgradeSolution(t *testing.T) { t.Parallel() - options := setupOptions(t, "mod-template-basic", basicExampleDir) + var region = validRegions[rand.IntN(len(validRegions))] + + // ------------------------------------------------------------------------------------------------------ + // Deploy SLZ ROKS Cluster and Observability instances since it is needed to deploy Monitoring Agent + // ------------------------------------------------------------------------------------------------------ + + prefix := fmt.Sprintf("slz-%s", strings.ToLower(random.UniqueId())) + realTerraformDir := "./resources" + tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) + + // Verify ibmcloud_api_key variable is set + checkVariable := "TF_VAR_ibmcloud_api_key" + val, present := os.LookupEnv(checkVariable) + require.True(t, present, checkVariable+" environment variable not set") + require.NotEqual(t, "", val, checkVariable+" environment variable is empty") + + logger.Log(t, "Tempdir: ", tempTerraformDir) + existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: tempTerraformDir, + Vars: map[string]any{ + "prefix": prefix, + "region": region, + }, + // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. + // This is the same as setting the -upgrade=true flag with terraform. + Upgrade: true, + }) + + terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) + _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) + + if existErr != nil { + assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Observability Instances) failed") + } else { + options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ + Testing: t, + Prefix: "monitoring-agent", + TarIncludePatterns: []string{ + "*.tf", + "kubeconfig/*.*", + "scripts/*.*", + fullyConfigurableSolutionDir + "/*.*", + fullyConfigurableSolutionKubeconfigDir + "/*.*", + }, + ResourceGroup: resourceGroup, + TemplateFolder: fullyConfigurableSolutionDir, + Tags: []string{"test-schematic"}, + DeleteWorkspaceOnFail: false, + WaitJobCompleteMinutes: 60, + Region: region, + }) + + options.TerraformVars = []testschematic.TestSchematicTerraformVar{ + {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, + {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, + {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "workload_cluster_id"), DataType: "string"}, + {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, + {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, + {Name: "prefix", Value: options.Prefix, DataType: "string"}, + } + + err := options.RunSchematicUpgradeTest() + assert.Nil(t, err, "This should not have errored") + } + + // Check if "DO_NOT_DESTROY_ON_FAILURE" is set + envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") + // Destroy the temporary existing resources if required + if t.Failed() && strings.ToLower(envVal) == "true" { + fmt.Println("Terratest failed. Debug the test and delete resources manually.") + } else { + logger.Log(t, "START: Destroy (existing resources)") + terraform.Destroy(t, existingTerraformOptions) + terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) + logger.Log(t, "END: Destroy (existing resources)") + } +} + +func TestRunAgentVpcKubernetes(t *testing.T) { + t.Parallel() + + options := setupOptions(t, "obs-agent-iks", terraformDirMonitoringAgentIKS) output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } -func TestRunAdvancedExample(t *testing.T) { +func TestRunAgentVpcOcp(t *testing.T) { t.Parallel() - options := setupOptions(t, "mod-template-adv", advancedExampleDir) - + options := setupOptions(t, "obs-agent-roks", terraformDirMonitoringAgentROKS) output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } -// Upgrade test (using advanced example) -func TestRunUpgradeExample(t *testing.T) { +func TestRunAgentVpcOcpUpgrade(t *testing.T) { t.Parallel() - options := setupOptions(t, "mod-template-adv-upg", advancedExampleDir) + options := setupOptions(t, "log-agent-upg", terraformDirMonitoringAgentROKS) output, err := options.RunTestUpgrade() if !options.UpgradeTestSkipped { diff --git a/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh new file mode 100755 index 00000000..ba0f6092 --- /dev/null +++ b/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh @@ -0,0 +1,20 @@ +#! /bin/bash + +######################################################################################################################## +## This script is used by the catalog pipeline to destroy the SLZ OCP Cluster, which was provisioned as a ## +## prerequisite for the WAS extension that is published to the catalog ## +######################################################################################################################## + +set -e + +TERRAFORM_SOURCE_DIR="tests/resources" +TF_VARS_FILE="terraform.tfvars" + +( + cd ${TERRAFORM_SOURCE_DIR} + echo "Destroying prerequisite SLZ OCP Cluster and Observability instances .." + terraform destroy -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 + rm -f "${TF_VARS_FILE}" + + echo "Post-validation completed successfully" +) diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh new file mode 100755 index 00000000..96541866 --- /dev/null +++ b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh @@ -0,0 +1,54 @@ +#! /bin/bash + +############################################################################################################ +## This script is used by the catalog pipeline to deploy the SLZ ROKS and Observability instances, +## which are the prerequisites for the Observability Agents extension. +############################################################################################################ + +set -e + +DA_DIR="solutions/fully-configurable" +TERRAFORM_SOURCE_DIR="tests/resources" +JSON_FILE="${DA_DIR}/catalogValidationValues.json" +REGION="us-south" +TF_VARS_FILE="terraform.tfvars" + +( + cwd=$(pwd) + cd ${TERRAFORM_SOURCE_DIR} + echo "Provisioning prerequisite SLZ ROKS CLUSTER and Observability Instances .." + terraform init || exit 1 + # $VALIDATION_APIKEY is available in the catalog runtime + { + echo "ibmcloud_api_key=\"${VALIDATION_APIKEY}\"" + echo "region=\"${REGION}\"" + echo "prefix=\"slz-$(openssl rand -hex 2)\"" + } >> ${TF_VARS_FILE} + terraform apply -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 + + region_var_name="region" + cluster_id_var_name="cluster_id" + cluster_id_value=$(terraform output -state=terraform.tfstate -raw workload_cluster_id) + cluster_resource_group_id_var_name="cluster_resource_group_id" + cluster_resource_group_id_value=$(terraform output -state=terraform.tfstate -raw cluster_resource_group_id) + cloud_monitoring_instance_region_var_name="cloud_monitoring_instance_region" + cloud_monitoring_access_key_var_name="cloud_monitoring_access_key" + cloud_monitoring_access_key_value=$(terraform output -state=terraform.tfstate -raw cloud_monitoring_access_key) + + echo "Appending '${cluster_id_var_name}' and '${region_var_name}' input variable values to ${JSON_FILE}.." + + cd "${cwd}" + jq -r --arg region_var_name "${region_var_name}" \ + --arg region_var_value "${REGION}" \ + --arg cluster_id_var_name "${cluster_id_var_name}" \ + --arg cluster_id_value "${cluster_id_value}" \ + --arg cluster_resource_group_id_var_name "${cluster_resource_group_id_var_name}" \ + --arg cluster_resource_group_id_value "${cluster_resource_group_id_value}" \ + --arg cloud_monitoring_access_key_var_name "${cloud_monitoring_access_key_var_name}" \ + --arg cloud_monitoring_access_key_value "${cloud_monitoring_access_key_value}" \ + --arg cloud_monitoring_instance_region_var_name "${cloud_monitoring_instance_region_var_name}" \ + --arg cloud_monitoring_instance_region_var_value "${REGION}" \ + '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($cloud_monitoring_instance_region_var_name): $cloud_monitoring_instance_region_var_value, ($cloud_monitoring_access_key_var_name): $cloud_monitoring_access_key_value' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 + + echo "Pre-validation complete successfully" +) diff --git a/variables.tf b/variables.tf index a9d9899a..3378f1ae 100644 --- a/variables.tf +++ b/variables.tf @@ -1,36 +1,169 @@ -######################################################################################################################## -# Input Variables -######################################################################################################################## +############################################################################## +# Cluster variables +############################################################################## -# -# Developer tips: -# - Below are some common module input variables -# - They should be updated for input variables applicable to the module being added -# - Use variable validation when possible -# +variable "cluster_id" { + type = string + description = "The ID of the cluster you wish to deploy the agents in" +} -variable "name" { +variable "cluster_resource_group_id" { type = string - description = "A descriptive name used to identify the resource instance." + description = "The Resource Group ID of the cluster" } -variable "plan" { +variable "cluster_config_endpoint_type" { + description = "Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster." type = string - description = "The name of the plan type supported by service." - default = "standard" + default = "default" + nullable = false # use default if null is passed in validation { - condition = contains(["standard", "cos-one-rate-plan"], var.plan) - error_message = "The specified pricing plan is not available. The following plans are supported: 'standard', 'cos-one-rate-plan'" + error_message = "Invalid Endpoint Type! Valid values are 'default', 'private', 'vpe', or 'link'" + condition = contains(["default", "private", "vpe", "link"], var.cluster_config_endpoint_type) } } -variable "resource_group_id" { +variable "is_vpc_cluster" { + description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster." + type = bool + default = true +} + +variable "wait_till" { + description = "To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal`" type = string - description = "The ID of the resource group where you want to create the service." + default = "Normal" + + validation { + error_message = "`wait_till` value must be one of `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` or `Normal`." + condition = contains([ + "MasterNodeReady", + "OneWorkerNodeReady", + "IngressReady", + "Normal" + ], var.wait_till) + } } -variable "resource_tags" { +variable "wait_till_timeout" { + description = "Timeout for wait_till in minutes." + type = number + default = 90 +} + +############################################################################## +# Cloud Monitoring variables +############################################################################## + +variable "cloud_monitoring_enabled" { + type = bool + description = "Deploy IBM Cloud Monitoring agent" + default = true +} + +variable "cloud_monitoring_access_key" { + type = string + description = "Access key used by the IBM Cloud Monitoring agent to communicate with the instance" + sensitive = true + default = null +} + +variable "cloud_monitoring_secret_name" { + type = string + description = "The name of the secret which will store the access key." + default = "sysdig-agent" + nullable = false +} + +variable "cloud_monitoring_instance_region" { + type = string + description = "The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint." + default = null +} + +variable "cloud_monitoring_endpoint_type" { + type = string + description = "Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint." + default = "private" + validation { + error_message = "The specified endpoint_type can be private or public only." + condition = contains(["private", "public"], var.cloud_monitoring_endpoint_type) + } +} + +variable "cloud_monitoring_metrics_filter" { + type = list(object({ + type = string + name = string + })) + description = "To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics." + default = [] + validation { + condition = alltrue([for filter in var.cloud_monitoring_metrics_filter : can(regex("^(include|exclude)$", filter.type)) && filter.name != ""]) + error_message = "The specified `type` for the `cloud_monitoring_metrics_filter` is not valid. Specify either `include` or `exclude`. The `name` field cannot be empty." + } +} + +variable "cloud_monitoring_container_filter" { + type = list(object({ + type = string + parameter = string + name = string + })) + description = "To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data." + default = [] + validation { + condition = length(var.cloud_monitoring_container_filter) == 0 || can(regex("^(include|exclude)$", var.cloud_monitoring_container_filter[0].type)) + error_message = "Invalid input for `cloud_monitoring_container_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no containers are included or excluded." + } +} + +variable "cloud_monitoring_agent_tags" { type = list(string) - description = "List of resource tag to associate with the instance." + description = "List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud_monitoring_add_cluster_name' variable to add the cluster name as a tag." default = [] + nullable = false + + validation { + condition = alltrue([for tags in var.cloud_monitoring_agent_tags : !can(regex("\\s", tags))]) + error_message = "The cloud monitoring agent tags must not contain any spaces." + } +} + +variable "cloud_monitoring_add_cluster_name" { + type = bool + description = "If true, configure the cloud monitoring agent to attach a tag containing the cluster name to all metric data." + default = true +} + +variable "cloud_monitoring_agent_name" { + description = "Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster." + type = string + default = "sysdig-agent" +} + +variable "cloud_monitoring_agent_namespace" { + type = string + description = "Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe'" + default = "ibm-observe" + nullable = false +} + +variable "cloud_monitoring_agent_tolerations" { + description = "List of tolerations to apply to Cloud Monitoring agent." + type = list(object({ + key = optional(string) + operator = optional(string) + value = optional(string) + effect = optional(string) + tolerationSeconds = optional(number) + })) + default = [{ + operator = "Exists" + }, + { + operator = "Exists" + effect = "NoSchedule" + key = "node-role.kubernetes.io/master" + }] } diff --git a/version.tf b/version.tf index e51de7f6..2faf16c1 100644 --- a/version.tf +++ b/version.tf @@ -11,8 +11,12 @@ terraform { required_providers { ibm = { - source = "IBM-Cloud/ibm" - version = ">= 1.71.2, < 2.0.0" + source = "ibm-cloud/ibm" + version = ">= 1.76.1, <2.0.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.15.0, <3.0.0" } } } From 2ecdbb7881d71596e5b203288ad7118d6865bd5b Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 15:51:37 +0100 Subject: [PATCH 02/33] feat: update code --- .github/settings.yml | 2 +- README.md | 28 ++--- examples/obs-agent-iks/main.tf | 27 ++--- examples/obs-agent-iks/variables.tf | 2 +- examples/obs-agent-iks/version.tf | 6 +- examples/obs-agent-ocp/main.tf | 61 +++++----- main.tf | 45 ++------ solutions/fully-configurable/README.md | 2 +- solutions/fully-configurable/main.tf | 7 +- solutions/fully-configurable/variables.tf | 22 +--- tests/pr_test.go | 10 +- tests/resources/README.md | 1 + tests/resources/main.tf | 108 ++++++++++++++++++ tests/resources/outputs.tf | 39 +++++++ tests/resources/provider.tf | 4 + tests/resources/variables.tf | 29 +++++ tests/resources/version.tf | 10 ++ ...ation-deploy-slz-roks-and-obs-instances.sh | 2 +- ...ation-deploy-slz-roks-and-obs-instances.sh | 6 +- variables.tf | 45 ++++---- 20 files changed, 289 insertions(+), 167 deletions(-) create mode 100644 tests/resources/README.md create mode 100644 tests/resources/main.tf create mode 100644 tests/resources/outputs.tf create mode 100644 tests/resources/provider.tf create mode 100644 tests/resources/variables.tf create mode 100644 tests/resources/version.tf diff --git a/.github/settings.yml b/.github/settings.yml index 17bf0bd8..344d1fe5 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -25,4 +25,4 @@ repository: # description: "" # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). - topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, agent, sysdig + topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, monitoring, agent, sysdig diff --git a/README.md b/README.md index b1b60279..cf964ae1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release) -This module deploys the following observability agents to an IBM Cloud Red Hat OpenShift Container Platform or Kubernetes cluster: +This module deploys the following monitoring agent to an IBM Cloud Red Hat OpenShift Container Platform or Kubernetes cluster: - [Monitoring agent](https://cloud.ibm.com/docs/monitoring?topic=monitoring-about-collect-metrics) @@ -30,7 +30,7 @@ This module deploys the following observability agents to an IBM Cloud Red Hat O # ############################################################################ data "ibm_container_cluster_config" "cluster_config" { - # update this value with the Id of the cluster where these agents will be provisioned + # update this value with the Id of the cluster where these agent will be provisioned cluster_name_id = "cluster_id" } @@ -49,23 +49,17 @@ provider "helm" { token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } - # IBM Cloud credentials are required to authenticate to the helm repo - registry { - url = "oci://icr.io/ibm/observe/monitoring-agent-helm" - username = "iamapikey" - password = "XXXXXXXXXXXXXXXXX" # replace with an IBM cloud apikey # pragma: allowlist secret - } } # ############################################################################ -# Install observability agents +# Install monitoring agents # ############################################################################ -module "observability_agents" { - source = "terraform-ibm-modules/observability-agents/ibm" +module "monitoring_agents" { + source = "terraform-ibm-modules/monitoring-agent/ibm" version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release is_vpc_cluster = true # Change to false if target cluster is running on classic infrastructure - cluster_id = "cluster id" # update this with your cluster id where the agents will be installed + cluster_id = "cluster id" # update this with your cluster id where the agent will be installed cluster_resource_group_id = "resource group id" # update this with the Id of your IBM Cloud resource group cloud_monitoring_access_key = "XXXXXXXX" cloud_monitoring_instance_region = "us-south" @@ -108,22 +102,22 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [chart\_location](#input\_chart\_location) | Location of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent' | `string` | `"https://charts.sysdig.com/"` | no | +| [chart\_repository](#input\_chart\_repository) | Repository of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent' | `string` | `"sysdig-deploy"` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | -| [cloud\_monitoring\_add\_cluster\_name](#input\_cloud\_monitoring\_add\_cluster\_name) | If true, configure the cloud monitoring agent to attach a tag containing the cluster name to all metric data. | `bool` | `true` | no | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | -| [cloud\_monitoring\_agent\_tags](#input\_cloud\_monitoring\_agent\_tags) | List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud\_monitoring\_add\_cluster\_name' variable to add the cluster name as a tag. | `list(string)` | `[]` | no | | [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | | [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no | | [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | | [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no | | [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | -| [cloud\_monitoring\_secret\_name](#input\_cloud\_monitoring\_secret\_name) | The name of the secret which will store the access key. | `string` | `"sysdig-agent"` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | -| [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agents in | `string` | n/a | yes | +| [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in | `string` | n/a | yes | | [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes | -| [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | +| [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | +| [node\_analyzer\_enabled](#input\_node\_analyzer\_enabled) | Enable the node analyzer. The node analyzer is a component of the IBM Cloud Monitoring agent that collects and sends data about the nodes in your cluster to the IBM Cloud Monitoring service. | `bool` | `false` | no | | [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no | | [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no | diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index 2f79ab4a..e3060ef7 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -103,26 +103,23 @@ resource "time_sleep" "wait_operators" { } ############################################################################## -# Observability Instance +# Monitoring Instance ############################################################################## -module "observability_instances" { - source = "terraform-ibm-modules/observability-instances/ibm" - version = "3.5.0" - resource_group_id = module.resource_group.resource_group_id - region = var.region - cloud_logs_plan = "standard" - cloud_monitoring_plan = "graduated-tier" - enable_platform_metrics = false - cloud_logs_instance_name = "${var.prefix}-cloud-logs" - cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring" +module "cloud_monitoring" { + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" } ############################################################################## -# Observability Agents +# Monitoring Agents ############################################################################## -module "observability_agents" { +module "monitoring_agents" { source = "../.." depends_on = [time_sleep.wait_operators] cluster_id = local.cluster_name_id @@ -130,6 +127,6 @@ module "observability_agents" { cluster_resource_group_id = module.resource_group.resource_group_id # # Monitoring agent cloud_monitoring_enabled = true - cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key - cloud_monitoring_instance_region = module.observability_instances.region + cloud_monitoring_access_key = module.cloud_monitoring.access_key + cloud_monitoring_instance_region = var.region } diff --git a/examples/obs-agent-iks/variables.tf b/examples/obs-agent-iks/variables.tf index 0f42a3c5..c74e3c48 100644 --- a/examples/obs-agent-iks/variables.tf +++ b/examples/obs-agent-iks/variables.tf @@ -30,7 +30,7 @@ variable "region" { variable "is_vpc_cluster" { type = bool - description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is classic cluster." + description = "Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is classic cluster." default = true } diff --git a/examples/obs-agent-iks/version.tf b/examples/obs-agent-iks/version.tf index 7f0ae1ec..8033b514 100644 --- a/examples/obs-agent-iks/version.tf +++ b/examples/obs-agent-iks/version.tf @@ -1,12 +1,12 @@ terraform { - required_version = ">= 1.3.0" + required_version = ">= 1.9.0" # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (this example), and 1 example that will always use the latest provider version (obs-agent-ocp). + # module's version.tf (this example), and 1 example that will always use the latest provider version (logs-agent-ocp). required_providers { ibm = { source = "ibm-cloud/ibm" - version = "1.70.0" + version = "1.76.1" } helm = { source = "hashicorp/helm" diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index dcefdc07..0f4d6bb1 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -69,19 +69,20 @@ locals { } module "ocp_base" { - source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.41.7" - resource_group_id = module.resource_group.resource_group_id - region = var.region - tags = var.resource_tags - cluster_name = var.prefix - force_delete_storage = true - vpc_id = ibm_is_vpc.vpc.id - vpc_subnets = local.cluster_vpc_subnets - ocp_version = var.ocp_version - worker_pools = local.worker_pools - access_tags = var.access_tags - ocp_entitlement = var.ocp_entitlement + source = "terraform-ibm-modules/base-ocp-vpc/ibm" + version = "3.41.7" + resource_group_id = module.resource_group.resource_group_id + region = var.region + tags = var.resource_tags + cluster_name = var.prefix + force_delete_storage = true + vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = local.cluster_vpc_subnets + ocp_version = var.ocp_version + worker_pools = local.worker_pools + access_tags = var.access_tags + ocp_entitlement = var.ocp_entitlement + disable_outbound_traffic_protection = false } data "ibm_container_cluster_config" "cluster_config" { @@ -90,40 +91,30 @@ data "ibm_container_cluster_config" "cluster_config" { } ############################################################################## -# Observability Instance +# Monitoring Instance ############################################################################## -module "observability_instances" { - source = "terraform-ibm-modules/observability-instances/ibm" - version = "3.5.0" - resource_group_id = module.resource_group.resource_group_id - region = var.region - cloud_logs_plan = "standard" - cloud_monitoring_plan = "graduated-tier" - enable_platform_metrics = false - cloud_logs_instance_name = "${var.prefix}-cloud-logs" - cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring" -} - -data "ibm_is_security_groups" "vpc_security_groups" { - depends_on = [module.ocp_base] - vpc_id = ibm_is_vpc.vpc.id +module "cloud_monitoring" { + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" } ############################################################################## -# Observability Agents +# Monitoring Agents ############################################################################## -module "observability_agents" { +module "monitoring_agents" { source = "../.." - depends_on = [module.vpe] cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # Monitoring agent - cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key + cloud_monitoring_access_key = module.cloud_monitoring.access_key # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] cloud_monitoring_container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] - cloud_monitoring_agent_tags = var.resource_tags - cloud_monitoring_instance_region = module.observability_instances.region + cloud_monitoring_instance_region = var.region } diff --git a/main.tf b/main.tf index ac910508..273d8e2c 100644 --- a/main.tf +++ b/main.tf @@ -29,12 +29,8 @@ data "ibm_container_cluster_config" "cluster_config" { locals { # LOCALS - cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 - cloud_monitoring_chart_location = "${path.module}/chart/sysdig-agent" - cloud_monitoring_image_tag_digest = "13.8.0@sha256:58dc3f3ed78352954767810672497ceda516eb9450a5c6dd3c801e57ff3a8ffc" # datasource: icr.io/ext/sysdig/agent - cloud_monitoring_agent_registry = "icr.io/ext/sysdig/agent" - cloud_monitoring_agent_tags = var.cloud_monitoring_add_cluster_name ? concat(["ibm.containers-kubernetes.cluster.name:${local.cluster_name}"], var.cloud_monitoring_agent_tags) : var.cloud_monitoring_agent_tags - cloud_monitoring_host = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null + cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 + cloud_monitoring_host = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null # TODO: Move this into variable.tf since module requires 1.9 now # VARIABLE VALIDATION @@ -48,7 +44,8 @@ resource "helm_release" "cloud_monitoring_agent" { count = var.cloud_monitoring_enabled ? 1 : 0 name = var.cloud_monitoring_agent_name - chart = local.cloud_monitoring_chart_location + chart = var.chart_location + repository = var.chart_repository namespace = var.cloud_monitoring_agent_namespace create_namespace = true timeout = 1200 @@ -58,44 +55,24 @@ resource "helm_release" "cloud_monitoring_agent" { reset_values = true set { - name = "metadata.name" - type = "string" - value = var.cloud_monitoring_agent_name - } - set { - name = "image.version" - type = "string" - value = local.cloud_monitoring_image_tag_digest - } - set { - name = "image.registry" - type = "string" - value = local.cloud_monitoring_agent_registry + name = "nodeAnalyzer.enabled" + type = "auto" + value = var.node_analyzer_enabled } set { - name = "config.clustername" - type = "string" - value = local.cluster_name - } - set { - name = "config.host" + name = "agent.collectorSettings.collectorHost" type = "string" value = local.cloud_monitoring_host } set { - name = "secret.name" - type = "string" - value = var.cloud_monitoring_secret_name - } - set_sensitive { - name = "secret.key" + name = "global.sysdig.accessKey" type = "string" value = var.cloud_monitoring_access_key } set { - name = "config.tags" + name = "global.clusterConfig.name" type = "string" - value = join("\\,", local.cloud_monitoring_agent_tags) + value = local.cluster_name } values = [yamlencode({ diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md index 053e3de9..78391732 100644 --- a/solutions/fully-configurable/README.md +++ b/solutions/fully-configurable/README.md @@ -1,6 +1,6 @@ # Cloud automation for Cloud Monitoring Agent -This architecture deploys the following observability agent on a Red Hat OpenShift cluster: +This architecture deploys the following monitoring agent on a Red Hat OpenShift cluster: * Cloud Monitoring agent diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 65b13b02..c175ea74 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -1,5 +1,5 @@ ############################################################################## -# Observability Agents +# Monitoring Agents ############################################################################## locals { @@ -14,7 +14,7 @@ data "ibm_container_cluster_config" "cluster_config" { endpoint_type = local.cluster_config_endpoint_type != "default" ? local.cluster_config_endpoint_type : null } -module "observability_agents" { +module "monitoring_agent" { source = "../.." cluster_id = var.cluster_id cluster_resource_group_id = var.cluster_resource_group_id @@ -26,10 +26,7 @@ module "observability_agents" { cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type cloud_monitoring_access_key = var.cloud_monitoring_access_key - cloud_monitoring_secret_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_secret_name}" : var.cloud_monitoring_secret_name cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter - cloud_monitoring_agent_tags = var.cloud_monitoring_agent_tags cloud_monitoring_instance_region = var.cloud_monitoring_instance_region cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations - cloud_monitoring_add_cluster_name = var.cloud_monitoring_add_cluster_name } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index cf2c264e..b68e14c1 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -16,7 +16,7 @@ variable "prefix" { variable "cluster_id" { type = string - description = "The ID of the cluster to deploy the agents in." + description = "The ID of the cluster to deploy the agent in." } variable "cluster_resource_group_id" { @@ -60,13 +60,6 @@ variable "cloud_monitoring_access_key" { default = null } -variable "cloud_monitoring_secret_name" { - type = string - description = "The name of the secret that will store the access key. If a prefix input variable is passed, the secret name is prefixed to the value in the `-` format." - default = "sysdig-agent" - nullable = false -} - variable "cloud_monitoring_instance_region" { type = string description = "The name of the region where the IBM Cloud Monitoring instance is created. This name is used to construct the ingestion endpoint." @@ -88,19 +81,6 @@ variable "cloud_monitoring_metrics_filter" { default = [] # [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] } -variable "cloud_monitoring_agent_tags" { - type = list(string) - description = "A list of the tags to associate with the metrics that the IBM Cloud Monitoring agent collects. To add the cluster name as a tag, use the `cloud_monitoring_add_cluster_name` variable." - default = [] - nullable = false -} - -variable "cloud_monitoring_add_cluster_name" { - type = bool - description = "Whether to attach a tag to log messages. Set to `true` to configure the IBM Cloud Monitoring agent to attach a tag that contains the cluster name to all log messages." - default = true -} - variable "cloud_monitoring_agent_name" { description = "The name of the IBM Cloud Monitoring agent that is used to name the Kubernetes and Helm resources on the cluster. If a prefix input variable is passed, the name of the IBM Cloud Monitoring agent is prefixed to the value in the `-` format." type = string diff --git a/tests/pr_test.go b/tests/pr_test.go index 39555667..9ca7b3bc 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -72,7 +72,7 @@ func TestFullyConfigurableSolution(t *testing.T) { var region = validRegions[rand.IntN(len(validRegions))] // ------------------------------------------------------------------------------------------------------ - // Deploy SLZ ROKS Cluster and Observability instances since it is needed to deploy Monitoring Agent + // Deploy SLZ ROKS Cluster and Monitoring instances since it is needed to deploy Monitoring Agent // ------------------------------------------------------------------------------------------------------ prefix := fmt.Sprintf("slz-%s", strings.ToLower(random.UniqueId())) @@ -101,7 +101,7 @@ func TestFullyConfigurableSolution(t *testing.T) { _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Observability Instances) failed") + assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Monitoring Instances) failed") } else { options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ @@ -130,7 +130,7 @@ func TestFullyConfigurableSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, - {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "workload_cluster_id"), DataType: "string"}, + {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, @@ -159,7 +159,7 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { var region = validRegions[rand.IntN(len(validRegions))] // ------------------------------------------------------------------------------------------------------ - // Deploy SLZ ROKS Cluster and Observability instances since it is needed to deploy Monitoring Agent + // Deploy SLZ ROKS Cluster and Monitoring instances since it is needed to deploy Monitoring Agent // ------------------------------------------------------------------------------------------------------ prefix := fmt.Sprintf("slz-%s", strings.ToLower(random.UniqueId())) @@ -188,7 +188,7 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Observability Instances) failed") + assert.True(t, existErr == nil, "Init and Apply of temp resources (SLZ-ROKS and Monitoring Instances) failed") } else { options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ diff --git a/tests/resources/README.md b/tests/resources/README.md new file mode 100644 index 00000000..4bb3621d --- /dev/null +++ b/tests/resources/README.md @@ -0,0 +1 @@ +The terraform code in this directory is used by the existing resource test in tests/pr_test.go diff --git a/tests/resources/main.tf b/tests/resources/main.tf new file mode 100644 index 00000000..d71961fa --- /dev/null +++ b/tests/resources/main.tf @@ -0,0 +1,108 @@ +############################################################################## +# Resource Group +############################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.6" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} + +######################################################################################################################## +# VPC + Subnet + Public Gateway +# +# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow +# all traffic ingress/egress by default. +# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and +# ACLs/Security Groups for network security. +######################################################################################################################## + +resource "ibm_is_vpc" "vpc" { + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + address_prefix_management = "auto" + tags = var.resource_tags +} + +resource "ibm_is_public_gateway" "gateway" { + name = "${var.prefix}-gateway-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" +} + +resource "ibm_is_subnet" "subnet_zone_1" { + name = "${var.prefix}-subnet-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" + total_ipv4_address_count = 256 + public_gateway = ibm_is_public_gateway.gateway.id +} + +######################################################################################################################## +# OCP VPC cluster (single zone) +######################################################################################################################## + +locals { + cluster_vpc_subnets = { + default = [ + { + id = ibm_is_subnet.subnet_zone_1.id + cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block + zone = ibm_is_subnet.subnet_zone_1.zone + } + ] + } + + worker_pools = [ + { + subnet_prefix = "default" + pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) + machine_type = "bx2.4x16" + workers_per_zone = 2 # minimum of 2 is allowed when using single zone + operating_system = "REDHAT_8_64" + } + ] +} + +locals { + cluster_name = "${var.prefix}-cluster" +} + +module "ocp_base" { + source = "terraform-ibm-modules/base-ocp-vpc/ibm" + version = "3.43.1" + resource_group_id = module.resource_group.resource_group_id + region = var.region + tags = var.resource_tags + cluster_name = local.cluster_name + force_delete_storage = true + vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = local.cluster_vpc_subnets + worker_pools = local.worker_pools + access_tags = [] + disable_outbound_traffic_protection = true # set as True to enable outbound traffic +} + +############################################################################## +# Monitoring: +# - Cloud Monitoring instance +############################################################################## + +locals { + cluster_resource_group_id = module.landing_zone.cluster_data[local.cluster_name].resource_group_id + cluster_crn = module.landing_zone.cluster_data[local.cluster_name].crn +} + +module "cloud_monitoring" { + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" + tags = var.resource_tags +} diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf new file mode 100644 index 00000000..f2907fe0 --- /dev/null +++ b/tests/resources/outputs.tf @@ -0,0 +1,39 @@ +############################################################################## +# Outputs +############################################################################## + +output "region" { + value = var.region + description = "Region where SLZ ROKS Cluster is deployed." +} + +output "cluster_id" { + value = module.ocp_base.cluster_id + description = "ID of the cluster." +} + +output "cluster_crn" { + value = local.cluster_crn + description = "CRN of the workload cluster." +} + +output "cluster_name" { + value = local.cluster_name + description = "CRN of the workload cluster." +} + +output "cluster_resource_group_id" { + value = local.cluster_resource_group_id + description = "Resource group ID of the workload cluster." +} + +output "cloud_monitoring_instance_id" { + value = module.cloud_monitoring.cloud_monitoring_id + description = "The name of the provisioned IBM Cloud Logs instance." +} + +output "cloud_monitoring_access_key" { + value = module.cloud_monitoring.cloud_monitoring_access_key + description = "The access key of the provisioned IBM Cloud Logs instance." + sensitive = true +} diff --git a/tests/resources/provider.tf b/tests/resources/provider.tf new file mode 100644 index 00000000..df45ef50 --- /dev/null +++ b/tests/resources/provider.tf @@ -0,0 +1,4 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region +} diff --git a/tests/resources/variables.tf b/tests/resources/variables.tf new file mode 100644 index 00000000..07a76de2 --- /dev/null +++ b/tests/resources/variables.tf @@ -0,0 +1,29 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud API Key." + sensitive = true +} + +variable "region" { + type = string + description = "Region to provision all resources created by this example." + default = "us-south" +} + +variable "prefix" { + type = string + description = "Prefix to append to all resources created by this example." + default = "agent-da" +} + +variable "resource_tags" { + type = list(string) + description = "Optional list of tags to be added to created resources." + default = ["logs-agent-ocp"] +} + +variable "resource_group" { + type = string + description = "The name of an existing resource group to provision resources in. If not specified, a new resource group is created with the `prefix` variable." + default = null +} diff --git a/tests/resources/version.tf b/tests/resources/version.tf new file mode 100644 index 00000000..2ac74bab --- /dev/null +++ b/tests/resources/version.tf @@ -0,0 +1,10 @@ + +terraform { + required_version = ">= 1.9.0" + required_providers { + ibm = { + source = "ibm-cloud/ibm" + version = ">= 1.76.1" + } + } +} diff --git a/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh index ba0f6092..39e7b621 100755 --- a/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh @@ -12,7 +12,7 @@ TF_VARS_FILE="terraform.tfvars" ( cd ${TERRAFORM_SOURCE_DIR} - echo "Destroying prerequisite SLZ OCP Cluster and Observability instances .." + echo "Destroying prerequisite SLZ OCP Cluster and Monitoring instances .." terraform destroy -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 rm -f "${TF_VARS_FILE}" diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh index 96541866..4d722d56 100755 --- a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh @@ -1,8 +1,8 @@ #! /bin/bash ############################################################################################################ -## This script is used by the catalog pipeline to deploy the SLZ ROKS and Observability instances, -## which are the prerequisites for the Observability Agents extension. +## This script is used by the catalog pipeline to deploy the SLZ ROKS and Monitoring instances, +## which are the prerequisites for the Monitoring Agent extension. ############################################################################################################ set -e @@ -16,7 +16,7 @@ TF_VARS_FILE="terraform.tfvars" ( cwd=$(pwd) cd ${TERRAFORM_SOURCE_DIR} - echo "Provisioning prerequisite SLZ ROKS CLUSTER and Observability Instances .." + echo "Provisioning prerequisite SLZ ROKS CLUSTER and Monitoring Instances .." terraform init || exit 1 # $VALIDATION_APIKEY is available in the catalog runtime { diff --git a/variables.tf b/variables.tf index 3378f1ae..6d7fff19 100644 --- a/variables.tf +++ b/variables.tf @@ -4,7 +4,7 @@ variable "cluster_id" { type = string - description = "The ID of the cluster you wish to deploy the agents in" + description = "The ID of the cluster you wish to deploy the agent in" } variable "cluster_resource_group_id" { @@ -24,7 +24,7 @@ variable "cluster_config_endpoint_type" { } variable "is_vpc_cluster" { - description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster." + description = "Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster." type = bool default = true } @@ -68,11 +68,10 @@ variable "cloud_monitoring_access_key" { default = null } -variable "cloud_monitoring_secret_name" { - type = string - description = "The name of the secret which will store the access key." - default = "sysdig-agent" - nullable = false +variable "node_analyzer_enabled" { + type = bool + description = "Enable the node analyzer. The node analyzer is a component of the IBM Cloud Monitoring agent that collects and sends data about the nodes in your cluster to the IBM Cloud Monitoring service." + default = false } variable "cloud_monitoring_instance_region" { @@ -118,24 +117,6 @@ variable "cloud_monitoring_container_filter" { } } -variable "cloud_monitoring_agent_tags" { - type = list(string) - description = "List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud_monitoring_add_cluster_name' variable to add the cluster name as a tag." - default = [] - nullable = false - - validation { - condition = alltrue([for tags in var.cloud_monitoring_agent_tags : !can(regex("\\s", tags))]) - error_message = "The cloud monitoring agent tags must not contain any spaces." - } -} - -variable "cloud_monitoring_add_cluster_name" { - type = bool - description = "If true, configure the cloud monitoring agent to attach a tag containing the cluster name to all metric data." - default = true -} - variable "cloud_monitoring_agent_name" { description = "Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster." type = string @@ -167,3 +148,17 @@ variable "cloud_monitoring_agent_tolerations" { key = "node-role.kubernetes.io/master" }] } + +variable "chart_location" { + description = "Location of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent'" + type = string + default = "https://charts.sysdig.com/" + nullable = false +} + +variable "chart_repository" { + description = "Repository of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent'" + type = string + default = "sysdig-deploy" + nullable = false +} From b29584cd40146eb8fee5b2676a4fb8f262e1c5eb Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 15:59:06 +0100 Subject: [PATCH 03/33] feat: update code --- README.md | 5 +++-- examples/obs-agent-iks/provider.tf | 6 ------ examples/obs-agent-ocp/provider.tf | 6 ------ main.tf | 5 +++-- solutions/fully-configurable/main.tf | 15 +++++++-------- solutions/fully-configurable/provider.tf | 10 ++-------- solutions/fully-configurable/variables.tf | 20 ++++++++++++++++++++ variables.tf | 14 ++++++++++---- 8 files changed, 45 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index cf964ae1..bfac3fa6 100644 --- a/README.md +++ b/README.md @@ -102,8 +102,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [chart\_location](#input\_chart\_location) | Location of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent' | `string` | `"https://charts.sysdig.com/"` | no | -| [chart\_repository](#input\_chart\_repository) | Repository of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent' | `string` | `"sysdig-deploy"` | no | +| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | +| [chart\_repository](#input\_chart\_repository) | The repository URL for the Sysdig Helm chart. | `string` | `"https://charts.sysdig.com"` | no | +| [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `null` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | diff --git a/examples/obs-agent-iks/provider.tf b/examples/obs-agent-iks/provider.tf index 9d119362..13202b7c 100644 --- a/examples/obs-agent-iks/provider.tf +++ b/examples/obs-agent-iks/provider.tf @@ -9,12 +9,6 @@ provider "helm" { token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } - # IBM Cloud credentials are required to authenticate to the helm repo - registry { - url = "oci://icr.io/ibm/observe/monitoring-agent-helm" - username = "iamapikey" - password = var.ibmcloud_api_key - } } provider "kubernetes" { diff --git a/examples/obs-agent-ocp/provider.tf b/examples/obs-agent-ocp/provider.tf index 9d119362..13202b7c 100644 --- a/examples/obs-agent-ocp/provider.tf +++ b/examples/obs-agent-ocp/provider.tf @@ -9,12 +9,6 @@ provider "helm" { token = data.ibm_container_cluster_config.cluster_config.token cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } - # IBM Cloud credentials are required to authenticate to the helm repo - registry { - url = "oci://icr.io/ibm/observe/monitoring-agent-helm" - username = "iamapikey" - password = var.ibmcloud_api_key - } } provider "kubernetes" { diff --git a/main.tf b/main.tf index 273d8e2c..d76bcfae 100644 --- a/main.tf +++ b/main.tf @@ -44,8 +44,9 @@ resource "helm_release" "cloud_monitoring_agent" { count = var.cloud_monitoring_enabled ? 1 : 0 name = var.cloud_monitoring_agent_name - chart = var.chart_location - repository = var.chart_repository + repository = var.chart_repository # Add the repository URL for the sysdig-deploy chart + chart = var.chart_location # Add the path to the sysdig-deploy chart + version = var.chart_version # Specify the version of the sysdig-deploy chart namespace = var.cloud_monitoring_agent_namespace create_namespace = true timeout = 1200 diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index c175ea74..b0a8e919 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -2,25 +2,21 @@ # Monitoring Agents ############################################################################## -locals { - cluster_config_endpoint_type = var.cluster_config_endpoint_type - is_vpc_cluster = var.is_vpc_cluster -} - data "ibm_container_cluster_config" "cluster_config" { - cluster_name_id = local.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name + cluster_name_id = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name resource_group_id = var.cluster_resource_group_id config_dir = "${path.module}/kubeconfig" - endpoint_type = local.cluster_config_endpoint_type != "default" ? local.cluster_config_endpoint_type : null + endpoint_type = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null } module "monitoring_agent" { source = "../.." cluster_id = var.cluster_id cluster_resource_group_id = var.cluster_resource_group_id - cluster_config_endpoint_type = local.cluster_config_endpoint_type + cluster_config_endpoint_type = var.cluster_config_endpoint_type wait_till = var.wait_till wait_till_timeout = var.wait_till_timeout + is_vpc_cluster = var.is_vpc_cluster # Cloud Monitoring (Sysdig) Agent cloud_monitoring_agent_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_agent_name}" : var.cloud_monitoring_agent_name cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace @@ -29,4 +25,7 @@ module "monitoring_agent" { cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter cloud_monitoring_instance_region = var.cloud_monitoring_instance_region cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations + chart_location = var.chart_location + chart_repository = var.chart_repository + chart_version = var.chart_version } diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf index d92f74e3..3a2f6a74 100644 --- a/solutions/fully-configurable/provider.tf +++ b/solutions/fully-configurable/provider.tf @@ -12,17 +12,11 @@ provider "helm" { host = data.ibm_container_cluster_config.cluster_config.host token = data.ibm_container_cluster_config.cluster_config.token } - # IBM Cloud credentials are required to authenticate to the helm repo - registry { - url = "oci://icr.io/ibm/observe/monitoring-agent-helm" - username = "iamapikey" - password = var.ibmcloud_api_key - } } # Retrieve information about an existing VPC cluster data "ibm_container_vpc_cluster" "cluster" { - count = local.is_vpc_cluster ? 1 : 0 + count = var.is_vpc_cluster ? 1 : 0 name = var.cluster_id wait_till = var.wait_till wait_till_timeout = var.wait_till_timeout @@ -30,7 +24,7 @@ data "ibm_container_vpc_cluster" "cluster" { # Retrieve information about an existing Classic cluster data "ibm_container_cluster" "cluster" { - count = local.is_vpc_cluster ? 0 : 1 + count = var.is_vpc_cluster ? 0 : 1 name = var.cluster_id wait_till = var.wait_till wait_till_timeout = var.wait_till_timeout diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index b68e14c1..da03156a 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -114,3 +114,23 @@ variable "cloud_monitoring_agent_tolerations" { } ] } + +variable "chart_location" { + description = "The location of the Helm chart for the Sysdig agent." + type = string + default = "sysdig-deploy" # Replace with the actual chart location if different + nullable = false +} + +variable "chart_repository" { + description = "The repository URL for the Sysdig Helm chart." + type = string + default = "https://charts.sysdig.com" # Replace with the actual repository URL if different + nullable = false +} + +variable "chart_version" { + description = "The version of the Sysdig Helm chart to deploy." + type = string + default = null # Replace with the desired version, or null for the latest version +} diff --git a/variables.tf b/variables.tf index 6d7fff19..c25da374 100644 --- a/variables.tf +++ b/variables.tf @@ -150,15 +150,21 @@ variable "cloud_monitoring_agent_tolerations" { } variable "chart_location" { - description = "Location of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent'" + description = "The location of the Helm chart for the Sysdig agent." type = string - default = "https://charts.sysdig.com/" + default = "sysdig-deploy" # Replace with the actual chart location if different nullable = false } variable "chart_repository" { - description = "Repository of the chart to be used for the Cloud Monitoring agent. Default value is 'ibm-sysdig/agent'" + description = "The repository URL for the Sysdig Helm chart." type = string - default = "sysdig-deploy" + default = "https://charts.sysdig.com" # Replace with the actual repository URL if different nullable = false } + +variable "chart_version" { + description = "The version of the Sysdig Helm chart to deploy." + type = string + default = null # Replace with the desired version, or null for the latest version +} From c808266a5c84606c32036cec57daa67c631fed98 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 16:27:42 +0100 Subject: [PATCH 04/33] feat: update code --- ibm_catalog.json | 159 ++++++++++++++++++ images/monitoring-icon.svg | 24 +++ ...ployable-architecture-monitoring-agent.svg | 4 + 3 files changed, 187 insertions(+) create mode 100644 ibm_catalog.json create mode 100644 images/monitoring-icon.svg create mode 100644 reference-architecture/deployable-architecture-monitoring-agent.svg diff --git a/ibm_catalog.json b/ibm_catalog.json new file mode 100644 index 00000000..2da4ea41 --- /dev/null +++ b/ibm_catalog.json @@ -0,0 +1,159 @@ +{ + "products": [ + { + "label": "Cloud automation for Cloud Monitoring Agent", + "name": "deploy-arch-ibm-monitoring-agent", + "product_kind": "solution", + "tags": [ + "ibm_created", + "logging", + "logging_agent", + "terraform", + "target_terraform", + "solution" + ], + "keywords": [ + "monitoring", + "agent", + "IaC", + "infrastructure as code", + "terraform", + "solution" + ], + "provider_name": "IBM", + "short_description": "Deploys IBM Monitoring Agent to a cluster", + "long_description": "Solutions that support deploying IBM Monitoring Agent for logging.", + "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/blob/main/solutions/fully-configurable/README.md", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/main/images/monitoring-icon.svg", + "flavors": [ + { + "label": "Fully Configurable", + "name": "fully-configurable", + "working_directory": "solutions/fully-configurable", + "compliance": {}, + "iam_permissions": [ + { + "service_name": "containers-kubernetes", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Viewer" + ] + } + ], + "architecture": { + "features": [ + { + "title": "Works with any Openshift or k8s cluster", + "description": "Yes" + }, + { + "title": "Deploys the IBM Monitoring Agent on an existing cluster.", + "description": "Yes" + } + ], + "diagrams": [ + { + "diagram": { + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/reference-architecture/deployable-architecture-monitoring-agent.svg", + "caption": "Monitoring Agent on a cluster", + "type": "image/svg+xml" + }, + "description": "Monitoring Agent deployed on a cluster." + } + ] + }, + "configuration": [ + { + "key": "ibmcloud_api_key", + "required": true + }, + { + "key": "cluster_id", + "custom_config": { + "type": "cluster_var", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "cluster_resource_group_id", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_id" + } + } + }, + { + "key": "is_vpc_cluster", + "required": true + }, + { + "key": "chart_location" + }, + { + "key": "chart_repository" + }, + { + "key": "chart_version" + }, + { + "key": "cloud_monitoring_access_key" + }, + { + "key": "cloud_monitoring_agent_name" + }, + { + "key": "cloud_monitoring_agent_namespace" + }, + { + "key": "cloud_monitoring_agent_tolerations" + }, + { + "key": "cloud_monitoring_endpoint_type" + }, + { + "key": "cloud_monitoring_instance_region" + }, + { + "key": "cloud_monitoring_metrics_filter" + }, + { + "key": "prefix" + }, + { + "key": "cluster_config_endpoint_type" + }, + { + "key": "wait_till", + "options": [ + { + "displayname": "Master Node Ready", + "value": "MasterNodeReady" + }, + { + "displayname": "OneWorkerNodeReady", + "value": "One Worker Node Ready" + }, + { + "displayname": "IngressReady", + "value": "Ingress Ready" + }, + { + "displayname": "Normal", + "value": "Normal" + } + ] + }, + { + "key": "wait_till_timeout" + } + ], + "install_type": "fullstack" + } + ] + } + ] +} diff --git a/images/monitoring-icon.svg b/images/monitoring-icon.svg new file mode 100644 index 00000000..3be9c06b --- /dev/null +++ b/images/monitoring-icon.svg @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/reference-architecture/deployable-architecture-monitoring-agent.svg b/reference-architecture/deployable-architecture-monitoring-agent.svg new file mode 100644 index 00000000..361671cc --- /dev/null +++ b/reference-architecture/deployable-architecture-monitoring-agent.svg @@ -0,0 +1,4 @@ + + + +
IBM Cloud
IBM Cloud
Resource Group
Resource Group
Existing Cluster
Existing ClusterMonitoring Agent
data
dataMonitoring InstanceText is not SVG - cannot display \ No newline at end of file From 13c8f99726b38341be99e5f6bee12e752b086164 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 16:35:45 +0100 Subject: [PATCH 05/33] fix: catalog.json SKIP UPGRADE TESTS --- .secrets.baseline | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.secrets.baseline b/.secrets.baseline index 147f1608..ef74d649 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-03-24T23:50:51Z", + "generated_at": "2025-03-24T23:50:52Z", "plugins_used": [ { "name": "AWSKeyDetector" From df3c030a0ebacfcaf512138d1ffb35c9e14c9d5f Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 16:49:31 +0100 Subject: [PATCH 06/33] fix: update outputs --- tests/pr_test.go | 2 +- tests/resources/main.tf | 5 ----- tests/resources/outputs.tf | 24 ++++++++++++------------ 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 9ca7b3bc..327af6a4 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -212,7 +212,7 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, - {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "workload_cluster_id"), DataType: "string"}, + {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, diff --git a/tests/resources/main.tf b/tests/resources/main.tf index d71961fa..8a97fa50 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -92,11 +92,6 @@ module "ocp_base" { # - Cloud Monitoring instance ############################################################################## -locals { - cluster_resource_group_id = module.landing_zone.cluster_data[local.cluster_name].resource_group_id - cluster_crn = module.landing_zone.cluster_data[local.cluster_name].crn -} - module "cloud_monitoring" { source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" version = "3.5.0" diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index f2907fe0..6443a9c7 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -13,27 +13,27 @@ output "cluster_id" { } output "cluster_crn" { - value = local.cluster_crn - description = "CRN of the workload cluster." + value = module.ocp_base.cluster_crn + description = "CRN of the cluster." } -output "cluster_name" { - value = local.cluster_name - description = "CRN of the workload cluster." +output "cluster_resource_group_id" { + value = module.ocp_base.resource_group_id + description = "Resource group ID of the cluster." } -output "cluster_resource_group_id" { - value = local.cluster_resource_group_id - description = "Resource group ID of the workload cluster." +output "cluster_name" { + value = local.cluster_name + description = "Name of the cluster." } output "cloud_monitoring_instance_id" { - value = module.cloud_monitoring.cloud_monitoring_id - description = "The name of the provisioned IBM Cloud Logs instance." + value = module.cloud_monitoring.crn + description = "The cloud monitoring instance crn." } output "cloud_monitoring_access_key" { - value = module.cloud_monitoring.cloud_monitoring_access_key - description = "The access key of the provisioned IBM Cloud Logs instance." + value = module.cloud_monitoring.access_key + description = "The access key of the provisioned IBM Cloud Monitoring instance." sensitive = true } From 1b9cb914eefff662ed5da1e36e9275a024d58059 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 20:50:09 +0100 Subject: [PATCH 07/33] fix: add dir --- kubeconfig/.gitignore | 6 ++++++ kubeconfig/README.md | 2 ++ 2 files changed, 8 insertions(+) create mode 100644 kubeconfig/.gitignore create mode 100644 kubeconfig/README.md diff --git a/kubeconfig/.gitignore b/kubeconfig/.gitignore new file mode 100644 index 00000000..632a28fb --- /dev/null +++ b/kubeconfig/.gitignore @@ -0,0 +1,6 @@ +# Ignore everything +* + +# But not these files... +!.gitignore +!README.md diff --git a/kubeconfig/README.md b/kubeconfig/README.md new file mode 100644 index 00000000..e85afee8 --- /dev/null +++ b/kubeconfig/README.md @@ -0,0 +1,2 @@ +This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the +config.yml used to connect to a kubernetes cluster. From 5f908cd7a59251172117e09ca62b9991badd7dea Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 22:25:15 +0100 Subject: [PATCH 08/33] fix: outbound traffic --- examples/obs-agent-iks/main.tf | 128 +++++++++++++--------------- examples/obs-agent-iks/variables.tf | 12 --- scripts/confirm-rollout-status.sh | 8 ++ 3 files changed, 67 insertions(+), 81 deletions(-) create mode 100755 scripts/confirm-rollout-status.sh diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index e3060ef7..df5617e2 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -10,89 +10,80 @@ module "resource_group" { existing_resource_group_name = var.resource_group } -############################################################################## -# Create VPC and IKS Cluster -############################################################################## +######################################################################################################################## +# VPC + Subnet + Public Gateway +# +# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow +# all traffic ingress/egress by default. +# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and +# ACLs/Security Groups for network security. +######################################################################################################################## + +resource "ibm_is_vpc" "vpc" { + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + address_prefix_management = "auto" + tags = var.resource_tags +} -resource "ibm_is_vpc" "example_vpc" { - count = var.is_vpc_cluster ? 1 : 0 - name = "${var.prefix}-vpc" +resource "ibm_is_public_gateway" "gateway" { + name = "${var.prefix}-gateway-1" + vpc = ibm_is_vpc.vpc.id resource_group = module.resource_group.resource_group_id - tags = var.resource_tags + zone = "${var.region}-1" } -resource "ibm_is_subnet" "testacc_subnet" { - count = var.is_vpc_cluster ? 1 : 0 - name = "${var.prefix}-subnet" - vpc = ibm_is_vpc.example_vpc[0].id +resource "ibm_is_subnet" "subnet_zone_1" { + name = "${var.prefix}-subnet-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id zone = "${var.region}-1" total_ipv4_address_count = 256 - resource_group = module.resource_group.resource_group_id + public_gateway = ibm_is_public_gateway.gateway.id } -# Lookup the current default kube version -data "ibm_container_cluster_versions" "cluster_versions" {} -locals { - default_version = data.ibm_container_cluster_versions.cluster_versions.default_kube_version -} - -resource "ibm_container_vpc_cluster" "cluster" { - count = var.is_vpc_cluster ? 1 : 0 - name = var.prefix - vpc_id = ibm_is_vpc.example_vpc[0].id - kube_version = local.default_version - flavor = "bx2.4x16" - worker_count = "2" - force_delete_storage = true - wait_till = "IngressReady" - zones { - subnet_id = ibm_is_subnet.testacc_subnet[0].id - name = "${var.region}-1" - } - resource_group_id = module.resource_group.resource_group_id - tags = var.resource_tags -} - -resource "ibm_container_cluster" "cluster" { - #checkov:skip=CKV2_IBM_7:Public endpoint is required for testing purposes - count = var.is_vpc_cluster ? 0 : 1 - name = var.prefix - datacenter = var.datacenter - default_pool_size = 2 - hardware = "shared" - kube_version = local.default_version - force_delete_storage = true - machine_type = "b3c.4x16" - public_vlan_id = ibm_network_vlan.public_vlan[0].id - private_vlan_id = ibm_network_vlan.private_vlan[0].id - wait_till = "Normal" - resource_group_id = module.resource_group.resource_group_id - tags = var.resource_tags - - timeouts { - delete = "2h" - create = "3h" - } -} +######################################################################################################################## +# OCP VPC cluster (single zone) +######################################################################################################################## locals { - cluster_name_id = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id -} + cluster_vpc_subnets = { + default = [ + { + id = ibm_is_subnet.subnet_zone_1.id + cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block + zone = ibm_is_subnet.subnet_zone_1.zone + } + ] + } -resource "ibm_network_vlan" "public_vlan" { - count = var.is_vpc_cluster ? 0 : 1 - datacenter = var.datacenter - type = "PUBLIC" + worker_pools = [ + { + subnet_prefix = "default" + pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) + machine_type = "bx2.4x16" + operating_system = "REDHAT_8_64" + workers_per_zone = 2 # minimum of 2 is allowed when using single zone + } + ] } -resource "ibm_network_vlan" "private_vlan" { - count = var.is_vpc_cluster ? 0 : 1 - datacenter = var.datacenter - type = "PRIVATE" +module "ocp_base" { + source = "terraform-ibm-modules/base-ocp-vpc/ibm" + version = "3.41.7" + resource_group_id = module.resource_group.resource_group_id + region = var.region + tags = var.resource_tags + cluster_name = var.prefix + force_delete_storage = true + vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = local.cluster_vpc_subnets + worker_pools = local.worker_pools + disable_outbound_traffic_protection = true # set as True to enable outbound traffic } data "ibm_container_cluster_config" "cluster_config" { - cluster_name_id = local.cluster_name_id + cluster_name_id = module.ocp_base.cluster_id resource_group_id = module.resource_group.resource_group_id } @@ -122,8 +113,7 @@ module "cloud_monitoring" { module "monitoring_agents" { source = "../.." depends_on = [time_sleep.wait_operators] - cluster_id = local.cluster_name_id - is_vpc_cluster = var.is_vpc_cluster + cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # # Monitoring agent cloud_monitoring_enabled = true diff --git a/examples/obs-agent-iks/variables.tf b/examples/obs-agent-iks/variables.tf index c74e3c48..8fbb3a53 100644 --- a/examples/obs-agent-iks/variables.tf +++ b/examples/obs-agent-iks/variables.tf @@ -27,15 +27,3 @@ variable "region" { description = "The region where the resources are created." default = "au-syd" } - -variable "is_vpc_cluster" { - type = bool - description = "Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is classic cluster." - default = true -} - -variable "datacenter" { - type = string - description = "If creating a classic cluster, the data center where the cluster is created" - default = "syd01" -} diff --git a/scripts/confirm-rollout-status.sh b/scripts/confirm-rollout-status.sh new file mode 100755 index 00000000..4197143d --- /dev/null +++ b/scripts/confirm-rollout-status.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +daemonset=$1 +namespace=$2 + +kubectl rollout status ds "${daemonset}" -n "${namespace}" --timeout 30m From 8198c0b8d2360bbfa6d06b0d5d37fb72000d9364 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 22:27:04 +0100 Subject: [PATCH 09/33] fix: outbound traffic --- examples/obs-agent-ocp/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index 0f4d6bb1..3ec7462d 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -82,7 +82,7 @@ module "ocp_base" { worker_pools = local.worker_pools access_tags = var.access_tags ocp_entitlement = var.ocp_entitlement - disable_outbound_traffic_protection = false + disable_outbound_traffic_protection = true # set as True to enable outbound traffic } data "ibm_container_cluster_config" "cluster_config" { From a96906359057d80e7afcdb203c2533bcf6aefcfa Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 2 Apr 2025 23:01:05 +0100 Subject: [PATCH 10/33] fix: outbound traffic --- examples/obs-agent-iks/main.tf | 13 +++++++------ examples/obs-agent-iks/variables.tf | 6 ++++++ examples/obs-agent-ocp/main.tf | 13 +++++++------ examples/obs-agent-ocp/variables.tf | 6 ++++++ .../fully-configurable/kubeconfig/.gitignore | 6 ------ solutions/fully-configurable/kubeconfig/README.md | 2 -- tests/pr_test.go | 2 ++ tests/resources/main.tf | 15 ++++++++------- 8 files changed, 36 insertions(+), 27 deletions(-) delete mode 100644 solutions/fully-configurable/kubeconfig/.gitignore delete mode 100644 solutions/fully-configurable/kubeconfig/README.md diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index df5617e2..7aea21c4 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -98,12 +98,13 @@ resource "time_sleep" "wait_operators" { ############################################################################## module "cloud_monitoring" { - source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" - version = "3.5.0" - instance_name = "${var.prefix}-cloud-monitoring" - resource_group_id = module.resource_group.resource_group_id - region = var.region - plan = "graduated-tier" + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" + enable_platform_metrics = var.enable_platform_metrics } ############################################################################## diff --git a/examples/obs-agent-iks/variables.tf b/examples/obs-agent-iks/variables.tf index 8fbb3a53..8cbcb21b 100644 --- a/examples/obs-agent-iks/variables.tf +++ b/examples/obs-agent-iks/variables.tf @@ -27,3 +27,9 @@ variable "region" { description = "The region where the resources are created." default = "au-syd" } + +variable "enable_platform_metrics" { + type = bool + description = "Enable platform metrics" + default = false +} diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index 3ec7462d..de2c7592 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -95,12 +95,13 @@ data "ibm_container_cluster_config" "cluster_config" { ############################################################################## module "cloud_monitoring" { - source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" - version = "3.5.0" - instance_name = "${var.prefix}-cloud-monitoring" - resource_group_id = module.resource_group.resource_group_id - region = var.region - plan = "graduated-tier" + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" + enable_platform_metrics = var.enable_platform_metrics } ############################################################################## diff --git a/examples/obs-agent-ocp/variables.tf b/examples/obs-agent-ocp/variables.tf index 9795d32e..52020642 100644 --- a/examples/obs-agent-ocp/variables.tf +++ b/examples/obs-agent-ocp/variables.tf @@ -45,3 +45,9 @@ variable "ocp_entitlement" { description = "Value that is applied to the entitlements for OCP cluster provisioning" default = null } + +variable "enable_platform_metrics" { + type = bool + description = "Enable platform metrics" + default = false +} diff --git a/solutions/fully-configurable/kubeconfig/.gitignore b/solutions/fully-configurable/kubeconfig/.gitignore deleted file mode 100644 index 632a28fb..00000000 --- a/solutions/fully-configurable/kubeconfig/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -# Ignore everything -* - -# But not these files... -!.gitignore -!README.md diff --git a/solutions/fully-configurable/kubeconfig/README.md b/solutions/fully-configurable/kubeconfig/README.md deleted file mode 100644 index e85afee8..00000000 --- a/solutions/fully-configurable/kubeconfig/README.md +++ /dev/null @@ -1,2 +0,0 @@ -This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the -config.yml used to connect to a kubernetes cluster. diff --git a/tests/pr_test.go b/tests/pr_test.go index 327af6a4..119e148a 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -64,6 +64,8 @@ func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper. options.TerraformVars["ocp_entitlement"] = "cloud_pak" } + options.TerraformVars["enable_platform_metrics"] = false + return options } diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 8a97fa50..46097071 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -93,11 +93,12 @@ module "ocp_base" { ############################################################################## module "cloud_monitoring" { - source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" - version = "3.5.0" - instance_name = "${var.prefix}-cloud-monitoring" - resource_group_id = module.resource_group.resource_group_id - region = var.region - plan = "graduated-tier" - tags = var.resource_tags + source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring" + version = "3.5.0" + instance_name = "${var.prefix}-cloud-monitoring" + resource_group_id = module.resource_group.resource_group_id + region = var.region + plan = "graduated-tier" + tags = var.resource_tags + enable_platform_metrics = false } From 9e939dc5af0657e24ba0c9c348c5e8a15b9f8279 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 4 Apr 2025 14:01:33 +0100 Subject: [PATCH 11/33] fix: address feedback --- .github/settings.yml | 2 +- .releaserc | 3 ++ README.md | 4 +- examples/obs-agent-iks/main.tf | 1 - ibm_catalog.json | 38 ++++++++++++------- main.tf | 16 ++------ ...ployable-architecture-monitoring-agent.svg | 2 +- solutions/fully-configurable/README.md | 4 ++ solutions/fully-configurable/main.tf | 3 +- solutions/fully-configurable/provider.tf | 10 +++-- solutions/fully-configurable/variables.tf | 15 +------- tests/README.md | 5 --- tests/other_test.go | 18 --------- tests/pr_test.go | 16 +++----- variables.tf | 15 +------- 15 files changed, 53 insertions(+), 99 deletions(-) delete mode 100644 tests/other_test.go diff --git a/.github/settings.yml b/.github/settings.yml index 344d1fe5..900e9318 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -22,7 +22,7 @@ repository: # Uncomment this description property # and update the description to the current repo description. - # description: "" + description: "Terraform module to install and configure the Sysdig Monitoring Agent on IBM Cloud Kubernetes Service (IKS) and Red Hat OpenShift on IBM Cloud (ROKS)." # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, monitoring, agent, sysdig diff --git a/.releaserc b/.releaserc index 708916f7..4160e575 100644 --- a/.releaserc +++ b/.releaserc @@ -10,6 +10,9 @@ }], ["@semantic-release/exec", { "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV" + }], + ["@semantic-release/exec",{ + "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}" }] ] } diff --git a/README.md b/README.md index bfac3fa6..0eaf4be9 100644 --- a/README.md +++ b/README.md @@ -102,15 +102,13 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | -| [chart\_repository](#input\_chart\_repository) | The repository URL for the Sysdig Helm chart. | `string` | `"https://charts.sysdig.com"` | no | +| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"https://charts.sysdig.com/charts/sysdig-deploy"` | no | | [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `null` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | | [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | -| [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no | | [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | | [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no | | [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index 7aea21c4..21eb6c1d 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -117,7 +117,6 @@ module "monitoring_agents" { cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # # Monitoring agent - cloud_monitoring_enabled = true cloud_monitoring_access_key = module.cloud_monitoring.access_key cloud_monitoring_instance_region = var.region } diff --git a/ibm_catalog.json b/ibm_catalog.json index 2da4ea41..955427d2 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1,13 +1,13 @@ { "products": [ { - "label": "Cloud automation for Cloud Monitoring Agent", + "label": "Cloud automation for Monitoring agent", "name": "deploy-arch-ibm-monitoring-agent", "product_kind": "solution", "tags": [ "ibm_created", "logging", - "logging_agent", + "logging_monitoring", "terraform", "target_terraform", "solution" @@ -93,9 +93,6 @@ { "key": "chart_location" }, - { - "key": "chart_repository" - }, { "key": "chart_version" }, @@ -121,10 +118,25 @@ "key": "cloud_monitoring_metrics_filter" }, { - "key": "prefix" - }, - { - "key": "cluster_config_endpoint_type" + "key": "cluster_config_endpoint_type", + "options": [ + { + "displayname": "Default", + "value": "default" + }, + { + "displayname": "Private", + "value": "private" + }, + { + "displayname": "VPE", + "value": "vpe" + }, + { + "displayname": "Link", + "value": "link" + } + ] }, { "key": "wait_till", @@ -134,12 +146,12 @@ "value": "MasterNodeReady" }, { - "displayname": "OneWorkerNodeReady", - "value": "One Worker Node Ready" + "displayname": "One Worker NodeReady", + "value": "OneWorkerNodeReady" }, { - "displayname": "IngressReady", - "value": "Ingress Ready" + "displayname": "Ingress Ready", + "value": "IngressReady" }, { "displayname": "Normal", diff --git a/main.tf b/main.tf index d76bcfae..4229005a 100644 --- a/main.tf +++ b/main.tf @@ -30,23 +30,13 @@ data "ibm_container_cluster_config" "cluster_config" { locals { # LOCALS cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 - cloud_monitoring_host = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null - - # TODO: Move this into variable.tf since module requires 1.9 now - # VARIABLE VALIDATION - cloud_monitoring_key_validate_condition = var.cloud_monitoring_enabled == true && var.cloud_monitoring_instance_region == null && var.cloud_monitoring_access_key == null - cloud_monitoring_key_validate_msg = "Values for 'cloud_monitoring_access_key' and 'log_analysis_instance_region' variables must be passed when 'cloud_monitoring_enabled = true'" - # tflint-ignore: terraform_unused_declarations - cloud_monitoring_key_validate_check = regex("^${local.cloud_monitoring_key_validate_msg}$", (!local.cloud_monitoring_key_validate_condition ? local.cloud_monitoring_key_validate_msg : "")) + cloud_monitoring_host = var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" } resource "helm_release" "cloud_monitoring_agent" { - count = var.cloud_monitoring_enabled ? 1 : 0 - name = var.cloud_monitoring_agent_name - repository = var.chart_repository # Add the repository URL for the sysdig-deploy chart - chart = var.chart_location # Add the path to the sysdig-deploy chart - version = var.chart_version # Specify the version of the sysdig-deploy chart + chart = var.chart_location + version = var.chart_version namespace = var.cloud_monitoring_agent_namespace create_namespace = true timeout = 1200 diff --git a/reference-architecture/deployable-architecture-monitoring-agent.svg b/reference-architecture/deployable-architecture-monitoring-agent.svg index 361671cc..332cbe4b 100644 --- a/reference-architecture/deployable-architecture-monitoring-agent.svg +++ b/reference-architecture/deployable-architecture-monitoring-agent.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
Resource Group
Resource Group
Existing Cluster
Existing ClusterMonitoring Agent
data
dataMonitoring InstanceText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
Existing Resource Group
Existing Resource Group
Existing Cluster
Existing ClusterExisting Monitoring Agent
metrics
metricsMonitoring InstanceText is not SVG - cannot display \ No newline at end of file diff --git a/solutions/fully-configurable/README.md b/solutions/fully-configurable/README.md index 78391732..9e8741f8 100644 --- a/solutions/fully-configurable/README.md +++ b/solutions/fully-configurable/README.md @@ -9,3 +9,7 @@ This architecture deploys the following monitoring agent on a Red Hat OpenShift * Make sure that the Red Hat OpenShift Cluster is deployed. * Make sure that the Cloud Monitoring for which specific agent are required are deployed. + +![monitoring-agent-deployable-architecture](../../reference-architecture/deployable-architecture-monitoring-agent.svg) + +**NB:** This solution is not intended to be called by one or more other modules since it contains a provider configurations, meaning it is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers) diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index b0a8e919..780c7fe2 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -18,7 +18,7 @@ module "monitoring_agent" { wait_till_timeout = var.wait_till_timeout is_vpc_cluster = var.is_vpc_cluster # Cloud Monitoring (Sysdig) Agent - cloud_monitoring_agent_name = var.prefix != null ? "${var.prefix}-${var.cloud_monitoring_agent_name}" : var.cloud_monitoring_agent_name + cloud_monitoring_agent_name = var.cloud_monitoring_agent_name cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type cloud_monitoring_access_key = var.cloud_monitoring_access_key @@ -26,6 +26,5 @@ module "monitoring_agent" { cloud_monitoring_instance_region = var.cloud_monitoring_instance_region cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations chart_location = var.chart_location - chart_repository = var.chart_repository chart_version = var.chart_version } diff --git a/solutions/fully-configurable/provider.tf b/solutions/fully-configurable/provider.tf index 3a2f6a74..5f2229e0 100644 --- a/solutions/fully-configurable/provider.tf +++ b/solutions/fully-configurable/provider.tf @@ -3,14 +3,16 @@ provider "ibm" { } provider "kubernetes" { - host = data.ibm_container_cluster_config.cluster_config.host - token = data.ibm_container_cluster_config.cluster_config.token + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } provider "helm" { kubernetes { - host = data.ibm_container_cluster_config.cluster_config.host - token = data.ibm_container_cluster_config.cluster_config.token + host = data.ibm_container_cluster_config.cluster_config.host + token = data.ibm_container_cluster_config.cluster_config.token + cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate } } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index da03156a..0ede08f5 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -4,12 +4,6 @@ variable "ibmcloud_api_key" { sensitive = true } -variable "prefix" { - type = string - description = "The prefix for resources created by this solution." - default = null -} - ############################################################################## # Cluster variables ############################################################################## @@ -118,14 +112,7 @@ variable "cloud_monitoring_agent_tolerations" { variable "chart_location" { description = "The location of the Helm chart for the Sysdig agent." type = string - default = "sysdig-deploy" # Replace with the actual chart location if different - nullable = false -} - -variable "chart_repository" { - description = "The repository URL for the Sysdig Helm chart." - type = string - default = "https://charts.sysdig.com" # Replace with the actual repository URL if different + default = "https://charts.sysdig.com/charts/sysdig-deploy" nullable = false } diff --git a/tests/README.md b/tests/README.md index 581aa046..05d524ec 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,8 +1,3 @@ - - # Tests For information about how to create and run tests, see [Validation tests](https://terraform-ibm-modules.github.io/documentation/#/tests) in the project documentation. - - - diff --git a/tests/other_test.go b/tests/other_test.go deleted file mode 100644 index 1d650238..00000000 --- a/tests/other_test.go +++ /dev/null @@ -1,18 +0,0 @@ -// Tests in this file are NOT run in the PR pipeline. They are run in the continuous testing pipeline along with the ones in pr_test.go -package test - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestRunAgentClassicKubernetes(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "obs-agent-iks", terraformDirMonitoringAgentIKS) - options.TerraformVars["is_vpc_cluster"] = false - output, err := options.RunTestConsistency() - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} diff --git a/tests/pr_test.go b/tests/pr_test.go index 119e148a..58a6357c 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -135,7 +135,6 @@ func TestFullyConfigurableSolution(t *testing.T) { {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, - {Name: "prefix", Value: options.Prefix, DataType: "string"}, } err := options.RunSchematicTest() @@ -217,7 +216,6 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, - {Name: "prefix", Value: options.Prefix, DataType: "string"}, } err := options.RunSchematicUpgradeTest() @@ -255,14 +253,12 @@ func TestRunAgentVpcOcp(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunAgentVpcOcpUpgrade(t *testing.T) { +func TestRunAgentClassicKubernetes(t *testing.T) { t.Parallel() - options := setupOptions(t, "log-agent-upg", terraformDirMonitoringAgentROKS) - - output, err := options.RunTestUpgrade() - if !options.UpgradeTestSkipped { - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") - } + options := setupOptions(t, "obs-agent-iks", terraformDirMonitoringAgentIKS) + options.TerraformVars["is_vpc_cluster"] = false + output, err := options.RunTestConsistency() + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") } diff --git a/variables.tf b/variables.tf index c25da374..793381de 100644 --- a/variables.tf +++ b/variables.tf @@ -55,12 +55,6 @@ variable "wait_till_timeout" { # Cloud Monitoring variables ############################################################################## -variable "cloud_monitoring_enabled" { - type = bool - description = "Deploy IBM Cloud Monitoring agent" - default = true -} - variable "cloud_monitoring_access_key" { type = string description = "Access key used by the IBM Cloud Monitoring agent to communicate with the instance" @@ -152,14 +146,7 @@ variable "cloud_monitoring_agent_tolerations" { variable "chart_location" { description = "The location of the Helm chart for the Sysdig agent." type = string - default = "sysdig-deploy" # Replace with the actual chart location if different - nullable = false -} - -variable "chart_repository" { - description = "The repository URL for the Sysdig Helm chart." - type = string - default = "https://charts.sysdig.com" # Replace with the actual repository URL if different + default = "https://charts.sysdig.com/charts/sysdig-deploy" nullable = false } From fc9ce232b93f455a0db5c4cfa0a750a70de6c45d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 4 Apr 2025 17:27:09 +0100 Subject: [PATCH 12/33] fix: address feedback --- README.md | 3 ++- main.tf | 3 ++- variables.tf | 9 ++++++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0eaf4be9..0d6bd4bb 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"https://charts.sysdig.com/charts/sysdig-deploy"` | no | +| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | +| [chart\_repository](#input\_chart\_repository) | The repository URL for the Sysdig Helm chart. | `string` | `"https://charts.sysdig.com"` | no | | [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `null` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | diff --git a/main.tf b/main.tf index 4229005a..6ddb043f 100644 --- a/main.tf +++ b/main.tf @@ -30,12 +30,13 @@ data "ibm_container_cluster_config" "cluster_config" { locals { # LOCALS cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 - cloud_monitoring_host = var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" + cloud_monitoring_host = var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" } resource "helm_release" "cloud_monitoring_agent" { name = var.cloud_monitoring_agent_name chart = var.chart_location + repository = var.chart_repository version = var.chart_version namespace = var.cloud_monitoring_agent_namespace create_namespace = true diff --git a/variables.tf b/variables.tf index 793381de..9f0a311a 100644 --- a/variables.tf +++ b/variables.tf @@ -146,7 +146,14 @@ variable "cloud_monitoring_agent_tolerations" { variable "chart_location" { description = "The location of the Helm chart for the Sysdig agent." type = string - default = "https://charts.sysdig.com/charts/sysdig-deploy" + default = "sysdig-deploy" # Replace with the actual chart location if different + nullable = false +} + +variable "chart_repository" { + description = "The repository URL for the Sysdig Helm chart." + type = string + default = "https://charts.sysdig.com" # Replace with the actual repository URL if different nullable = false } From 5b9d1247f31ef4a116c4020656d686a68b590b4d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 4 Apr 2025 17:32:50 +0100 Subject: [PATCH 13/33] fix: address feedback --- README.md | 2 +- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0d6bd4bb..b6b0ed5b 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,7 @@ No modules. |------|-------------|------|---------|:--------:| | [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | | [chart\_repository](#input\_chart\_repository) | The repository URL for the Sysdig Helm chart. | `string` | `"https://charts.sysdig.com"` | no | -| [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `null` | no | +| [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `"1.79.0"` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 0ede08f5..5ca6b79d 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -119,5 +119,5 @@ variable "chart_location" { variable "chart_version" { description = "The version of the Sysdig Helm chart to deploy." type = string - default = null # Replace with the desired version, or null for the latest version + default = "1.79.0" # Replace with the desired version, or null for the latest version } diff --git a/variables.tf b/variables.tf index 9f0a311a..1bd1be49 100644 --- a/variables.tf +++ b/variables.tf @@ -160,5 +160,5 @@ variable "chart_repository" { variable "chart_version" { description = "The version of the Sysdig Helm chart to deploy." type = string - default = null # Replace with the desired version, or null for the latest version + default = "1.79.0" # Replace with the desired version, or null for the latest version } From e3ada1e1d31bc88533501df3fa493e86c37c5154 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 7 Apr 2025 14:41:46 +0100 Subject: [PATCH 14/33] fix: address feedback --- common-dev-assets | 2 +- solutions/fully-configurable/kubeconfig/.gitignore | 6 ++++++ solutions/fully-configurable/kubeconfig/README.md | 2 ++ tests/pr_test.go | 1 - 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 solutions/fully-configurable/kubeconfig/.gitignore create mode 100644 solutions/fully-configurable/kubeconfig/README.md diff --git a/common-dev-assets b/common-dev-assets index 34d851c4..6e39f79e 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 34d851c430194cd9431aced7aa2bae758b35b705 +Subproject commit 6e39f79e1389a1ec3bbe57215573e7d4e6dd98f1 diff --git a/solutions/fully-configurable/kubeconfig/.gitignore b/solutions/fully-configurable/kubeconfig/.gitignore new file mode 100644 index 00000000..632a28fb --- /dev/null +++ b/solutions/fully-configurable/kubeconfig/.gitignore @@ -0,0 +1,6 @@ +# Ignore everything +* + +# But not these files... +!.gitignore +!README.md diff --git a/solutions/fully-configurable/kubeconfig/README.md b/solutions/fully-configurable/kubeconfig/README.md new file mode 100644 index 00000000..e85afee8 --- /dev/null +++ b/solutions/fully-configurable/kubeconfig/README.md @@ -0,0 +1,2 @@ +This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the +config.yml used to connect to a kubernetes cluster. diff --git a/tests/pr_test.go b/tests/pr_test.go index 58a6357c..bdf97788 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -257,7 +257,6 @@ func TestRunAgentClassicKubernetes(t *testing.T) { t.Parallel() options := setupOptions(t, "obs-agent-iks", terraformDirMonitoringAgentIKS) - options.TerraformVars["is_vpc_cluster"] = false output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") From e2f7c9cf514d57b22d701e316f92834c3cc5368b Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 7 Apr 2025 14:42:48 +0100 Subject: [PATCH 15/33] fix: address feedback --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 6e39f79e..34d851c4 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 6e39f79e1389a1ec3bbe57215573e7d4e6dd98f1 +Subproject commit 34d851c430194cd9431aced7aa2bae758b35b705 From fe841bd7f11e8b0310909de0c6ec42fbe438cce2 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 7 Apr 2025 16:16:49 +0100 Subject: [PATCH 16/33] fix: address feedback --- common-dev-assets | 2 +- ibm_catalog.json | 3 +++ solutions/fully-configurable/main.tf | 1 + solutions/fully-configurable/variables.tf | 9 ++++++++- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/common-dev-assets b/common-dev-assets index 2a2281ec..34d851c4 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 2a2281eca386901262a1d0c7b617dc07476d5944 +Subproject commit 34d851c430194cd9431aced7aa2bae758b35b705 diff --git a/ibm_catalog.json b/ibm_catalog.json index 955427d2..45c93cac 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -93,6 +93,9 @@ { "key": "chart_location" }, + { + "key": "chart_repository" + }, { "key": "chart_version" }, diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 780c7fe2..26b513c3 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -26,5 +26,6 @@ module "monitoring_agent" { cloud_monitoring_instance_region = var.cloud_monitoring_instance_region cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations chart_location = var.chart_location + chart_repository = var.chart_repository chart_version = var.chart_version } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 5ca6b79d..766c5cce 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -112,7 +112,14 @@ variable "cloud_monitoring_agent_tolerations" { variable "chart_location" { description = "The location of the Helm chart for the Sysdig agent." type = string - default = "https://charts.sysdig.com/charts/sysdig-deploy" + default = "sysdig-deploy" # Replace with the actual chart location if different + nullable = false +} + +variable "chart_repository" { + description = "The repository URL for the Sysdig Helm chart." + type = string + default = "https://charts.sysdig.com" # Replace with the actual repository URL if different nullable = false } From d80d603d093e2c9f21422f2b3451a11fdd5fe286 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 7 Apr 2025 16:41:44 +0100 Subject: [PATCH 17/33] fix: address feedback --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 34d851c4..2a2281ec 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 34d851c430194cd9431aced7aa2bae758b35b705 +Subproject commit 2a2281eca386901262a1d0c7b617dc07476d5944 From acb982e2ddf181e4df9788ddc21c009a5a67d5cb Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 9 Apr 2025 14:07:21 +0100 Subject: [PATCH 18/33] fix: address feedback --- .catalog-onboard-pipeline.yaml | 4 ++-- .github/settings.yml | 2 +- README.md | 11 +++++------ ibm_catalog.json | 23 +++++++++++++---------- main.tf | 9 ++------- solutions/fully-configurable/main.tf | 2 +- solutions/fully-configurable/variables.tf | 14 ++++++++------ variables.tf | 16 ++++------------ 8 files changed, 36 insertions(+), 45 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index a9f07004..ab6e8dab 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -3,8 +3,8 @@ apiVersion: v1 offerings: - name: deploy-arch-ibm-monitoring-agent kind: solution - catalog_id: _ - offering_id: _ + catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd + offering_id: b0a00765-ee91-4c2a-87fc-df46dbc58cdb variations: - name: fully-configurable mark_ready: true diff --git a/.github/settings.yml b/.github/settings.yml index 900e9318..3d9e92e1 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -22,7 +22,7 @@ repository: # Uncomment this description property # and update the description to the current repo description. - description: "Terraform module to install and configure the Sysdig Monitoring Agent on IBM Cloud Kubernetes Service (IKS) and Red Hat OpenShift on IBM Cloud (ROKS)." + description: "Terraform module to install and configure the Monitoring Agent on IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud." # Use a comma-separated list of topics to set on the repo (ensure not to use any caps in the topic string). topics: terraform, ibm-cloud, terraform-module, core-team, monitoring-agent, sysdig-agent, observability, monitoring, agent, sysdig diff --git a/README.md b/README.md index b6b0ed5b..cc3578d9 100644 --- a/README.md +++ b/README.md @@ -102,22 +102,21 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | -| [chart\_repository](#input\_chart\_repository) | The repository URL for the Sysdig Helm chart. | `string` | `"https://charts.sysdig.com"` | no | -| [chart\_version](#input\_chart\_version) | The version of the Sysdig Helm chart to deploy. | `string` | `"1.79.0"` | no | -| [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | `null` | no | +| [chart](#input\_chart) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | +| [chart\_location](#input\_chart\_location) | The location of the Cloud Monitoring agent helm chart. | `string` | `"https://charts.sysdig.com"` | no | +| [chart\_version](#input\_chart\_version) | The version of the Cloud Monitoring agent helm chart to deploy. | `string` | `"1.79.0"` | no | +| [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | | [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | | [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | -| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no | +| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | | [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in | `string` | n/a | yes | | [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes | | [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | -| [node\_analyzer\_enabled](#input\_node\_analyzer\_enabled) | Enable the node analyzer. The node analyzer is a component of the IBM Cloud Monitoring agent that collects and sends data about the nodes in your cluster to the IBM Cloud Monitoring service. | `bool` | `false` | no | | [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no | | [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no | diff --git a/ibm_catalog.json b/ibm_catalog.json index 45c93cac..6e9f2380 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -73,7 +73,8 @@ "type": "cluster_var", "grouping": "deployment", "original_grouping": "deployment" - } + }, + "required": true }, { "key": "cluster_resource_group_id", @@ -84,23 +85,28 @@ "config_constraints": { "identifier": "rg_id" } - } + }, + "required": true }, { - "key": "is_vpc_cluster", + "key": "cloud_monitoring_access_key", "required": true }, { - "key": "chart_location" + "key": "cloud_monitoring_instance_region", + "required": true }, { - "key": "chart_repository" + "key": "is_vpc_cluster" }, { - "key": "chart_version" + "key": "chart" }, { - "key": "cloud_monitoring_access_key" + "key": "chart_location" + }, + { + "key": "chart_version" }, { "key": "cloud_monitoring_agent_name" @@ -114,9 +120,6 @@ { "key": "cloud_monitoring_endpoint_type" }, - { - "key": "cloud_monitoring_instance_region" - }, { "key": "cloud_monitoring_metrics_filter" }, diff --git a/main.tf b/main.tf index 6ddb043f..28ea480d 100644 --- a/main.tf +++ b/main.tf @@ -35,8 +35,8 @@ locals { resource "helm_release" "cloud_monitoring_agent" { name = var.cloud_monitoring_agent_name - chart = var.chart_location - repository = var.chart_repository + chart = var.chart + repository = var.chart_location version = var.chart_version namespace = var.cloud_monitoring_agent_namespace create_namespace = true @@ -46,11 +46,6 @@ resource "helm_release" "cloud_monitoring_agent" { force_update = true reset_values = true - set { - name = "nodeAnalyzer.enabled" - type = "auto" - value = var.node_analyzer_enabled - } set { name = "agent.collectorSettings.collectorHost" type = "string" diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 26b513c3..1469909f 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -25,7 +25,7 @@ module "monitoring_agent" { cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter cloud_monitoring_instance_region = var.cloud_monitoring_instance_region cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations + chart = var.chart chart_location = var.chart_location - chart_repository = var.chart_repository chart_version = var.chart_version } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 766c5cce..dec7ee83 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -11,11 +11,13 @@ variable "ibmcloud_api_key" { variable "cluster_id" { type = string description = "The ID of the cluster to deploy the agent in." + nullable = false } variable "cluster_resource_group_id" { type = string description = "The resource group ID of the cluster." + nullable = false } variable "cluster_config_endpoint_type" { @@ -51,13 +53,13 @@ variable "cloud_monitoring_access_key" { type = string description = "The access key that is used by the IBM Cloud Monitoring agent to communicate with the instance." sensitive = true - default = null + nullable = false } variable "cloud_monitoring_instance_region" { type = string description = "The name of the region where the IBM Cloud Monitoring instance is created. This name is used to construct the ingestion endpoint." - default = null + nullable = false } variable "cloud_monitoring_endpoint_type" { @@ -109,22 +111,22 @@ variable "cloud_monitoring_agent_tolerations" { ] } -variable "chart_location" { +variable "chart" { description = "The location of the Helm chart for the Sysdig agent." type = string default = "sysdig-deploy" # Replace with the actual chart location if different nullable = false } -variable "chart_repository" { - description = "The repository URL for the Sysdig Helm chart." +variable "chart_location" { + description = "The location of the Cloud Monitoring agent helm chart." type = string default = "https://charts.sysdig.com" # Replace with the actual repository URL if different nullable = false } variable "chart_version" { - description = "The version of the Sysdig Helm chart to deploy." + description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string default = "1.79.0" # Replace with the desired version, or null for the latest version } diff --git a/variables.tf b/variables.tf index 1bd1be49..fcb6adb6 100644 --- a/variables.tf +++ b/variables.tf @@ -59,19 +59,11 @@ variable "cloud_monitoring_access_key" { type = string description = "Access key used by the IBM Cloud Monitoring agent to communicate with the instance" sensitive = true - default = null -} - -variable "node_analyzer_enabled" { - type = bool - description = "Enable the node analyzer. The node analyzer is a component of the IBM Cloud Monitoring agent that collects and sends data about the nodes in your cluster to the IBM Cloud Monitoring service." - default = false } variable "cloud_monitoring_instance_region" { type = string description = "The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint." - default = null } variable "cloud_monitoring_endpoint_type" { @@ -143,22 +135,22 @@ variable "cloud_monitoring_agent_tolerations" { }] } -variable "chart_location" { +variable "chart" { description = "The location of the Helm chart for the Sysdig agent." type = string default = "sysdig-deploy" # Replace with the actual chart location if different nullable = false } -variable "chart_repository" { - description = "The repository URL for the Sysdig Helm chart." +variable "chart_location" { + description = "The location of the Cloud Monitoring agent helm chart." type = string default = "https://charts.sysdig.com" # Replace with the actual repository URL if different nullable = false } variable "chart_version" { - description = "The version of the Sysdig Helm chart to deploy." + description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string default = "1.79.0" # Replace with the desired version, or null for the latest version } From b7b304ba0d5d582b135cb81332160a9b8fe5cbb5 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Wed, 9 Apr 2025 17:21:11 +0100 Subject: [PATCH 19/33] fix: address feedback --- README.md | 2 +- ibm_catalog.json | 28 ++++++++++++++++++++++- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cc3578d9..d2e9a9ee 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [chart](#input\_chart) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no | +| [chart](#input\_chart) | The name of the Helm chart to deploy. | `string` | `"sysdig-deploy"` | no | | [chart\_location](#input\_chart\_location) | The location of the Cloud Monitoring agent helm chart. | `string` | `"https://charts.sysdig.com"` | no | | [chart\_version](#input\_chart\_version) | The version of the Cloud Monitoring agent helm chart to deploy. | `string` | `"1.79.0"` | no | | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | diff --git a/ibm_catalog.json b/ibm_catalog.json index 6e9f2380..3a08c3de 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -94,7 +94,33 @@ }, { "key": "cloud_monitoring_instance_region", - "required": true + "required": true, + "options": [ + { + "displayname": "eu-gb", + "value": "eu-gb" + }, + { + "displayname": "eu-de", + "value": "eu-de" + }, + { + "displayname": "us-east", + "value": "us-east" + }, + { + "displayname": "us-south", + "value": "us-south" + }, + { + "displayname": "jp-tok", + "value": "jp-tok" + }, + { + "displayname": "au-syd", + "value": "au-syd" + } + ] }, { "key": "is_vpc_cluster" diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index dec7ee83..b6bba965 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -112,7 +112,7 @@ variable "cloud_monitoring_agent_tolerations" { } variable "chart" { - description = "The location of the Helm chart for the Sysdig agent." + description = "The name of the Helm chart to deploy." type = string default = "sysdig-deploy" # Replace with the actual chart location if different nullable = false diff --git a/variables.tf b/variables.tf index fcb6adb6..3c7bf855 100644 --- a/variables.tf +++ b/variables.tf @@ -136,7 +136,7 @@ variable "cloud_monitoring_agent_tolerations" { } variable "chart" { - description = "The location of the Helm chart for the Sysdig agent." + description = "The name of the Helm chart to deploy." type = string default = "sysdig-deploy" # Replace with the actual chart location if different nullable = false From c341bb082c80f924751c7217b1064e9461ba1a54 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 10 Apr 2025 11:48:16 +0100 Subject: [PATCH 20/33] fix: address feedback --- solutions/fully-configurable/main.tf | 2 +- solutions/fully-configurable/variables.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 1469909f..c4fff525 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -17,7 +17,7 @@ module "monitoring_agent" { wait_till = var.wait_till wait_till_timeout = var.wait_till_timeout is_vpc_cluster = var.is_vpc_cluster - # Cloud Monitoring (Sysdig) Agent + # Cloud Monitoring Agent cloud_monitoring_agent_name = var.cloud_monitoring_agent_name cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index b6bba965..ce54e031 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -129,4 +129,5 @@ variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string default = "1.79.0" # Replace with the desired version, or null for the latest version + nullable = false } From 137a2ecfb226fea2f63690bee814baa0f82d1f5d Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 10 Apr 2025 11:53:32 +0100 Subject: [PATCH 21/33] fix: address feedback --- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index ce54e031..92da6045 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -128,6 +128,6 @@ variable "chart_location" { variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string - default = "1.79.0" # Replace with the desired version, or null for the latest version + default = "1.79.0" # Replace with the desired version nullable = false } diff --git a/variables.tf b/variables.tf index 3c7bf855..a02d3c9d 100644 --- a/variables.tf +++ b/variables.tf @@ -152,5 +152,5 @@ variable "chart_location" { variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string - default = "1.79.0" # Replace with the desired version, or null for the latest version + default = "1.79.0" # Replace with the desired version } From b22a686500f7e6ae0aedfedd564caf6237a06dfd Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 14 Apr 2025 01:23:20 +0100 Subject: [PATCH 22/33] fix: address feedback --- common-dev-assets | 2 +- .../scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common-dev-assets b/common-dev-assets index bca142c8..2a2281ec 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit bca142c8223bce6df1908aa20447eb18956db2db +Subproject commit 2a2281eca386901262a1d0c7b617dc07476d5944 diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh index 4d722d56..7f682f5b 100755 --- a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh @@ -28,7 +28,7 @@ TF_VARS_FILE="terraform.tfvars" region_var_name="region" cluster_id_var_name="cluster_id" - cluster_id_value=$(terraform output -state=terraform.tfstate -raw workload_cluster_id) + cluster_id_value=$(terraform output -state=terraform.tfstate -raw cluster_id) cluster_resource_group_id_var_name="cluster_resource_group_id" cluster_resource_group_id_value=$(terraform output -state=terraform.tfstate -raw cluster_resource_group_id) cloud_monitoring_instance_region_var_name="cloud_monitoring_instance_region" From 86e52a190da6f40d262a7ead0b9ad6f02558e8c0 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 14 Apr 2025 01:24:21 +0100 Subject: [PATCH 23/33] fix: address feedback --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 2a2281ec..bca142c8 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 2a2281eca386901262a1d0c7b617dc07476d5944 +Subproject commit bca142c8223bce6df1908aa20447eb18956db2db From b8725c563c5e6b6442b40d823719fb6db694b2d7 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 14 Apr 2025 13:41:09 +0100 Subject: [PATCH 24/33] fix: address feedback --- .../scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh index 7f682f5b..2a463702 100755 --- a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh @@ -48,7 +48,7 @@ TF_VARS_FILE="terraform.tfvars" --arg cloud_monitoring_access_key_value "${cloud_monitoring_access_key_value}" \ --arg cloud_monitoring_instance_region_var_name "${cloud_monitoring_instance_region_var_name}" \ --arg cloud_monitoring_instance_region_var_value "${REGION}" \ - '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($cloud_monitoring_instance_region_var_name): $cloud_monitoring_instance_region_var_value, ($cloud_monitoring_access_key_var_name): $cloud_monitoring_access_key_value' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 + '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($cloud_monitoring_instance_region_var_name): $cloud_monitoring_instance_region_var_value, ($cloud_monitoring_access_key_var_name): $cloud_monitoring_access_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 echo "Pre-validation complete successfully" ) From 2fbe1fd0ee8cb3f317c4463708be6a0b44098e74 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 14 Apr 2025 15:06:58 +0100 Subject: [PATCH 25/33] fix: address feedback --- .catalog-onboard-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index ab6e8dab..a19b52b9 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -10,4 +10,4 @@ offerings: mark_ready: true install_type: fullstack pre_validation: "tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh" - post_validation: "tests/scripts/post-validation-destroy-slz-roks-and-obs-instances.sh" + post_validation: "tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh" From dfbaaee582834dd6e4af4ecfdb2f5eae677d7c51 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Mon, 14 Apr 2025 22:30:42 +0100 Subject: [PATCH 26/33] fix: address feedback --- variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/variables.tf b/variables.tf index a02d3c9d..9b1c5b76 100644 --- a/variables.tf +++ b/variables.tf @@ -5,11 +5,13 @@ variable "cluster_id" { type = string description = "The ID of the cluster you wish to deploy the agent in" + nullable = false } variable "cluster_resource_group_id" { type = string description = "The Resource Group ID of the cluster" + nullable = false } variable "cluster_config_endpoint_type" { @@ -59,11 +61,13 @@ variable "cloud_monitoring_access_key" { type = string description = "Access key used by the IBM Cloud Monitoring agent to communicate with the instance" sensitive = true + nullable = false } variable "cloud_monitoring_instance_region" { type = string description = "The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint." + nullable = false } variable "cloud_monitoring_endpoint_type" { @@ -153,4 +157,5 @@ variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string default = "1.79.0" # Replace with the desired version + nullable = false } From 17ec977f39abb0c0948a6027328eb381127721e9 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 24 Apr 2025 18:28:52 +0100 Subject: [PATCH 27/33] fix: address feedback --- README.md | 2 ++ common-dev-assets | 2 +- ibm_catalog.json | 8 ++++++++ main.tf | 10 ++++++++++ solutions/fully-configurable/main.tf | 2 ++ solutions/fully-configurable/variables.tf | 14 ++++++++++++++ variables.tf | 14 ++++++++++++++ 7 files changed, 51 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d2e9a9ee..eb11f7a0 100644 --- a/README.md +++ b/README.md @@ -108,9 +108,11 @@ No modules. | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | +| [cloud\_monitoring\_agent\_registry](#input\_cloud\_monitoring\_agent\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | | [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | | [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | +| [cloud\_monitoring\_image\_tag\_digest](#input\_cloud\_monitoring\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9"` | no | | [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | diff --git a/common-dev-assets b/common-dev-assets index 66edcd12..bca142c8 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 66edcd124f52cdcb5901e6652b84ebf3513ee1a6 +Subproject commit bca142c8223bce6df1908aa20447eb18956db2db diff --git a/ibm_catalog.json b/ibm_catalog.json index 3a08c3de..d51ebda7 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -92,6 +92,14 @@ "key": "cloud_monitoring_access_key", "required": true }, + { + "key": "cloud_monitoring_agent_registry", + "required": true + }, + { + "key": "cloud_monitoring_image_tag_digest", + "required": true + }, { "key": "cloud_monitoring_instance_region", "required": true, diff --git a/main.tf b/main.tf index 28ea480d..2a15fa43 100644 --- a/main.tf +++ b/main.tf @@ -61,6 +61,16 @@ resource "helm_release" "cloud_monitoring_agent" { type = "string" value = local.cluster_name } + set { + name = "image.version" + type = "string" + value = var.cloud_monitoring_image_tag_digest + } + set { + name = "image.registry" + type = "string" + value = var.cloud_monitoring_agent_registry + } values = [yamlencode({ metrics_filter = var.cloud_monitoring_metrics_filter diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index c4fff525..61d3ea42 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -28,4 +28,6 @@ module "monitoring_agent" { chart = var.chart chart_location = var.chart_location chart_version = var.chart_version + cloud_monitoring_agent_registry = var.cloud_monitoring_agent_registry + cloud_monitoring_image_tag_digest = var.cloud_monitoring_image_tag_digest } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 92da6045..2ecce697 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -131,3 +131,17 @@ variable "chart_version" { default = "1.79.0" # Replace with the desired version nullable = false } + +variable "cloud_monitoring_agent_registry" { + description = "The image registry to use for the Cloud Monitoring agent." + type = string + default = "icr.io/ext/sysdig/agent" + nullable = false +} + +variable "cloud_monitoring_image_tag_digest" { + description = "The image tag digest to use for the Cloud Monitoring agent." + type = string + default = "13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9" # datasource: icr.io/ext/sysdig/agent + nullable = false +} diff --git a/variables.tf b/variables.tf index 9b1c5b76..6d365e55 100644 --- a/variables.tf +++ b/variables.tf @@ -159,3 +159,17 @@ variable "chart_version" { default = "1.79.0" # Replace with the desired version nullable = false } + +variable "cloud_monitoring_agent_registry" { + description = "The image registry to use for the Cloud Monitoring agent." + type = string + default = "icr.io/ext/sysdig/agent" + nullable = false +} + +variable "cloud_monitoring_image_tag_digest" { + description = "The image tag digest to use for the Cloud Monitoring agent." + type = string + default = "13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9" # datasource: icr.io/ext/sysdig/agent + nullable = false +} From ede2e70fc277f92a0fb3a78d83136fb68a406c15 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 24 Apr 2025 19:28:50 +0100 Subject: [PATCH 28/33] fix: address feedback --- README.md | 2 +- ibm_catalog.json | 2 +- main.tf | 2 +- solutions/fully-configurable/main.tf | 2 +- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index eb11f7a0..c1452b08 100644 --- a/README.md +++ b/README.md @@ -108,10 +108,10 @@ No modules. | [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | | [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | | [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | -| [cloud\_monitoring\_agent\_registry](#input\_cloud\_monitoring\_agent\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | | [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | | [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | +| [cloud\_monitoring\_image\_registry](#input\_cloud\_monitoring\_image\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | | [cloud\_monitoring\_image\_tag\_digest](#input\_cloud\_monitoring\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9"` | no | | [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | diff --git a/ibm_catalog.json b/ibm_catalog.json index d51ebda7..619ccacd 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -93,7 +93,7 @@ "required": true }, { - "key": "cloud_monitoring_agent_registry", + "key": "cloud_monitoring_image_registry", "required": true }, { diff --git a/main.tf b/main.tf index 2a15fa43..b943f5cb 100644 --- a/main.tf +++ b/main.tf @@ -69,7 +69,7 @@ resource "helm_release" "cloud_monitoring_agent" { set { name = "image.registry" type = "string" - value = var.cloud_monitoring_agent_registry + value = var.cloud_monitoring_image_registry } values = [yamlencode({ diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 61d3ea42..d504f243 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -28,6 +28,6 @@ module "monitoring_agent" { chart = var.chart chart_location = var.chart_location chart_version = var.chart_version - cloud_monitoring_agent_registry = var.cloud_monitoring_agent_registry + cloud_monitoring_image_registry = var.cloud_monitoring_image_registry cloud_monitoring_image_tag_digest = var.cloud_monitoring_image_tag_digest } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 2ecce697..352c954a 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -132,7 +132,7 @@ variable "chart_version" { nullable = false } -variable "cloud_monitoring_agent_registry" { +variable "cloud_monitoring_image_registry" { description = "The image registry to use for the Cloud Monitoring agent." type = string default = "icr.io/ext/sysdig/agent" diff --git a/variables.tf b/variables.tf index 6d365e55..1b5ee43b 100644 --- a/variables.tf +++ b/variables.tf @@ -160,7 +160,7 @@ variable "chart_version" { nullable = false } -variable "cloud_monitoring_agent_registry" { +variable "cloud_monitoring_image_registry" { description = "The image registry to use for the Cloud Monitoring agent." type = string default = "icr.io/ext/sysdig/agent" From 01ebab4647b0873460e6fa3a0759bc3c5497ca48 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 24 Apr 2025 20:09:29 +0100 Subject: [PATCH 29/33] tests: add plan tests --- README.md | 24 +++++++-------- common-dev-assets | 2 +- examples/obs-agent-iks/main.tf | 4 +-- examples/obs-agent-ocp/main.tf | 8 ++--- ibm_catalog.json | 18 +++++------ main.tf | 24 +++++++-------- solutions/fully-configurable/main.tf | 24 +++++++-------- solutions/fully-configurable/variables.tf | 20 ++++++------- tests/pr_test.go | 8 ++--- tests/resources/outputs.tf | 4 +-- ...ation-deploy-slz-roks-and-obs-instances.sh | 16 +++++----- variables.tf | 30 +++++++++---------- 12 files changed, 91 insertions(+), 91 deletions(-) diff --git a/README.md b/README.md index c1452b08..a3b44fb2 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,8 @@ module "monitoring_agents" { is_vpc_cluster = true # Change to false if target cluster is running on classic infrastructure cluster_id = "cluster id" # update this with your cluster id where the agent will be installed cluster_resource_group_id = "resource group id" # update this with the Id of your IBM Cloud resource group - cloud_monitoring_access_key = "XXXXXXXX" - cloud_monitoring_instance_region = "us-south" + access_key = "XXXXXXXX" + instance_region = "us-south" } ``` @@ -102,23 +102,23 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_key](#input\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | | [chart](#input\_chart) | The name of the Helm chart to deploy. | `string` | `"sysdig-deploy"` | no | | [chart\_location](#input\_chart\_location) | The location of the Cloud Monitoring agent helm chart. | `string` | `"https://charts.sysdig.com"` | no | | [chart\_version](#input\_chart\_version) | The version of the Cloud Monitoring agent helm chart to deploy. | `string` | `"1.79.0"` | no | -| [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes | -| [cloud\_monitoring\_agent\_name](#input\_cloud\_monitoring\_agent\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | -| [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | -| [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | -| [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | -| [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | -| [cloud\_monitoring\_image\_registry](#input\_cloud\_monitoring\_image\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | -| [cloud\_monitoring\_image\_tag\_digest](#input\_cloud\_monitoring\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9"` | no | -| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | -| [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | | [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in | `string` | n/a | yes | | [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes | +| [container\_filter](#input\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | +| [endpoint\_type](#input\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | +| [image\_registry](#input\_image\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | +| [image\_tag\_digest](#input\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9"` | no | +| [instance\_region](#input\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | +| [metrics\_filter](#input\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | +| [name](#input\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | +| [namespace](#input\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no | +| [tolerations](#input\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | 
list(object({
    key               = optional(string)
    operator          = optional(string)
    value             = optional(string)
    effect            = optional(string)
    tolerationSeconds = optional(number)
  }))
| 
[
  {
    "operator": "Exists"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master",
    "operator": "Exists"
  }
]
| no | | [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no | | [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no | diff --git a/common-dev-assets b/common-dev-assets index bca142c8..66edcd12 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit bca142c8223bce6df1908aa20447eb18956db2db +Subproject commit 66edcd124f52cdcb5901e6652b84ebf3513ee1a6 diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index 21eb6c1d..a5fffbb6 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -117,6 +117,6 @@ module "monitoring_agents" { cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # # Monitoring agent - cloud_monitoring_access_key = module.cloud_monitoring.access_key - cloud_monitoring_instance_region = var.region + access_key = module.cloud_monitoring.access_key + instance_region = var.region } diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index de2c7592..406ce5e3 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -113,9 +113,9 @@ module "monitoring_agents" { cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # Monitoring agent - cloud_monitoring_access_key = module.cloud_monitoring.access_key + access_key = module.cloud_monitoring.access_key # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics - cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] - cloud_monitoring_container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] - cloud_monitoring_instance_region = var.region + metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] + container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] + instance_region = var.region } diff --git a/ibm_catalog.json b/ibm_catalog.json index 619ccacd..a103c802 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -89,19 +89,19 @@ "required": true }, { - "key": "cloud_monitoring_access_key", + "key": "access_key", "required": true }, { - "key": "cloud_monitoring_image_registry", + "key": "image_registry", "required": true }, { - "key": "cloud_monitoring_image_tag_digest", + "key": "image_tag_digest", "required": true }, { - "key": "cloud_monitoring_instance_region", + "key": "instance_region", "required": true, "options": [ { @@ -143,19 +143,19 @@ "key": "chart_version" }, { - "key": "cloud_monitoring_agent_name" + "key": "name" }, { - "key": "cloud_monitoring_agent_namespace" + "key": "namespace" }, { - "key": "cloud_monitoring_agent_tolerations" + "key": "tolerations" }, { - "key": "cloud_monitoring_endpoint_type" + "key": "endpoint_type" }, { - "key": "cloud_monitoring_metrics_filter" + "key": "metrics_filter" }, { "key": "cluster_config_endpoint_type", diff --git a/main.tf b/main.tf index b943f5cb..16d8b9a0 100644 --- a/main.tf +++ b/main.tf @@ -29,16 +29,16 @@ data "ibm_container_cluster_config" "cluster_config" { locals { # LOCALS - cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 - cloud_monitoring_host = var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" + cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 + collector_host = var.endpoint_type == "private" ? "ingest.private.${var.instance_region}.monitoring.cloud.ibm.com" : "${var.instance_region}.monitoring.cloud.ibm.com" } resource "helm_release" "cloud_monitoring_agent" { - name = var.cloud_monitoring_agent_name + name = var.name chart = var.chart repository = var.chart_location version = var.chart_version - namespace = var.cloud_monitoring_agent_namespace + namespace = var.namespace create_namespace = true timeout = 1200 wait = true @@ -49,12 +49,12 @@ resource "helm_release" "cloud_monitoring_agent" { set { name = "agent.collectorSettings.collectorHost" type = "string" - value = local.cloud_monitoring_host + value = local.collector_host } set { name = "global.sysdig.accessKey" type = "string" - value = var.cloud_monitoring_access_key + value = var.access_key } set { name = "global.clusterConfig.name" @@ -64,24 +64,24 @@ resource "helm_release" "cloud_monitoring_agent" { set { name = "image.version" type = "string" - value = var.cloud_monitoring_image_tag_digest + value = var.image_tag_digest } set { name = "image.registry" type = "string" - value = var.cloud_monitoring_image_registry + value = var.image_registry } values = [yamlencode({ - metrics_filter = var.cloud_monitoring_metrics_filter + metrics_filter = var.metrics_filter }), yamlencode({ - tolerations = var.cloud_monitoring_agent_tolerations + tolerations = var.tolerations }), yamlencode({ - container_filter = var.cloud_monitoring_container_filter + container_filter = var.container_filter })] provisioner "local-exec" { - command = "${path.module}/scripts/confirm-rollout-status.sh ${var.cloud_monitoring_agent_name} ${var.cloud_monitoring_agent_namespace}" + command = "${path.module}/scripts/confirm-rollout-status.sh ${var.name} ${var.namespace}" interpreter = ["/bin/bash", "-c"] environment = { KUBECONFIG = data.ibm_container_cluster_config.cluster_config.config_file_path diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index d504f243..12b05b62 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -18,16 +18,16 @@ module "monitoring_agent" { wait_till_timeout = var.wait_till_timeout is_vpc_cluster = var.is_vpc_cluster # Cloud Monitoring Agent - cloud_monitoring_agent_name = var.cloud_monitoring_agent_name - cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace - cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type - cloud_monitoring_access_key = var.cloud_monitoring_access_key - cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter - cloud_monitoring_instance_region = var.cloud_monitoring_instance_region - cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations - chart = var.chart - chart_location = var.chart_location - chart_version = var.chart_version - cloud_monitoring_image_registry = var.cloud_monitoring_image_registry - cloud_monitoring_image_tag_digest = var.cloud_monitoring_image_tag_digest + name = var.name + namespace = var.namespace + endpoint_type = var.endpoint_type + access_key = var.access_key + metrics_filter = var.metrics_filter + instance_region = var.instance_region + tolerations = var.tolerations + chart = var.chart + chart_location = var.chart_location + chart_version = var.chart_version + image_registry = var.image_registry + image_tag_digest = var.image_tag_digest } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 352c954a..34fc8592 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -49,26 +49,26 @@ variable "wait_till_timeout" { # Cloud Monitoring variables ############################################################################## -variable "cloud_monitoring_access_key" { +variable "access_key" { type = string description = "The access key that is used by the IBM Cloud Monitoring agent to communicate with the instance." sensitive = true nullable = false } -variable "cloud_monitoring_instance_region" { +variable "instance_region" { type = string description = "The name of the region where the IBM Cloud Monitoring instance is created. This name is used to construct the ingestion endpoint." nullable = false } -variable "cloud_monitoring_endpoint_type" { +variable "endpoint_type" { type = string description = "Specify the IBM Cloud Monitoring instance endpoint type (`public` or `private`) to use to construct the ingestion endpoint." default = "private" } -variable "cloud_monitoring_metrics_filter" { +variable "metrics_filter" { type = list(object({ type = string name = string @@ -77,20 +77,20 @@ variable "cloud_monitoring_metrics_filter" { default = [] # [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] } -variable "cloud_monitoring_agent_name" { - description = "The name of the IBM Cloud Monitoring agent that is used to name the Kubernetes and Helm resources on the cluster. If a prefix input variable is passed, the name of the IBM Cloud Monitoring agent is prefixed to the value in the `-` format." +variable "name" { + description = "The name of the IBM Cloud Monitoring agent that is used to name the Kubernetes and Helm resources on the cluster." type = string default = "sysdig-agent" } -variable "cloud_monitoring_agent_namespace" { +variable "namespace" { type = string description = "The namespace to deploy the IBM Cloud Monitoring agent in. Default value: `ibm-observe`." default = "ibm-observe" nullable = false } -variable "cloud_monitoring_agent_tolerations" { +variable "tolerations" { description = "The list of tolerations to apply to the IBM Cloud Monitoring agent. The default operator value `Exists` matches any taint on any node except the master node. [Learn more](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)" type = list(object({ key = optional(string) @@ -132,14 +132,14 @@ variable "chart_version" { nullable = false } -variable "cloud_monitoring_image_registry" { +variable "image_registry" { description = "The image registry to use for the Cloud Monitoring agent." type = string default = "icr.io/ext/sysdig/agent" nullable = false } -variable "cloud_monitoring_image_tag_digest" { +variable "image_tag_digest" { description = "The image tag digest to use for the Cloud Monitoring agent." type = string default = "13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9" # datasource: icr.io/ext/sysdig/agent diff --git a/tests/pr_test.go b/tests/pr_test.go index bdf97788..1ad30fe2 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -131,10 +131,10 @@ func TestFullyConfigurableSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, + {Name: "instance_region", Value: region, DataType: "string"}, {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, - {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, + {Name: "access_key", Value: terraform.Output(t, existingTerraformOptions, "access_key"), DataType: "string", Secure: true}, } err := options.RunSchematicTest() @@ -212,10 +212,10 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, + {Name: "instance_region", Value: region, DataType: "string"}, {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, - {Name: "cloud_monitoring_access_key", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_access_key"), DataType: "string", Secure: true}, + {Name: "access_key", Value: terraform.Output(t, existingTerraformOptions, "access_key"), DataType: "string", Secure: true}, } err := options.RunSchematicUpgradeTest() diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index 6443a9c7..fbcde56b 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -27,12 +27,12 @@ output "cluster_name" { description = "Name of the cluster." } -output "cloud_monitoring_instance_id" { +output "instance_id" { value = module.cloud_monitoring.crn description = "The cloud monitoring instance crn." } -output "cloud_monitoring_access_key" { +output "access_key" { value = module.cloud_monitoring.access_key description = "The access key of the provisioned IBM Cloud Monitoring instance." sensitive = true diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh index 2a463702..017de97b 100755 --- a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh @@ -31,9 +31,9 @@ TF_VARS_FILE="terraform.tfvars" cluster_id_value=$(terraform output -state=terraform.tfstate -raw cluster_id) cluster_resource_group_id_var_name="cluster_resource_group_id" cluster_resource_group_id_value=$(terraform output -state=terraform.tfstate -raw cluster_resource_group_id) - cloud_monitoring_instance_region_var_name="cloud_monitoring_instance_region" - cloud_monitoring_access_key_var_name="cloud_monitoring_access_key" - cloud_monitoring_access_key_value=$(terraform output -state=terraform.tfstate -raw cloud_monitoring_access_key) + instance_region_var_name="instance_region" + access_key_var_name="access_key" + access_key_value=$(terraform output -state=terraform.tfstate -raw access_key) echo "Appending '${cluster_id_var_name}' and '${region_var_name}' input variable values to ${JSON_FILE}.." @@ -44,11 +44,11 @@ TF_VARS_FILE="terraform.tfvars" --arg cluster_id_value "${cluster_id_value}" \ --arg cluster_resource_group_id_var_name "${cluster_resource_group_id_var_name}" \ --arg cluster_resource_group_id_value "${cluster_resource_group_id_value}" \ - --arg cloud_monitoring_access_key_var_name "${cloud_monitoring_access_key_var_name}" \ - --arg cloud_monitoring_access_key_value "${cloud_monitoring_access_key_value}" \ - --arg cloud_monitoring_instance_region_var_name "${cloud_monitoring_instance_region_var_name}" \ - --arg cloud_monitoring_instance_region_var_value "${REGION}" \ - '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($cloud_monitoring_instance_region_var_name): $cloud_monitoring_instance_region_var_value, ($cloud_monitoring_access_key_var_name): $cloud_monitoring_access_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 + --arg access_key_var_name "${access_key_var_name}" \ + --arg access_key_value "${access_key_value}" \ + --arg instance_region_var_name "${instance_region_var_name}" \ + --arg instance_region_var_value "${REGION}" \ + '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($instance_region_var_name): $instance_region_var_value, ($access_key_var_name): $access_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 echo "Pre-validation complete successfully" ) diff --git a/variables.tf b/variables.tf index 1b5ee43b..259feeba 100644 --- a/variables.tf +++ b/variables.tf @@ -57,30 +57,30 @@ variable "wait_till_timeout" { # Cloud Monitoring variables ############################################################################## -variable "cloud_monitoring_access_key" { +variable "access_key" { type = string description = "Access key used by the IBM Cloud Monitoring agent to communicate with the instance" sensitive = true nullable = false } -variable "cloud_monitoring_instance_region" { +variable "instance_region" { type = string description = "The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint." nullable = false } -variable "cloud_monitoring_endpoint_type" { +variable "endpoint_type" { type = string description = "Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint." default = "private" validation { error_message = "The specified endpoint_type can be private or public only." - condition = contains(["private", "public"], var.cloud_monitoring_endpoint_type) + condition = contains(["private", "public"], var.endpoint_type) } } -variable "cloud_monitoring_metrics_filter" { +variable "metrics_filter" { type = list(object({ type = string name = string @@ -88,12 +88,12 @@ variable "cloud_monitoring_metrics_filter" { description = "To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics." default = [] validation { - condition = alltrue([for filter in var.cloud_monitoring_metrics_filter : can(regex("^(include|exclude)$", filter.type)) && filter.name != ""]) - error_message = "The specified `type` for the `cloud_monitoring_metrics_filter` is not valid. Specify either `include` or `exclude`. The `name` field cannot be empty." + condition = alltrue([for filter in var.metrics_filter : can(regex("^(include|exclude)$", filter.type)) && filter.name != ""]) + error_message = "The specified `type` for the `metrics_filter` is not valid. Specify either `include` or `exclude`. The `name` field cannot be empty." } } -variable "cloud_monitoring_container_filter" { +variable "container_filter" { type = list(object({ type = string parameter = string @@ -102,25 +102,25 @@ variable "cloud_monitoring_container_filter" { description = "To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data." default = [] validation { - condition = length(var.cloud_monitoring_container_filter) == 0 || can(regex("^(include|exclude)$", var.cloud_monitoring_container_filter[0].type)) - error_message = "Invalid input for `cloud_monitoring_container_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no containers are included or excluded." + condition = length(var.container_filter) == 0 || can(regex("^(include|exclude)$", var.container_filter[0].type)) + error_message = "Invalid input for `container_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no containers are included or excluded." } } -variable "cloud_monitoring_agent_name" { +variable "name" { description = "Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster." type = string default = "sysdig-agent" } -variable "cloud_monitoring_agent_namespace" { +variable "namespace" { type = string description = "Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe'" default = "ibm-observe" nullable = false } -variable "cloud_monitoring_agent_tolerations" { +variable "tolerations" { description = "List of tolerations to apply to Cloud Monitoring agent." type = list(object({ key = optional(string) @@ -160,14 +160,14 @@ variable "chart_version" { nullable = false } -variable "cloud_monitoring_image_registry" { +variable "image_registry" { description = "The image registry to use for the Cloud Monitoring agent." type = string default = "icr.io/ext/sysdig/agent" nullable = false } -variable "cloud_monitoring_image_tag_digest" { +variable "image_tag_digest" { description = "The image tag digest to use for the Cloud Monitoring agent." type = string default = "13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9" # datasource: icr.io/ext/sysdig/agent From 4dd7a9f107bd047f90cf81a3afb83204b5b7694e Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Thu, 24 Apr 2025 22:37:06 +0100 Subject: [PATCH 30/33] fix: address feedback --- main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/main.tf b/main.tf index 16d8b9a0..e0557134 100644 --- a/main.tf +++ b/main.tf @@ -71,6 +71,12 @@ resource "helm_release" "cloud_monitoring_agent" { type = "string" value = var.image_registry } + # Specific to SCC WP, enabled by default + set { + name = "nodeAnalyzer.enabled" + type = "auto" + value = false + } values = [yamlencode({ metrics_filter = var.metrics_filter From 78eb2cbb3b774ed1edfb3e3b09d0c6f5709d9b6b Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 25 Apr 2025 13:47:42 +0100 Subject: [PATCH 31/33] fix: address feedback --- renovate.json | 31 ++++++++++++++++++++++- solutions/fully-configurable/variables.tf | 2 +- variables.tf | 2 +- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/renovate.json b/renovate.json index 8954b604..f8ed3bd6 100644 --- a/renovate.json +++ b/renovate.json @@ -1,4 +1,33 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"] + "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"], + "customManagers": [ + { + "customType": "regex", + "description": "Update docker image digest to latest in variables.tf", + "fileMatch": ["variables.tf$"], + "datasourceTemplate": "docker", + "matchStrings": [ + "default\\s*=\\s*\"(?[\\w.-]+)@(?sha256:[a-f0-9]+)\"\\s*# datasource: (?[^\\s]+)" + ] + }, + { + "customType": "regex", + "description": "Update sysdig-deploy helm chart version to latest in variables.tf", + "fileMatch": ["variables.tf$"], + "matchStrings": ["default\\s*=\\s*\"(?.*?)\"\\s*# registryUrl: charts.sysdig.com\\n"], + "depNameTemplate": "sysdig-deploy", + "datasourceTemplate": "helm", + "registryUrlTemplate": "https://charts.sysdig.com" + } + ], + "packageRules": [ + { + "description": "Bundle image + helm chart updates into the same PR", + "matchPackageNames": ["icr.io/ext/sysdig/agent", "sysdig-deploy"], + "groupName": "Charts and Images", + "commitMessageExtra": "to latest", + "group": true + } + ] } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 34fc8592..7a7317bb 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -128,7 +128,7 @@ variable "chart_location" { variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string - default = "1.79.0" # Replace with the desired version + default = "1.79.0" # registryUrl: charts.sysdig.com nullable = false } diff --git a/variables.tf b/variables.tf index 259feeba..08e358e3 100644 --- a/variables.tf +++ b/variables.tf @@ -156,7 +156,7 @@ variable "chart_location" { variable "chart_version" { description = "The version of the Cloud Monitoring agent helm chart to deploy." type = string - default = "1.79.0" # Replace with the desired version + default = "1.79.0" # registryUrl: charts.sysdig.com nullable = false } From cb8b621d54f335630c4cc645182087877289ab71 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 25 Apr 2025 14:17:21 +0100 Subject: [PATCH 32/33] fix: address feedback --- .catalog-onboard-pipeline.yaml | 4 ++-- README.md | 6 ++--- examples/obs-agent-iks/main.tf | 4 ++-- examples/obs-agent-ocp/main.tf | 6 ++--- ibm_catalog.json | 23 +++++++++--------- main.tf | 2 +- solutions/fully-configurable/main.tf | 24 +++++++++---------- solutions/fully-configurable/variables.tf | 4 ++-- tests/pr_test.go | 4 ++-- ...tion-deploy-base-ocp-and-obs-instances.sh} | 0 ...tion-deploy-base-ocp-and-obs-instances.sh} | 8 +++---- variables.tf | 8 +++---- 12 files changed, 46 insertions(+), 47 deletions(-) rename tests/scripts/{post-validation-deploy-slz-roks-and-obs-instances.sh => post-validation-deploy-base-ocp-and-obs-instances.sh} (100%) rename tests/scripts/{pre-validation-deploy-slz-roks-and-obs-instances.sh => pre-validation-deploy-base-ocp-and-obs-instances.sh} (82%) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index a19b52b9..8e33445e 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -9,5 +9,5 @@ offerings: - name: fully-configurable mark_ready: true install_type: fullstack - pre_validation: "tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh" - post_validation: "tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh" + pre_validation: "tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh" + post_validation: "tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh" diff --git a/README.md b/README.md index a3b44fb2..28a8c029 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ module "monitoring_agents" { cluster_id = "cluster id" # update this with your cluster id where the agent will be installed cluster_resource_group_id = "resource group id" # update this with the Id of your IBM Cloud resource group access_key = "XXXXXXXX" - instance_region = "us-south" + cloud_monitoring_instance_region = "us-south" } ``` @@ -106,14 +106,14 @@ No modules. | [chart](#input\_chart) | The name of the Helm chart to deploy. | `string` | `"sysdig-deploy"` | no | | [chart\_location](#input\_chart\_location) | The location of the Cloud Monitoring agent helm chart. | `string` | `"https://charts.sysdig.com"` | no | | [chart\_version](#input\_chart\_version) | The version of the Cloud Monitoring agent helm chart to deploy. | `string` | `"1.79.0"` | no | +| [cloud\_monitoring\_instance\_endpoint\_type](#input\_cloud\_monitoring\_instance\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | +| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | | [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in | `string` | n/a | yes | | [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes | | [container\_filter](#input\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | 
list(object({
    type      = string
    parameter = string
    name      = string
  }))
| `[]` | no | -| [endpoint\_type](#input\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no | | [image\_registry](#input\_image\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no | | [image\_tag\_digest](#input\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.8.1@sha256:e5d1c63edf07c9f861249432c00873e32141381c15fbcff80b90a12b272dc0b9"` | no | -| [instance\_region](#input\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | n/a | yes | | [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no | | [metrics\_filter](#input\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | 
list(object({
    type = string
    name = string
  }))
| `[]` | no | | [name](#input\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no | diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf index a5fffbb6..32978729 100644 --- a/examples/obs-agent-iks/main.tf +++ b/examples/obs-agent-iks/main.tf @@ -117,6 +117,6 @@ module "monitoring_agents" { cluster_id = module.ocp_base.cluster_id cluster_resource_group_id = module.resource_group.resource_group_id # # Monitoring agent - access_key = module.cloud_monitoring.access_key - instance_region = var.region + access_key = module.cloud_monitoring.access_key + cloud_monitoring_instance_region = var.region } diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf index 406ce5e3..b088401f 100644 --- a/examples/obs-agent-ocp/main.tf +++ b/examples/obs-agent-ocp/main.tf @@ -115,7 +115,7 @@ module "monitoring_agents" { # Monitoring agent access_key = module.cloud_monitoring.access_key # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics - metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] - container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] - instance_region = var.region + metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }] + container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] + cloud_monitoring_instance_region = var.region } diff --git a/ibm_catalog.json b/ibm_catalog.json index a103c802..c7de5b93 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -22,7 +22,7 @@ ], "provider_name": "IBM", "short_description": "Deploys IBM Monitoring Agent to a cluster", - "long_description": "Solutions that support deploying IBM Monitoring Agent for logging.", + "long_description": "Solution that supports deploying an IBM Monitoring Agent.", "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/blob/main/solutions/fully-configurable/README.md", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/main/images/monitoring-icon.svg", "flavors": [ @@ -93,15 +93,7 @@ "required": true }, { - "key": "image_registry", - "required": true - }, - { - "key": "image_tag_digest", - "required": true - }, - { - "key": "instance_region", + "key": "cloud_monitoring_instance_region", "required": true, "options": [ { @@ -131,7 +123,14 @@ ] }, { - "key": "is_vpc_cluster" + "key": "is_vpc_cluster", + "required": true + }, + { + "key": "image_registry" + }, + { + "key": "image_tag_digest" }, { "key": "chart" @@ -152,7 +151,7 @@ "key": "tolerations" }, { - "key": "endpoint_type" + "key": "cloud_monitoring_instance_endpoint_type" }, { "key": "metrics_filter" diff --git a/main.tf b/main.tf index e0557134..5bff0bf7 100644 --- a/main.tf +++ b/main.tf @@ -30,7 +30,7 @@ data "ibm_container_cluster_config" "cluster_config" { locals { # LOCALS cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485 - collector_host = var.endpoint_type == "private" ? "ingest.private.${var.instance_region}.monitoring.cloud.ibm.com" : "${var.instance_region}.monitoring.cloud.ibm.com" + collector_host = var.cloud_monitoring_instance_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" } resource "helm_release" "cloud_monitoring_agent" { diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf index 12b05b62..6c502bc7 100644 --- a/solutions/fully-configurable/main.tf +++ b/solutions/fully-configurable/main.tf @@ -18,16 +18,16 @@ module "monitoring_agent" { wait_till_timeout = var.wait_till_timeout is_vpc_cluster = var.is_vpc_cluster # Cloud Monitoring Agent - name = var.name - namespace = var.namespace - endpoint_type = var.endpoint_type - access_key = var.access_key - metrics_filter = var.metrics_filter - instance_region = var.instance_region - tolerations = var.tolerations - chart = var.chart - chart_location = var.chart_location - chart_version = var.chart_version - image_registry = var.image_registry - image_tag_digest = var.image_tag_digest + name = var.name + namespace = var.namespace + cloud_monitoring_instance_endpoint_type = var.cloud_monitoring_instance_endpoint_type + access_key = var.access_key + metrics_filter = var.metrics_filter + cloud_monitoring_instance_region = var.cloud_monitoring_instance_region + tolerations = var.tolerations + chart = var.chart + chart_location = var.chart_location + chart_version = var.chart_version + image_registry = var.image_registry + image_tag_digest = var.image_tag_digest } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index 7a7317bb..db7f5662 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -56,13 +56,13 @@ variable "access_key" { nullable = false } -variable "instance_region" { +variable "cloud_monitoring_instance_region" { type = string description = "The name of the region where the IBM Cloud Monitoring instance is created. This name is used to construct the ingestion endpoint." nullable = false } -variable "endpoint_type" { +variable "cloud_monitoring_instance_endpoint_type" { type = string description = "Specify the IBM Cloud Monitoring instance endpoint type (`public` or `private`) to use to construct the ingestion endpoint." default = "private" diff --git a/tests/pr_test.go b/tests/pr_test.go index 1ad30fe2..b71e397a 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -131,7 +131,7 @@ func TestFullyConfigurableSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "instance_region", Value: region, DataType: "string"}, + {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "access_key", Value: terraform.Output(t, existingTerraformOptions, "access_key"), DataType: "string", Secure: true}, @@ -212,7 +212,7 @@ func TestFullyConfigurableUpgradeSolution(t *testing.T) { options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "instance_region", Value: region, DataType: "string"}, + {Name: "cloud_monitoring_instance_region", Value: region, DataType: "string"}, {Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"}, {Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"}, {Name: "access_key", Value: terraform.Output(t, existingTerraformOptions, "access_key"), DataType: "string", Secure: true}, diff --git a/tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh similarity index 100% rename from tests/scripts/post-validation-deploy-slz-roks-and-obs-instances.sh rename to tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh diff --git a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh similarity index 82% rename from tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh rename to tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh index 017de97b..7b6db410 100755 --- a/tests/scripts/pre-validation-deploy-slz-roks-and-obs-instances.sh +++ b/tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh @@ -31,7 +31,7 @@ TF_VARS_FILE="terraform.tfvars" cluster_id_value=$(terraform output -state=terraform.tfstate -raw cluster_id) cluster_resource_group_id_var_name="cluster_resource_group_id" cluster_resource_group_id_value=$(terraform output -state=terraform.tfstate -raw cluster_resource_group_id) - instance_region_var_name="instance_region" + cloud_monitoring_instance_region_var_name="instance_region" access_key_var_name="access_key" access_key_value=$(terraform output -state=terraform.tfstate -raw access_key) @@ -46,9 +46,9 @@ TF_VARS_FILE="terraform.tfvars" --arg cluster_resource_group_id_value "${cluster_resource_group_id_value}" \ --arg access_key_var_name "${access_key_var_name}" \ --arg access_key_value "${access_key_value}" \ - --arg instance_region_var_name "${instance_region_var_name}" \ - --arg instance_region_var_value "${REGION}" \ - '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($instance_region_var_name): $instance_region_var_value, ($access_key_var_name): $access_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 + --arg cloud_monitoring_instance_region_var_name "${cloud_monitoring_instance_region_var_name}" \ + --arg cloud_monitoring_instance_region_var_value "${REGION}" \ + '. + {($region_var_name): $region_var_value, ($cluster_id_var_name): $cluster_id_value, ($cluster_resource_group_id_var_name): $cluster_resource_group_id_value, ($cloud_monitoring_instance_region_var_name): $cloud_monitoring_instance_region_var_value, ($access_key_var_name): $access_key_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 echo "Pre-validation complete successfully" ) diff --git a/variables.tf b/variables.tf index 08e358e3..f38bc5f6 100644 --- a/variables.tf +++ b/variables.tf @@ -64,19 +64,19 @@ variable "access_key" { nullable = false } -variable "instance_region" { +variable "cloud_monitoring_instance_region" { type = string description = "The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint." nullable = false } -variable "endpoint_type" { +variable "cloud_monitoring_instance_endpoint_type" { type = string description = "Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint." default = "private" validation { - error_message = "The specified endpoint_type can be private or public only." - condition = contains(["private", "public"], var.endpoint_type) + error_message = "The specified endpoint type can be private or public only." + condition = contains(["private", "public"], var.cloud_monitoring_instance_endpoint_type) } } From 715df11010754d16103eed2c5b8d48efc48e3846 Mon Sep 17 00:00:00 2001 From: Jordan-Williams2 Date: Fri, 25 Apr 2025 14:19:02 +0100 Subject: [PATCH 33/33] fix: address feedback --- .catalog-onboard-pipeline.yaml | 4 ++-- ...st-validation-deploy-base-ocp-and-monitoring-instances.sh} | 0 ...re-validation-deploy-base-ocp-and-monitoring-instances.sh} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename tests/scripts/{post-validation-deploy-base-ocp-and-obs-instances.sh => post-validation-deploy-base-ocp-and-monitoring-instances.sh} (100%) rename tests/scripts/{pre-validation-deploy-base-ocp-and-obs-instances.sh => pre-validation-deploy-base-ocp-and-monitoring-instances.sh} (100%) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 8e33445e..1bd8ee69 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -9,5 +9,5 @@ offerings: - name: fully-configurable mark_ready: true install_type: fullstack - pre_validation: "tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh" - post_validation: "tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh" + pre_validation: "tests/scripts/pre-validation-deploy-base-ocp-and-monitoring-instances.sh" + post_validation: "tests/scripts/post-validation-deploy-base-ocp-and-monitoring-instances.sh" diff --git a/tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh b/tests/scripts/post-validation-deploy-base-ocp-and-monitoring-instances.sh similarity index 100% rename from tests/scripts/post-validation-deploy-base-ocp-and-obs-instances.sh rename to tests/scripts/post-validation-deploy-base-ocp-and-monitoring-instances.sh diff --git a/tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh b/tests/scripts/pre-validation-deploy-base-ocp-and-monitoring-instances.sh similarity index 100% rename from tests/scripts/pre-validation-deploy-base-ocp-and-obs-instances.sh rename to tests/scripts/pre-validation-deploy-base-ocp-and-monitoring-instances.sh