From dfa39cc7c8d21eefb14ef8dd8dabaad21969bc68 Mon Sep 17 00:00:00 2001 From: ocofaigh Date: Fri, 16 May 2025 10:21:33 +0100 Subject: [PATCH] migrate to new modules --- ibm_catalog.json | 39 ++++++++--- renovate.json | 44 ++++++++++--- solutions/agents/main.tf | 75 +++++++++++++-------- solutions/agents/moved.tf | 15 +++++ solutions/agents/variables.tf | 120 ++++++++++++++++++++++++++++------ 5 files changed, 226 insertions(+), 67 deletions(-) create mode 100644 solutions/agents/moved.tf diff --git a/ibm_catalog.json b/ibm_catalog.json index 1ff4a4a0..8044c5bc 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -553,6 +553,7 @@ }, { "key": "provider_visibility", + "hidden": true, "options": [ { "displayname": "private", @@ -616,7 +617,19 @@ "required": true }, { - "key": "cloud_monitoring_secret_name" + "key": "cloud_monitoring_chart" + }, + { + "key": "cloud_monitoring_chart_location" + }, + { + "key": "cloud_monitoring_chart_version" + }, + { + "key": "cloud_monitoring_image_registry" + }, + { + "key": "cloud_monitoring_image_tag_digest" }, { "key": "cloud_monitoring_instance_region" @@ -640,12 +653,6 @@ { "key": "cloud_monitoring_container_filter" }, - { - "key": "cloud_monitoring_agent_tags" - }, - { - "key": "cloud_monitoring_add_cluster_name" - }, { "key": "cloud_monitoring_agent_name" }, @@ -669,8 +676,22 @@ "required": true }, { - "key": "logs_agent_iam_api_key", - "required": true + "key": "logs_agent_iam_api_key" + }, + { + "key": "logs_agent_chart" + }, + { + "key": "logs_agent_chart_location" + }, + { + "key": "logs_agent_chart_version" + }, + { + "key": "logs_agent_image_version" + }, + { + "key": "logs_agent_resources" }, { "key": "logs_agent_tolerations" diff --git a/renovate.json b/renovate.json index 3b65dac8..8c64c626 100644 --- a/renovate.json +++ b/renovate.json @@ -1,18 +1,42 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["github>terraform-ibm-modules/common-dev-assets:commonRenovateConfig"], + "customManagers": [ + { + "customType": "regex", + "description": "Update docker image digest to latest in variables.tf", + "fileMatch": ["variables.tf$"], + "datasourceTemplate": "docker", + "matchStrings": [ + "default\\s*=\\s*\"(?[\\w.-]+)@(?sha256:[a-f0-9]+)\"\\s*# datasource: (?[^\\s]+)" + ] + }, + { + "customType": "regex", + "description": "Update sysdig-deploy helm chart version to latest in variables.tf", + "fileMatch": ["variables.tf$"], + "matchStrings": ["default\\s*=\\s*\"(?.*?)\"\\s*# registryUrl: charts.sysdig.com\\n"], + "depNameTemplate": "sysdig-deploy", + "datasourceTemplate": "helm", + "registryUrlTemplate": "https://charts.sysdig.com" + }, + { + "customType": "regex", + "description": "Update logs agent agent version to the latest in variables.tf", + "fileMatch": ["variables.tf$"], + "datasourceTemplate": "docker", + "matchStrings": [ + "default\\s*=\\s*\"(?.*)\"\\s*# datasource: (?[^\\s]+)" + ] + } + ], "packageRules": [ { - "description": "Allow the locked in provider version to be updated to the latest for deployable architectures", - "enabled": true, - "matchFileNames": ["solutions/**"], - "matchManagers": ["terraform"], - "matchDepTypes": ["required_provider"], - "rangeStrategy": "bump", - "semanticCommitType": "fix", - "group": true, - "groupName": "required_provider", - "commitMessageExtra": "to latest for the deployable architecture solution" + "description": "Bundle image + helm chart updates into the same PR", + "matchPackageNames": ["icr.io/ext/sysdig/agent", "sysdig-deploy"], + "groupName": "Charts and Images", + "commitMessageExtra": "to latest", + "group": true } ] } diff --git a/solutions/agents/main.tf b/solutions/agents/main.tf index 6276845d..90cdf8b0 100644 --- a/solutions/agents/main.tf +++ b/solutions/agents/main.tf @@ -1,10 +1,11 @@ -locals { - prefix = var.prefix != null ? (var.prefix != "" ? var.prefix : null) : null -} ############################################################################## # Observability Agents ############################################################################## +locals { + prefix = var.prefix != null ? trimspace(var.prefix) != "" ? "${var.prefix}-" : "" : "" +} + data "ibm_container_cluster_config" "cluster_config" { cluster_name_id = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].id : data.ibm_container_cluster.cluster[0].id resource_group_id = var.cluster_resource_group_id @@ -12,34 +13,26 @@ data "ibm_container_cluster_config" "cluster_config" { endpoint_type = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null } -module "observability_agents" { - source = "terraform-ibm-modules/observability-agents/ibm" - version = "2.7.2" - cluster_id = var.cluster_id - cluster_resource_group_id = var.cluster_resource_group_id - cluster_config_endpoint_type = var.cluster_config_endpoint_type - wait_till_timeout = var.wait_till_timeout - wait_till = var.wait_till - # Cloud Monitoring (Sysdig) Agent - cloud_monitoring_enabled = var.cloud_monitoring_enabled - cloud_monitoring_agent_name = try("${local.prefix}-${var.cloud_monitoring_agent_name}", var.cloud_monitoring_agent_name) - cloud_monitoring_agent_namespace = var.cloud_monitoring_agent_namespace - cloud_monitoring_endpoint_type = var.cloud_monitoring_endpoint_type - cloud_monitoring_access_key = var.cloud_monitoring_access_key - cloud_monitoring_secret_name = try("${local.prefix}-${var.cloud_monitoring_secret_name}", var.cloud_monitoring_secret_name) - cloud_monitoring_metrics_filter = var.cloud_monitoring_metrics_filter - cloud_monitoring_container_filter = var.cloud_monitoring_container_filter - cloud_monitoring_agent_tags = var.cloud_monitoring_agent_tags - cloud_monitoring_instance_region = var.cloud_monitoring_instance_region - cloud_monitoring_agent_tolerations = var.cloud_monitoring_agent_tolerations - cloud_monitoring_add_cluster_name = var.cloud_monitoring_add_cluster_name - # Logs Agent - logs_agent_enabled = var.logs_agent_enabled - logs_agent_name = var.logs_agent_name +module "logs_agent" { + count = var.logs_agent_enabled ? 1 : 0 + source = "terraform-ibm-modules/logs-agent/ibm" + version = "1.0.4" + cluster_id = var.cluster_id + cluster_resource_group_id = var.cluster_resource_group_id + cluster_config_endpoint_type = var.cluster_config_endpoint_type + is_vpc_cluster = var.is_vpc_cluster + wait_till = var.wait_till + wait_till_timeout = var.wait_till_timeout + logs_agent_chart = var.logs_agent_chart + logs_agent_chart_location = var.logs_agent_chart_location + logs_agent_chart_version = var.logs_agent_chart_version + logs_agent_image_version = var.logs_agent_image_version + logs_agent_name = "${local.prefix}${var.logs_agent_name}" logs_agent_namespace = var.logs_agent_namespace - logs_agent_trusted_profile = var.logs_agent_trusted_profile + logs_agent_trusted_profile_id = var.logs_agent_trusted_profile logs_agent_iam_api_key = var.logs_agent_iam_api_key logs_agent_tolerations = var.logs_agent_tolerations + logs_agent_resources = var.logs_agent_resources logs_agent_additional_log_source_paths = var.logs_agent_additional_log_source_paths logs_agent_exclude_log_source_paths = var.logs_agent_exclude_log_source_paths logs_agent_selected_log_source_paths = var.logs_agent_selected_log_source_paths @@ -50,5 +43,29 @@ module "observability_agents" { logs_agent_enable_scc = var.logs_agent_enable_scc cloud_logs_ingress_endpoint = var.cloud_logs_ingress_endpoint cloud_logs_ingress_port = var.cloud_logs_ingress_port - is_vpc_cluster = var.is_vpc_cluster +} + +module "monitoring_agent" { + count = var.cloud_monitoring_enabled ? 1 : 0 + source = "terraform-ibm-modules/monitoring-agent/ibm" + version = "1.0.14" + cluster_id = var.cluster_id + cluster_resource_group_id = var.cluster_resource_group_id + cluster_config_endpoint_type = var.cluster_config_endpoint_type + is_vpc_cluster = var.is_vpc_cluster + wait_till_timeout = var.wait_till_timeout + wait_till = var.wait_till + access_key = var.cloud_monitoring_access_key + cloud_monitoring_instance_region = var.cloud_monitoring_instance_region + cloud_monitoring_instance_endpoint_type = var.cloud_monitoring_endpoint_type + metrics_filter = var.cloud_monitoring_metrics_filter + container_filter = var.cloud_monitoring_container_filter + name = "${local.prefix}${var.cloud_monitoring_agent_name}" + namespace = var.cloud_monitoring_agent_namespace + tolerations = var.cloud_monitoring_agent_tolerations + chart = var.cloud_monitoring_chart + chart_location = var.cloud_monitoring_chart_location + chart_version = var.cloud_monitoring_chart_version + image_registry = var.cloud_monitoring_image_registry + image_tag_digest = var.cloud_monitoring_image_tag_digest } diff --git a/solutions/agents/moved.tf b/solutions/agents/moved.tf new file mode 100644 index 00000000..2baa9ad3 --- /dev/null +++ b/solutions/agents/moved.tf @@ -0,0 +1,15 @@ +moved { + from = module.observability_agents.module.logs_agent[0].helm_release.logs_agent + to = module.logs_agent[0].helm_release.logs_agent +} + +# Unable to use below moved block because the helm chart in observability_agents +# cannot be updated in place to the helm chart in monitoring_agent as it will fail with: +# Error: failed to replace object: DaemonSet.apps "cc-sysdig-agent" is invalid: spec.selector: +# Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/instance":"cc-sysdig-agent", +# "app.kubernetes.io/name":"agent"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable + +# moved { +# from = module.observability_agents.helm_release.cloud_monitoring_agent[0] +# to = module.monitoring_agent[0].helm_release.cloud_monitoring_agent +# } diff --git a/solutions/agents/variables.tf b/solutions/agents/variables.tf index 14eeebdb..83d313c7 100644 --- a/solutions/agents/variables.tf +++ b/solutions/agents/variables.tf @@ -7,8 +7,8 @@ variable "ibmcloud_api_key" { variable "prefix" { type = string description = "The prefix to add to all resources that this solution creates. To not use any prefix value, you can set this value to `null` or an empty string." - default = "dev" } + variable "provider_visibility" { description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." type = string @@ -89,12 +89,13 @@ variable "cloud_monitoring_access_key" { default = null } -variable "cloud_monitoring_secret_name" { - type = string - description = "The name of the secret that will store the access key. If a prefix input variable is passed, the secret name is prefixed to the value in the `-` format." - default = "sysdig-agent" - nullable = false -} +# TODO: Uncomment when https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/issues/65 is addressed +# variable "cloud_monitoring_secret_name" { +# type = string +# description = "The name of the secret that will store the access key. If a prefix input variable is passed, the secret name is prefixed to the value in the `-` format." +# default = "sysdig-agent" +# nullable = false +# } variable "cloud_monitoring_instance_region" { type = string @@ -131,18 +132,20 @@ variable "cloud_monitoring_container_filter" { default = [] # [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }] } -variable "cloud_monitoring_agent_tags" { - type = list(string) - description = "A list of the tags to associate with the metrics that the IBM Cloud Monitoring agent collects. To add the cluster name as a tag, use the `cloud_monitoring_add_cluster_name` variable." - default = [] - nullable = false -} +# TODO: Uncomment when https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/issues/65 is addressed +# variable "cloud_monitoring_agent_tags" { +# type = list(string) +# description = "A list of the tags to associate with the metrics that the IBM Cloud Monitoring agent collects. To add the cluster name as a tag, use the `cloud_monitoring_add_cluster_name` variable." +# default = [] +# nullable = false +# } -variable "cloud_monitoring_add_cluster_name" { - type = bool - description = "Whether to attach a tag to log messages. Set to `true` to configure the IBM Cloud Monitoring agent to attach a tag that contains the cluster name to all log messages." - default = true -} +# TODO: Uncomment when https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/issues/65 is addressed +# variable "cloud_monitoring_add_cluster_name" { +# type = bool +# description = "Whether to attach a tag to log messages. Set to `true` to configure the IBM Cloud Monitoring agent to attach a tag that contains the cluster name to all log messages." +# default = true +# } variable "cloud_monitoring_agent_name" { description = "The name of the IBM Cloud Monitoring agent that is used to name the Kubernetes and Helm resources on the cluster. If a prefix input variable is passed, the name of the IBM Cloud Monitoring agent is prefixed to the value in the `-` format." @@ -176,6 +179,36 @@ variable "cloud_monitoring_agent_tolerations" { }] } +variable "cloud_monitoring_chart" { + description = "The name of the Cloud Monitoring agent Helm chart to deploy." + type = string + default = "sysdig-deploy" +} + +variable "cloud_monitoring_chart_location" { + description = "The location of the Cloud Monitoring agent helm chart." + type = string + default = "https://charts.sysdig.com" +} + +variable "cloud_monitoring_chart_version" { + description = "The version of the Cloud Monitoring agent helm chart to deploy." + type = string + default = "1.83.1" # registryUrl: charts.sysdig.com +} + +variable "cloud_monitoring_image_registry" { + description = "The image registry to use for the Cloud Monitoring agent." + type = string + default = "icr.io/ext/sysdig/agent" +} + +variable "cloud_monitoring_image_tag_digest" { + description = "The image tag digest to use for the Cloud Monitoring agent." + type = string + default = "13.9.1@sha256:3193987f77dba930cb22c200df9981afcd097e7cd5885b77d13e20ef353dc5b8" # datasource: icr.io/ext/sysdig/agent +} + ############################################################################## # Logs Agents variables ############################################################################## @@ -187,7 +220,7 @@ variable "logs_agent_enabled" { } variable "logs_agent_name" { - description = "The name of the Logs agent. The name is used in all Kubernetes and Helm resources in the cluster." + description = "The name of the Logs agent. The name is used in all Kubernetes and Helm resources in the cluster. If a prefix input variable is passed, the secret name is prefixed to the value in the `-` format." type = string default = "logs-agent" nullable = false @@ -293,3 +326,52 @@ variable "cloud_logs_ingress_port" { default = 3443 description = "The target port for the IBM Cloud Logs ingestion endpoint. The port must be 443 if you connect by using a VPE gateway, or port 3443 when you connect by using CSEs." } + +variable "logs_agent_chart" { + description = "The name of the Log agent Helm chart to deploy." + type = string + default = "logs-agent-helm" +} + +variable "logs_agent_chart_location" { + description = "The location of the Logs agent helm chart." + type = string + default = "oci://icr.io/ibm/observe" +} + +variable "logs_agent_chart_version" { + description = "The version of the Logs agent Helm chart to deploy." + type = string + default = "1.5.2" # datasource: icr.io/ibm/observe/logs-agent-helm +} + +variable "logs_agent_image_version" { + description = "The version of the Logs agent image to deploy (NOTE: This does not yet support using a SHA digest value)." + type = string + default = "1.5.2" # datasource: icr.io/ibm/observe/logs-agent-helm + nullable = false +} + +variable "logs_agent_resources" { + description = "The Logs agent resources configuration for cpu/memory/storage. [Learn More](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-helm-template-clusters#agent-helm-template-clusters-chart-options-resources)." + type = object({ + limits = object({ + cpu = string + memory = string + }) + requests = object({ + cpu = string + memory = string + }) + }) + default = { + limits = { + cpu = "500m" + memory = "3Gi" + } + requests = { + cpu = "100m" + memory = "1Gi" + } + } +}