Awesome
<!-- BEGIN_TF_DOCS -->Kubespot (Helm)
- cert-manager
- datadog
- keda
- nginx
- prometheus
- grafana
- grafana loki
- kubecost
Configuration
cert-manager
To use cert-manager add the following annotation to your Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: letsencrypt
name: myIngress
namespace: myIngress
spec:
tls:
- hosts:
- https-example.foo.com
secretName: testsecret-tls
rules:
- host: https-example.foo.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80
Grafana
Grafana is installed on a ClusterIP use the following to open it locally.
kubectl port-forward -n grafana service/grafana 6891:80
open https://localhost:6891
Username: opszero
Password: opszero
Deployment
terraform init
terraform plan
terraform apply -auto-approve
Teardown
terraform destroy -auto-approve
Providers
| Name | Version |
|---|---|
| <a name="provider_aws"></a> aws | n/a |
| <a name="provider_helm"></a> helm | n/a |
| <a name="provider_null"></a> null | n/a |
| <a name="provider_random"></a> random | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| <a name="input_cert_manager_email"></a> cert_manager_email | Your email address to use for cert manager | any | null | no |
| <a name="input_cert_manager_leader_election_namespace"></a> cert_manager_leader_election_namespace | The namespace used for the leader election lease. Change to cert-manager for GKE Autopilot | string | "cert-manager" | no |
| <a name="input_cert_manager_resources"></a> cert_manager_resources | n/a | <pre>map(object({<br/> cpu = string<br/> memory = string<br/> }))</pre> | null | no |
| <a name="input_cert_manager_version"></a> cert_manager_version | n/a | string | "1.15.1" | no |
| <a name="input_datadog_api_key"></a> datadog_api_key | The API key for datadog | string | "" | no |
| <a name="input_datadog_values"></a> datadog_values | Values for datadog helm chart | string | "" | no |
| <a name="input_datadog_values_extra"></a> datadog_values_extra | List of extra values for datadog helm chart | list | [] | no |
| <a name="input_grafana_admin_password"></a> grafana_admin_password | The Password of Grafana for login Dashboard | string | "" | no |
| <a name="input_grafana_admin_user"></a> grafana_admin_user | The User name of Grafana for login Dashboard | string | "opszero" | no |
| <a name="input_grafana_datasources"></a> grafana_datasources | n/a | <pre>list(object({<br/> name = string<br/> type = string<br/> url = string<br/> access = string<br/> isDefault = bool<br/> }))</pre> | [] | no |
| <a name="input_grafana_efs_enable"></a> grafana_efs_enable | Enable EFS storage for Grafana | bool | false | no |
| <a name="input_grafana_efs_storage_class_name"></a> grafana_efs_storage_class_name | If EFS is needed pass EFS storage class, but make sure efs and efs driver deployed | string | "" | no |
| <a name="input_grafana_enabled"></a> grafana_enabled | Enable grafana | bool | false | no |
| <a name="input_grafana_extra_yml"></a> grafana_extra_yml | Grafana Datasources as Yaml | any | null | no |
| <a name="input_grafana_google_auth_client_id"></a> grafana_google_auth_client_id | Add Google Auth client id | string | "" | no |
| <a name="input_grafana_google_auth_client_secret"></a> grafana_google_auth_client_secret | Add Google Auth client secret | string | "" | no |
| <a name="input_grafana_ingress_enabled"></a> grafana_ingress_enabled | Enable grafana ingress | bool | false | no |
| <a name="input_grafana_ingress_hosts"></a> grafana_ingress_hosts | Add grafana ingress hosts | list | [] | no |
| <a name="input_grafana_loki_bucket_name"></a> grafana_loki_bucket_name | Name for the S3 bucket | string | "" | no |
| <a name="input_grafana_loki_enabled"></a> grafana_loki_enabled | Enable grafana loki | bool | false | no |
| <a name="input_grafana_loki_yml_file"></a> grafana_loki_yml_file | n/a | any | null | no |
| <a name="input_grafana_persistence_storage"></a> grafana_persistence_storage | Enable persistence storage for Grafana | bool | false | no |
| <a name="input_kubecost_enabled"></a> kubecost_enabled | n/a | bool | false | no |
| <a name="input_nginx_max_replicas"></a> nginx_max_replicas | Maximum number of Nginx Replicas | number | 11 | no |
| <a name="input_nginx_min_replicas"></a> nginx_min_replicas | Minimum number of Nginx Replicas | number | 2 | no |
| <a name="input_nginx_name"></a> nginx_name | Release name for the installed helm chart | string | "nginx" | no |
| <a name="input_nginx_yml_file"></a> nginx_yml_file | n/a | any | null | no |
| <a name="input_otel_yml_file"></a> otel_yml_file | n/a | any | null | no |
| <a name="input_prometheus_additional_scrape_configs"></a> prometheus_additional_scrape_configs | Add additional scrape for configuration for prometheus if needed | <pre>list(object({<br/> job_name = string<br/> targets = list(string)<br/> scrape_interval = string<br/> metrics_path = string<br/> }))</pre> | [] | no |
| <a name="input_prometheus_enabled"></a> prometheus_enabled | Enable prometheus | bool | true | no |
| <a name="input_prometheus_persistence_storage"></a> prometheus_persistence_storage | Enable persistence storage for Prometheus | bool | false | no |
| <a name="input_pushgateway_ingress_host"></a> pushgateway_ingress_host | List of hosts for prometheus push gateway ingress | list | [] | no |
| <a name="input_storage_class"></a> storage_class | Storage Class to use for Persistence | string | "gp2" | no |
Resources
| Name | Type |
|---|---|
| aws_s3_bucket.s3_loki | resource |
| aws_s3_bucket_public_access_block.s3_loki | resource |
| aws_s3_bucket_server_side_encryption_configuration.s3_loki | resource |
| aws_s3_bucket_versioning.s3_loki | resource |
| helm_release.cert-manager | resource |
| helm_release.datadog | resource |
| helm_release.grafana | resource |
| helm_release.keda | resource |
| helm_release.kubecost | resource |
| helm_release.loki | resource |
| helm_release.nginx | resource |
| helm_release.opentelemetry_collector | resource |
| helm_release.prometheus | resource |
| null_resource.cert-manager-cluster-issuer | resource |
| random_password.grafana_admin_password | resource |
Outputs
| Name | Description |
|---|---|
| <a name="output_grafana_admin_password"></a> grafana_admin_password | n/a |
🚀 Built by opsZero!
<a href="https://opszero.com"><img src="https://opszero.com/wp-content/uploads/2024/07/opsZero_logo_svg.svg" width="300px"/></a>
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
<br/><br/>
<div style="display: block"> <img src="https://opszero.com/wp-content/uploads/2024/07/aws-advanced.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-public-sector.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-eks.png" width="150px" /> </div> <!-- END_TF_DOCS -->