Home

Awesome

<!-- BEGIN_TF_DOCS -->

Kubespot (Helm)

Configuration

cert-manager

To use cert-manager add the following annotation to your Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: letsencrypt
  name: myIngress
  namespace: myIngress
spec:
  tls:
    - hosts:
        - https-example.foo.com
      secretName: testsecret-tls
  rules:
    - host: https-example.foo.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: service1
                port:
                  number: 80

Grafana

Grafana is installed on a ClusterIP use the following to open it locally.

kubectl port-forward -n grafana service/grafana 6891:80
open https://localhost:6891

Username: opszero
Password: opszero

Deployment

terraform init
terraform plan
terraform apply -auto-approve

Teardown

terraform destroy -auto-approve

Providers

NameVersion
<a name="provider_aws"></a> awsn/a
<a name="provider_helm"></a> helmn/a
<a name="provider_null"></a> nulln/a
<a name="provider_random"></a> randomn/a

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_cert_manager_email"></a> cert_manager_emailYour email address to use for cert manageranynullno
<a name="input_cert_manager_leader_election_namespace"></a> cert_manager_leader_election_namespaceThe namespace used for the leader election lease. Change to cert-manager for GKE Autopilotstring"cert-manager"no
<a name="input_cert_manager_resources"></a> cert_manager_resourcesn/a<pre>map(object({<br/> cpu = string<br/> memory = string<br/> }))</pre>nullno
<a name="input_cert_manager_version"></a> cert_manager_versionn/astring"1.15.1"no
<a name="input_datadog_api_key"></a> datadog_api_keyThe API key for datadogstring""no
<a name="input_datadog_values"></a> datadog_valuesValues for datadog helm chartstring""no
<a name="input_datadog_values_extra"></a> datadog_values_extraList of extra values for datadog helm chartlist[]no
<a name="input_grafana_admin_password"></a> grafana_admin_passwordThe Password of Grafana for login Dashboardstring""no
<a name="input_grafana_admin_user"></a> grafana_admin_userThe User name of Grafana for login Dashboardstring"opszero"no
<a name="input_grafana_datasources"></a> grafana_datasourcesn/a<pre>list(object({<br/> name = string<br/> type = string<br/> url = string<br/> access = string<br/> isDefault = bool<br/> }))</pre>[]no
<a name="input_grafana_efs_enable"></a> grafana_efs_enableEnable EFS storage for Grafanaboolfalseno
<a name="input_grafana_efs_storage_class_name"></a> grafana_efs_storage_class_nameIf EFS is needed pass EFS storage class, but make sure efs and efs driver deployedstring""no
<a name="input_grafana_enabled"></a> grafana_enabledEnable grafanaboolfalseno
<a name="input_grafana_extra_yml"></a> grafana_extra_ymlGrafana Datasources as Yamlanynullno
<a name="input_grafana_google_auth_client_id"></a> grafana_google_auth_client_idAdd Google Auth client idstring""no
<a name="input_grafana_google_auth_client_secret"></a> grafana_google_auth_client_secretAdd Google Auth client secretstring""no
<a name="input_grafana_ingress_enabled"></a> grafana_ingress_enabledEnable grafana ingressboolfalseno
<a name="input_grafana_ingress_hosts"></a> grafana_ingress_hostsAdd grafana ingress hostslist[]no
<a name="input_grafana_loki_bucket_name"></a> grafana_loki_bucket_nameName for the S3 bucketstring""no
<a name="input_grafana_loki_enabled"></a> grafana_loki_enabledEnable grafana lokiboolfalseno
<a name="input_grafana_loki_yml_file"></a> grafana_loki_yml_filen/aanynullno
<a name="input_grafana_persistence_storage"></a> grafana_persistence_storageEnable persistence storage for Grafanaboolfalseno
<a name="input_kubecost_enabled"></a> kubecost_enabledn/aboolfalseno
<a name="input_nginx_max_replicas"></a> nginx_max_replicasMaximum number of Nginx Replicasnumber11no
<a name="input_nginx_min_replicas"></a> nginx_min_replicasMinimum number of Nginx Replicasnumber2no
<a name="input_nginx_name"></a> nginx_nameRelease name for the installed helm chartstring"nginx"no
<a name="input_nginx_yml_file"></a> nginx_yml_filen/aanynullno
<a name="input_otel_yml_file"></a> otel_yml_filen/aanynullno
<a name="input_prometheus_additional_scrape_configs"></a> prometheus_additional_scrape_configsAdd additional scrape for configuration for prometheus if needed<pre>list(object({<br/> job_name = string<br/> targets = list(string)<br/> scrape_interval = string<br/> metrics_path = string<br/> }))</pre>[]no
<a name="input_prometheus_enabled"></a> prometheus_enabledEnable prometheusbooltrueno
<a name="input_prometheus_persistence_storage"></a> prometheus_persistence_storageEnable persistence storage for Prometheusboolfalseno
<a name="input_pushgateway_ingress_host"></a> pushgateway_ingress_hostList of hosts for prometheus push gateway ingresslist[]no
<a name="input_storage_class"></a> storage_classStorage Class to use for Persistencestring"gp2"no

Resources

NameType
aws_s3_bucket.s3_lokiresource
aws_s3_bucket_public_access_block.s3_lokiresource
aws_s3_bucket_server_side_encryption_configuration.s3_lokiresource
aws_s3_bucket_versioning.s3_lokiresource
helm_release.cert-managerresource
helm_release.datadogresource
helm_release.grafanaresource
helm_release.kedaresource
helm_release.kubecostresource
helm_release.lokiresource
helm_release.nginxresource
helm_release.opentelemetry_collectorresource
helm_release.prometheusresource
null_resource.cert-manager-cluster-issuerresource
random_password.grafana_admin_passwordresource

Outputs

NameDescription
<a name="output_grafana_admin_password"></a> grafana_admin_passwordn/a

🚀 Built by opsZero!

<a href="https://opszero.com"><img src="https://opszero.com/wp-content/uploads/2024/07/opsZero_logo_svg.svg" width="300px"/></a>

Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.

We provide support to organizations in the following ways:

We do this with a high-touch support model where you:

Please schedule a call if you need support.

<br/><br/>

<div style="display: block"> <img src="https://opszero.com/wp-content/uploads/2024/07/aws-advanced.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-public-sector.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-eks.png" width="150px" /> </div> <!-- END_TF_DOCS -->