terraform-aws-eks-monitoring

Deploys the "Grafana + Prometheus + Loki" monitoring stack via Helm on AWS EKS.

Usage

Example:

module "monitoring" {
  source = "github.com/andreswebs/terraform-aws-eks-monitoring"

  cluster_oidc_provider = var.eks_cluster_oidc_provider

  loki_iam_role_name           = "loki-${var.eks_cluster_id}"
  loki_compactor_iam_role_name = "loki-compactor-${var.eks_cluster_id}"
  grafana_iam_role_name        = "grafana-${var.eks_cluster_id}"

  loki_storage_s3_bucket_name = var.loki_storage_s3_bucket_name

  chart_version_loki_distributed = var.chart_version_loki_distributed
  chart_version_promtail         = var.chart_version_promtail
  chart_version_prometheus       = var.chart_version_prometheus
  chart_version_grafana          = var.chart_version_grafana

  grafana_enabled = true

}

Inputs

Name	Description	Type	Default	Required
chart_version_fluent_bit	Chart version	string	null	no
chart_version_grafana	Chart version	string	null	no
chart_version_loki	Chart version	string	null	no
chart_version_loki_distributed	Chart version	string	null	no
chart_version_metrics_server	Chart version	string	null	no
chart_version_prometheus	Chart version	string	null	no
chart_version_promtail	Chart version	string	null	no
cluster_oidc_provider	OpenID Connect (OIDC) Identity Provider associated with the Kubernetes cluster	string	""	no
create_loki_storage	Create S3 bucket for Loki storage?	bool	false	no
create_loki_storage_id_suffix	Append a random identifier string suffix to the Loki storage S3 bucket name?	bool	false	no
create_loki_storage_kms_key	Create KMS key?	bool	true	no
grafana_enabled	Enable Grafana?	bool	true	no
grafana_iam_role_name	Name of IAM role for Grafana	string	"grafana"	no
grafana_service_account_name	Name of the Kubernetes service account for Grafana	string	"grafana"	no
helm_atomic_creation	Purge resources on installation failure ? The wait flag will be set automatically if atomic is used	bool	true	no
helm_cleanup_on_fail	Deletion new resources created in this upgrade if the upgrade fails ?	bool	true	no
helm_create_namespace	Create the namespace if it does not yet exist ?	bool	true	no
helm_dependency_update	Run helm dependency update before installing the chart ?	bool	false	no
helm_force_update	Force resource update through delete/recreate if needed ?	bool	false	no
helm_keyring	Location of public keys used for verification; used only if verify is true	string	".gnupg/pubring.gpg"	no
helm_max_history	Maximum number of release versions stored per release; 0 means no limit	number	3	no
helm_recreate_pods	Perform pods restart during upgrade/rollback ?	bool	true	no
helm_release_name_fluent_bit	Release name	string	"fluent-bit"	no
helm_release_name_grafana	Release name	string	"grafana"	no
helm_release_name_loki	Release name	string	"loki"	no
helm_release_name_metrics_server	Release name	string	"metrics-server"	no
helm_release_name_prometheus	Release name	string	"prometheus"	no
helm_release_name_promtail	Release name	string	"promtail"	no
helm_replace	Re-use the given name, even if that name is already used; this is unsafe in production	bool	false	no
helm_reset_values	When upgrading, reset the values to the ones built into the chart ?	bool	false	no
helm_reuse_values	When upgrading, reuse the last release's values and merge any overrides ? If 'reset_values' is specified, this is ignored	bool	false	no
helm_skip_crds	Skip installing CRDs ?	bool	false	no
helm_timeout_seconds	Time in seconds to wait for any individual kubernetes operation	number	300	no
helm_verify	Verify the package before installing it. Helm uses a provenance file to verify the integrity of the chart	bool	false	no
helm_wait_for_completion	Wait until all resources are in a ready state before marking the release as successful ?	bool	true	no
helm_wait_for_jobs	Wait until all Jobs have been completed before marking the release as successful ?	bool	true	no
k8s_namespace	Name of the Kubernetes namespace to which resources will be deployed	string	"monitoring"	no
loki_aggregator	Loki aggregator to install, must be either promtail or fluent-bit	string	"promtail"	no
loki_compactor_iam_role_name	Name of IAM role for Loki Compactor	string	"loki-compactor"	no
loki_compactor_service_account_name	Name of the Kubernetes service account for the Loki compactor	string	"loki-compactor"	no
loki_enabled	Enable Loki?	bool	true	no
loki_iam_role_name	Name of IAM role for Loki	string	"loki"	no
loki_mode	Loki mode, must be either single or distributed	string	"distributed"	no
loki_service_account_name	Name of the Kubernetes service account for Loki components	string	"loki"	no
loki_storage_expiration_days	Number of days to retain objects; 0 means never expire	number	90	no
loki_storage_kms_key_arn	(Optional) ARN of KMS key used to encrypt bucket objects; ignored if create_kms_key is set to true	string	null	no
loki_storage_kms_key_deletion_window_in_days	KMS key deletion window in days	number	30	no
loki_storage_kms_key_enable_rotation	Enable KMS key rotation?	bool	true	no
loki_storage_s3_bucket_name	Name of S3 bucket used for Loki storage	string	""	no
loki_storage_s3_force_destroy	Force destroy bucket when running terraform destroy?	bool	false	no
metrics_server_enabled	Enable Metrics Server?	bool	true	no
prometheus_enabled	Enable Prometheus?	bool	true	no

Modules

Name	Source	Version
iam	./modules/iam	n/a
log_storage	./modules/storage	n/a
resources	./modules/resources	n/a

Outputs

Name	Description
namespace	The name (metadata.name) of the namespace

Providers

Name	Version
random	~> 3.4

Requirements

Name	Version
terraform	~> 1.3
aws	~> 4.50
helm	~> 2.9
random	~> 3.4

Resources

Name	Type
random_id.id	resource

Authors

Andre Silva - @andreswebs

License

This project is licensed under the Unlicense.