Skip to content

feat: COS-Dev mesh pt.1 #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
MichaelThamm wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: COS-Dev mesh pt.1 #343

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4669d7b
feat: COS-Dev mesh
MichaelThamm May 14, 2026
05f3fbd
Merge branch 'main' into feat/service-mesh-cos-dev
MichaelThamm May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
268 changes: 146 additions & 122 deletions terraform/cos-dev/applications.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,32 @@ module "grafana" {
replace_triggers = [terraform_data.grafana_litestream_resource.id]
}

module "istio-ingress" {
count = var.mesh_enabled ? 1 : 0
source = "git::https://github.com/canonical/istio-ingress-k8s-operator//terraform"
app_name = var.catalogue.app_name
channel = local.channels.catalogue
config = var.catalogue.config
constraints = var.catalogue.constraints
model_uuid = var.model_uuid
revision = local.revisions.catalogue
storage_directives = var.catalogue.storage_directives
units = var.catalogue.units
}

module "istio-beacon" {
count = var.mesh_enabled ? 1 : 0
source = "git::https://github.com/canonical/istio-beacon-k8s-operator//terraform"
app_name = var.catalogue.app_name
channel = local.channels.catalogue
config = var.catalogue.config
constraints = var.catalogue.constraints
model_uuid = var.model_uuid
revision = local.revisions.catalogue
storage_directives = var.catalogue.storage_directives
units = var.catalogue.units
}

module "loki_coordinator" {
source = "git::https://github.com/canonical/loki-operators//coordinator/terraform"
app_name = var.loki_coordinator.app_name
Expand Down Expand Up @@ -195,8 +221,6 @@ module "opentelemetry_collector" {
units = var.opentelemetry_collector.units
}

# -------------- # SeaweedFS (storage_backend = "seaweedfs") --------------

module "seaweedfs" {
count = var.storage_backend == "seaweedfs" ? 1 : 0
source = "git::https://github.com/canonical/observability-stack//terraform/seaweedfs"
Expand All @@ -210,126 +234,6 @@ module "seaweedfs" {
units = var.seaweedfs.units
}

# -------------- # S3-integrators (storage_backend = "s3") --------------

resource "juju_secret" "loki_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "loki-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Loki"
}

resource "juju_access_secret" "loki_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_loki[0].name]
secret_id = juju_secret.loki_s3_credentials[0].secret_id
}

# TODO: Replace with a remote terraform module once the s3-integrator charm exposes one.
resource "juju_application" "s3_integrator_loki" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.loki_bucket
credentials = "secret:${juju_secret.loki_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.loki_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}

resource "juju_secret" "mimir_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "mimir-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Mimir"
}

resource "juju_access_secret" "mimir_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_mimir[0].name]
secret_id = juju_secret.mimir_s3_credentials[0].secret_id
}

resource "juju_application" "s3_integrator_mimir" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.mimir_bucket
credentials = "secret:${juju_secret.mimir_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.mimir_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}

resource "juju_secret" "tempo_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "tempo-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Tempo"
}

resource "juju_access_secret" "tempo_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_tempo[0].name]
secret_id = juju_secret.tempo_s3_credentials[0].secret_id
}

resource "juju_application" "s3_integrator_tempo" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.tempo_bucket
credentials = "secret:${juju_secret.tempo_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.tempo_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}

module "ssc" {
count = var.internal_tls ? 1 : 0
source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform"
Expand Down Expand Up @@ -472,3 +376,123 @@ module "traefik" {
storage_directives = var.traefik.storage_directives
units = var.traefik.units
}

# -------------- # S3-integrator resources (storage_backend = "s3") --------------

resource "juju_secret" "loki_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "loki-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Loki"
}

resource "juju_access_secret" "loki_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_loki[0].name]
secret_id = juju_secret.loki_s3_credentials[0].secret_id
}

# TODO: Replace with a remote terraform module once the s3-integrator charm exposes one.
resource "juju_application" "s3_integrator_loki" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.loki_bucket
credentials = "secret:${juju_secret.loki_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.loki_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}

resource "juju_secret" "mimir_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "mimir-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Mimir"
}

resource "juju_access_secret" "mimir_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_mimir[0].name]
secret_id = juju_secret.mimir_s3_credentials[0].secret_id
}

resource "juju_application" "s3_integrator_mimir" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.mimir_bucket
credentials = "secret:${juju_secret.mimir_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.mimir_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}

resource "juju_secret" "tempo_s3_credentials" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
name = "tempo-s3-credentials"
value = {
access-key = var.s3_access_key
secret-key = var.s3_secret_key
}
info = "S3 credentials for Tempo"
}

resource "juju_access_secret" "tempo_s3_credentials_access" {
count = var.storage_backend == "s3" ? 1 : 0
model_uuid = var.model_uuid
applications = [juju_application.s3_integrator_tempo[0].name]
secret_id = juju_secret.tempo_s3_credentials[0].secret_id
}

resource "juju_application" "s3_integrator_tempo" {
count = var.storage_backend == "s3" ? 1 : 0
config = merge({
endpoint = var.s3_endpoint
bucket = var.tempo_bucket
credentials = "secret:${juju_secret.tempo_s3_credentials[0].secret_id}"
}, var.s3_integrator.config)
constraints = var.s3_integrator.constraints
model_uuid = var.model_uuid
name = "${var.tempo_coordinator.app_name}-s3-integrator"
storage_directives = var.s3_integrator.storage_directives
trust = true
units = var.s3_integrator.units

charm {
name = "s3-integrator"
channel = local.channels.s3_integrator
revision = local.revisions.s3_integrator
}
}
Loading
Loading