Adding support for Azure monitor... along with a few simple bug fixes (…

…#41) * Adding support for Azure monitor... along with a few simple bug fixes * terraform-docs: automated action * Accidentally deleted a deployment * terraform-docs: automated action * Adding live support for additional node pools (Azure) * terraform-docs: automated action * Fix for ACI connector * Small changes to enable container insights * terraform-docs: automated action * Forgot public clusters --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
liatrio · Aug 4, 2023 · f5bbad6 · f5bbad6
1 parent 3b64c3f
commit f5bbad6
Show file tree

Hide file tree

Showing 17 changed files with 339 additions and 65 deletions.
diff --git a/infra/helm/helmfile.yaml b/infra/helm/helmfile.yaml
@@ -12,12 +12,14 @@ releases:
   - name: autoscaler
     namespace: kube-system
     chart: autoscaler/cluster-autoscaler
-    version: 9.26.0
+    version: 9.29.1
     set:
       - name: cloudProvider
         value: aws
+      - name: awsRegion
+        value: "us-east-1"
       - name: autoDiscovery.clusterName
-        value: "ghest"
+        value: "ghest-dev"
 
   - name: cert-manager
     namespace: cert-manager

diff --git a/infra/live/aws/test/terragrunt.hcl → infra/live/aws/linux-private/terragrunt.hcl b/infra/live/aws/test/terragrunt.hcl → infra/live/aws/linux-private/terragrunt.hcl
@@ -5,7 +5,7 @@ terraform {
 remote_state {
   backend = "s3"
   config  = {
-    bucket = "sk8s-tfstate-dev"
+    bucket = "sk8s-tfstate-private"
     key    = "terraform.tfstate"
     region = "us-east-1"
   }
@@ -20,8 +20,8 @@ inputs = {
 
   // The subnet range must generate at least twice the number of subnets as the number of availability zones specified.
   // So, for 3 AZs, we need 6 subnets (3 public + 3 private).
-  cidr_block   = "172.27.0.0/21"
-  subnet_range = 24
+  cidr_block   = "172.27.0.0/18"
+  subnet_range = 21
 
   availability_zones = [
     "us-east-1a",
@@ -31,6 +31,8 @@ inputs = {
 
   cluster_name = "ghest-dev"
 
+  private_cluster = true
+
   instance_type = "t3.large"
   disk_size     = 100
 

diff --git a/infra/live/aws/prod/terragrunt.hcl → infra/live/aws/linux-public/terragrunt.hcl b/infra/live/aws/prod/terragrunt.hcl → infra/live/aws/linux-public/terragrunt.hcl
@@ -1,11 +1,11 @@
 terraform {
-  source = "../../../src/aws"
+  source = "../../..//src/aws"
 }
 
 remote_state {
   backend = "s3"
   config  = {
-    bucket = "sk8s-tfstate-prod"
+    bucket = "sk8s-tfstate-public"
     key    = "terraform.tfstate"
     region = "us-east-1"
   }
@@ -16,7 +16,7 @@ remote_state {
 }
 
 inputs = {
-  network_name = "ghest-prod"
+  network_name = "ghest-dev"
 
   // The subnet range must generate at least twice the number of subnets as the number of availability zones specified.
   // So, for 3 AZs, we need 6 subnets (3 public + 3 private).
@@ -29,14 +29,16 @@ inputs = {
     "us-east-1c"
   ]
 
-  cluster_name = "ghest-prod"
+  cluster_name = "ghest-dev"
 
-  instance_type = "m6i.2xlarge"
-  disk_size     = 200
+  private_cluster = false
+
+  instance_type = "t3.large"
+  disk_size     = 100
 
   // The Project tag is required; we use it to generate unique IAM roles for the EKS cluster being created.
   tags = {
-    "Project"        = "GHESTProd"
-    "Environment"    = "Production"
+    "Project"        = "GHESTDev"
+    "Environment"    = "Development"
   }
 }
diff --git a/infra/live/azure/hybrid-public/terragrunt.hcl b/infra/live/azure/hybrid-public/terragrunt.hcl
@@ -0,0 +1,82 @@
+terraform {
+  source = "../../..//src/azure"
+}
+
+remote_state {
+  backend = "azurerm"
+  config  = {
+    resource_group_name  = "sk8s"
+    storage_account_name = "sk8sinfrastate"
+    container_name       = "tfstate"
+    key                  = "public.tfstate"
+  }
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+}
+
+inputs = {
+  resource_group_name = "sk8s-cluster"
+  network_name        = "sk8s-cluster-vnet"
+  address_space       = "10.1.0.0/16"
+  private_cluster     = false
+  system_managed_dns  = false
+  subnets             = [
+    {
+      name           = "cidr"
+      address_prefix = "10.1.64.0/18"
+      attributes     = {
+        routing  = "internal"
+        managed  = true
+        services = [ "aks" ]
+      }
+    },
+    {
+      name           = "nodes"
+      address_prefix = "10.1.0.0/18"
+      attributes     = {
+        routing  = "external"
+        managed  = false
+        services = [ "aks" ]
+      }
+    },
+    {
+      name           = "aci"
+      address_prefix = "10.1.128.0/18"
+      attributes     = {
+        routing  = "external"
+        managed  = false
+        services = [ "aks" ] 
+      }
+    },
+    {
+      name           = "extras"
+      address_prefix = "10.1.192.0/19"
+      attributes     = {
+        routing  = "internal"
+        managed  = false
+        services = [ "acr" ]
+      }
+    }
+  ]
+  additional_node_pools = {
+    "win" = {
+      auto_scaler_profile = {
+        enabled        = true
+        max_node_count = 3
+        min_node_count = 1
+      }
+      node_size  = "Standard_D2s_v3"
+      node_os    = "Windows"
+      priority   = {
+        spot_enabled = false
+      }
+    }
+  }
+  tags = {
+    project = "Sk8s"
+    owner   = "GitHub Practice"
+  }
+  container_insights_enabled = true
+}
diff --git a/...ure/lockdown-hub-and-spoke/terragrunt.hcl → infra/live/azure/kitchen-sink/terragrunt.hcl b/...ure/lockdown-hub-and-spoke/terragrunt.hcl → infra/live/azure/kitchen-sink/terragrunt.hcl
@@ -97,6 +97,7 @@ inputs = {
     project = "Sk8s"
     owner   = "GitHub Practice"
   }
+  container_insights_enabled = true
 
   network_rules = [
     {

diff --git a/infra/live/azure/private/terragrunt.hcl → ...a/live/azure/linux-private/terragrunt.hcl b/infra/live/azure/private/terragrunt.hcl → ...a/live/azure/linux-private/terragrunt.hcl
@@ -87,4 +87,5 @@ inputs = {
     project = "Sk8s"
     owner   = "GitHub Practice"
   }
+  container_insights_enabled = true
 }
diff --git a/infra/live/azure/public/terragrunt.hcl → infra/live/azure/linux-public/terragrunt.hcl b/infra/live/azure/public/terragrunt.hcl → infra/live/azure/linux-public/terragrunt.hcl
@@ -64,4 +64,5 @@ inputs = {
     project = "Sk8s"
     owner   = "GitHub Practice"
   }
+  container_insights_enabled = true
 }
diff --git a/infra/modules/aws/eks/main.tf b/infra/modules/aws/eks/main.tf
@@ -135,7 +135,7 @@ data "aws_iam_policy_document" "autoscaler" {
     condition {
       test     = "StringEquals"
       variable = "${replace(aws_iam_openid_connect_provider.self.url, "https://", "")}:sub"
-      values   = ["system:serviceaccount:kube-system:cluster-autoscaler"]
+      values   = ["system:serviceaccount:kube-system:autoscaler-aws-cluster-autoscaler"]
     }
 
     principals {

diff --git a/infra/modules/azure/aks/README.md b/infra/modules/azure/aks/README.md
@@ -22,6 +22,9 @@ No modules.
 |------|------|
 | [azurerm_kubernetes_cluster.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) | resource |
 | [azurerm_kubernetes_cluster_node_pool.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource |
+| [azurerm_log_analytics_solution.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution) | resource |
+| [azurerm_log_analytics_workspace.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
+| [azurerm_monitor_diagnostic_setting.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
 | [azurerm_role_assignment.aci-custom-route](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.aci-default-route](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_client_config.self](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
@@ -31,11 +34,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_node_pools"></a> [additional\_node\_pools](#input\_additional\_node\_pools) | n/a | <pre>map(object({<br>    auto_scaler_profile = object({<br>      enabled        = bool<br>      max_node_count = optional(number, 3)<br>      min_node_count = optional(number, 1)<br>    })<br>    node_count = optional(number, 3)<br>    node_size  = optional(string, "Standard_D2s_v3")<br>    node_os    = optional(string, "Linux")<br>    priority   = object({<br>      spot_enabled = bool<br>      spot_price   = optional(number, -1)<br>    })<br>    zones = optional(list(string), ["1", "2", "3"])<br>  }))</pre> | `{}` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of Azure Container Registry. | `string` | n/a | yes |
-| <a name="input_default_node_pool"></a> [default\_node\_pool](#input\_default\_node\_pool) | n/a | <pre>object({<br>    auto_scaler_profile = object({<br>      enabled        = bool<br>      expander       = optional(string, "random")<br>      max_node_count = optional(number, 3)<br>      min_node_count = optional(number, 1)<br>    })<br>    node_count = optional(number, 3)<br>    node_size  = string<br>    zones      = optional(list(string))<br>  })</pre> | n/a | yes |
+| <a name="input_container_insights_enabled"></a> [container\_insights\_enabled](#input\_container\_insights\_enabled) | n/a | `bool` | `false` | no |
+| <a name="input_default_node_pool"></a> [default\_node\_pool](#input\_default\_node\_pool) | n/a | <pre>object({<br>    auto_scaler_profile = object({<br>      enabled        = bool<br>      expander       = optional(string, "random")<br>      max_node_count = optional(number, 3)<br>      min_node_count = optional(number, 1)<br>    })<br>    node_count = optional(number, 3)<br>    node_size  = optional(string, "Standard_D2s_v3")<br>    zones      = optional(list(string), ["1", "2", "3"])<br>  })</pre> | n/a | yes |
 | <a name="input_identity"></a> [identity](#input\_identity) | n/a | <pre>object({<br>    assignment  = string<br>    id          = optional(string)<br>  })</pre> | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | n/a | <pre>object({<br>    virtual_network_name = string<br>    subnet_id            = string<br>    user_defined_routing = optional(bool, false)<br>    dns_service_ip       = string<br>    docker_bridge_cidr   = string<br>    plugin               = string<br>    pod_cidr             = optional(string)<br>    service_cidr         = string<br>  })</pre> | n/a | yes |
-| <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools) | n/a | <pre>map(object({<br>    auto_scaler_profile = object({<br>      enabled        = bool<br>      max_node_count = optional(number, 3)<br>      min_node_count = optional(number, 1)<br>    })<br>    node_count = optional(number, 3)<br>    node_size  = string<br>    priority   = object({<br>      spot_enabled = bool<br>      spot_price   = optional(number, -1)<br>    })<br>    subnet_name = optional(string)<br>    zones       = optional(list(string))<br>  }))</pre> | `{}` | no |
 | <a name="input_private_cluster"></a> [private\_cluster](#input\_private\_cluster) | Determine whether aks cluster will be private or public | `bool` | `true` | no |
 | <a name="input_private_zone_id"></a> [private\_zone\_id](#input\_private\_zone\_id) | ID of private DNS zone for looking up container registry private endpoint. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of Azure resource group in which DNS zone resides. | `string` | n/a | yes |