[dop-2361] Update kubernetes provider to get credentials from data so…

…urce. Restore thanos settings to allow togging between being enabled or disabled. Update thanos_enabled to be false by default.
IndicoDataSolutions · Oct 29, 2024 · 3e8b490 · 3e8b490
1 parent 3ab50d3
commit 3e8b490
Show file tree

Hide file tree

Showing 7 changed files with 184 additions and 199 deletions.
diff --git a/azure/ipa.tf b/azure/ipa.tf
@@ -470,33 +470,33 @@ resource "kubernetes_config_map" "azure_dns_credentials" {
 }
 
 
-# resource "kubectl_manifest" "thanos-storage-secret" {
-#   count      = var.thanos_enabled ? 1 : 0
-#   depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
-#   yaml_body  = <<YAML
-#     apiVersion: "secrets.hashicorp.com/v1beta1"
-#     kind: "VaultStaticSecret"
-#     metadata:
-#       name:  vault-thanos-storage
-#       namespace: default
-#     spec:
-#       type: "kv-v2"
-#       namespace: default
-#       mount: customer-Indico-Devops
-#       path: thanos-storage
-#       refreshAfter: 60s
-#       rolloutRestartTargets:
-#         - name: prometheus-monitoring-kube-prometheus-prometheus
-#           kind: StatefulSet
-#       destination:
-#         annotations:
-#           reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-#           reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
-#         create: true
-#         name: thanos-storage
-#       vaultAuthRef: default
-#   YAML
-#}
+resource "kubectl_manifest" "thanos-storage-secret" {
+  count      = var.thanos_enabled ? 1 : 0
+  depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
+  yaml_body  = <<YAML
+    apiVersion: "secrets.hashicorp.com/v1beta1"
+    kind: "VaultStaticSecret"
+    metadata:
+      name:  vault-thanos-storage
+      namespace: default
+    spec:
+      type: "kv-v2"
+      namespace: default
+      mount: customer-Indico-Devops
+      path: thanos-storage
+      refreshAfter: 60s
+      rolloutRestartTargets:
+        - name: prometheus-monitoring-kube-prometheus-prometheus
+          kind: StatefulSet
+      destination:
+        annotations:
+          reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+          reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+        create: true
+        name: thanos-storage
+      vaultAuthRef: default
+  YAML
+}
 
 
 resource "kubectl_manifest" "custom-cluster-issuer" {

diff --git a/azure/main.tf b/azure/main.tf
@@ -14,7 +14,7 @@ terraform {
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = ">= 2.12.1"
+      version = ">= 2.33.0"
     }
     kubectl = {
       source = "gavinbunney/kubectl"

diff --git a/azure/monitoring.tf b/azure/monitoring.tf
@@ -10,20 +10,13 @@ ingress-nginx:
   EOT
   ) : ""
 
-  # thanos_config = var.thanos_enabled == true ? (<<EOT
-  #     thanos: # this is the one being used
-  #       blockSize: 5m
-  #       objectStorageConfig:
-  #         existingSecret:
-  #           name: thanos-storage
-  #           key: thanos_storage.yaml
-  # EOT
-  #   ) : (<<EOT
-  #     thanos: {}
-  # EOT
-  # )
   thanos_config = var.thanos_enabled == true ? (<<EOT
-      thanos: {}
+      thanos: # this is the one being used
+        blockSize: 5m
+        objectStorageConfig:
+          existingSecret:
+            name: thanos-storage
+            key: thanos_storage.yaml
   EOT
     ) : (<<EOT
       thanos: {}
@@ -77,13 +70,13 @@ EOT
       reloader.stakater.com/auto: "true"
 
     thanosServiceMonitor:
-      enabled: false #${var.thanos_enabled}
+      enabled: ${var.thanos_enabled}
 
     thanosService:
-      enabled:  false #${var.thanos_enabled}
+      enabled:  ${var.thanos_enabled}
 
     prometheusSpec:
-      disableCompaction: false #${var.thanos_enabled}
+      disableCompaction: ${var.thanos_enabled}
       externalLabels:
         clusterAccount: ${var.account}
         clusterRegion: ${var.region}
@@ -136,13 +129,13 @@ ${local.thanos_config}
       reloader.stakater.com/auto: "true"
 
     thanosServiceMonitor:
-      enabled: false #${var.thanos_enabled}
+      enabled: ${var.thanos_enabled}
 
     thanosService:
-      enabled: false #${var.thanos_enabled}
+      enabled: ${var.thanos_enabled}
     
     prometheusSpec:
-      disableCompaction: false #${var.thanos_enabled}
+      disableCompaction: ${var.thanos_enabled}
       externalLabels:
         clusterAccount: ${var.account}
         clusterRegion: ${var.region}
@@ -307,57 +300,57 @@ ${local.private_dns_config}
   ]
 }
 
-# resource "kubectl_manifest" "thanos-datasource-credentials" {
-#   count     = var.thanos_enabled ? 1 : 0
-#   provider  = kubectl.thanos-kubectl
-#   yaml_body = <<YAML
-# apiVersion: v1
-# stringData:
-#   admin-password: ${random_password.monitoring-password.result}
-# kind: Secret
-# metadata:
-#   name: ${replace(local.dns_name, ".", "-")}
-#   namespace: default
-# type: Opaque
-#   YAML
-# }
-
-# resource "kubectl_manifest" "thanos-datasource" {
-#   count      = var.thanos_enabled ? 1 : 0
-#   depends_on = [kubectl_manifest.thanos-datasource-credentials]
-#   provider   = kubectl.thanos-kubectl
-#   yaml_body  = <<YAML
-# apiVersion: grafana.integreatly.org/v1beta1
-# kind: GrafanaDatasource
-# metadata:
-#   name: ${replace(local.dns_name, ".", "-")}
-#   namespace: default
-# spec:
-#   valuesFrom:
-#     - targetPath: "secureJsonData.basicAuthPassword"
-#       valueFrom:
-#         secretKeyRef:
-#           name: ${replace(local.dns_name, ".", "-")}
-#           key: admin-password
-#   datasource:
-#     basicAuth: true
-#     basicAuthUser: monitoring
-#     editable: false
-#     access: proxy
-#     editable: true
-#     jsonData:
-#       timeInterval: 5s
-#       tlsSkipVerify: true
-#     name: ${local.dns_name}
-#     secureJsonData:
-#       basicAuthPassword: $${admin-password}
-#     type: prometheus
-#     url: https://prometheus.${local.dns_name}/prometheus
-#   instanceSelector:
-#     matchLabels:
-#       dashboards: external-grafana
-#   YAML
-# }
+resource "kubectl_manifest" "thanos-datasource-credentials" {
+  count     = var.thanos_enabled ? 1 : 0
+  provider  = kubectl.thanos-kubectl
+  yaml_body = <<YAML
+apiVersion: v1
+stringData:
+  admin-password: ${random_password.monitoring-password.result}
+kind: Secret
+metadata:
+  name: ${replace(local.dns_name, ".", "-")}
+  namespace: default
+type: Opaque
+  YAML
+}
+
+resource "kubectl_manifest" "thanos-datasource" {
+  count      = var.thanos_enabled ? 1 : 0
+  depends_on = [kubectl_manifest.thanos-datasource-credentials]
+  provider   = kubectl.thanos-kubectl
+  yaml_body  = <<YAML
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDatasource
+metadata:
+  name: ${replace(local.dns_name, ".", "-")}
+  namespace: default
+spec:
+  valuesFrom:
+    - targetPath: "secureJsonData.basicAuthPassword"
+      valueFrom:
+        secretKeyRef:
+          name: ${replace(local.dns_name, ".", "-")}
+          key: admin-password
+  datasource:
+    basicAuth: true
+    basicAuthUser: monitoring
+    editable: false
+    access: proxy
+    editable: true
+    jsonData:
+      timeInterval: 5s
+      tlsSkipVerify: true
+    name: ${local.dns_name}
+    secureJsonData:
+      basicAuthPassword: $${admin-password}
+    type: prometheus
+    url: https://prometheus.${local.dns_name}/prometheus
+  instanceSelector:
+    matchLabels:
+      dashboards: external-grafana
+  YAML
+}
 
 
 resource "helm_release" "keda-monitoring" {

diff --git a/azure/variables.tf b/azure/variables.tf
@@ -642,7 +642,7 @@ variable "thanos_cluster_name" {
 
 variable "thanos_enabled" {
   type    = bool
-  default = true
+  default = false
 }
 
 variable "harness_delegate" {

diff --git a/ipa.tf b/ipa.tf
@@ -594,33 +594,33 @@ resource "time_sleep" "wait_1_minutes_after_crds" {
   create_duration = "1m"
 }
 
-# resource "kubectl_manifest" "thanos-storage-secret" {
-#   count      = var.thanos_enabled ? 1 : 0
-#   depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
-#   yaml_body  = <<YAML
-#     apiVersion: "secrets.hashicorp.com/v1beta1"
-#     kind: "VaultStaticSecret"
-#     metadata:
-#       name:  vault-thanos-storage
-#       namespace: default
-#     spec:
-#       type: "kv-v2"
-#       namespace: default
-#       mount: customer-Indico-Devops
-#       path: thanos-storage
-#       refreshAfter: 60s
-#       rolloutRestartTargets:
-#         - name: prometheus-monitoring-kube-prometheus-prometheus
-#           kind: StatefulSet
-#       destination:
-#         annotations:
-#           reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-#           reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
-#         create: true
-#         name: thanos-storage
-#       vaultAuthRef: default
-#   YAML
-# }
+resource "kubectl_manifest" "thanos-storage-secret" {
+  count      = var.thanos_enabled ? 1 : 0
+  depends_on = [helm_release.ipa-crds, module.secrets-operator-setup]
+  yaml_body  = <<YAML
+    apiVersion: "secrets.hashicorp.com/v1beta1"
+    kind: "VaultStaticSecret"
+    metadata:
+      name:  vault-thanos-storage
+      namespace: default
+    spec:
+      type: "kv-v2"
+      namespace: default
+      mount: customer-Indico-Devops
+      path: thanos-storage
+      refreshAfter: 60s
+      rolloutRestartTargets:
+        - name: prometheus-monitoring-kube-prometheus-prometheus
+          kind: StatefulSet
+      destination:
+        annotations:
+          reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+          reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+        create: true
+        name: thanos-storage
+      vaultAuthRef: default
+  YAML
+}
 
 resource "helm_release" "ipa-pre-requisites" {
   depends_on = [