jlengrand/engine
1
0
Fork 0
mirror of https://github.com/jlengrand/engine.git synced 2026-03-10 08:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: adding cloudwatch

Browse Source
This commit is contained in:
Pierre Mavro
2020-11-17 09:04:33 +01:00
committed by Pierre Mavro
parent 113c9e99e3
commit f1d16c9287
2 changed files with 107 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/aws/bootstrap/chart_values/grafana.j2.yaml
View File

@@ -310,23 +310,15 @@ plugins: []
## Configure grafana datasources
## ref: http://docs.grafana.org/administration/provisioning/#datasources
##
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: "http://prometheus-operator-prometheus:9090"
access: proxy
isDefault: true
- name: PromLoki
type: prometheus
url: "http://loki.logging.svc:3100/loki"
access: proxy
isDefault: false
- name: Loki
type: loki
url: "http://loki.logging.svc:3100"
datasources: {}
# datasources.yaml:
# apiVersion: 1
# datasources:
# - name: Prometheus
# type: prometheus
# url: http://prometheus-prometheus-server
# access: proxy
# isDefault: true
## Configure notifiers
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels

99
lib/aws/bootstrap/helm-grafana.tf
View File

@@ -1,3 +1,97 @@
resource "aws_iam_user" "iam_grafana_cloudwatch" {
name = "qovery-cloudwatch-${var.eks_cluster_id}"
}
resource "aws_iam_access_key" "iam_grafana_cloudwatch" {
user = aws_iam_user.iam_grafana_cloudwatch.name
}
resource "aws_iam_policy" "grafana_cloudwatch_policy" {
name = aws_iam_user.iam_grafana_cloudwatch.name
description = "Policy for K8s API/Scheduler logs visualisation from Cloudwatch"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadingMetricsFromCloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData"
],
"Resource": "*"
},
{
"Sid": "AllowReadingLogsFromCloudWatch",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:GetLogGroupFields",
"logs:StartQuery",
"logs:StopQuery",
"logs:GetQueryResults",
"logs:GetLogEvents"
],
"Resource": "*"
},
{
"Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
},
{
"Sid": "AllowReadingResourcesForTags",
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}
POLICY
}
resource "aws_iam_user_policy_attachment" "grafana_cloudwatch_attachment" {
user = aws_iam_user.iam_grafana_cloudwatch.name
policy_arn = aws_iam_policy.grafana_cloudwatch_policy.arn
}
locals {
cloudflare_datasources = <<DATASOURCES
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: "http://prometheus-operator-prometheus:9090"
access: proxy
isDefault: true
- name: PromLoki
type: prometheus
url: "http://${helm_release.loki.name}.${helm_release.loki.namespace}.svc:3100/loki"
access: proxy
isDefault: false
- name: Loki
type: loki
url: "http://${helm_release.loki.name}.${helm_release.loki.namespace}.svc:3100"
- name: Cloudwatch
type: cloudwatch
jsonData:
authType: keys
defaultRegion: ${var.region}
secureJsonData:
accessKey: '${aws_iam_access_key.iam_grafana_cloudwatch.id}'
secretKey: '${aws_iam_access_key.iam_grafana_cloudwatch.secret}'
DATASOURCES
}
resource "helm_release" "grafana" {
name = "grafana"
chart = "common/charts/grafana"
@@ -5,7 +99,10 @@ resource "helm_release" "grafana" {
atomic = true
max_history = 50
values = [file("chart_values/grafana.yaml")]
values = [
file("chart_values/grafana.yaml"),
local.cloudflare_datasources,
]
// make a fake arg to avoid TF to validate update on failure because of the atomic option
set {