Browse Source

feat: Intial release of version

Contains the deployment, service, service account, cluster role and
cluster role binding
tags/0.1.0
parent
commit
77c29e6d22
Signed by untrusted user: christophe.vkerchove <christophe.vkerchove@fxinnovation.com> GPG Key ID: FC22F2DA87F093F1
14 changed files with 781 additions and 3 deletions
  1. +0
    -1
      .gitignore
  2. +14
    -0
      .pre-commit-config.yaml
  3. +2
    -0
      AUTHORS
  4. +6
    -0
      CHANGELOG.md
  5. +28
    -0
      Jenkinsfile
  6. +1
    -1
      LICENSE
  7. +54
    -1
      README.md
  8. +91
    -0
      examples/default/deploy.tf
  9. +55
    -0
      examples/default/outputs.tf
  10. +15
    -0
      examples/default/variables.tf
  11. +319
    -0
      main.tf
  12. +34
    -0
      outputs.tf
  13. +154
    -0
      variables.tf
  14. +8
    -0
      versions.tf

+ 0
- 1
.gitignore View File

@@ -25,4 +25,3 @@ override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf


+ 14
- 0
.pre-commit-config.yaml View File

@@ -0,0 +1,14 @@
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.25.0
hooks:
- id: terraform_fmt
- id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.5.0
hooks:
- id: check-merge-conflict
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-added-large-files
- id: detect-private-key

+ 2
- 0
AUTHORS View File

@@ -0,0 +1,2 @@
Christophe van de Kerchove <christophe.vkerchove@fxinnovation.com>
FXinnovation Public <>

+ 6
- 0
CHANGELOG.md View File

@@ -0,0 +1,6 @@

0.1.0 / 2020-02-19
==================

* feat: Intial release of version
* Initial commit

+ 28
- 0
Jenkinsfile View File

@@ -0,0 +1,28 @@
withCredentials(
[
usernamePassword(
credentialsId: 'azure-fxinnovation-application',
passwordVariable: 'client_secret',
usernameVariable: 'client_id'
),
]
){
fxTerraformWithUsernamePassword(
testEnvironmentCredentialId: 'azure-fxinnovation-application',
publishEnvironmentCredentialId: 'azure-fxinnovation-application',
providerUsernameVariableName: 'client_id',
providerPasswordVariableName: 'client_secret',
initSSHCredentialId: 'gitea-fx_administrator-key',
testPlanVars: [
"'subscription_id=e469a261-e6fc-4363-94f1-3d8cdb259ec7'",
"'tenant_id=219647b6-1ea6-409d-b9cc-0893cb535884'",
],
publishPlanVars: [
"'subscription_id=e469a261-e6fc-4363-94f1-3d8cdb259ec7'",
"'tenant_id=219647b6-1ea6-409d-b9cc-0893cb535884'",
],
inspecTarget: 'azure',
inspecSubscriptionId: 'e469a261-e6fc-4363-94f1-3d8cdb259ec7',
inspecTenantId: '219647b6-1ea6-409d-b9cc-0893cb535884'
)
}

+ 1
- 1
LICENSE View File

@@ -1,6 +1,6 @@
MIT License

Copyright (c) <year> <copyright holders>
Copyright (c) 2020 FXinnovation Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal


+ 54
- 1
README.md View File

@@ -1,3 +1,56 @@
# terraform-module-kubernetes-kube-state-metrics

Terraform module that will deploy kube-state-metrics on kubernetes.
Terraform module that will deploy kube-state-metrics on kubernetes.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Providers

| Name | Version |
|------|---------|
| kubernetes | >= 1.10.0 |
| random | >= 2.0.0 |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:-----:|
| annotations | Additionnal annotations that will be merged on all resources. | `map` | `{}` | no |
| cluster\_role\_annotations | Additionnal annotations that will be merged for the cluster\_role. | `map` | `{}` | no |
| cluster\_role\_binding\_annotations | Additionnal annotations that will be merged for the cluster\_role\_binding. | `map` | `{}` | no |
| cluster\_role\_binding\_labels | Additionnal labels that will be merged for the cluster\_role\_binding. | `map` | `{}` | no |
| cluster\_role\_binding\_name | Name of the cluster\_role\_binding that will be create | `string` | `"kube-state-metrics"` | no |
| cluster\_role\_labels | Additionnal labels that will be merged for the cluster\_role. | `map` | `{}` | no |
| cluster\_role\_name | Name of the cluster\_role that will be create | `string` | `"kube-state-metrics"` | no |
| deployment\_annotations | Additionnal annotations that will be merged on the deployment. | `map` | `{}` | no |
| deployment\_labels | Additionnal labels that will be merged on the deployment. | `map` | `{}` | no |
| deployment\_name | Name of the deployment that will be create. | `string` | `"kube-state-metrics"` | no |
| deployment\_service\_account\_name | Only if `rbac_enabled` is false, name of the service account to be used by the container. | `string` | n/a | yes |
| enabled | Whether or not to enable this module. | `bool` | `true` | no |
| image\_name | Name of the docker image to use. | `string` | `"quay.io/coreos/kube-state-metrics"` | no |
| image\_pull\_policy | Image pull policy on the main container. | `string` | `"IfNotPresent"` | no |
| image\_version | Tag of the docker image to use. | `string` | `"v1.6.0"` | no |
| labels | Additionnal labels that will be merged on all resources. | `map` | `{}` | no |
| namespace | Namespace in which the module will be deployed. | `string` | `"kube-system"` | no |
| rbac\_enabled | Whether or not to enabled rbac on the module. | `bool` | `true` | no |
| replicas | Number of replicas to deploy. | `number` | `1` | no |
| service\_account\_annotations | Additionnal annotations that will be merged for the service\_account. | `map` | `{}` | no |
| service\_account\_automount\_service\_account\_token | Whether or not to automatically mount the service account token for the service account. | `bool` | `false` | no |
| service\_account\_labels | Additionnal labels that will be merged for the service\_account. | `map` | `{}` | no |
| service\_account\_name | Name of the service\_account that will be create | `string` | `"kube-state-metrics"` | no |
| service\_annotations | Additionnal annotations that will be merged for the service. | `map` | `{}` | no |
| service\_labels | Additionnal labels that will be merged for the service. | `map` | `{}` | no |
| service\_name | Name of the service that will be create | `string` | `"kube-state-metrics"` | no |

## Outputs

| Name | Description |
|------|-------------|
| cluster\_role\_binding\_name | Name of the cluster\_role\_binding created by the module. |
| cluster\_role\_name | Name of the cluster\_role created by the module. |
| deployment\_name | Name of the deployment created by the module. |
| service\_account\_name | Name of the service\_account created by the module. |
| service\_name | Name of the service created by the module. |
| service\_port | Port to be used to access the service. |
| service\_port\_name | Name of the port to be used to access the service. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

+ 91
- 0
examples/default/deploy.tf View File

@@ -0,0 +1,91 @@
#####
# Providers
#####

provider "azurerm" {
version = "1.28.0"
client_id = var.client_id
client_secret = var.client_secret
subscription_id = var.subscription_id
tenant_id = var.tenant_id
}

provider "random" {
version = "~> 2"
}

provider "kubernetes" {
version = "1.10.0"
host = data.azurerm_kubernetes_cluster.this.kube_config.0.host
username = data.azurerm_kubernetes_cluster.this.kube_config.0.username
password = data.azurerm_kubernetes_cluster.this.kube_config.0.password
client_certificate = base64decode(data.azurerm_kubernetes_cluster.this.kube_config.0.client_certificate)
client_key = base64decode(data.azurerm_kubernetes_cluster.this.kube_config.0.client_key)
cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
load_config_file = false
}

#####
# Randoms
#####

resource "random_string" "default" {
upper = false
number = false
special = false
length = 8
}

resource "random_string" "disabled" {
upper = false
number = false
special = false
length = 8
}

#####
# Datasources
#####

data "azurerm_kubernetes_cluster" "this" {
name = "prometheusplusplus-stg0"
resource_group_name = "prometheusplusplus-stg0"
}

#####
# Context
#####

resource "kubernetes_namespace" "default" {
metadata {
name = random_string.default.result
}
}

resource "kubernetes_namespace" "disabled" {
metadata {
name = random_string.disabled.result
}
}

#####
# default example
#####

module "default" {
source = "../.."

namespace = kubernetes_namespace.default.metadata.0.name
}

#####
# disabled example
#####

module "disabled" {
source = "../.."

enabled = false

namespace = kubernetes_namespace.disabled.metadata.0.name
}

+ 55
- 0
examples/default/outputs.tf View File

@@ -0,0 +1,55 @@
output "default_deployment_name" {
value = module.default.deployment_name
}

output "default_service_name" {
value = module.default.service_name
}

output "default_service_port" {
value = module.default.service_port
}

output "default_service_port_name" {
value = module.default.service_port_name
}

output "default_service_account_name" {
value = module.default.service_account_name
}

output "default_cluster_role_name" {
value = module.default.cluster_role_name
}

output "default_cluster_role_binding_name" {
value = module.default.cluster_role_binding_name
}

output "disabled_deployment_name" {
value = module.disabled.deployment_name
}

output "disabled_service_name" {
value = module.disabled.service_name
}

output "disabled_service_port" {
value = module.disabled.service_port
}

output "disabled_service_port_name" {
value = module.disabled.service_port_name
}

output "disabled_service_account_name" {
value = module.disabled.service_account_name
}

output "disabled_cluster_role_name" {
value = module.disabled.cluster_role_name
}

output "disabled_cluster_role_binding_name" {
value = module.disabled.cluster_role_binding_name
}

+ 15
- 0
examples/default/variables.tf View File

@@ -0,0 +1,15 @@
variable "client_id" {
type = string
}

variable "client_secret" {
type = string
}

variable "subscription_id" {
type = string
}

variable "tenant_id" {
type = string
}

+ 319
- 0
main.tf View File

@@ -0,0 +1,319 @@
#####
# Locals
#####

locals {
labels = {
"app.kubernetes.io/version" = var.image_version
"app.kubernetes.io/component" = "exporter"
"app.kubernetes.io/part-of" = "monitoring"
"app.kubernetes.io/managed-by" = "terraform"
"app.kubernetes.io/name" = "kube-state-metrics"
}
port = 8080
service_port = 80
service_port_name = "http"
}

#####
# Randoms
#####

resource "random_string" "selector" {
special = false
upper = false
number = false
length = 8
}

#####
# Deployment
#####

resource "kubernetes_deployment" "this" {
count = var.enabled ? 1 : 0

metadata {
name = var.deployment_name
namespace = var.namespace
annotations = merge(
var.annotations,
var.deployment_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.deployment_name
},
local.labels,
var.labels,
var.deployment_labels
)
}

spec {
replicas = 1

selector {
match_labels = {
app = "kube-state-metrics"
random = random_string.selector.result
}
}
template {
metadata {
annotations = merge(
var.annotations,
var.deployment_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.deployment_name
app = "kube-state-metrics"
random = random_string.selector.result
},
local.labels,
var.labels,
var.deployment_labels
)
}
spec {
automount_service_account_token = true
service_account_name = var.rbac_enabled ? element(concat(kubernetes_service_account.this.*.metadata.0.name, list("")), 0) : var.deployment_service_account_name
container {
name = "kube-state-metrics"
image = "${var.image_name}:${var.image_version}"
image_pull_policy = var.image_pull_policy

readiness_probe {
http_get {
path = "/"
port = local.port
scheme = "HTTP"
}

timeout_seconds = 5
period_seconds = 5
success_threshold = 1
failure_threshold = 35
}

liveness_probe {
http_get {
path = "/"
port = local.port
scheme = "HTTP"
}

timeout_seconds = 5
period_seconds = 10
success_threshold = 1
failure_threshold = 3
}

port {
name = "metrics"
container_port = local.port
protocol = "TCP"
}

resources {
requests {
memory = "16Mi"
cpu = "10m"
}
limits {
memory = "128Mi"
cpu = "50m"
}
}
}
}
}
}
}

#####
# Service
#####

resource "kubernetes_service" "this" {
count = var.enabled ? 1 : 0

metadata {
name = var.service_name
namespace = var.namespace
annotations = merge(
{
"prometheus.io/scrape" = "true"
},
var.annotations,
var.service_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.service_name
},
local.labels,
var.labels,
var.service_labels
)
}

spec {
selector = {
random = random_string.selector.result
app = "kube-state-metrics"
}
type = "ClusterIP"
port {
port = local.service_port
target_port = "metrics"
protocol = "TCP"
name = local.service_port_name
}
}
}

#####
# Service Account
#####

resource "kubernetes_service_account" "this" {
count = var.enabled && var.rbac_enabled ? 1 : 0

automount_service_account_token = var.service_account_automount_service_account_token

metadata {
name = var.service_account_name
namespace = var.namespace
annotations = merge(
var.annotations,
var.service_account_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.service_account_name
},
local.labels,
var.labels,
var.service_account_labels
)
}

}

#####
# Cluster Role
#####

resource "kubernetes_cluster_role" "this" {
count = var.enabled && var.rbac_enabled ? 1 : 0

metadata {
name = var.cluster_role_name
annotations = merge(
var.annotations,
var.cluster_role_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.cluster_role_name
},
local.labels,
var.labels,
var.cluster_role_labels
)
}

rule {
api_groups = [""]
resources = [
"namespaces",
"nodes",
"persistentvolumeclaims",
"pods",
"services",
"resourcequotas",
"replicationcontrollers",
"limitranges",
"persistentvolumeclaims",
"persistentvolumes",
"endpoints",
"secrets",
"configmaps",
]
verbs = ["list", "watch"]
}

rule {
api_groups = ["extensions"]
resources = ["daemonsets", "deployments", "ingresses", "replicasets"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["apps"]
resources = ["daemonsets", "deployments", "statefulsets"]
verbs = ["get", "list", "watch"]
}

rule {
api_groups = ["batch"]
resources = ["conjobs", "job"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["autoscaling"]
resources = ["horizontalpodautoscalers"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["policy"]
resources = ["poddisruptionbudgets"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["certificates.k8s.io"]
resources = ["certificatesigningrequests"]
verbs = ["list", "watch"]
}
}

#####
# Cluster Rolebinding
#####

resource "kubernetes_cluster_role_binding" "this" {
count = var.enabled && var.rbac_enabled ? 1 : 0

metadata {
name = var.cluster_role_binding_name
annotations = merge(
var.annotations,
var.cluster_role_binding_annotations
)
labels = merge(
{
"app.kubernetes.io/instance" = var.cluster_role_binding_name
},
local.labels,
var.labels,
var.cluster_role_binding_labels
)
}

role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = element(concat(kubernetes_cluster_role.this.*.metadata.0.name, list("")), 0)
}

subject {
kind = "ServiceAccount"
name = element(concat(kubernetes_service_account.this.*.metadata.0.name, list("")), 0)
namespace = var.namespace
}
}

+ 34
- 0
outputs.tf View File

@@ -0,0 +1,34 @@
output "deployment_name" {
description = "Name of the deployment created by the module."
value = element(concat(kubernetes_deployment.this.*.metadata.0.name, [""]), 0)
}

output "service_name" {
description = "Name of the service created by the module."
value = element(concat(kubernetes_service.this.*.metadata.0.name, [""]), 0)
}

output "service_port" {
description = "Port to be used to access the service."
value = var.enabled ? local.service_port : ""
}

output "service_port_name" {
description = "Name of the port to be used to access the service."
value = var.enabled ? local.service_port_name : ""
}

output "service_account_name" {
description = "Name of the service_account created by the module."
value = element(concat(kubernetes_service_account.this.*.metadata.0.name, [""]), 0)
}

output "cluster_role_name" {
description = "Name of the cluster_role created by the module."
value = element(concat(kubernetes_cluster_role.this.*.metadata.0.name, [""]), 0)
}

output "cluster_role_binding_name" {
description = "Name of the cluster_role_binding created by the module."
value = element(concat(kubernetes_cluster_role_binding.this.*.metadata.0.name, [""]), 0)
}

+ 154
- 0
variables.tf View File

@@ -0,0 +1,154 @@
#####
# Global
#####

variable "annotations" {
description = "Additionnal annotations that will be merged on all resources."
default = {}
}

variable "enabled" {
description = "Whether or not to enable this module."
default = true
}

variable "labels" {
description = "Additionnal labels that will be merged on all resources."
default = {}
}

variable "namespace" {
description = "Namespace in which the module will be deployed."
default = "kube-system"
}

variable "rbac_enabled" {
description = "Whether or not to enabled rbac on the module."
default = true
}

#####
# Deployment
#####

variable "deployment_annotations" {
description = "Additionnal annotations that will be merged on the deployment."
default = {}
}

variable "deployment_labels" {
description = "Additionnal labels that will be merged on the deployment."
default = {}
}

variable "deployment_name" {
description = "Name of the deployment that will be create."
default = "kube-state-metrics"
}

variable "deployment_service_account_name" {
description = "Only if `rbac_enabled` is false, name of the service account to be used by the container."
default = null
type = string
}

variable "image_name" {
description = "Name of the docker image to use."
default = "quay.io/coreos/kube-state-metrics"
}

variable "image_pull_policy" {
description = "Image pull policy on the main container."
default = "IfNotPresent"
}

variable "image_version" {
description = "Tag of the docker image to use."
default = "v1.6.0"
}

variable "replicas" {
description = "Number of replicas to deploy."
default = 1
}

#####
# Service
#####

variable "service_annotations" {
description = "Additionnal annotations that will be merged for the service."
default = {}
}

variable "service_labels" {
description = "Additionnal labels that will be merged for the service."
default = {}
}

variable "service_name" {
description = "Name of the service that will be create"
default = "kube-state-metrics"
}

#####
# Service Account
#####

variable "service_account_annotations" {
description = "Additionnal annotations that will be merged for the service_account."
default = {}
}

variable "service_account_automount_service_account_token" {
description = "Whether or not to automatically mount the service account token for the service account."
default = false
}

variable "service_account_labels" {
description = "Additionnal labels that will be merged for the service_account."
default = {}
}

variable "service_account_name" {
description = "Name of the service_account that will be create"
default = "kube-state-metrics"
}

#####
# Cluster Role
#####

variable "cluster_role_annotations" {
description = "Additionnal annotations that will be merged for the cluster_role."
default = {}
}

variable "cluster_role_labels" {
description = "Additionnal labels that will be merged for the cluster_role."
default = {}
}

variable "cluster_role_name" {
description = "Name of the cluster_role that will be create"
default = "kube-state-metrics"
}

#####
# Cluster Role Binding
#####

variable "cluster_role_binding_annotations" {
description = "Additionnal annotations that will be merged for the cluster_role_binding."
default = {}
}

variable "cluster_role_binding_labels" {
description = "Additionnal labels that will be merged for the cluster_role_binding."
default = {}
}

variable "cluster_role_binding_name" {
description = "Name of the cluster_role_binding that will be create"
default = "kube-state-metrics"
}

+ 8
- 0
versions.tf View File

@@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.12"

required_providers {
kubernetes = ">= 1.10.0"
random = ">= 2.0.0"
}
}

Loading…
Cancel
Save