Skip to content

Commit

Permalink
TG-598 Add route metrics and healthz paths (#197)
Browse files Browse the repository at this point in the history 
* TG-598 Add route metrics and healthz paths

* TG-598 Refactor routing metrics paths

Co-authored-by: Filippo Morelli <[email protected]>
  • Loading branch information
@trottomv @filippo-20tab
trottomv and filippo-20tab authored May 26, 2022
1 parent 500a816 commit bd12123
Show file tree
Hide file tree
Showing 7 changed files with 170 additions and 7 deletions.
17 changes: 17 additions & 0 deletions {{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,23 @@ module "routing" {
monitoring_subdomain = var.monitoring_subdomain
}


/* Routing Metrics */

module "metrics" {
count = var.stack_slug == "main" ? 1 : 0

source = "../modules/kubernetes/metrics"

project_domain = var.project_domain

basic_auth_enabled = var.basic_auth_enabled
basic_auth_username = var.basic_auth_username
basic_auth_password = var.basic_auth_password

tls_secret_name = module.routing.tls_secret_name
}

/* Secrets */

resource "kubernetes_secret_v1" "regcred" {
Expand Down
102 changes: 102 additions & 0 deletions {{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/metrics/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
locals {
basic_auth_ready = alltrue(
[
var.basic_auth_enabled,
var.basic_auth_username != "",
var.basic_auth_password != ""
]
)
}

terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.9.0"
}
}
}

/* Metrics Ingress Route */

resource "kubernetes_secret_v1" "metrics_basic_auth" {
count = local.basic_auth_ready ? 1 : 0

metadata {
name = "metrics-basic-auth"
namespace = "kube-system"
}

data = {
username = var.basic_auth_username
password = var.basic_auth_password
}

type = "kubernetes.io/basic-auth"
}

resource "kubernetes_manifest" "metrics_basic_auth_middleware" {
count = local.basic_auth_ready ? 1 : 0

manifest = {
apiVersion = "traefik.containo.us/v1alpha1"
kind = "Middleware"
metadata = {
name = "metrics-basic-auth-middleware"
namespace = "kube-system"
}
spec = {
basicAuth = {
removeHeader = true
secret = kubernetes_secret_v1.metrics_basic_auth[0].metadata[0].name
}
}
}
}

resource "kubernetes_manifest" "metrics_ingress_route" {

manifest = {
apiVersion = "traefik.containo.us/v1alpha1"
kind = "IngressRoute"
metadata = {
name = "metrics-ingress-route"
namespace = "kube-system"
}
spec = merge(
{
entryPoints = var.tls_secret_name != "" ? ["websecure"] : ["web"]
routes = concat(
local.basic_auth_ready ? [
{
kind = "Rule"
match = "Host(`${var.project_domain}`) && PathPrefix(`/metrics`)"
middlewares = [{ "name" : "metrics-basic-auth-middleware" }]
services = [
{
name = "kube-state-metrics"
port = 8080
}
]
}] : [],
[{
kind = "Rule"
match = "Host(`${var.project_domain}`) && PathPrefix(`/healthz`)"
middlewares = []
services = [
{
name = "kube-state-metrics"
port = 8080
}
]
}
])
},
var.tls_secret_name != "" ? {
tls = {
secretName = var.tls_secret_name
}
} : {}
)
}
}
23 changes: 23 additions & 0 deletions ...kiecutter.project_dirname}}/terraform/environment/modules/kubernetes/metrics/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
variable "basic_auth_password" {
description = "The basic_auth password."
type = string
sensitive = true
default = ""
}

variable "basic_auth_username" {
description = "The basic_auth username."
type = string
default = ""
}

variable "project_domain" {
description = "The project domain."
type = string
}

variable "tls_secret_name" {
description = "The tls secret name"
type = string
default = ""
}
16 changes: 9 additions & 7 deletions {{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
basic_auth_enabled = alltrue(
basic_auth_ready = alltrue(
[
var.basic_auth_enabled,
var.basic_auth_username != "",
Expand All @@ -12,11 +12,13 @@ locals {

traefik_hosts = join(", ", [for i in local.domains : "`${i}`"])

base_middlewares = local.basic_auth_enabled ? [{ "name" : "traefik-basic-auth-middleware" }] : []
base_middlewares = local.basic_auth_ready ? [{ "name" : "traefik-basic-auth-middleware" }] : []

letsencrypt_enabled = var.letsencrypt_certificate_email != ""
manual_certificate_enabled = var.tls_certificate_crt != "" && var.tls_certificate_key != ""
tls_enabled = local.manual_certificate_enabled || local.letsencrypt_enabled

tls_secret_name = local.tls_enabled ? "tls-certificate" : ""
}

terraform {
Expand All @@ -31,7 +33,7 @@ terraform {
/* Basic Auth */

resource "kubernetes_secret_v1" "traefik_basic_auth" {
count = local.basic_auth_enabled ? 1 : 0
count = local.basic_auth_ready ? 1 : 0

metadata {
name = "basic-auth"
Expand All @@ -47,7 +49,7 @@ resource "kubernetes_secret_v1" "traefik_basic_auth" {
}

resource "kubernetes_manifest" "traefik_basic_auth_middleware" {
count = local.basic_auth_enabled ? 1 : 0
count = local.basic_auth_ready ? 1 : 0

manifest = {
"apiVersion" = "traefik.containo.us/v1alpha1"
Expand Down Expand Up @@ -92,7 +94,7 @@ resource "kubernetes_secret_v1" "tls" {
count = local.manual_certificate_enabled ? 1 : 0

metadata {
name = "tls-certificate"
name = local.tls_secret_name
namespace = var.namespace
}

Expand Down Expand Up @@ -148,7 +150,7 @@ resource "kubernetes_manifest" "certificate" {
namespace = var.namespace
}
spec = {
secretName = "tls-certificate"
secretName = local.tls_secret_name
issuerRef = {
name = "letsencrypt"
kind = "Issuer"
Expand Down Expand Up @@ -225,7 +227,7 @@ resource "kubernetes_manifest" "traefik_ingress_route" {
},
local.tls_enabled ? {
tls = {
secretName = "tls-certificate"
secretName = local.tls_secret_name
}
} : {}
)
Expand Down
4 changes: 4 additions & 0 deletions {{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "tls_secret_name" {
description = "The name of the TLS certificate Kubernetes secret."
value = local.tls_secret_name
}
14 changes: 14 additions & 0 deletions {{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,20 @@ module "routing" {
monitoring_subdomain = var.monitoring_subdomain
}

/* Metrics */

module "metrics" {
count = var.stack_slug == "main" ? 1 : 0

source = "../modules/kubernetes/metrics"

project_domain = var.project_domain

basic_auth_enabled = var.basic_auth_enabled
basic_auth_username = var.basic_auth_username
basic_auth_password = var.basic_auth_password
}

/* Secrets */

resource "kubernetes_secret_v1" "regcred" {
Expand Down
1 change: 1 addition & 0 deletions {{cookiecutter.project_dirname}}/terraform/environment/vars/.tfvars
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{% if "environment" in cookiecutter.tfvars %}{% for item in cookiecutter.tfvars.environment|sort %}{{ item }}
{% endfor %}{% endif %}# database_connection_pool_size=1
# database_dumps_enabled=true
# basic_auth_enabled=false
# backend_service_extra_traefik_middlewares=[]
# frontend_service_extra_traefik_middlewares=[]

0 comments on commit bd12123

Please sign in to comment.