Merge pull request #188 from ClubCedille/feature/netdata

Netdata

apps/argo-apps/kustomization.yaml

@@ -6,6 +6,7 @@ kind: Kustomization
   #- ../../system/pixie/
   # Workload
 resources:
+- ../../system/netdata/
 - ../../system/crossplane/
 - ../../system/vault/
 - ../../system/grafana/

system/netdata/argo.yaml

@@ -0,0 +1,42 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: netdata
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  project: default
+  sources:
+    - repoURL: https://github.com/ClubCedille/Plateforme-Cedille
+      path: system/netdata/ressources
+      targetRevision: feature/netdata
+    - chart: netdata
+      repoURL: https://netdata.github.io/helmchart
+      targetRevision: 3.7.95
+      helm:
+        releaseName: netdata
+        valuesObject:
+          restarter:
+            enabled: true
+          parent:
+            claiming:
+              enabled: true
+            envFrom:
+            - secretRef:
+                name: netdata-claim
+          child:
+            claiming:
+              enabled: true
+            envFrom:
+            - secretRef:
+                name: netdata-claim
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: netdata
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    managedNamespaceMetadata:
+      labels:
+        pod-security.kubernetes.io/enforce: privileged

system/netdata/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- argo.yaml

system/netdata/ressources/kustomization.yml

@@ -0,0 +1,2 @@
+resources:
+  - secret.yaml

system/netdata/ressources/secret.yaml

@@ -0,0 +1,19 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: VaultSecret
+metadata:
+  name: netdata-claim
+spec:
+  vaultSecretDefinitions:
+    - authentication:
+        path: kubernetes
+        role: secret-reader
+        serviceAccount:
+          name: default
+      name: netdata
+      path: kv/data/netdata/default/netdata
+  output:
+    name: netdata-claim
+    stringData:
+      NETDATA_CLAIM_TOKEN: '{{ .netdata.token }}'
+      NETDATA_CLAIM_ROOMS: '{{ .netdata.rooms }}'
+    type: Opaque

terraform/modules/user/main.tf

@@ -32,4 +32,11 @@ resource "github_repository_file" "omni_acl" {
       }
     })
   ])
+}
+
+# Add user to netdata
+resource "netdata_space_member" "cedille_membership" {
+  email    = var.github_email
+  space_id = "de0f5b64-9300-4be4-94f3-455efa5c0358"
+  role     = var.netdata_role
 }

terraform/modules/user/providers.tf

@@ -4,5 +4,9 @@ terraform {
       source = "integrations/github"
       version = "5.42.0"
     }
+    netdata = {
+      source = "netdata/netdata"
+      version = "0.2.0"
+    }
   }
 }

terraform/modules/user/variables.tf

@@ -40,4 +40,8 @@ variable "cluster_role" {
 
 variable "cluster_repo" {
   type = string
+}
+
+variable "netdata_role" {
+  type = string
 }

terraform/providers.tf

@@ -14,6 +14,10 @@ terraform {
       source  = "integrations/github"
       version = "~> 5.0"
     }
+    netdata = {
+      source = "netdata/netdata"
+      version = "0.2.0"
+    }
   }
 
   cloud {
@@ -42,4 +46,9 @@ provider "github" {
     installation_id = var.gh_install_id # or `GITHUB_APP_INSTALLATION_ID`
     pem_file        = var.gh_pem        # or `GITHUB_APP_PEM_FILE`
   }
+}
+
+provider "netdata" {
+  url        = "https://app.netdata.cloud"
+  auth_token = var.netdata_token
 }

terraform/templates/user_module_template.jinja2

@@ -11,4 +11,5 @@ module "{{ user }}" {
   cluster_name = var.cluster_name
   cluster_role = "{{ cluster_role }}"
   cluster_repo = var.platform_repo
+  netdata_role = "observer"
 }

terraform/users.tf

@@ -11,8 +11,10 @@ module "francis" {
   cluster_name = var.cluster_name
   cluster_role = "None"
   cluster_repo = var.platform_repo
+  netdata_role = "admin"
 }
 
+
 module "cedille-sa" {
   source          = "./modules/user"
   github_email    = "[email protected]"
@@ -25,6 +27,7 @@ module "cedille-sa" {
   cluster_name = var.cluster_name
   cluster_role = "Reader"
   cluster_repo = var.platform_repo
+  netdata_role = "admin"
 }
 
 
@@ -39,4 +42,5 @@ module "andrei22131" {
   cluster_name = var.cluster_name
   cluster_role = "Operator"
   cluster_repo = var.platform_repo
+  netdata_role = "admin"
 }

terraform/variables.tf

@@ -46,4 +46,9 @@ variable "cluster_ca" {
 
 variable "cluster_name" {
   type = string
+}
+
+variable "netdata_token" {
+  type = string
+  sensitive = true
 }