From 45e768237e44534a9ce56e035bbcb0a742e0a8b7 Mon Sep 17 00:00:00 2001 From: Paritosh Paliwal Date: Wed, 29 Nov 2023 16:49:20 +0530 Subject: [PATCH] V3.2.0 release (#57) V3.2.0 release. --- .gitignore | 7 +- CHANGELOG.md | 11 ++ charts/logan/Chart.yaml | 2 +- charts/logan/README.md | 4 +- charts/logan/templates/logs-configmap.yaml | 22 --- charts/logan/templates/objects-configmap.yaml | 1 - charts/logan/values.yaml | 12 +- charts/oci-onm/Chart.yaml | 4 +- charts/oci-onm/README.md | 2 +- charts/oci-onm/values.yaml | 2 +- terraform/modules/helm/helm.tf | 50 +++--- terraform/modules/helm/inputs.tf | 37 +++-- terraform/modules/helm/outputs.tf | 4 + terraform/modules/iam/iam.tf | 3 +- terraform/modules/iam/inputs.tf | 3 +- terraform/modules/iam/outputs.tf | 10 ++ terraform/modules/livelab/inputs.tf | 7 + terraform/modules/livelab/livelab.tf | 13 ++ terraform/modules/livelab/outputs.tf | 10 ++ terraform/modules/livelab/provider.tf | 13 ++ terraform/modules/logan/inputs.tf | 2 +- terraform/modules/logan/logAnalytics.tf | 2 +- terraform/modules/mgmt_agent/agent.tf | 5 + terraform/modules/mgmt_agent/inputs.tf | 2 +- terraform/oke/datasources.tf | 8 +- terraform/oke/debug-inputs.tf | 27 ---- terraform/oke/developer-options.tf | 63 ++++++++ terraform/oke/inputs.tf | 40 +++-- .../oke/{livelab.tf => livelab_switch.tf} | 0 terraform/oke/main.tf | 95 +++++++----- terraform/oke/outputs.tf | 95 ++++++++++++ terraform/oke/providers.tf | 2 +- terraform/oke/schema.yaml | 126 +++++++-------- terraform/oke/terraform-sample.tfvars | 15 +- util/build_stack.sh | 144 +++++++++++------- 35 files changed, 553 insertions(+), 290 deletions(-) create mode 100644 terraform/modules/helm/outputs.tf create mode 100644 terraform/modules/iam/outputs.tf create mode 100644 terraform/modules/livelab/inputs.tf create mode 100644 terraform/modules/livelab/livelab.tf create mode 100644 terraform/modules/livelab/outputs.tf create mode 100644 terraform/modules/livelab/provider.tf delete mode 100644 terraform/oke/debug-inputs.tf create mode 100644 terraform/oke/developer-options.tf rename terraform/oke/{livelab.tf => livelab_switch.tf} (100%) diff --git a/.gitignore b/.gitignore index 3e6dd831..9096408b 100644 --- a/.gitignore +++ b/.gitignore @@ -58,8 +58,9 @@ terraform.rc logan/util/* # helm-chart -charts/oci-onm/Chart.lock -charts/oci-onm/charts/ +charts/tests/ +charts/**/Chart.lock +charts/**/charts/ # zip artifacts -releases/ \ No newline at end of file +releases/ diff --git a/CHANGELOG.md b/CHANGELOG.md index ae42b61e..a42d2c19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Change Log +## 2023-11-30 +### Added +- Added resources information that got created through RM Stack to Stack output. +- Added new auto created policy for Kubernetes Objects discovery (for future release(s) use). +- Added new helm variable for cluster's EntityId (ociLAClusterEntityID) (for future release(s) use). +### Changed +- RM Stack is changed to use remote [helm repo](https://oracle-quickstart.github.io/oci-kubernetes-monitoring), instead of a local copy of helm chart source. +- RM Stack is modified to skip recreation of Management Agent Key if the Key already created by Stack. +### Breaking Changes +- Removed ociLAEntityID input variable of Logan chart. This was an optional and its use-case was not defined so far. Hence, it shouldn't be a breaking change in general but still documenting for the reference. + ## 2023-11-07 ### Added - Control Plane Logs Collection for OCNE and Standalone Kubernetes Clusters. diff --git a/charts/logan/Chart.yaml b/charts/logan/Chart.yaml index 2ab2a835..af82bea2 100644 --- a/charts/logan/Chart.yaml +++ b/charts/logan/Chart.yaml @@ -5,7 +5,7 @@ apiVersion: v2 name: oci-onm-logan description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics. type: application -version: 3.1.1 +version: 3.2.0 appVersion: "3.0.0" dependencies: diff --git a/charts/logan/README.md b/charts/logan/README.md index 6e1d6f3b..ee4fb891 100644 --- a/charts/logan/README.md +++ b/charts/logan/README.md @@ -15,7 +15,7 @@ Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Object | Key | Type | Default | Description | |-----|------|---------|-------------| | authtype | string | `"InstancePrincipal"` | Allowed values: InstancePrincipal, config | -| extraEnv | list | `[]` | Logging Analytics OCID for OKE Cluster ociLAEntityID: Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. Key must be a valid field in Logging Analytics metadata: "Client Host Region": "PCT" "Environment": "Production" "Third key": "Third Value" @param extra environment variables. Example name: ENV_VARIABLE_NAME value: ENV_VARIABLE_VALUE | +| extraEnv | list | `[]` | Use this to tag all the collected logs with one or more key:value pairs. Key must be a valid field in Logging Analytics metadata: "Client Host Region": "PCT" "Environment": "Production" "Third key": "Third Value" @param extra environment variables. Example name: ENV_VARIABLE_NAME value: ENV_VARIABLE_VALUE | | extraVolumeMounts | list | `[]` | @param extraVolumeMounts Mount extra volume(s). Example: - name: tmpDir mountPath: /tmp | | extraVolumes | list | `[]` | @param extraVolumes Extra volumes. Example: - name: tmpDir hostPath: path: /tmp log | | fluentd.baseDir | string | `"/var/log"` | Base directory on the node (with read write permission) for storing fluentd plugins related data. | @@ -60,7 +60,7 @@ Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Object | global.resourceNamePrefix | string | `"oci-onm"` | Resource names prefix used, where allowed. | | image.imagePullPolicy | string | `"Always"` | Image pull policy | | image.imagePullSecrets | string | `nil` | | -| image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | Replace this value with actual docker image url | +| image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.1.0"` | Replace this value with actual docker image url | | kubernetesClusterID | string | `nil` | OKE Cluster OCID e.g. ocid1.cluster.oc1.phx.aaaaaaaahhbadf3rxa62faaeixanvr7vftmkg6hupycbf4qszctf2wbmqqxq | | kubernetesClusterName | string | `nil` | Kubernetes Cluster name. Need not be the OKE Cluster display name. e.g. production-cluster | | namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace for deploying monitoring resources deployed by this chart. | diff --git a/charts/logan/templates/logs-configmap.yaml b/charts/logan/templates/logs-configmap.yaml index d84e07a5..0fc7e608 100644 --- a/charts/logan/templates/logs-configmap.yaml +++ b/charts/logan/templates/logs-configmap.yaml @@ -102,11 +102,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.kubernetesSystem.logs.%s.ociLALogSourceName is required" $name) }}" - {{- if $logDefinition.ociLAEntityID }} - oci_la_entity_id "{{ $logDefinition.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.kubernetesSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $logDefinition.ociLALogSet }} oci_la_log_set "{{ $logDefinition.ociLALogSet }}" {{- else }} @@ -207,11 +202,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.linuxSystem.logs.%s.ociLALogSourceName is required" $name) }}" - {{- if $logDefinition.ociLAEntityID }} - oci_la_entity_id "{{ $logDefinition.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $logDefinition.ociLALogSet }} oci_la_log_set "{{ $logDefinition.ociLALogSet }}" {{- else }} @@ -296,11 +286,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ required "fluentd.linuxSystem.logs.kubeletlog.ociLALogSourceName is required" $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSourceName }}" - {{- if $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLAEntityID }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSet }} oci_la_log_set "{{ $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSet }}" {{- else }} @@ -331,11 +316,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ required "fluentd.linuxSystem.logs.syslog.ociLALogSourceName is required" $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSourceName }}" - {{- if $.Values.fluentd.linuxSystem.logs.syslog.ociLAEntityID }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.logs.syslog.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSet }} oci_la_log_set "{{ $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSet }}" {{- else }} @@ -410,7 +390,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.customLogs.%s.ociLALogSourceName is required" $name) }}" - oci_la_entity_id "{{ $logDefinition.ociLAEntityID | default $.Values.ociLAEntityID }}" oci_la_log_set "{{ $logDefinition.ociLALogSet | default $.Values.ociLALogSet }}" {{- if and (ne "false" ($logDefinition.isContainerLog | toString)) (eq $runtime "docker") }} message "${record['log']}" @@ -517,7 +496,6 @@ data: oci_la_log_group_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogGroupID | default $.Values.ociLALogGroupID }}"} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogSourceName | default "Kubernetes Container Generic Logs" }}"} - oci_la_entity_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") : "{{ $.Values.fluentd.genericContainerLogs.ociLAEntityID | default $.Values.ociLAEntityID }}"} oci_la_log_set ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogSet | default $.Values.ociLALogSet }}"} {{- if eq $runtime "docker" }} message "${record['log']}" diff --git a/charts/logan/templates/objects-configmap.yaml b/charts/logan/templates/objects-configmap.yaml index 91687cb7..c4836a0d 100644 --- a/charts/logan/templates/objects-configmap.yaml +++ b/charts/logan/templates/objects-configmap.yaml @@ -100,7 +100,6 @@ data: oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := .Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} {{- end }} oci_la_log_group_id "{{ .Values.fluentd.kubernetesObjects.ociLALogGroupID | default .Values.ociLALogGroupID }}" - oci_la_entity_id "{{ .Values.fluentd.kubernetesObjects.ociLAEntityID | default .Values.ociLAEntityID }}" oci_la_log_set "{{ .Values.fluentd.kubernetesObjects.ociLALogSet | default .Values.ociLALogSet }}" oci_la_log_path ${tag} oci_la_log_source_name "Kubernetes Object Logs" diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml index 65640827..c6f3dc72 100644 --- a/charts/logan/values.yaml +++ b/charts/logan/values.yaml @@ -67,14 +67,15 @@ kubernetesClusterID: # e.g. production-cluster kubernetesClusterName: +# -- Kubernetes Cluster Entity OCID. +# e.g. ocid1.loganalyticsentity.oc1.phx.amaaaaaabulluiqabqeq4delvhdlmd7aqcjrdla57n2szsxyz7pfdvnhwuua +ociLAClusterEntityID: + # -- Kubernetes Security Context privileged flag # Default: 'false'. This is not a required for OKE clusters. # In Kubernetes environments where SELinux mode is enforced, set this flag to 'true' to allow fluentd pods to access log files. privileged: false -# -- Logging Analytics OCID for OKE Cluster -#ociLAEntityID: - # Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. # Key must be a valid field in Logging Analytics #metadata: @@ -236,7 +237,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -254,7 +254,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #ociLALogGroupID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. @@ -358,7 +357,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -468,7 +466,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -496,7 +493,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #ociLALogGroupID: objectsList: nodes: diff --git a/charts/oci-onm/Chart.yaml b/charts/oci-onm/Chart.yaml index e97a43e7..f97a4098 100644 --- a/charts/oci-onm/Chart.yaml +++ b/charts/oci-onm/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.1.1 +version: 3.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -32,7 +32,7 @@ dependencies: repository: "file://../common" condition: oci-onm-common.enabled - name: oci-onm-logan - version: "3.1.1" + version: "3.2.0" repository: "file://../logan" condition: oci-onm-logan.enabled - name: oci-onm-mgmt-agent diff --git a/charts/oci-onm/README.md b/charts/oci-onm/README.md index 8184698c..d0471d97 100644 --- a/charts/oci-onm/README.md +++ b/charts/oci-onm/README.md @@ -25,7 +25,7 @@ Helm chart for collecting Kubernetes logs & objects and metrics using Fluentd an | oci-onm-common.namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace in which the serviceaccount to be created. | | oci-onm-common.resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | | oci-onm-common.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Name of the Kubernetes ServiceAccount | -| oci-onm-logan.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | | +| oci-onm-logan.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.1.0"` | | | oci-onm-logan.kubernetesClusterID | string | `"{{ .Values.global.kubernetesClusterID }}"` | | | oci-onm-logan.kubernetesClusterName | string | `"{{ .Values.global.kubernetesClusterName }}"` | | | oci-onm-logan.namespace | string | `"{{ .Values.global.namespace }}"` | | diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml index b6480580..ecbecece 100644 --- a/charts/oci-onm/values.yaml +++ b/charts/oci-onm/values.yaml @@ -52,4 +52,4 @@ oci-onm-mgmt-agent: # Replace this value with actual docker image URL for Management Agent url: container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0 # Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) - secret: + secret: \ No newline at end of file diff --git a/terraform/modules/helm/helm.tf b/terraform/modules/helm/helm.tf index 9d63d28e..9d06f4b8 100644 --- a/terraform/modules/helm/helm.tf +++ b/terraform/modules/helm/helm.tf @@ -1,29 +1,23 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -data "oci_containerengine_clusters" "oke_clusters_list" { - compartment_id = var.oke_compartment_ocid -} - locals { - oke_clusters_list = data.oci_containerengine_clusters.oke_clusters_list.clusters - oke_cluster_name = [for c in local.oke_clusters_list : c.name if c.id == var.oke_cluster_ocid][0] + helm_repo_url = "https://oracle-quickstart.github.io/oci-kubernetes-monitoring" + helm_repo_chart = "oci-onm" helm_inputs = { # global "global.namespace" = var.deploy_mushop_config ? "livelab-test" : var.kubernetes_namespace "global.kubernetesClusterID" = var.oke_cluster_ocid - "global.kubernetesClusterName" = local.oke_cluster_name + "global.kubernetesClusterName" = var.oke_cluster_name # oci-onm-logan "oci-onm-logan.ociLANamespace" = var.oci_la_namespace "oci-onm-logan.ociLALogGroupID" = var.oci_la_logGroup_id - "oci-onm-logan.image.url" = var.logan_container_image_url "oci-onm-logan.fluentd.baseDir" = var.fluentd_baseDir_path #oci-onm-mgmt-agent "oci-onm-mgmt-agent.mgmtagent.installKeyFileContent" = var.mgmt_agent_install_key_content - "oci-onm-mgmt-agent.mgmtagent.image.url" = var.mgmt_agent_container_image_url "oci-onm-mgmt-agent.deployMetricServer" = var.opt_deploy_metric_server } @@ -32,12 +26,13 @@ locals { "createServiceAccount" = false "serviceAccount" = var.livelab_service_account } - } +# Create helm release resource "helm_release" "oci-kubernetes-monitoring" { name = "oci-kubernetes-monitoring" - chart = var.helm_abs_path + repository = var.use_local_helm_chart ? null : local.helm_repo_url + chart = var.use_local_helm_chart ? var.helm_abs_path : local.helm_repo_chart wait = true dependency_update = true atomic = true @@ -52,6 +47,14 @@ resource "helm_release" "oci-kubernetes-monitoring" { } } + dynamic "set" { + for_each = var.oke_cluster_entity_ocid == "DEFAULT" ? [] : ["run_once"] + content { + name = "oci-onm-logan.ociLAClusterEntityID" + value = var.oke_cluster_entity_ocid + } + } + dynamic "set" { for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {} content { @@ -60,12 +63,16 @@ resource "helm_release" "oci-kubernetes-monitoring" { } } - count = var.generate_helm_template ? 0 : 1 + count = var.install_helm ? 1 : 0 } +# Create helm template data "helm_template" "oci-kubernetes-monitoring" { - name = "oci-kubernetes-monitoring" - chart = var.helm_abs_path + name = "oci-kubernetes-monitoring" + # default behaviour is to use remote helm repo | var.use_local_helm_chart = false + # the option to use local helm chart is for development purpose only + repository = var.use_local_helm_chart ? null : local.helm_repo_url + chart = var.use_local_helm_chart ? var.helm_abs_path : local.helm_repo_chart dependency_update = true values = var.deploy_mushop_config ? ["${file("${path.module}/mushop_values.yaml")}"] : null @@ -78,6 +85,14 @@ data "helm_template" "oci-kubernetes-monitoring" { } } + dynamic "set" { + for_each = var.oke_cluster_entity_ocid == "DEFAULT" ? [] : ["run_once"] + content { + name = "oci-onm-logan.ociLAClusterEntityID" + value = var.oke_cluster_entity_ocid + } + } + dynamic "set" { for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {} content { @@ -87,11 +102,4 @@ data "helm_template" "oci-kubernetes-monitoring" { } count = var.generate_helm_template ? 1 : 0 -} - -# Helm release artifacts for local testing and validation. Not used by helm resource. -resource "local_file" "helm_release" { - content = tostring(data.helm_template.oci-kubernetes-monitoring[0].manifest) - filename = "${path.module}/local/helmrelease.yaml" - count = var.generate_helm_template ? 1 : 0 } \ No newline at end of file diff --git a/terraform/modules/helm/inputs.tf b/terraform/modules/helm/inputs.tf index 828a960f..ef3b9c0f 100644 --- a/terraform/modules/helm/inputs.tf +++ b/terraform/modules/helm/inputs.tf @@ -10,13 +10,25 @@ variable "generate_helm_template" { default = false } +variable "install_helm" { + type = bool + default = true +} + +variable "use_local_helm_chart" { + type = bool + default = false +} + #### ## Helm chart #### +# Used for local testing # Absoulte path to helm chart directory variable "helm_abs_path" { - type = string + type = string + default = "optional" } #### @@ -33,6 +45,17 @@ variable "oke_cluster_ocid" { type = string } +# OKE Cluster Name +variable "oke_cluster_name" { + type = string +} + +# OKE Cluster Entity OCID +variable "oke_cluster_entity_ocid" { + type = string + default = "DEFAULT" # Keep default as DEFAULT +} + # Kubernetes Namespace variable "kubernetes_namespace" { type = string @@ -57,12 +80,6 @@ variable "oci_la_namespace" { ## Fluentd Configuration #### -# OCI LA Fluentd Container Image -variable "logan_container_image_url" { - type = string - default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0" -} - # Fluentd Base Directory variable "fluentd_baseDir_path" { type = string @@ -77,12 +94,6 @@ variable "mgmt_agent_install_key_content" { type = string } -# OCI Management Agent Container Image -variable "mgmt_agent_container_image_url" { - type = string - default = "container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0" -} - # Option to control the metric server deployment inside kubernetes cluster variable "opt_deploy_metric_server" { type = bool diff --git a/terraform/modules/helm/outputs.tf b/terraform/modules/helm/outputs.tf new file mode 100644 index 00000000..de072787 --- /dev/null +++ b/terraform/modules/helm/outputs.tf @@ -0,0 +1,4 @@ +# Helm release artifacts for local testing and validation. +output "helm_template" { + value = var.generate_helm_template ? data.helm_template.oci-kubernetes-monitoring[0].manifest : null +} \ No newline at end of file diff --git a/terraform/modules/iam/iam.tf b/terraform/modules/iam/iam.tf index 8a8ed4ec..e92ec1e9 100644 --- a/terraform/modules/iam/iam.tf +++ b/terraform/modules/iam/iam.tf @@ -22,7 +22,8 @@ locals { policy_scope = var.root_compartment_ocid == var.oci_onm_compartment_ocid ? "tenancy" : "compartment ${local.oci_onm_compartment_name}" mgmt_agent_policy = ["Allow dynamic-group ${local.dynamic_group_name} to use METRICS in ${local.policy_scope} WHERE target.metrics.namespace = 'mgmtagent_kubernetes_metrics'"] fluentd_agent_policy = ["Allow dynamic-group ${local.dynamic_group_name} to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in ${local.policy_scope}"] - policy_statements = concat(local.fluentd_agent_policy, local.mgmt_agent_policy) + discovery_api_policy = ["Allow dynamic-group ${local.dynamic_group_name} to {LOG_ANALYTICS_DISCOVERY_UPLOAD} in ${local.policy_scope}"] + policy_statements = concat(local.fluentd_agent_policy, local.mgmt_agent_policy, local.discovery_api_policy) } # Logging Analytics Compartment diff --git a/terraform/modules/iam/inputs.tf b/terraform/modules/iam/inputs.tf index 084439ac..900269a9 100644 --- a/terraform/modules/iam/inputs.tf +++ b/terraform/modules/iam/inputs.tf @@ -19,5 +19,4 @@ variable "oke_compartment_ocid" { # OKE Cluster OCID variable "oke_cluster_ocid" { type = string -} - +} \ No newline at end of file diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf new file mode 100644 index 00000000..10537beb --- /dev/null +++ b/terraform/modules/iam/outputs.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "oke_dynamic_group_ocid" { + value = oci_identity_dynamic_group.oke_dynamic_group.id +} + +output "oke_monitoring_policy_ocid" { + value = oci_identity_policy.oke_monitoring_policy.id +} \ No newline at end of file diff --git a/terraform/modules/livelab/inputs.tf b/terraform/modules/livelab/inputs.tf new file mode 100644 index 00000000..9619d199 --- /dev/null +++ b/terraform/modules/livelab/inputs.tf @@ -0,0 +1,7 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +# OCID of user running the marketplace app / Resoruce Manager stack +variable "current_user_ocid" { + type = string +} \ No newline at end of file diff --git a/terraform/modules/livelab/livelab.tf b/terraform/modules/livelab/livelab.tf new file mode 100644 index 00000000..549d9db9 --- /dev/null +++ b/terraform/modules/livelab/livelab.tf @@ -0,0 +1,13 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +locals { + oci_username = data.oci_identity_user.livelab_user.name + livelab_res_num = trimprefix(trimsuffix(lower(local.oci_username), "-user"), "ll") + livelab_reservationId = "resr${local.livelab_res_num}" + livelab_fluentd_baseDir_path = "/var/log/${local.livelab_reservationId}" +} + +data "oci_identity_user" "livelab_user" { + user_id = var.current_user_ocid +} \ No newline at end of file diff --git a/terraform/modules/livelab/outputs.tf b/terraform/modules/livelab/outputs.tf new file mode 100644 index 00000000..71edd61b --- /dev/null +++ b/terraform/modules/livelab/outputs.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "service_account" { + value = local.livelab_reservationId +} + +output "fluentd_baseDir_path" { + value = local.livelab_fluentd_baseDir_path +} \ No newline at end of file diff --git a/terraform/modules/livelab/provider.tf b/terraform/modules/livelab/provider.tf new file mode 100644 index 00000000..a820a625 --- /dev/null +++ b/terraform/modules/livelab/provider.tf @@ -0,0 +1,13 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_version = ">= 1.0" + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.96.0" + # https://registry.terraform.io/providers/hashicorp/oci/4.85.0 + } + } +} \ No newline at end of file diff --git a/terraform/modules/logan/inputs.tf b/terraform/modules/logan/inputs.tf index 070d1e36..abcb1336 100644 --- a/terraform/modules/logan/inputs.tf +++ b/terraform/modules/logan/inputs.tf @@ -27,4 +27,4 @@ variable "existing_logGroup_id" { variable "new_logGroup_name" { type = string default = "" // This is expected to rasie terraform error if ran with default value -} +} \ No newline at end of file diff --git a/terraform/modules/logan/logAnalytics.tf b/terraform/modules/logan/logAnalytics.tf index 67a96071..bc1d2888 100644 --- a/terraform/modules/logan/logAnalytics.tf +++ b/terraform/modules/logan/logAnalytics.tf @@ -28,4 +28,4 @@ resource "oci_log_analytics_log_analytics_log_group" "new_log_group" { # error_message = "Tenancy is not on-boarded to OCI Logging Analytics Service in ${var.region} region." # } # } -} +} \ No newline at end of file diff --git a/terraform/modules/mgmt_agent/agent.tf b/terraform/modules/mgmt_agent/agent.tf index 45f50c3e..8dfd8481 100644 --- a/terraform/modules/mgmt_agent/agent.tf +++ b/terraform/modules/mgmt_agent/agent.tf @@ -9,4 +9,9 @@ locals { resource "oci_management_agent_management_agent_install_key" "Kubernetes_AgentInstallKey" { compartment_id = var.compartment_ocid display_name = "k8_mgmt_agent_key-${var.uniquifier}" + time_expires = timeadd(timestamp(), "8760h") # 1 year + + lifecycle { + ignore_changes = [time_expires] + } } \ No newline at end of file diff --git a/terraform/modules/mgmt_agent/inputs.tf b/terraform/modules/mgmt_agent/inputs.tf index 9b94fdcb..4f389324 100644 --- a/terraform/modules/mgmt_agent/inputs.tf +++ b/terraform/modules/mgmt_agent/inputs.tf @@ -3,7 +3,7 @@ # A unique key to be associated with a single OKE cluster variable "uniquifier" { - type = string + type = string } # OCID of compartment where management agent installation key is to be created diff --git a/terraform/oke/datasources.tf b/terraform/oke/datasources.tf index 98ed84d9..cadf5e6c 100644 --- a/terraform/oke/datasources.tf +++ b/terraform/oke/datasources.tf @@ -1,10 +1,6 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -data "oci_identity_user" "livelab_user" { - user_id = var.current_user_ocid -} - data "oci_identity_tenancy" "tenant_details" { tenancy_id = var.tenancy_ocid } @@ -14,4 +10,8 @@ data "oci_identity_regions" "region_map" { data "oci_containerengine_cluster_kube_config" "oke" { cluster_id = var.oke_cluster_ocid +} + +data "oci_containerengine_clusters" "oke_clusters" { + compartment_id = var.oke_compartment_ocid } \ No newline at end of file diff --git a/terraform/oke/debug-inputs.tf b/terraform/oke/debug-inputs.tf deleted file mode 100644 index 13d69628..00000000 --- a/terraform/oke/debug-inputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. - -#### -## Switches - These inputs are meant to be used for development purpose only -## Leave it to default for production use -#### - -# Enable/Disable helm module -variable "enable_helm_module" { - type = bool - default = true -} - -# Enable/Disable helm template. When set as true, -# - helm module will generate template file inside ../modules/helm/local directory -# - Setting this to true disables/skips the helm release -variable "generate_helm_template" { - type = bool - default = false -} - -# Enable/Disable logan dashboards module -variable "enable_dashboard_module" { - type = bool - default = true -} \ No newline at end of file diff --git a/terraform/oke/developer-options.tf b/terraform/oke/developer-options.tf new file mode 100644 index 00000000..59eaca9b --- /dev/null +++ b/terraform/oke/developer-options.tf @@ -0,0 +1,63 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +#### +## Switches - These inputs are meant to be used for development purpose only +## Leave it to default for production use +#### + +# Enable/Disable livelab module +variable "toggle_livelab_module" { + type = bool + default = true +} + +# Enable/Disable helm module +variable "toggle_helm_module" { + type = bool + default = true +} + +# when false, public helm repo is used for deployment +variable "toggle_use_local_helm_chart" { + type = bool + default = false +} + +# Enable/Disable helm template. When set as true, +# - helm module will generate template file inside ../modules/helm/local directory +# - Setting this to true disables/skips the helm release +variable "toggle_generate_helm_template" { + type = bool + default = false +} + +# Enable/Disable helm installation. +variable "toggle_install_helm" { + type = bool + default = true +} + +# Enable/Disable logan dashboards module +variable "toggle_dashboards_module" { + type = bool + default = true +} + +# Enable/Disable management agent module +variable "toggle_mgmt_agent_module" { + type = bool + default = true +} + +# Enable/Disable management agent module +variable "toggle_logan_module" { + type = bool + default = true +} + +# Enable/Disable IAM module +variable "toggle_iam_module" { + type = bool + default = true +} \ No newline at end of file diff --git a/terraform/oke/inputs.tf b/terraform/oke/inputs.tf index a2c8b1bc..5cd9f0c2 100644 --- a/terraform/oke/inputs.tf +++ b/terraform/oke/inputs.tf @@ -47,7 +47,8 @@ variable "compartment_ocid" { # OCID of user running the marketplace app / Resoruce Manager stack variable "current_user_ocid" { - type = string + type = string + default = "" } #### @@ -82,8 +83,7 @@ variable "opt_create_dynamicGroup_and_policies" { # OKE Cluster Compartment variable "oke_compartment_ocid" { - type = string - default = "" + type = string } # OKE Cluster OCID @@ -101,6 +101,12 @@ variable "kubernetes_namespace" { ## OCI Observability and Management Information #### +# Stack Deployment Options +variable "stack_deployment_option" { + type = string + default = "Full" +} + # Compartment for creating OCI Observability and Management resources variable "oci_onm_compartment_ocid" { type = string @@ -135,24 +141,28 @@ variable "fluentd_baseDir_path" { ## Fluentd Configuration #### -# OCI LA Fluentd Container Image -variable "logan_container_image_url" { - type = string - default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0" -} - #### ## Management Agent Configuration #### -# OCI Management Agent Container Image -variable "mgmt_agent_container_image_url" { - type = string - default = "container-registry.oracle.com/oci_observability_management/oci-management-agent:1.0.0" -} - # Option to deploy metric server variable "opt_deploy_metric_server" { type = bool default = true +} + +#### +## Input options hidden from stack UI +#### + +# OKE Cluster Name +variable "oke_cluster_name" { + type = string + default = "DEFAULT" +} + +# OKE Cluster Entity OCID +variable "oke_cluster_entity_ocid" { + type = string + default = "DEFAULT" } \ No newline at end of file diff --git a/terraform/oke/livelab.tf b/terraform/oke/livelab_switch.tf similarity index 100% rename from terraform/oke/livelab.tf rename to terraform/oke/livelab_switch.tf diff --git a/terraform/oke/main.tf b/terraform/oke/main.tf index 6e845a99..46a2e6e9 100644 --- a/terraform/oke/main.tf +++ b/terraform/oke/main.tf @@ -2,12 +2,38 @@ # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { - ## livelab - oci_username = data.oci_identity_user.livelab_user.name - livelab_service_account = local.oci_username + livelab_service_account = var.livelab_switch ? module.livelab[0].service_account : "" + fluentd_baseDir_path = var.livelab_switch ? module.livelab[0].fluentd_baseDir_path : var.fluentd_baseDir_path + + ### helm + # Fetch OKE cluster name from OCI OKE Service if user does not provide a name of the target cluster + oke_cluster_name = var.oke_cluster_name == "DEFAULT" ? [for c in data.oci_containerengine_clusters.oke_clusters.clusters : c.name if c.id == var.oke_cluster_ocid][0] : var.oke_cluster_name + deploy_helm = var.stack_deployment_option == "Full" ? true : false + + ## Module Controls are are final verdicts on if a module should be executed or not + ## Module dependencies should be included here as well so a module does not run when it's depenedent moudle is disabled + + module_controls_enable_livelab_module = alltrue([var.toggle_livelab_module, var.livelab_switch]) + module_controls_enable_dashboards_module = alltrue([var.toggle_dashboards_module]) + module_controls_enable_iam_module = alltrue([var.toggle_iam_module, var.opt_create_dynamicGroup_and_policies, !var.livelab_switch]) + module_controls_enable_logan_module = alltrue([var.toggle_logan_module]) + module_controls_enable_mgmt_agent_module = alltrue([var.toggle_mgmt_agent_module]) + module_controls_enable_helm_module = alltrue([var.toggle_helm_module, local.deploy_helm, + local.module_controls_enable_mgmt_agent_module, local.module_controls_enable_logan_module]) +} + +// Only execute for livelab stack +// livelab module only supports local users +// it will error out when an identity domain user is used and livelab_switch is set as true +module "livelab" { + source = "./modules/livelab" + current_user_ocid = var.current_user_ocid + + count = local.module_controls_enable_livelab_module ? 1 : 0 - ## Helm release - fluentd_baseDir_path = var.livelab_switch ? "/var/log/${local.oci_username}" : var.fluentd_baseDir_path + /* providers = { + oci = oci.home_region + } */ } // Import Kubernetes Dashboards @@ -15,7 +41,7 @@ module "import_kubernetes_dashbords" { source = "./modules/dashboards" compartment_ocid = var.oci_onm_compartment_ocid - count = var.enable_dashboard_module ? 1 : 0 + count = local.module_controls_enable_dashboards_module ? 1 : 0 } // Create Required Polcies and Dynamic Group @@ -27,22 +53,13 @@ module "policy_and_dynamic-group" { oke_compartment_ocid = var.oke_compartment_ocid oke_cluster_ocid = var.oke_cluster_ocid - count = var.opt_create_dynamicGroup_and_policies && !var.livelab_switch ? 1 : 0 + count = local.module_controls_enable_iam_module ? 1 : 0 providers = { oci = oci.home_region } } -module "management_agent" { - source = "./modules/mgmt_agent" - uniquifier = md5(var.oke_cluster_ocid) - compartment_ocid = var.oci_onm_compartment_ocid - - # this module is only required in case of helm deployment - count = var.enable_helm_module ? 1 : 0 -} - // Create Logging Analytics Resorces module "loggingAnalytics" { source = "./modules/logan" @@ -51,30 +68,38 @@ module "loggingAnalytics" { new_logGroup_name = var.oci_la_logGroup_name compartment_ocid = var.oci_onm_compartment_ocid existing_logGroup_id = var.oci_la_logGroup_id + + count = local.module_controls_enable_logan_module ? 1 : 0 } +# Create a management agent key +module "management_agent" { + source = "./modules/mgmt_agent" + uniquifier = md5(var.oke_cluster_ocid) + compartment_ocid = var.oci_onm_compartment_ocid + + count = local.module_controls_enable_mgmt_agent_module ? 1 : 0 +} // deploy oke-monitoring solution (helm release) module "helm_release" { - source = "./modules/helm" - helm_abs_path = abspath("./charts/oci-onm") - generate_helm_template = var.generate_helm_template - - oke_compartment_ocid = var.oke_compartment_ocid - oke_cluster_ocid = var.oke_cluster_ocid - logan_container_image_url = var.logan_container_image_url - kubernetes_namespace = var.kubernetes_namespace - - oci_la_logGroup_id = module.loggingAnalytics.oci_la_logGroup_ocid - oci_la_namespace = module.loggingAnalytics.oci_la_namespace - fluentd_baseDir_path = local.fluentd_baseDir_path - + source = "./modules/helm" + helm_abs_path = abspath("./charts/oci-onm") + use_local_helm_chart = var.toggle_use_local_helm_chart + install_helm = var.toggle_install_helm + generate_helm_template = var.toggle_generate_helm_template + oke_compartment_ocid = var.oke_compartment_ocid + oke_cluster_ocid = var.oke_cluster_ocid + kubernetes_namespace = var.kubernetes_namespace + oci_la_logGroup_id = module.loggingAnalytics[0].oci_la_logGroup_ocid + oci_la_namespace = module.loggingAnalytics[0].oci_la_namespace + fluentd_baseDir_path = local.fluentd_baseDir_path mgmt_agent_install_key_content = module.management_agent[0].mgmt_agent_install_key_content - mgmt_agent_container_image_url = var.mgmt_agent_container_image_url - opt_deploy_metric_server = var.livelab_switch ? true : var.opt_deploy_metric_server - - deploy_mushop_config = var.livelab_switch - livelab_service_account = local.livelab_service_account + opt_deploy_metric_server = var.livelab_switch ? false : var.opt_deploy_metric_server + deploy_mushop_config = var.livelab_switch + livelab_service_account = local.livelab_service_account + oke_cluster_name = local.oke_cluster_name + oke_cluster_entity_ocid = var.oke_cluster_entity_ocid - count = var.enable_helm_module ? 1 : 0 + count = local.module_controls_enable_helm_module ? 1 : 0 } diff --git a/terraform/oke/outputs.tf b/terraform/oke/outputs.tf index abc612c1..58fecd0b 100644 --- a/terraform/oke/outputs.tf +++ b/terraform/oke/outputs.tf @@ -1,2 +1,97 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +locals { + # generate_helm_output evaluates to true in production + generate_helm_output = alltrue([local.module_controls_enable_mgmt_agent_module, local.module_controls_enable_logan_module]) + + output_helm_external_values = local.generate_helm_output ? yamlencode({ + "global" = { + "kubernetesClusterID" = var.oke_cluster_ocid + "kubernetesClusterName" = local.oke_cluster_name + } + "oci-onm-logan" = { + "ociLANamespace" = module.loggingAnalytics[0].oci_la_namespace + "ociLALogGroupID" = module.loggingAnalytics[0].oci_la_logGroup_ocid + "ociLAClusterEntityID" = var.oke_cluster_entity_ocid == "DEFAULT" ? null : var.oke_cluster_entity_ocid + } + "oci-onm-mgmt-agent" = { + "mgmtagent" = { + "installKeyFileContent" = module.management_agent[0].mgmt_agent_install_key_content + } + } + }) : null + + + cmd_1_helm_repo_add = "helm repo add oci-onm https://oracle-quickstart.github.io/oci-kubernetes-monitoring" + + cmd_2_helm_repo_update = "helm repo update" + + helm_install_opt_entity_id = var.oke_cluster_entity_ocid == "DEFAULT" ? "" : "--set oci-onm-logan.ociLAClusterEntityID=${var.oke_cluster_entity_ocid}" + + cmd_3_helm_install = local.generate_helm_output ? join(" ", [ + "helm install oci-kubernetes-monitoring oci-onm/oci-onm", + "--set global.kubernetesClusterID=${var.oke_cluster_ocid}", + "--set global.kubernetesClusterName=${local.oke_cluster_name}", + "--set oci-onm-logan.ociLALogGroupID=${module.loggingAnalytics[0].oci_la_logGroup_ocid}", + "--set oci-onm-logan.ociLANamespace=${module.loggingAnalytics[0].oci_la_namespace}", + local.helm_install_opt_entity_id, + "--set oci-onm-mgmt-agent.mgmtagent.installKeyFileContent=${module.management_agent[0].mgmt_agent_install_key_content}" + ]) : null +} + +### +# helm outputs +### + +output "cmd_1_helm_repo_add" { + value = local.generate_helm_output ? local.cmd_1_helm_repo_add : null +} + +output "cmd_2_helm_repo_update" { + value = local.generate_helm_output ? local.cmd_2_helm_repo_update : null +} + +output "cmd_3_helm_install" { + value = local.generate_helm_output ? local.cmd_3_helm_install : null +} + +/* output "external_values_yaml" { + value = local.output_helm_external_values +} */ + +### +# Module outputs +### + +output "oke_cluster_name" { + value = local.oke_cluster_name +} + +output "oke_cluster_entity_ocid" { + value = var.oke_cluster_entity_ocid == "DEFAULT" ? null : var.oke_cluster_entity_ocid +} + +output "oke_dynamic_group_ocid" { + value = local.module_controls_enable_iam_module ? module.policy_and_dynamic-group[0].oke_dynamic_group_ocid : null +} + +output "oke_monitoring_policy_ocid" { + value = local.module_controls_enable_iam_module ? module.policy_and_dynamic-group[0].oke_monitoring_policy_ocid : null +} + +output "oci_la_namespace" { + value = local.module_controls_enable_logan_module ? module.loggingAnalytics[0].oci_la_namespace : null +} + +output "oci_la_logGroup_ocid" { + value = local.module_controls_enable_logan_module ? module.loggingAnalytics[0].oci_la_logGroup_ocid : null +} + +output "mgmt_agent_install_key" { + value = local.module_controls_enable_mgmt_agent_module ? module.management_agent[0].mgmt_agent_install_key_content : null +} + +output "helm_template" { + value = local.module_controls_enable_helm_module && var.toggle_generate_helm_template ? module.helm_release[0].helm_template : null +} \ No newline at end of file diff --git a/terraform/oke/providers.tf b/terraform/oke/providers.tf index 89b07367..33453510 100644 --- a/terraform/oke/providers.tf +++ b/terraform/oke/providers.tf @@ -2,7 +2,7 @@ # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. terraform { - required_version = ">= 1.0.0, <= 1.5" + required_version = ">= 1.0.0, <= 1.6" required_providers { oci = { source = "oracle/oci" diff --git a/terraform/oke/schema.yaml b/terraform/oke/schema.yaml index 3c6c924b..62db0e6b 100644 --- a/terraform/oke/schema.yaml +++ b/terraform/oke/schema.yaml @@ -1,9 +1,10 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. +# yaml-language-server: $schema=./meta-schema.yaml title: OCI Kubernetes Monitoring Solution -description: OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on OCI Logging Analytics cloud service, OCI Monitoring, OCI Management Agent. -informationalText: OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on OCI Logging Analytics cloud service, OCI Monitoring, OCI Management Agent. +description: "OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on the following OCI services: Logging Analytics, Monitoring, and Management Agent." +informationalText: "OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on the following OCI services: Logging Analytics, Monitoring, and Management Agent." schemaVersion: 1.1.0 version: "20221004" @@ -17,37 +18,41 @@ source: locale: "en" variableGroups: - - title: "configuration inputs" + - title: "hidden inputs" variables: - tenancy_ocid - region - user_ocid - private_key_path - fingerprint - - generate_helm_template - - enable_dashboard_module - - enable_helm_module - boat_auth - boat_tenancy_ocid + - toggle_generate_helm_template + - toggle_install_helm + - toggle_use_local_helm_chart + - toggle_dashboards_module + - toggle_helm_module + - toggle_mgmt_agent_module + - toggle_logan_module + - toggle_livelab_module + - toggle_iam_module - compartment_ocid - - logan_container_image_url - - mgmt_agent_container_image_url - kubernetes_namespace - current_user_ocid - livelab_switch + - oke_cluster_name + - oke_cluster_entity_ocid + - stack_deployment_option visible: false - - title: "Select an OKE Cluster deployed in this region to start monitoring" - description: "Use CLI (Helm) if your cluster does not have public API Endpoint or restricted from accessing container-registry.oracle.com. See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" + - title: Select an OKE cluster deployed in this region to start monitoring. + description: "Use CLI (Helm) if your cluster does not have a public API endpoint or if it's restricted from accessing container-registry.oracle.com. See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" variables: - oke_compartment_ocid - oke_cluster_ocid - visible: - and: - - enable_helm_module - - title: "OCI Observability & Management Services Configuration" - description: "See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring for list of resources created" + - title: "OCI Observability and Management Services Configuration" + description: "For a list of resources created, see: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" variables: - opt_deploy_metric_server - oci_onm_compartment_ocid @@ -55,31 +60,13 @@ variableGroups: - oci_la_logGroup_id - oci_la_logGroup_name - fluentd_baseDir_path - visible: - and: - - enable_helm_module - - title: "OCI IAM Policies and Dynaimic Groups (Optional)" + - title: OCI IAM Policies and Dynamic Groups (Optional) variables: - opt_create_dynamicGroup_and_policies - visible: - and: - - enable_helm_module variables: - #### - ## Deployment Options - #### - - # Option to install helm chart - # enable_helm_module: - # type: boolean - # title: Deploy Kubernetes Monitoring Solution - # description: "Ref: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" - # default: true - # required: true - #### ## OKE Cluster Information #### @@ -88,7 +75,7 @@ variables: oke_compartment_ocid: type: oci:identity:compartment:id required: true - title: "Select OKE Cluster Compartment" + title: "Select OKE cluster compartment" default: compartment_ocid # OKE Cluster OCID @@ -96,10 +83,9 @@ variables: type: oci:container:cluster:id dependsOn: compartmentId: ${oke_compartment_ocid} - title: Select OKE Cluster + title: Select OKE cluster required: true - # Kubernetes Namespace # kubernetes_namespace: # type: string # minLength: 1 @@ -111,47 +97,61 @@ variables: # required: true #### - ## OCI Observability & Management Services Configuration + ## OCI Observability and Management Services Configuration #### - + + # Stack Deployment Options + stack_deployment_option: + title: Deployment options + description: 'The "Full" option creates both OCI and K8s resources.' + type: enum + enum: # Dev Note - # Any change in following options must be refactored across schema.yaml + - "Full" + - "Only OCI Resources" + default: "Full" + required: true + visible: + not: + - livelab_switch + # Option to enable/disable metric server installation during helm deployment opt_deploy_metric_server: type: boolean - title: Enable Metric Server Installation - description: Uncheck this if Metric Server is already installed in your cluster. + title: Enable Metric Server installation + description: Clear this check box if Metric Server is already installed in your cluster. default: true visible: and: - - enable_helm_module - - not: - - livelab_switch + - eq: + - ${stack_deployment_option} + - "Full" + - not: + - livelab_switch # Compartment for creating OCI Observability and Management resources oci_onm_compartment_ocid: type: oci:identity:compartment:id required: true - title: Select compartment for Logging Analytics, Management Agent, and Monitoring service resources - description: This compartment will be used for creating Dashboards, Log Groups, Entities, Management Agent Keys, Metrics Namespace etc. See https://github.com/oracle-quickstart/oci-kubernetes-monitoring for full list of resources. + title: Select compartment for Logging Analytics, Management Agent, and Monitoring service resources. + description: "This compartment will be used for creating dashboards, log groups, entities, Management Agent keys, metric namespaces, and related resources. For a full list of resources, see: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" default: compartment_ocid # Option to create Logging Analytics opt_create_new_la_logGroup: # change this to create new log group type: boolean - title: Check if you want to create a new Log Group + title: Select this check box if you want to create a new log group. default: false visible: - and: - - enable_helm_module - - not: - - livelab_switch + not: + - livelab_switch # OCI Logging Analytics LogGroup OCID of existing LogGroup oci_la_logGroup_id: type: oci:logan:loggroup:id dependsOn: compartmentId: ${oci_onm_compartment_ocid} - title: OCI Logging Analytics Log Group - description: Log Groups are logical containers for log data, and provide access control for your data using IAM Policies + title: OCI Logging Analytics log group + description: Log groups are logical containers for log data, and they provide access control for your data using IAM policies. required: true visible: not: @@ -163,25 +163,29 @@ variables: maxLength: 255 minLength: 1 required: true - title: "OCI Logging Analytics Log Group Name" - description: "Tip: Give a unique name which can be identified with your cluster name to make it easy to find in Dashboards and Logs Explorer" + title: OCI Logging Analytics log group name + description: "Tip: To make the log group easy to find in Dashboards and Logs Explorer pages, provide a unique name associated with your cluster name." visible: and: - opt_create_new_la_logGroup - pattern: '^([a-zA-Z0-9]|[a-zA-Z0-9][\\ a-zA-Z0-9_\-]*[\\a-zA-Z\-0-9_])$' + pattern: '^([a-zA-Z0-9]|[a-zA-Z0-9][\\ a-zA-Z0-9_\-]*[\\a-zA-Z\-0-9_])$' # Fluentd Base Directory fluentd_baseDir_path: type: string maxLength: 255 minLength: 1 - title: FluentD Working Directory - description: A directory on the node (with read & write permission) to use for storing Fluentd related data + title: FluentD working directory + description: A directory on the node (with read & write permission) to use for storing data related to Fluentd. default: /var/log required: true pattern: '^/[\w- /]*$' visible: - not: + and: + - eq: + - ${stack_deployment_option} + - "Full" + - not: - livelab_switch #### @@ -191,8 +195,8 @@ variables: # Option to create Dynamic Group and Policies opt_create_dynamicGroup_and_policies: type: boolean - title: Check to create Dynamic Group and Policies required for deploying monitoring solution + title: Select this check box to create dynamic groups and policies that are required for deploying the monitoring solution. #description: "Ref: https://github.com/oracle-quickstart/oci-kubernetes-monitoring#pre-requisites" - description: "Note: The dynamic group definition must be updated, if node pool(s) and OKE Cluster are in different compartments." + description: "Note: If node pools and the OKE cluster are in different compartments, then the dynamic group definition must be updated." default: false required: true \ No newline at end of file diff --git a/terraform/oke/terraform-sample.tfvars b/terraform/oke/terraform-sample.tfvars index ea195b37..79858109 100644 --- a/terraform/oke/terraform-sample.tfvars +++ b/terraform/oke/terraform-sample.tfvars @@ -45,28 +45,23 @@ oci_onm_compartment_ocid = "" opt_create_new_la_logGroup = false # OCI Logging Analytics LogGroup -# Add OCID of logGroup if opt_use_existing_la_logGroup=true, leave it empty otherwise +# Add OCID of logGroup if opt_create_new_la_logGroup=false, leave it empty otherwise oci_la_logGroup_id = "" -# leave it unchanged, if opt_use_existing_la_logGroup=false +# leave it unchanged, if opt_create_new_la_logGroup=true oci_la_logGroup_name = "NewLogGroupName" #### ## Optional Stack inputs #### +# "Full" or "Only OCI Resources" +stack_deployment_option = "Only OCI Resources" + # Option to create Dynamic Group and Policies opt_create_dynamicGroup_and_policies = true # Fluentd installation path fluentd_baseDir_path = "/var/log" -#### -## Optional Switches -#### - -enable_dashboard_module = false -enable_helm_module = false -generate_helm_template = false - diff --git a/util/build_stack.sh b/util/build_stack.sh index e7fb20a8..915266d7 100755 --- a/util/build_stack.sh +++ b/util/build_stack.sh @@ -7,6 +7,7 @@ # Fail at first error set -e +# Helper Functions function error_and_exit { echo -e "ERROR: $1" exit @@ -18,6 +19,18 @@ function abspath { pwd } +ROOT_DIR=".." +ROOT_DIR=$(abspath $ROOT_DIR) # Convert to absolute path + +RELEASE_PATH="$ROOT_DIR/releases" +TEMP_ZIP="${RELEASE_PATH}/temp.zip" +TEMP_DIR="${RELEASE_PATH}/temp" + +HELM_SOURCE="$ROOT_DIR/charts" +MODULES_SOURCE="$ROOT_DIR/terraform/modules" +ROOT_MODULE_PATH="$ROOT_DIR/terraform/oke" + +# Usage Instructions usage=" $(basename "$0") [-h] [-n name] -- program to build marketplace app from oracle-quickstart/oci-kubernetes-monitoring repo. @@ -25,11 +38,14 @@ where: -h show this help text -n name of output zip file without extention (Optional) -l flag to generate livelab build; otherwise oke build is generated + -d flag to generate dev build; contains local helm chart The zip artifacts shall be stored at - $RELEASE_PATH" -while getopts "hn:l" option; do + +# Parse inputs +while getopts "hn:ld" option; do case $option in h) # display Help echo "$usage" @@ -41,6 +57,9 @@ while getopts "hn:l" option; do n) release_name=$OPTARG ;; + d) + INCLUDE_LOCAL_HELM=true + ;; :) printf "missing argument for -%s\n" "$OPTARG" >&2 echo "$usage" >&2 exit 1 @@ -52,42 +71,41 @@ while getopts "hn:l" option; do esac done -ROOT_DIR=".." -ROOT_DIR=$(abspath $ROOT_DIR) # Convert to absolute path - -RELEASE_PATH="$ROOT_DIR/releases" -TEMP_ZIP="${RELEASE_PATH}/temp.zip" -TEMP_DIR="${RELEASE_PATH}/temp" - -HELM_SOURCE="$ROOT_DIR/charts" -MODULES_SOURCE="$ROOT_DIR/terraform/modules" -ROOT_MODULE_PATH="$ROOT_DIR/terraform/oke" - -if [ -n "$LIVE_LAB_BUILD" ]; then - PREFIX="livelab" -else - PREFIX="oke" -fi - -# Create a release DIR if it does not exist already. -if test ! -d "$RELEASE_PATH"; then - mkdir "${RELEASE_PATH}" || error_and_exit "Could not create releases DIR." - echo -e "Create release DIR: ${RELEASE_PATH}" -fi - -# Change to git repo -cd "$ROOT_DIR" || error_and_exit "Could not switch DIR" - # Decide on final zip name if test -z "${release_name}"; then + if [ -n "$LIVE_LAB_BUILD" ]; then + PREFIX="livelab"; + else + PREFIX="oke"; + fi + + if [ -n "$INCLUDE_LOCAL_HELM" ]; then + HELM_MODE="local-helm" + else + HELM_MODE="remote-helm" + fi + BRANCH=$(git symbolic-ref --short HEAD) COMMIT_HASH_SHORT=$(git rev-parse --short HEAD) COMMIT_COUNT=$(git rev-list --count HEAD) - release_name="${PREFIX}-${BRANCH}-${COMMIT_HASH_SHORT}-${COMMIT_COUNT}" + + release_name="${PREFIX}-${HELM_MODE}-${BRANCH}-${COMMIT_HASH_SHORT}-${COMMIT_COUNT}" fi RELEASE_ZIP="${RELEASE_PATH}/${release_name}.zip" +# Disclaimer +echo -e "\nDisclaimers - \n" +if [ -n "$INCLUDE_LOCAL_HELM" ]; then + echo -e "-d option passed - local helm-chart files will be part of stack zip" +else + echo -e "-d option NOT passed - local helm-chart files will NOT be part of stack zip" +fi +if [ -n "$LIVE_LAB_BUILD" ]; then + echo -e "-l option passed - livelab specific zip will be created" +fi + +# Echo Build Parameters echo -e "" echo -e "Build parameters - " echo -e "" @@ -100,62 +118,76 @@ echo -e "RELEASE_ZIP = $RELEASE_ZIP" echo -e "ROOT_MODULE_PATH = $ROOT_MODULE_PATH" echo -e "" +# Start +echo -e "Building -\n" + +# Create a release DIR if it does not exist already. +if test ! -d "$RELEASE_PATH"; then + mkdir "${RELEASE_PATH}" || error_and_exit "Could not create releases DIR." + echo -e "Created release DIR: ${RELEASE_PATH}" +fi + +#clean up old zip +rm "${RELEASE_ZIP}" 2>/dev/null && echo -e "Removed stale release zip - ${RELEASE_ZIP}" + # Clean up stale dirs and files -rm "${RELEASE_ZIP}" 2>/dev/null && echo -e "Removed stale release zip" -rm "$TEMP_ZIP" 2>/dev/null && echo -e "Removed stale temp zip" -rm -rf "$TEMP_DIR" 2>/dev/null && echo -e "Removed stale temp dir" +rm "$TEMP_ZIP" 2>/dev/null && echo -e "Removed stale temp zip - $TEMP_ZIP" +rm -rf "$TEMP_DIR" 2>/dev/null && echo -e "Removed stale temp dir - $TEMP_DIR" # Switch to Root Module for gitzip -cd $ROOT_MODULE_PATH || echo -e "Failed to Switch to root module" +cd $ROOT_MODULE_PATH || error_and_exit "Failed to Switch to root module" +echo -e "Switched to Root Module - $ROOT_MODULE_PATH" # Create git archive as temp.zip git archive HEAD -o "$TEMP_ZIP" --format=zip >/dev/null || error_and_exit "git archive failed." -echo -e "Created Git archive - temp.zip" - -# Switch back to release dir -# cd "$RELEASE_PATH" || error_and_exit "Could not switch back to releases dir." -# echo -e "Switched back to releases DIR." +echo -e "Created Git archive - $TEMP_ZIP" # unzip the temp.zip file unzip -d "$TEMP_DIR" "$TEMP_ZIP" >/dev/null || error_and_exit "Could not unzip temp.zip" -echo -e "Unzipped temp.zip to temp dir" - +echo -e "Unzipped temp.zip to $TEMP_DIR" + # remove the helm-chart symlink rm "$TEMP_DIR/charts" || error_and_exit "Could not remove helm-chart symlink" -echo -e "Removed helm-chart symlink" +echo -e "Removed helm-chart symlink - $TEMP_DIR/charts" -# copy the helm-chart -cp -R "$HELM_SOURCE" "$TEMP_DIR" || error_and_exit "Could not copy helm chart" -echo -e "Copied helm-chart to temp dir" +if [ -n "$INCLUDE_LOCAL_HELM" ]; then + # copy the helm-chart + cp -R "$HELM_SOURCE" "$TEMP_DIR" || error_and_exit "Could not copy helm chart" + echo -e "Copied helm-chart to $TEMP_DIR" +fi # remove the terraform modules symlink rm "$TEMP_DIR/modules" || error_and_exit "Could not remove modules symlink" -echo -e "Removed terraform modules symlink" +echo -e "Removed terraform modules symlink - $TEMP_DIR/modules" # copy the modules cp -R "$MODULES_SOURCE" "$TEMP_DIR" || error_and_exit "Could not copy modules" -echo -e "Copied orignal modules" - -# to be fixed from here - +echo -e "Copied orignal modules to $TEMP_DIR" +# switch back to temp dir cd "$TEMP_DIR" || error_and_exit "Could not switch to temp dir" -echo -e "Switched to temp dir" +echo -e "Switched to $TEMP_DIR" # update livelab switch input to true if [ -n "$LIVE_LAB_BUILD" ]; then - sed "s/false/true/g" -i livelab.tf - echo -e "Enabled livelab switch in livelab.tf" + sed "s/false/true/g" -i livelab_switch.tf + echo -e "Enabled livelab switch in livelab_switch.tf" fi -zip -r "${RELEASE_ZIP}" ./* >/dev/null || error_and_exit "Could not zip temp dir" +# create zip +zip -r "${RELEASE_ZIP}" . >/dev/null || error_and_exit "Could not zip $TEMP_DIR" + +# switch back to util dir +cd "$RELEASE_PATH" || error_and_exit "Could not switch to $RELEASE_PATH" -cd "$RELEASE_PATH" || error_and_exit "Could not switch to Util dir" +# Clean up stale dirs and files +rm "$TEMP_ZIP" 2>/dev/null && echo -e "Removed stale temp zip - $TEMP_ZIP" +rm -rf "$TEMP_DIR" 2>/dev/null && echo -e "Removed stale temp dir - $TEMP_DIR" -# clean up temp zip file -rm "$TEMP_ZIP" 2>/dev/null && echo -e "stale zip file removed." -rm -rf "$TEMP_DIR" 2>/dev/null && echo -e "stale zip dir removed." +# Start +echo -e "\nOutput -\n" -echo -e "\nNew Release Created - $RELEASE_PATH/$release_name.zip" +echo -e "New Release Created - $RELEASE_PATH/$release_name.zip"