Merge pull request #1 from iits-consulting/feature/module

zeljkobekcic · web-flow · commit 07ee665574c4 · 2025-04-24T16:55:42.000+02:00
Initial Module creation
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -0,0 +1,9 @@
+name: Automation
+
+on: 
+  pull_request:
+
+jobs:
+  automation-workflow:
+    uses: iits-consulting/terraform-opentelekomcloud-common-workflows/.github/workflows/workflow-reusable.yaml@main
+
diff --git a/README.md b/README.md
@@ -0,0 +1,78 @@
+## otc-prometheus-exporter
+
+This module deploys our [otc-prometheus-exporter](https://github.com/iits-consulting/otc-prometheus-exporter) with wich metrics on the open telekom cloud can be monitored
+
+Example:
+```HCL
+module "otc_prometheus_exporter" {
+  source  = "iits-consulting/prometheus-exporter/opentelekomcloud"
+  version = "SET_ME"
+  
+  name_prefix  = "myCluster-PROD"
+  domain_name = "EU-DE-XXXXX"
+  
+  chart_values = [
+    yamlencode({
+      deployment = {
+        env = {
+          NAMESPACES = "OBS,RDS"
+        }
+      }
+    })
+  ]
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.17 |
+| <a name="requirement_opentelekomcloud"></a> [opentelekomcloud](#requirement\_opentelekomcloud) | ~> 1.32 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.17 |
+| <a name="provider_opentelekomcloud"></a> [opentelekomcloud](#provider\_opentelekomcloud) | ~> 1.32 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.otc-prometheus-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [opentelekomcloud_identity_credential_v3.user_aksk](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/identity_credential_v3) | resource |
+| [opentelekomcloud_identity_group_membership_v3.user_to_ces_group](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/identity_group_membership_v3) | resource |
+| [opentelekomcloud_identity_group_v3.ces_group](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/identity_group_v3) | resource |
+| [opentelekomcloud_identity_role_assignment_v3.ces_role_to_ces_group](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/identity_role_assignment_v3) | resource |
+| [opentelekomcloud_identity_user_v3.user](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/identity_user_v3) | resource |
+| [opentelekomcloud_identity_project_v3.current](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/data-sources/identity_project_v3) | data source |
+| [opentelekomcloud_identity_role_v3.ces_role](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/data-sources/identity_role_v3) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Domain name of the OTC | `string` | n/a | yes |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix of the OTC ressources created. | `string` | n/a | yes |
+| <a name="input_chart_name"></a> [chart\_name](#input\_chart\_name) | Name of the IITS otc-prometheus-exporter chart. | `string` | `"otc-prometheus-exporter"` | no |
+| <a name="input_chart_repository"></a> [chart\_repository](#input\_chart\_repository) | Chart repository of the IITS otc-prometheus-exporter chart. | `string` | `"https://iits-consulting.github.io/otc-prometheus-exporter/"` | no |
+| <a name="input_chart_set_list_parameter"></a> [chart\_set\_list\_parameter](#input\_chart\_set\_list\_parameter) | Override the values of the IITS otc-prometheus-exporter chart using set\_list. | <pre>list(object({<br/>    name  = string<br/>    value = list(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_chart_set_parameter"></a> [chart\_set\_parameter](#input\_chart\_set\_parameter) | Override the values of the IITS otc-prometheus-exporter chart using set. | <pre>list(object({<br/>    name  = string<br/>    value = optional(string)<br/>    type  = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_chart_set_sensitive_parameter"></a> [chart\_set\_sensitive\_parameter](#input\_chart\_set\_sensitive\_parameter) | Override the values of the IITS otc-prometheus-exporter chart using set\_sensitive. | <pre>list(object({<br/>    name  = string<br/>    value = string<br/>    type  = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_chart_values"></a> [chart\_values](#input\_chart\_values) | Override the values of the IITS otc-prometheus-exporter chart using value files. | `list(string)` | `[]` | no |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Chart version of the IITS otc-prometheus-exporter chart. | `string` | `"1.2.9"` | no |
+| <a name="input_release_name"></a> [release\_name](#input\_release\_name) | Name ot the release namespace. | `string` | `"otc-prometheus-exporter"` | no |
+| <a name="input_release_namespace"></a> [release\_namespace](#input\_release\_namespace) | Kubernetes namespace to install the chart to. | `string` | `"monitoring"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/main.tf b/main.tf
@@ -0,0 +1,67 @@
+resource "helm_release" "otc-prometheus-exporter" {
+  name                  = var.release_name
+  chart                 = var.chart_name
+  repository            = var.chart_repository
+  version               = var.chart_version
+  namespace             = var.release_namespace
+  create_namespace      = true
+  wait                  = true
+  atomic                = true
+  timeout               = 900 // 15 Minutes
+  render_subchart_notes = true
+  dependency_update     = true
+  wait_for_jobs         = true
+  values = concat([
+    yamlencode({
+      serviceMonitor = {
+        labels = {
+          release = "kube-prom-stack"
+        }
+      }
+  })], var.chart_values)
+
+  dynamic "set" {
+    for_each = { for param in var.chart_set_parameter : param.name => {
+      value = param.value
+      type  = param.type
+    } }
+    content {
+      name  = set.key
+      value = set.value.value
+      type  = set.value.type
+    }
+  }
+
+  dynamic "set_list" {
+    for_each = { for param in var.chart_set_list_parameter : param.name => param.value }
+    content {
+      name  = set_list.key
+      value = set_list.value
+    }
+  }
+
+  dynamic "set_sensitive" {
+    for_each = {
+      "deployment.env.OS_ACCESS_KEY"  = opentelekomcloud_identity_credential_v3.user_aksk.access
+      "deployment.env.OS_SECRET_KEY"  = opentelekomcloud_identity_credential_v3.user_aksk.secret
+      "deployment.env.OS_PROJECT_ID"  = data.opentelekomcloud_identity_project_v3.current.id
+      "deployment.env.OS_DOMAIN_NAME" = var.domain_name
+    }
+    content {
+      name  = set_sensitive.key
+      value = set_sensitive.value
+    }
+  }
+
+  dynamic "set_sensitive" {
+    for_each = { for param in var.chart_set_sensitive_parameter : param.name => {
+      value = param.value
+      type  = param.type
+    } }
+    content {
+      name  = set_sensitive.key
+      value = set_sensitive.value.value
+      type  = set_sensitive.value.type
+    }
+  }
+}
diff --git a/otc_user.tf b/otc_user.tf
@@ -0,0 +1,36 @@
+data "opentelekomcloud_identity_project_v3" "current" {}
+
+resource "opentelekomcloud_identity_user_v3" "user" {
+  name        = "${var.name_prefix}-prom"
+  description = "CES read only access programmatic user for ${var.release_name}."
+  enabled     = true
+}
+
+data "opentelekomcloud_identity_role_v3" "ces_role" {
+  name = "system_all_60" #CES ReadOnly Role
+}
+
+resource "opentelekomcloud_identity_group_v3" "ces_group" {
+  name        = "${var.name_prefix}-prom"
+  description = "CES read only access group for ${var.release_name}."
+}
+
+resource "opentelekomcloud_identity_role_assignment_v3" "ces_role_to_ces_group" {
+  group_id   = opentelekomcloud_identity_group_v3.ces_group.id
+  role_id    = data.opentelekomcloud_identity_role_v3.ces_role.id
+  project_id = data.opentelekomcloud_identity_project_v3.current.id
+  lifecycle {
+    ignore_changes = [project_id]
+  }
+}
+
+resource "opentelekomcloud_identity_group_membership_v3" "user_to_ces_group" {
+  group = opentelekomcloud_identity_group_v3.ces_group.id
+  users = [opentelekomcloud_identity_user_v3.user.id]
+}
+
+resource "opentelekomcloud_identity_credential_v3" "user_aksk" {
+  user_id     = opentelekomcloud_identity_user_v3.user.id
+  description = "CES read only user for ${var.release_name}."
+  depends_on  = [opentelekomcloud_identity_group_membership_v3.user_to_ces_group]
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,74 @@
+variable "name_prefix" {
+  type        = string
+  description = "Prefix of the OTC ressources created."
+}
+
+variable "release_name" {
+  default     = "otc-prometheus-exporter"
+  type        = string
+  description = "Name ot the release namespace."
+}
+
+variable "release_namespace" {
+  type        = string
+  default     = "monitoring"
+  description = "Kubernetes namespace to install the chart to."
+}
+
+variable "domain_name" {
+  type        = string
+  description = "Domain name of the OTC"
+}
+
+variable "chart_repository" {
+  type        = string
+  default     = "https://iits-consulting.github.io/otc-prometheus-exporter/"
+  description = "Chart repository of the IITS otc-prometheus-exporter chart."
+}
+
+variable "chart_name" {
+  type        = string
+  default     = "otc-prometheus-exporter"
+  description = "Name of the IITS otc-prometheus-exporter chart."
+}
+
+variable "chart_version" {
+  type        = string
+  default     = "1.2.9"
+  description = "Chart version of the IITS otc-prometheus-exporter chart."
+}
+
+variable "chart_values" {
+  type        = list(string)
+  default     = []
+  description = "Override the values of the IITS otc-prometheus-exporter chart using value files."
+}
+
+variable "chart_set_parameter" {
+  type = list(object({
+    name  = string
+    value = optional(string)
+    type  = optional(string)
+  }))
+  default     = []
+  description = "Override the values of the IITS otc-prometheus-exporter chart using set."
+}
+
+variable "chart_set_list_parameter" {
+  type = list(object({
+    name  = string
+    value = list(string)
+  }))
+  default     = []
+  description = "Override the values of the IITS otc-prometheus-exporter chart using set_list."
+}
+
+variable "chart_set_sensitive_parameter" {
+  type = list(object({
+    name  = string
+    value = string
+    type  = optional(string)
+  }))
+  default     = []
+  description = "Override the values of the IITS otc-prometheus-exporter chart using set_sensitive."
+}
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.5.7"
+
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.17"
+    }
+    opentelekomcloud = {
+      source  = "opentelekomcloud/opentelekomcloud"
+      version = "~> 1.32"
+    }
+  }
+}
