Custom Domain Input; OKE Status check; Optional Custom input before helm install (#98)

Custom Domain Input; OKE Status check; Optional Custom input before helm install

Author: paliwalparitosh

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 2024-11-20
+### Added
+- Support for new OCI Regions which are not yet supported through OCI Ruby SDK by default.
+- Status check for OKE lifecycle state to be active before installing helm chart, when installed using RMS.
+- An option to apply a static delay before installing helm chart, when installed using RMS.
+
 ## 2024-11-05
 ### Added
 - Support of extraEnv for Management Agent

charts/logan/Chart.yaml

@@ -5,7 +5,7 @@ apiVersion: v2
 name: oci-onm-logan
 description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics.
 type: application
-version: 3.5.1
+version: 3.5.2
 appVersion: "3.0.0"
 
 dependencies:

charts/logan/templates/discovery-cronjob.yaml

@@ -71,12 +71,18 @@ spec:
             {{- end }}
             {{- end }}
             {{- /* optional discovery job configuration */}}
-            {{- if and .Values.ociLAClusterEntityID $resourceNamePrefix }}
+            {{- if .Values.ociLAClusterEntityID }}
               - --oci_la_cluster_entity_id
               - {{ .Values.ociLAClusterEntityID  }}
+            {{- end }}
+            {{- if $resourceNamePrefix }}
               - --kubernetes_resourcename_prefix
               - {{ $resourceNamePrefix }}
             {{- end }}
+            {{- if .Values.ociDomain }}
+              - --oci_domain
+              - {{ .Values.ociDomain }}
+            {{- end }}
             {{- if .Values.k8sDiscovery.objects.discoveryMode }}
               - --discovery
               - {{ .Values.k8sDiscovery.objects.discoveryMode }}

charts/logan/templates/ekscp-logs-configmap.yaml

@@ -290,6 +290,9 @@ data:
           config_file_location      {{ $.Values.oci.path }}/{{ $.Values.oci.file }}
           profile_name              "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.profile_name }}"
           {{- end }}
+          {{- if $.Values.ociDomain }}
+          oci_domain                "{{ $.Values.ociDomain }}"
+          {{- end }}
           plugin_log_location       "{{ $.Values.fluentd.baseDir }}"
           plugin_log_level          "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_level }}"
           plugin_log_file_size      "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_file_size }}"

charts/logan/templates/logs-configmap.yaml

@@ -609,6 +609,9 @@ data:
           config_file_location      {{ $.Values.oci.path }}/{{ $.Values.oci.file }}
           profile_name              "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.profile_name }}"
           {{- end }}
+          {{- if $.Values.ociDomain }}
+          oci_domain                "{{ $.Values.ociDomain }}"
+          {{- end }}
           plugin_log_location       "{{ $.Values.fluentd.baseDir }}"
           plugin_log_level          "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_level }}"
           plugin_log_file_size      "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.plugin_log_file_size }}"

charts/logan/values.yaml

@@ -35,6 +35,11 @@ runtime: cri
 # -- Allowed values: InstancePrincipal, config
 authtype: InstancePrincipal
 
+# This parameter is required only for realms where the OCI Ruby SDK is not supported.
+# Format: <oci-region>.oci.<oci_domain>
+# Example: us-ashburn-1.oci.oraclecloud.com
+ociDomain:
+
 # -- Kubernetes Namespace for deploying monitoring resources deployed by this chart.
 namespace: "{{ .Values.global.namespace }}"
 
@@ -48,7 +53,7 @@ image:
    # Image pull secrets for. Secret must be in the namespace defined by namespace
    imagePullSecrets:
    # -- Replace this value with actual docker image url
-   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.1
+   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.2
    # -- Image pull policy
    imagePullPolicy: Always
 

charts/oci-onm/Chart.yaml

@@ -32,7 +32,7 @@ dependencies:
   repository: "file://../common"
   condition: oci-onm-common.enabled
 - name: oci-onm-logan
-  version: "3.5.1"
+  version: "3.5.2"
   repository: "file://../logan"
   condition: oci-onm-logan.enabled
 - name: oci-onm-mgmt-agent

charts/oci-onm/values.yaml

@@ -31,13 +31,17 @@ oci-onm-logan:
   kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}"
   kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}"
   image:
-    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.1
+    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.2
   # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value.
   ociLANamespace:
   # OCI Logging Analytics Default Log Group OCID
   ociLALogGroupID:
   # OCI Logging Analytics Entity OCID representing the target cluster
   ociLAClusterEntityID:
+  # This parameter is required only for realms where the OCI Ruby SDK is not supported.
+  # Format: <oci-region>.oci.<oci_domain>
+  # Example: us-ashburn-1.oci.oraclecloud.com
+  ociDomain:
 
 oci-onm-mgmt-agent:
   oci-onm-common:

terraform/modules/helm/helm-inputs.tf

@@ -109,6 +109,16 @@ variable "livelab_service_account" {
   default = ""
 }
 
+####
+##  OCI Client Config
+####
+
+# OCI domain
+variable "oci_domain" {
+  type    = string
+  default = null
+}
+
 ####
 ##  Others
 ####

terraform/modules/helm/helm-outputs.tf

@@ -5,7 +5,7 @@ locals {
   cmd_1_helm_repo_add    = "helm repo add oci-onm https://oracle-quickstart.github.io/oci-kubernetes-monitoring"
   cmd_2_helm_repo_update = "helm repo update"
 
-  cmd_3_helm_install = join(" ", [
+  cmd_3_layer_0 = join(" ", [
     "helm install oci-kubernetes-monitoring oci-onm/oci-onm",
     "--set global.namespace=${var.kubernetes_namespace}",
     "--set global.kubernetesClusterID=${var.kubernetes_cluster_id}",
@@ -16,6 +16,10 @@ locals {
     "--set oci-onm-mgmt-agent.deployMetricServer=${var.opt_deploy_metric_server}",
     "--set oci-onm-mgmt-agent.mgmtagent.installKeyFileContent=${var.mgmt_agent_install_key_content}"
   ])
+
+  cmd_3_layer_1 = var.oci_domain == null ? local.cmd_3_layer_0 : "${local.cmd_3_layer_0} --set oci-onm-logan.ociDomain=${var.oci_domain}"
+
+  cmd_3_helm_install = local.cmd_3_layer_1
 }
 
 # Helm release artifacts for local testing and validation.

terraform/modules/helm/helm.tf

@@ -29,12 +29,6 @@ locals {
     "oci-onm-mgmt-agent.mgmtagent.installKeyFileContent" = var.mgmt_agent_install_key_content
     "oci-onm-mgmt-agent.deployMetricServer"              = var.opt_deploy_metric_server
   }
-
-  mushop_helm_inputs = {
-    # oci-onm-logan
-    "createServiceAccount" = false
-    "serviceAccount"       = var.livelab_service_account
-  }
 }
 
 # Create helm release
@@ -59,7 +53,7 @@ resource "helm_release" "oci-kubernetes-monitoring" {
   }
 
   dynamic "set" {
-    for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {}
+    for_each = var.oci_domain == null ? {} : { "oci-onm-logan.ociDomain" = var.oci_domain }
     content {
       name  = set.key
       value = set.value
@@ -90,7 +84,7 @@ data "helm_template" "oci-kubernetes-monitoring" {
   }
 
   dynamic "set" {
-    for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {}
+    for_each = var.oci_domain == null ? {} : { "oci-onm-logan.ociDomain" = var.oci_domain }
     content {
       name  = set.key
       value = set.value

terraform/modules/logan/logan.tf

@@ -87,7 +87,7 @@ resource "oci_log_analytics_log_analytics_entity" "oke_entity" {
   freeform_tags = var.tags.freeformTags
 
   lifecycle {
-    ignore_changes = [name, metadata, defined_tags, freeform_tags, ]
+    ignore_changes = [name, metadata, defined_tags, freeform_tags]
     # Not a User Facing Error 
     precondition {
       condition     = !(var.new_entity_name == null && var.oke_entity_ocid == null)

terraform/modules/main/developer-options.tf

@@ -6,12 +6,6 @@
 ## Leave it to default for production use
 ####
 
-# Enable/Disable livelab module
-variable "toggle_livelab_module" {
-  type    = bool
-  default = true
-}
-
 # Enable/Disable helm module
 variable "toggle_helm_module" {
   type    = bool

terraform/modules/main/main-inputs.tf

@@ -124,6 +124,12 @@ variable "kubernetes_namespace" {
   default = "oci-onm"
 }
 
+# OCI domain
+variable "oci_domain" {
+  type    = string
+  default = null
+}
+
 # Kubernetes Cluster OCID
 variable "kubernetes_cluster_id" {
   type = string

terraform/modules/main/main.tf

@@ -128,7 +128,7 @@ module "helm_release" {
   mgmt_agent_install_key_content = module.management_agent[0].mgmt_agent_install_key_content
   opt_deploy_metric_server       = var.opt_deploy_metric_server
   fluentd_base_dir_path          = var.fluentd_base_dir_path
-  # livelab_service_account        = local.livelab_service_account
+  oci_domain                     = var.oci_domain
 }
 
 # Import Kubernetes Dashboards
@@ -140,18 +140,3 @@ module "import_kubernetes_dashboards" {
   debug            = var.debug
   tags             = var.tags
 }
-
-# // Only execute for livelab stack
-# // livelab module only supports local users
-# // it will error out when an identity domain user is used and livelab_switch is set as true
-# module "livelab" {
-#   source            = "./modules/livelab"
-#   current_user_ocid = var.current_user_ocid
-#   debug             = var.debug
-
-#   count = local.module_controls_enable_livelab_module ? 1 : 0
-
-#   /* providers = {
-#     oci = oci.home_region
-#   } */
-# }

terraform/oke/providers.tf

@@ -41,6 +41,7 @@ data "oci_identity_regions" "region_map" {
 
 data "oci_containerengine_cluster_kube_config" "oke" {
   cluster_id = var.oke_cluster_ocid
+  depends_on = [null_resource.wait-for-oke-active-status[0]]
 }
 
 provider "oci" {
@@ -74,4 +75,6 @@ provider "helm" {
   }
 }
 
-provider "local" {}
+provider "local" {}
+
+provider "external" {}

terraform/oke/resources/metadata.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+set -e
+curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq .regionInfo
+# example output =>
+# echo '{
+#   "realmDomainComponent": "oraclecloud.com",
+#   "realmKey": "oc1",
+#   "regionIdentifier": "us-phoenix-1",
+#   "regionKey": "PHX"
+# }'

terraform/oke/resources/oke-status-check.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+############################################################
+##
+##   Check the lifecycle-state of OKE cluster [$OKE_OCID]
+##   every $CHECK_INTERVAL seconds
+##   untill
+##       - lifecycle state is "ACTIVE" 
+##         or 
+##       - time limit $WAIT_TIME is breached
+##   
+##   exit with status 0, iff lifecycle-state is "ACTIVE",
+##   otherwise exit with status 1
+##
+############################################################
+
+# Exit on error
+set -e
+
+# Inputs from ENV is preferred over CLI
+if [ -z "${WAIT_TIME}" ]; then WAIT_TIME=$1; fi
+if [ -z "${CHECK_INTERVAL}" ]; then CHECK_INTERVAL=$2; fi
+if [ -z "${OKE_OCID}" ]; then OKE_OCID=$3; fi
+
+timer=0
+
+while true; 
+do
+    oke_status=$(oci ce cluster get --cluster-id "$OKE_OCID" --query 'data."lifecycle-state"' --raw-output)
+    echo -e "OKE status: $oke_status"
+
+    if [[ "$oke_status" == "ACTIVE" ]]; then
+        echo -e "Returning with success."
+        break; 
+    fi
+
+    echo -e "Next check scheduled after seconds: $CHECK_INTERVAL"
+    sleep "$CHECK_INTERVAL"
+
+    (( timer = timer + CHECK_INTERVAL ))
+    if [ $timer -ge "$WAIT_TIME" ]; then
+         echo -e "Timeout limit breached: $WAIT_TIME"
+         echo -e "ERROR: OKE status is not ACTIVE."
+         exit 1
+    fi
+done
+
+exit 0

terraform/oke/ruby_sdk_regions.tf

@@ -0,0 +1,69 @@
+
+# source: https://github.com/oracle/oci-ruby-sdk/blob/v2.21.1/lib/oci/regions_definitions.rb
+# ruby SDK version: 2.21.1
+locals {
+  ruby_sdk_supported_regions = [
+    "ap-chuncheon-1",
+    "ap-hyderabad-1",
+    "ap-melbourne-1",
+    "ap-mumbai-1",
+    "ap-osaka-1",
+    "ap-seoul-1",
+    "ap-sydney-1",
+    "ap-tokyo-1",
+    "ca-montreal-1",
+    "ca-toronto-1",
+    "eu-amsterdam-1",
+    "eu-frankfurt-1",
+    "eu-zurich-1",
+    "me-jeddah-1",
+    "me-dubai-1",
+    "sa-saopaulo-1",
+    "uk-cardiff-1",
+    "uk-london-1",
+    "us-ashburn-1",
+    "us-phoenix-1",
+    "us-sanjose-1",
+    "sa-vinhedo-1",
+    "sa-santiago-1",
+    "il-jerusalem-1",
+    "eu-marseille-1",
+    "ap-singapore-1",
+    "me-abudhabi-1",
+    "eu-milan-1",
+    "eu-stockholm-1",
+    "af-johannesburg-1",
+    "eu-paris-1",
+    "mx-queretaro-1",
+    "eu-madrid-1",
+    "us-chicago-1",
+    "mx-monterrey-1",
+    "us-saltlake-2",
+    "sa-bogota-1",
+    "sa-valparaiso-1",
+    "us-langley-1",
+    "us-luke-1",
+    "us-gov-ashburn-1",
+    "us-gov-chicago-1",
+    "us-gov-phoenix-1",
+    "uk-gov-london-1",
+    "uk-gov-cardiff-1",
+    "ap-chiyoda-1",
+    "ap-ibaraki-1",
+    "me-dcc-muscat-1",
+    "ap-dcc-canberra-1",
+    "eu-dcc-milan-1",
+    "eu-dcc-milan-2",
+    "eu-dcc-dublin-2",
+    "eu-dcc-rating-2",
+    "eu-dcc-rating-1",
+    "eu-dcc-dublin-1",
+    "ap-dcc-gazipur-1",
+    "eu-madrid-2",
+    "eu-frankfurt-2",
+    "eu-jovanovac-1",
+    "me-dcc-doha-1",
+    "eu-dcc-zurich-1",
+    "me-abudhabi-3"
+  ]
+}