cloud-platform-terraform-monitoring Terraform module that deploy cloud-platform monitoring solution. It has support for components like: proxy, thanos, cloudwatch datasource for grafana, side-car, etc
module "monitoring" {
source = " github.com/ministryofjustice/cloud-platform-terraform-monitoring?ref=0.1.3" alertmanager_slack_receivers = . alertmanager_slack_receivers
iam_role_nodes = . aws_iam_role . nodes . arn
pagerduty_config = . pagerduty_config
enable_ecr_exporter = . workspace == local. live_workspace ? true : false
enable_cloudwatch_exporter = . workspace == local. live_workspace ? true : false
enable_thanos_helm_chart = . workspace == local. live_workspace ? true : false
enable_prometheus_affinity_and_tolerations = . workspace == local. live_workspace ? true : false
cluster_domain_name = . terraform_remote_state . cluster . outputs . cluster_domain_name
oidc_components_client_id = . terraform_remote_state . cluster . outputs . oidc_components_client_id
oidc_components_client_secret = . terraform_remote_state . cluster . outputs . oidc_components_client_secret
oidc_issuer_url = . terraform_remote_state . cluster . outputs . oidc_issuer_url
dependence_opa = . opa . helm_opa_status
}
Name
Version
terraform
>= 0.13
Name
Version
aws
n/a
helm
n/a
kubernetes
n/a
random
n/a
template
n/a
Name
Source
Version
iam_assumable_role_cloudwatch_exporter
terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
3.13.0
iam_assumable_role_ecr_exporter
terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
3.13.0
iam_assumable_role_monitoring
terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
3.13.0
Name
Description
Type
Default
Required
alertmanager_slack_receivers
A list of configuration values for Slack receivers
listn/a
yes
cluster_domain_name
The cluster domain - used by externalDNS and certmanager to create URLs
anyn/a
yes
dockerhub_password
DockerHub password - required to avoid hitting Dockerhub API limits in EKS clusters
string""no
dockerhub_username
DockerHub username - required to avoid hitting Dockerhub API limits in EKS clusters
string""no
eks
Where are you applying this modules in kOps cluster or in EKS (KIAM or KUBE2IAM?)
boolfalseno
eks_cluster_oidc_issuer_url
If EKS variable is set to true this is going to be used when we create the IAM OIDC role
string""no
enable_cloudwatch_exporter
Enable or not Cloudwatch exporter
boolfalseno
enable_ecr_exporter
Enable or not ECR exporter
boolfalseno
enable_kibana_audit_proxy
Enable or not Kibana-audit proxy for authentication
boolfalseno
enable_kibana_proxy
Enable or not Kibana proxy for authentication
boolfalseno
enable_large_nodesgroup
Due to Prometheus resource consumption, enabling this will set k8s Prometheus resources to higher values
boolfalseno
enable_prometheus_affinity_and_tolerations
Enable or not Prometheus node affinity (check helm values for the expressions)
boolfalseno
enable_thanos_compact
Enable or not Thanos Compact - not semantically concurrency safe and must be deployed as a singleton against a bucket
boolfalseno
enable_thanos_helm_chart
Enable or not Thanos Helm Chart - (do NOT confuse this with thanos sidecar within prometheus-operator)
boolfalseno
enable_thanos_sidecar
Enable or not Thanos sidecar. Basically defines if we want to send cluster metrics to thanos's S3 bucket
boolfalseno
iam_role_nodes
Nodes IAM role ARN in order to create the KIAM/Kube2IAM
stringn/a
yes
oidc_components_client_id
OIDC ClientID used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy)
anyn/a
yes
oidc_components_client_secret
OIDC ClientSecret used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy)
anyn/a
yes
oidc_issuer_url
Issuer URL used to authenticate to Grafana, AlertManager and Prometheus (oauth2-proxy)
anyn/a
yes
pagerduty_config
Add PagerDuty key to allow integration with a PD service.
anyn/a
yes
Name
Description
helm_prometheus_operator_status
n/a
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent