terraform-ibm-observability-agents/modules/logs-agent/main.tf at main · terraform-ibm-modules/terraform-ibm-observability-agents · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Lookup cluster name from ID. The is_vpc_cluster variable defines whether to use the VPC data block or the Classic data block
data "ibm_container_vpc_cluster" "cluster" {
  count             = var.is_vpc_cluster ? 1 : 0
  name              = var.cluster_id
  resource_group_id = var.cluster_resource_group_id
  wait_till         = var.wait_till
  wait_till_timeout = var.wait_till_timeout
}

data "ibm_container_cluster" "cluster" {
  count             = var.is_vpc_cluster ? 0 : 1
  name              = var.cluster_id
  resource_group_id = var.cluster_resource_group_id
  wait_till         = var.wait_till
  wait_till_timeout = var.wait_till_timeout
}

# Download cluster config which is required to connect to cluster
data "ibm_container_cluster_config" "cluster_config" {
  cluster_name_id   = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].name : data.ibm_container_cluster.cluster[0].name
  resource_group_id = var.cluster_resource_group_id
  config_dir        = "${path.module}/kubeconfig"
  endpoint_type     = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null # null value represents default
}

locals {
  logs_agent_chart_location            = "oci://icr.io/ibm/observe/logs-agent-helm"
  logs_agent_version                   = "1.8.1" # datasource: icr.io/ibm/observe/logs-agent-helm
  logs_agent_selected_log_source_paths = distinct(concat([for namespace in var.logs_agent_log_source_namespaces : "/var/log/containers/*_${namespace}_*.log"], var.logs_agent_selected_log_source_paths))
  logs_agent_iam_api_key               = var.logs_agent_iam_api_key != null ? var.logs_agent_iam_api_key : ""
  logs_agent_trusted_profile           = var.logs_agent_trusted_profile != null ? var.logs_agent_trusted_profile : ""
  cloud_logs_ingress_endpoint          = var.cloud_logs_ingress_endpoint != null ? var.cloud_logs_ingress_endpoint : ""
  logs_agent_additional_metadata = length(var.logs_agent_additional_metadata) > 0 ? merge([
    for metadata in var.logs_agent_additional_metadata : {
      (metadata.key) = metadata.value
  }]...) : {}                                                                                                                                       # DO NOT REMOVE "...", it is used to convert list of objects into a single object
  cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publicly documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
}

resource "helm_release" "logs_agent" {
  name             = var.logs_agent_name
  chart            = local.logs_agent_chart_location
  version          = local.logs_agent_version
  namespace        = var.logs_agent_namespace
  create_namespace = true
  timeout          = 1200
  wait             = true
  recreate_pods    = true
  force_update     = true

  set = [
    {
      name  = "metadata.name"
      type  = "string"
      value = var.logs_agent_name
    },
    {
      name  = "image.version"
      type  = "string"
      value = local.logs_agent_version
    },
    {
      name  = "env.ingestionHost"
      type  = "string"
      value = local.cloud_logs_ingress_endpoint
    },
    {
      name  = "env.ingestionPort"
      value = var.cloud_logs_ingress_port
    },
    {
      name  = "env.trustedProfileID"
      type  = "string"
      value = local.logs_agent_trusted_profile
    },
    {
      name  = "env.iamMode"
      type  = "string"
      value = var.logs_agent_iam_mode
    },
    {
      name  = "env.iamEnvironment"
      type  = "string"
      value = var.logs_agent_iam_environment
    },
    {
      name  = "additionalLogSourcePaths"
      type  = "string"
      value = join("\\,", var.logs_agent_additional_log_source_paths)
    },
    {
      name  = "excludeLogSourcePaths"
      type  = "string"
      value = join("\\,", var.logs_agent_exclude_log_source_paths)
    },
    {
      name  = "selectedLogSourcePaths"
      type  = "string"
      value = join("\\,", local.logs_agent_selected_log_source_paths)
    },
    {
      name  = "clusterName"
      type  = "string"
      value = local.cluster_name
    },
    {
      name  = "scc.create"
      value = var.logs_agent_enable_scc
    }
  ]

  set_sensitive = [{
    name  = "secret.iamAPIKey"
    type  = "string"
    value = local.logs_agent_iam_api_key
  }]

  # dummy value hack to force update https://github.com/hashicorp/terraform-provider-helm/issues/515#issuecomment-813088122
  values = [
    yamlencode({
      tolerations        = var.logs_agent_tolerations
      additionalMetadata = local.logs_agent_additional_metadata
      dummy              = uuid()
    })
  ]


  provisioner "local-exec" {
    command     = "${path.module}/scripts/confirm-rollout-status.sh ${var.logs_agent_name} ${var.logs_agent_namespace}"
    interpreter = ["/bin/bash", "-c"]
    environment = {
      KUBECONFIG = data.ibm_container_cluster_config.cluster_config.config_file_path
    }
  }
}