92 lines
2.6 KiB
HCL
92 lines
2.6 KiB
HCL
# Monitoring stack for k3s cluster with Thanos
|
|
terraform {
|
|
required_providers {
|
|
helm = {
|
|
source = "hashicorp/helm"
|
|
version = ">= 2.0.0"
|
|
}
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = ">= 2.0.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Create monitoring namespace
|
|
resource "kubernetes_namespace" "monitoring" {
|
|
metadata {
|
|
name = "monitoring"
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [metadata]
|
|
}
|
|
}
|
|
|
|
resource "random_password" "grafana_admin_password" {
|
|
length = 40
|
|
special = false
|
|
}
|
|
|
|
# Create secret for remote write authentication
|
|
resource "kubernetes_secret" "prometheus_remote_write_auth" {
|
|
metadata {
|
|
name = "prometheus-remote-write-auth"
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
}
|
|
|
|
data = {
|
|
username = var.remote_write_username
|
|
password = var.remote_write_password
|
|
}
|
|
}
|
|
|
|
# Prometheus + Grafana + Alertmanager stack
|
|
resource "helm_release" "kube_prometheus_stack" {
|
|
depends_on = [var.wait_on, kubernetes_secret.prometheus_remote_write_auth]
|
|
|
|
name = "monitoring"
|
|
repository = "https://prometheus-community.github.io/helm-charts"
|
|
chart = "kube-prometheus-stack"
|
|
namespace = kubernetes_namespace.monitoring.metadata[0].name
|
|
version = "75.9.0" # Specify version for reproducibility
|
|
|
|
# Use values from template file
|
|
values = [
|
|
templatefile("${path.module}/monitoring-values.yaml.tftpl", {
|
|
remote_write_url = var.remote_write_url
|
|
remote_read_url = var.remote_read_url
|
|
grafana_admin_password = random_password.grafana_admin_password.result
|
|
})
|
|
]
|
|
}
|
|
|
|
# Output important endpoints
|
|
output "grafana_url" {
|
|
value = "http://monitoring-grafana.${kubernetes_namespace.monitoring.metadata[0].name}.svc.cluster.local"
|
|
}
|
|
|
|
output "alertmanager_url" {
|
|
value = "http://monitoring-kube-prometheus-alertmanager.${kubernetes_namespace.monitoring.metadata[0].name}.svc.cluster.local:9093"
|
|
}
|
|
|
|
output "prometheus_url" {
|
|
value = "http://monitoring-kube-prometheus-prometheus.${kubernetes_namespace.monitoring.metadata[0].name}.svc.cluster.local:9090"
|
|
}
|
|
|
|
# Instructions for accessing services
|
|
output "access_instructions" {
|
|
value = <<-EOT
|
|
To access services from outside the cluster:
|
|
|
|
Grafana:
|
|
kubectl port-forward -n ${kubernetes_namespace.monitoring.metadata[0].name} svc/monitoring-grafana 3000:80
|
|
|
|
Alertmanager:
|
|
kubectl port-forward -n ${kubernetes_namespace.monitoring.metadata[0].name} svc/monitoring-kube-prometheus-alertmanager 9093:9093
|
|
|
|
Default Grafana credentials:
|
|
Username: admin
|
|
Password: ${random_password.grafana_admin_password.result}
|
|
EOT
|
|
} |