diff --git a/README.md b/README.md index ee142b9..447bc72 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This module is a wrapper module that groups the following modules: - [base-ocp-vpc-module](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc) - Provisions a base (bare) Red Hat OpenShift Container Platform cluster on VPC Gen2 (supports passing Key Protect details to encrypt cluster). -- [observability-agents-module](https://github.com/terraform-ibm-modules/terraform-ibm-observability-agents) - Deploys LogDNA and Sysdig agents to a cluster. +- [observability-agents-module](https://github.com/terraform-ibm-modules/terraform-ibm-observability-agents) - Deploys Log Analysis and Cloud Monitoring agents to a cluster. :exclamation: **Important:** You can't update Red Hat OpenShift cluster nodes by using this module. The Terraform logic ignores updates to prevent possible destructive changes. @@ -71,10 +71,10 @@ module "ocp_all_inclusive" { } ] } - logdna_instance_name = "my-logdna" - logdna_ingestion_key = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" - sysdig_instance_name = "my-sysdig" - sysdig_access_key = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" + log_analysis_instance_name = "my-logdna" + log_analysis_ingestion_key = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" + cloud_monitoring_instance_name = "my-sysdig" + cloud_monitoring_access_key = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" } ``` @@ -121,7 +121,7 @@ You need the following permissions to run this module. | Name | Source | Version | |------|--------|---------| -| [observability\_agents](#module\_observability\_agents) | terraform-ibm-modules/observability-agents/ibm | 1.12.2 | +| [observability\_agents](#module\_observability\_agents) | terraform-ibm-modules/observability-agents/ibm | 1.16.0 | | [ocp\_base](#module\_ocp\_base) | terraform-ibm-modules/base-ocp-vpc/ibm | 3.14.0 | ### Resources @@ -134,6 +134,11 @@ No resources. |------|-------------|------|---------|:--------:| | [access\_tags](#input\_access\_tags) | Optional list of access management tags to add to the OCP Cluster created by this module. | `list(string)` | `[]` | no | | [addons](#input\_addons) | List of all addons supported by the ocp cluster. | 
object({
    debug-tool                = optional(string)
    image-key-synchronizer    = optional(string)
    openshift-data-foundation = optional(string)
    vpc-file-csi-driver       = optional(string)
    static-route              = optional(string)
    cluster-autoscaler        = optional(string)
    vpc-block-csi-driver      = optional(string)
  })
| `null` | no | +| [cloud\_monitoring\_access\_key](#input\_cloud\_monitoring\_access\_key) | Access key for the Cloud Monitoring agent to communicate with the instance. | `string` | `null` | no | +| [cloud\_monitoring\_agent\_tags](#input\_cloud\_monitoring\_agent\_tags) | List of tags to associate with the cloud monitoring agents | `list(string)` | `[]` | no | +| [cloud\_monitoring\_agent\_version](#input\_cloud\_monitoring\_agent\_version) | Optionally override the default Cloud Monitoring agent version. If the value is null, this version is set to the version of 'cloud\_monitoring\_agent\_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/sysdig/agent`. | `string` | `null` | no | +| [cloud\_monitoring\_instance\_name](#input\_cloud\_monitoring\_instance\_name) | The name of the Cloud Monitoring instance to point the Cloud Monitoring agent to. If left at null, no agent will be deployed. | `string` | `null` | no | +| [cloud\_monitoring\_resource\_group\_id](#input\_cloud\_monitoring\_resource\_group\_id) | Resource group id that the Cloud Monitoring instance is in. If left at null, the value of var.resource\_group\_id will be used. | `string` | `null` | no | | [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no | | [cluster\_name](#input\_cluster\_name) | The name to give the OCP cluster provisioned by the module. | `string` | n/a | yes | | [cluster\_ready\_when](#input\_cluster\_ready\_when) | The cluster is ready when one of the following: MasterNodeReady (not recommended), OneWorkerNodeReady, Normal, IngressReady | `string` | `"IngressReady"` | no | @@ -149,21 +154,16 @@ No resources. | [ignore\_worker\_pool\_size\_changes](#input\_ignore\_worker\_pool\_size\_changes) | Enable if using worker autoscaling. Stops Terraform managing worker count | `bool` | `false` | no | | [key\_protect\_use\_private\_endpoint](#input\_key\_protect\_use\_private\_endpoint) | Set as true to use the Private endpoint when communicating between cluster and Key Protect Instance. | `bool` | `true` | no | | [kms\_account\_id](#input\_kms\_account\_id) | Id of the account that owns the KMS instance to encrypt the cluster. It is only required if the KMS instance is in another account. | `string` | `null` | no | -| [logdna\_agent\_tags](#input\_logdna\_agent\_tags) | List of tags to associate with the logdna agents | `list(string)` | `[]` | no | -| [logdna\_agent\_version](#input\_logdna\_agent\_version) | Optionally override the default LogDNA agent version. If the value is null, this version is set to the version of 'logdna\_agent\_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/logdna-agent`. | `string` | `null` | no | -| [logdna\_ingestion\_key](#input\_logdna\_ingestion\_key) | Ingestion key for the LogDNA agent to communicate with the instance. | `string` | `null` | no | -| [logdna\_instance\_name](#input\_logdna\_instance\_name) | The name of the LogDNA instance to point the LogDNA agent to. If left at null, no agent will be deployed. | `string` | `null` | no | -| [logdna\_resource\_group\_id](#input\_logdna\_resource\_group\_id) | Resource group id that the LogDNA instance is in. If left at null, the value of var.resource\_group\_id will be used. | `string` | `null` | no | +| [log\_analysis\_agent\_tags](#input\_log\_analysis\_agent\_tags) | List of tags to associate with the log analysis agents | `list(string)` | `[]` | no | +| [log\_analysis\_agent\_version](#input\_log\_analysis\_agent\_version) | Optionally override the default Log Analysis agent version. If the value is null, this version is set to the version of 'log\_analysis\_agent\_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/logdna-agent`. | `string` | `null` | no | +| [log\_analysis\_ingestion\_key](#input\_log\_analysis\_ingestion\_key) | Ingestion key for the Log Analysis agent to communicate with the instance. | `string` | `null` | no | +| [log\_analysis\_instance\_name](#input\_log\_analysis\_instance\_name) | The name of the Log Analysis instance to point the Log Analysis agent to. If left at null, no agent will be deployed. | `string` | `null` | no | +| [log\_analysis\_resource\_group\_id](#input\_log\_analysis\_resource\_group\_id) | Resource group id that the Log Analysis instance is in. If left at null, the value of var.resource\_group\_id will be used. | `string` | `null` | no | | [manage\_all\_addons](#input\_manage\_all\_addons) | Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources. | `bool` | `false` | no | | [ocp\_entitlement](#input\_ocp\_entitlement) | Value that is applied to the entitlements for OCP cluster provisioning | `string` | `"cloud_pak"` | no | | [ocp\_version](#input\_ocp\_version) | The version of the OpenShift cluster that should be provisioned (format 4.x). This is only used during initial cluster provisioning, but ignored for future updates. Supports passing the string 'latest' (current latest available version) or 'default' (current IKS default recommended version). If no value is passed, it will default to 'default'. | `string` | `null` | no | | [region](#input\_region) | The IBM Cloud region where all resources will be provisioned. | `string` | n/a | yes | | [resource\_group\_id](#input\_resource\_group\_id) | The IBM Cloud resource group ID to provision all resources in. | `string` | n/a | yes | -| [sysdig\_access\_key](#input\_sysdig\_access\_key) | Access key for the Sysdig agent to communicate with the instance. | `string` | `null` | no | -| [sysdig\_agent\_tags](#input\_sysdig\_agent\_tags) | List of tags to associate with the sysdig agents | `list(string)` | `[]` | no | -| [sysdig\_agent\_version](#input\_sysdig\_agent\_version) | Optionally override the default Sysdig agent version. If the value is null, this version is set to the version of 'sysdig\_agent\_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/sysdig/agent`. | `string` | `null` | no | -| [sysdig\_instance\_name](#input\_sysdig\_instance\_name) | The name of the Sysdig instance to point the Sysdig agent to. If left at null, no agent will be deployed. | `string` | `null` | no | -| [sysdig\_resource\_group\_id](#input\_sysdig\_resource\_group\_id) | Resource group id that the Sysdig instance is in. If left at null, the value of var.resource\_group\_id will be used. | `string` | `null` | no | | [use\_existing\_cos](#input\_use\_existing\_cos) | Flag indicating whether or not to use an existing COS instance for OpenShift internal registry storage. Only applicable if 'enable\_registry\_storage' is true | `bool` | `false` | no | | [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no | | [vpc\_id](#input\_vpc\_id) | The ID of the VPC to use. | `string` | n/a | yes | diff --git a/examples/end-to-end-example/README.md b/examples/end-to-end-example/README.md index 6f17498..425f307 100644 --- a/examples/end-to-end-example/README.md +++ b/examples/end-to-end-example/README.md @@ -3,10 +3,10 @@ An end-to-end example that will: - Create a new resource group (if existing one is not passed in). - Provision a VPC in the given resource group and region. -- Provision LogDNA and Sysdig instances in the given resource group and region. +- Provision Log Analysis and Cloud Monitoring instances in the given resource group and region. - Provision a Key Protect instance in the given resource group and region and create a new key ring and key in the instance - Call the ocp-all-inclusive-module to do the following: - provision an OCP VPC cluster in the given resource group and region, passing the details of the Key Protect instance and key for cluster encryption - - deploy LogDNA and Sysdig agents to the cluster + - deploy Log Analysis and Cloud Monitoring agents to the cluster - deploy service mesh on the cluster - install autoscaler addon and configure certain nodepools to have autoscaling enabled. diff --git a/examples/end-to-end-example/main.tf b/examples/end-to-end-example/main.tf index 369d745..4be082c 100644 --- a/examples/end-to-end-example/main.tf +++ b/examples/end-to-end-example/main.tf @@ -25,7 +25,7 @@ module "vpc" { } ############################################################################## -# Observability Instances (LogDNA + Sysdig) +# Observability Instances (Log Analysis + Cloud Monitoring) ############################################################################## module "observability_instances" { @@ -105,12 +105,12 @@ module "ocp_all_inclusive" { access_tags = var.access_tags existing_key_protect_instance_guid = module.key_protect_all_inclusive.key_protect_guid existing_key_protect_root_key_id = module.key_protect_all_inclusive.keys["${local.key_ring_name}.${local.key_name}"].key_id - logdna_instance_name = module.observability_instances.log_analysis_name - logdna_ingestion_key = module.observability_instances.log_analysis_ingestion_key - sysdig_instance_name = module.observability_instances.cloud_monitoring_name - sysdig_access_key = module.observability_instances.cloud_monitoring_access_key + log_analysis_instance_name = module.observability_instances.log_analysis_name + log_analysis_ingestion_key = module.observability_instances.log_analysis_ingestion_key + cloud_monitoring_instance_name = module.observability_instances.cloud_monitoring_name + cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key addons = local.addons disable_public_endpoint = var.disable_public_endpoint - logdna_agent_tags = var.resource_tags - sysdig_agent_tags = var.resource_tags + log_analysis_agent_tags = var.resource_tags + cloud_monitoring_agent_tags = var.resource_tags } diff --git a/main.tf b/main.tf index 178f045..e7c5843 100644 --- a/main.tf +++ b/main.tf @@ -55,38 +55,38 @@ module "ocp_base" { locals { # Locals - run_observability_agents_module = (local.provision_logdna_agent == true || local.provision_sysdig_agent) ? true : false - provision_logdna_agent = var.logdna_instance_name != null ? true : false - provision_sysdig_agent = var.sysdig_instance_name != null ? true : false - logdna_resource_group_id = var.logdna_resource_group_id != null ? var.logdna_resource_group_id : var.resource_group_id - sysdig_resource_group_id = var.sysdig_resource_group_id != null ? var.sysdig_resource_group_id : var.resource_group_id + run_observability_agents_module = (local.provision_log_analysis_agent == true || local.provision_cloud_monitoring_agent) ? true : false + provision_log_analysis_agent = var.log_analysis_instance_name != null ? true : false + provision_cloud_monitoring_agent = var.cloud_monitoring_instance_name != null ? true : false + log_analysis_resource_group_id = var.log_analysis_resource_group_id != null ? var.log_analysis_resource_group_id : var.resource_group_id + cloud_monitoring_resource_group_id = var.cloud_monitoring_resource_group_id != null ? var.cloud_monitoring_resource_group_id : var.resource_group_id # Some input variable validation (approach based on https://stackoverflow.com/a/66682419) - logdna_validate_condition = var.logdna_instance_name != null && var.logdna_ingestion_key == null - logdna_validate_msg = "A value for var.logdna_ingestion_key must be passed when providing a value for var.logdna_instance_name" + log_analysis_validate_condition = var.log_analysis_instance_name != null && var.log_analysis_ingestion_key == null + log_analysis_validate_msg = "A value for var.log_analysis_ingestion_key must be passed when providing a value for var.log_analysis_instance_name" # tflint-ignore: terraform_unused_declarations - logdna_validate_check = regex("^${local.logdna_validate_msg}$", (!local.logdna_validate_condition ? local.logdna_validate_msg : "")) - sysdig_validate_condition = var.sysdig_instance_name != null && var.sysdig_access_key == null - sysdig_validate_msg = "A value for var.sysdig_access_key must be passed when providing a value for var.sysdig_instance_name" + log_analysis_validate_check = regex("^${local.log_analysis_validate_msg}$", (!local.log_analysis_validate_condition ? local.log_analysis_validate_msg : "")) + cloud_monitoring_validate_condition = var.cloud_monitoring_instance_name != null && var.cloud_monitoring_access_key == null + cloud_monitoring_validate_msg = "A value for var.cloud_monitoring_access_key must be passed when providing a value for var.cloud_monitoring_instance_name" # tflint-ignore: terraform_unused_declarations - sysdig_validate_check = regex("^${local.sysdig_validate_msg}$", (!local.sysdig_validate_condition ? local.sysdig_validate_msg : "")) + cloud_monitoring_validate_check = regex("^${local.cloud_monitoring_validate_msg}$", (!local.cloud_monitoring_validate_condition ? local.cloud_monitoring_validate_msg : "")) } module "observability_agents" { - count = local.run_observability_agents_module == true ? 1 : 0 - source = "terraform-ibm-modules/observability-agents/ibm" - version = "1.12.2" - cluster_id = module.ocp_base.cluster_id - cluster_resource_group_id = var.resource_group_id - logdna_enabled = local.provision_logdna_agent - logdna_instance_name = var.logdna_instance_name - logdna_ingestion_key = var.logdna_ingestion_key - logdna_resource_group_id = local.logdna_resource_group_id - logdna_agent_version = var.logdna_agent_version - logdna_agent_tags = var.logdna_agent_tags - sysdig_enabled = local.provision_sysdig_agent - sysdig_instance_name = var.sysdig_instance_name - sysdig_access_key = var.sysdig_access_key - sysdig_resource_group_id = local.sysdig_resource_group_id - sysdig_agent_version = var.sysdig_agent_version - sysdig_agent_tags = var.sysdig_agent_tags + count = local.run_observability_agents_module == true ? 1 : 0 + source = "terraform-ibm-modules/observability-agents/ibm" + version = "1.16.0" + cluster_id = module.ocp_base.cluster_id + cluster_resource_group_id = var.resource_group_id + log_analysis_enabled = local.provision_log_analysis_agent + log_analysis_instance_name = var.log_analysis_instance_name + log_analysis_ingestion_key = var.log_analysis_ingestion_key + log_analysis_resource_group_id = local.log_analysis_resource_group_id + log_analysis_agent_version = var.log_analysis_agent_version + log_analysis_agent_tags = var.log_analysis_agent_tags + cloud_monitoring_enabled = local.provision_cloud_monitoring_agent + cloud_monitoring_instance_name = var.cloud_monitoring_instance_name + cloud_monitoring_access_key = var.cloud_monitoring_access_key + cloud_monitoring_resource_group_id = local.cloud_monitoring_resource_group_id + cloud_monitoring_agent_version = var.cloud_monitoring_agent_version + cloud_monitoring_agent_tags = var.cloud_monitoring_agent_tags } diff --git a/tests/pr_test.go b/tests/pr_test.go index c8c855f..66d4c12 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -38,6 +38,8 @@ func setupOptions(t *testing.T, prefix string, terraformVars map[string]interfac List: []string{ "module.ocp_all_inclusive.module.observability_agents[0].helm_release.logdna_agent[0]", "module.ocp_all_inclusive.module.observability_agents[0].helm_release.sysdig_agent[0]", + "module.ocp_all_inclusive.module.observability_agents[0].helm_release.log_analysis_agent[0]", + "module.ocp_all_inclusive.module.observability_agents[0].helm_release.cloud_monitoring_agent[0]", }, }, ImplicitDestroy: []string{ // Ignore full destroy to speed up tests diff --git a/variables.tf b/variables.tf index 68383af..64a75ea 100644 --- a/variables.tf +++ b/variables.tf @@ -269,72 +269,72 @@ variable "ignore_worker_pool_size_changes" { } ############################################################################## -# LogDNA Agent Variables +# Log Analysis Agent Variables ############################################################################## -variable "logdna_instance_name" { +variable "log_analysis_instance_name" { type = string - description = "The name of the LogDNA instance to point the LogDNA agent to. If left at null, no agent will be deployed." + description = "The name of the Log Analysis instance to point the Log Analysis agent to. If left at null, no agent will be deployed." default = null } -variable "logdna_ingestion_key" { +variable "log_analysis_ingestion_key" { type = string - description = "Ingestion key for the LogDNA agent to communicate with the instance." + description = "Ingestion key for the Log Analysis agent to communicate with the instance." sensitive = true default = null } -variable "logdna_resource_group_id" { +variable "log_analysis_resource_group_id" { type = string - description = "Resource group id that the LogDNA instance is in. If left at null, the value of var.resource_group_id will be used." + description = "Resource group id that the Log Analysis instance is in. If left at null, the value of var.resource_group_id will be used." default = null } -variable "logdna_agent_version" { +variable "log_analysis_agent_version" { type = string - description = "Optionally override the default LogDNA agent version. If the value is null, this version is set to the version of 'logdna_agent_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/logdna-agent`." + description = "Optionally override the default Log Analysis agent version. If the value is null, this version is set to the version of 'log_analysis_agent_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/logdna-agent`." default = null } -variable "logdna_agent_tags" { +variable "log_analysis_agent_tags" { type = list(string) - description = "List of tags to associate with the logdna agents" + description = "List of tags to associate with the log analysis agents" default = [] } ############################################################################## -# Sysdig Agent Variables +# Cloud Monitoring Agent Variables ############################################################################## -variable "sysdig_instance_name" { +variable "cloud_monitoring_instance_name" { type = string - description = "The name of the Sysdig instance to point the Sysdig agent to. If left at null, no agent will be deployed." + description = "The name of the Cloud Monitoring instance to point the Cloud Monitoring agent to. If left at null, no agent will be deployed." default = null } -variable "sysdig_access_key" { +variable "cloud_monitoring_access_key" { type = string - description = "Access key for the Sysdig agent to communicate with the instance." + description = "Access key for the Cloud Monitoring agent to communicate with the instance." sensitive = true default = null } -variable "sysdig_resource_group_id" { +variable "cloud_monitoring_resource_group_id" { type = string - description = "Resource group id that the Sysdig instance is in. If left at null, the value of var.resource_group_id will be used." + description = "Resource group id that the Cloud Monitoring instance is in. If left at null, the value of var.resource_group_id will be used." default = null } -variable "sysdig_agent_version" { +variable "cloud_monitoring_agent_version" { type = string - description = "Optionally override the default Sysdig agent version. If the value is null, this version is set to the version of 'sysdig_agent_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/sysdig/agent`." + description = "Optionally override the default Cloud Monitoring agent version. If the value is null, this version is set to the version of 'cloud_monitoring_agent_version' variable in the Observability agents module. To list available versions, run: `ibmcloud cr images --restrict ext/sysdig/agent`." default = null } -variable "sysdig_agent_tags" { +variable "cloud_monitoring_agent_tags" { type = list(string) - description = "List of tags to associate with the sysdig agents" + description = "List of tags to associate with the cloud monitoring agents" default = [] }