Skip to content

Commit

Permalink
feat: Added Grafana-managed (#82)
Browse files Browse the repository at this point in the history
  • Loading branch information
@diegolagospagopa
diegolagospagopa authored Aug 24, 2023
1 parent ac51417 commit 4ca6023
Show file tree
Hide file tree
Showing 13 changed files with 2,393 additions and 78 deletions.
134 changes: 56 additions & 78 deletions src/aks-platform/03_prometheus_managed.tf
View file
Original file line number Diff line number Diff line change
@@ -1,80 +1,58 @@
resource "azurerm_monitor_workspace" "prometheus_amw" {
name = local.monitor_log_analytics_workspace_prometheus_name
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
# resource "azurerm_monitor_workspace" "prometheus_amw" {
# name = local.monitor_log_analytics_workspace_prometheus_name
# location = azurerm_resource_group.rg_aks.location
# resource_group_name = azurerm_resource_group.rg_aks.name

# tags = var.tags
# }

# resource "azurerm_monitor_data_collection_endpoint" "prometheus_dce" {
# name = "${local.project}-prometheus-dce"
# location = azurerm_resource_group.rg_aks.location
# resource_group_name = azurerm_resource_group.rg_aks.name
# kind = "Linux"
# }

# resource "azurerm_monitor_data_collection_rule" "prometheus_dcr" {
# name = "${local.project}-prometheus-dcr"
# location = azurerm_resource_group.rg_aks.location
# resource_group_name = azurerm_resource_group.rg_aks.name
# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.prometheus_dce.id
# kind = "Linux"

# destinations {
# monitor_account {
# monitor_account_id = azurerm_monitor_workspace.prometheus_amw.id
# name = "monitoring_account_prometheus"
# }
# }

# data_flow {
# streams = ["Microsoft-PrometheusMetrics"]
# destinations = ["monitoring_account_prometheus"]
# }

# data_sources {
# prometheus_forwarder {
# streams = ["Microsoft-PrometheusMetrics"]
# name = "PrometheusDataSource"
# }
# }

# description = "DCR for Azure Monitor Metrics Profile (Managed Prometheus)"
# depends_on = [
# azurerm_monitor_data_collection_endpoint.prometheus_dce,
# ]
# }

# resource "azurerm_monitor_data_collection_rule_association" "dcra" {
# name = "${local.project}-prometheus-dcra"
# target_resource_id = module.aks[0].id
# data_collection_rule_id = azurerm_monitor_data_collection_rule.prometheus_dcr.id
# description = "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster."
# depends_on = [
# azurerm_monitor_data_collection_rule.prometheus_dcr
# ]
# }

tags = var.tags
}

resource "azurerm_monitor_data_collection_endpoint" "prometheus_dce" {
name = "${local.project}-prometheus-dce"
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
kind = "Linux"
}

resource "azurerm_monitor_data_collection_rule" "prometheus_dcr" {
name = "${local.project}-prometheus-dcr"
location = azurerm_resource_group.rg_aks.location
resource_group_name = azurerm_resource_group.rg_aks.name
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.prometheus_dce.id
kind = "Linux"

destinations {
monitor_account {
monitor_account_id = azurerm_monitor_workspace.prometheus_amw.id
name = "monitoring_account_prometheus"
}
}

data_flow {
streams = ["Microsoft-PrometheusMetrics"]
destinations = ["monitoring_account_prometheus"]
}

data_sources {
prometheus_forwarder {
streams = ["Microsoft-PrometheusMetrics"]
name = "PrometheusDataSource"
}
}

description = "DCR for Azure Monitor Metrics Profile (Managed Prometheus)"
depends_on = [
azurerm_monitor_data_collection_endpoint.prometheus_dce,
]
}

resource "azurerm_monitor_data_collection_rule_association" "dcra" {
name = "${local.project}-prometheus-dcra"
target_resource_id = module.aks[0].id
data_collection_rule_id = azurerm_monitor_data_collection_rule.prometheus_dcr.id
description = "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster."
depends_on = [
azurerm_monitor_data_collection_rule.prometheus_dcr
]
}

#
# Enable prometheus monitoring for AKS cluster
#
resource "null_resource" "enable_prometheus_monitoring" {
triggers = {
AKS_NAME = module.aks[0].name
AKS_RESOURCE_GROUP = azurerm_resource_group.rg_aks.name
AMW_ID = azurerm_monitor_workspace.prometheus_amw.id
}

depends_on = [
module.aks[0]
]

provisioner "local-exec" {
command = <<EOF
az aks update --enable-azure-monitor-metrics \
-n ${self.triggers.AKS_NAME} \
-g ${self.triggers.AKS_RESOURCE_GROUP} \
--azure-monitor-workspace-resource-id ${self.triggers.AMW_ID}
EOF
}
}
47 changes: 47 additions & 0 deletions src/grafana-monitoring/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions src/grafana-monitoring/00_azuread.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Azure AD
data "azuread_group" "adgroup_admin" {
display_name = "${local.product}-adgroup-admin"
}

data "azuread_group" "adgroup_developers" {
display_name = "${local.product}-adgroup-developers"
}

data "azuread_group" "adgroup_externals" {
display_name = "${local.product}-adgroup-externals"
}

data "azuread_group" "adgroup_security" {
display_name = "${local.product}-adgroup-security"
}
38 changes: 38 additions & 0 deletions src/grafana-monitoring/02_grafana_managed.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
data "azurerm_log_analytics_workspace" "log_analytics" {
name = var.log_analytics_workspace_name
resource_group_name = var.log_analytics_workspace_resource_group_name
}

resource "azurerm_resource_group" "grafana_rg" {
name = "${local.project}-rg"
location = var.location
tags = var.tags
}

resource "azurerm_dashboard_grafana" "grafana_dashboard" {
name = local.project
resource_group_name = azurerm_resource_group.grafana_rg.name
location = var.location
api_key_enabled = true
deterministic_outbound_ip_enabled = true
public_network_access_enabled = true
zone_redundancy_enabled = true
identity {
type = "SystemAssigned"
}
tags = var.tags
}

resource "azurerm_role_assignment" "grafana_dashboard_monitoring_reader" {
scope = data.azurerm_subscription.current.id
role_definition_name = "Monitoring Reader"
principal_id = azurerm_dashboard_grafana.grafana_dashboard.identity[0].principal_id
}

# module "auto_dashboard" {
# source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//grafana_dashboard?ref=grafana-automatic-dashboard"
# grafana_url = azurerm_dashboard_grafana.grafana_dashboard.endpoint
# grafana_api_key = "xyz"
# prefix = var.prefix
# monitor_workspace = data.azurerm_log_analytics_workspace.log_analytics.id
# }
24 changes: 24 additions & 0 deletions src/grafana-monitoring/99_locals.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
locals {
project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
product = "${var.prefix}-${var.env_short}"

app_insights_ips_west_europe = [
"51.144.56.96/28",
"51.144.56.112/28",
"51.144.56.128/28",
"51.144.56.144/28",
"51.144.56.160/28",
"51.144.56.176/28",
]

monitor_appinsights_name = "${local.product}-appinsights"
monitor_action_group_slack_name = "SlackPagoPA"
monitor_action_group_email_name = "PagoPA"

vnet_name = "${local.product}-vnet"
vnet_resource_group_name = "${local.product}-vnet-rg"




}
29 changes: 29 additions & 0 deletions src/grafana-monitoring/99_main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
terraform {
required_version = ">=1.0.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "= 3.25.0"
}
azuread = {
source = "hashicorp/azuread"
version = "= 2.10.0"
}
}

backend "azurerm" {}
}

provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = false
}
}
}

data "azurerm_subscription" "current" {}

data "azurerm_client_config" "current" {}


Loading

0 comments on commit 4ca6023

Please sign in to comment.