Feature/kube state metrics

cluster_role.tf → modules/kube-state-metrics/cluster_role.tf

@@ -1,56 +1,13 @@
-resource "kubernetes_cluster_role" "prometheus" {
-  metadata {
-    name   = local.app_name
-    labels = local.labels
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps", "endpoints", "nodes", "pods", "secrets", "services", "nodes/proxy", "nodes/metrics"]
-    verbs      = ["get", "list", "watch"]
-  }
-
-  rule {
-    api_groups = ["extensions", "networking.k8s.io"]
-    resources  = ["ingresses"]
-    verbs      = ["get", "list", "watch"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["events"]
-    verbs      = ["create", "patch"]
-  }
-
-  rule {
-    non_resource_urls = ["/metrics"]
-    verbs             = ["get"]
-  }
-}
-
-resource "kubernetes_cluster_role_binding" "prometheus" {
-  metadata {
-    name   = local.app_name
-    labels = local.labels
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = kubernetes_cluster_role.prometheus.metadata.0.name
-  }
-
-  subject {
-    kind      = "ServiceAccount"
-    name      = kubernetes_service_account.prometheus.metadata.0.name
-    namespace = kubernetes_service_account.prometheus.metadata.0.namespace
-  }
-}
-
 resource "kubernetes_cluster_role" "kube_state_metrics" {
   metadata {
-    name   = "kube-state-metrics"
-    labels = local.labels
+    name = "kube-state-metrics"
+    labels = {
+      "app.kubernetes.io/app"        = "kube-state-metrics"
+      "app.kubernetes.io/owner"      = "sre"
+      "app.kubernetes.io/managed-by" = "Terraform"
+      "app.kubernetes.io/component"  = "exporter"
+      "app.kubernetes.io/version"    = "2.9.2"
+    }
   }
 
   rule {
@@ -86,8 +43,14 @@ resource "kubernetes_cluster_role" "kube_state_metrics" {
 
 resource "kubernetes_cluster_role_binding" "kube_state_metrics" {
   metadata {
-    name   = "kube-state-metrics"
-    labels = local.labels
+    name = "kube-state-metrics"
+    labels = {
+      "app.kubernetes.io/app"        = "kube-state-metrics"
+      "app.kubernetes.io/owner"      = "sre"
+      "app.kubernetes.io/managed-by" = "Terraform"
+      "app.kubernetes.io/component"  = "exporter"
+      "app.kubernetes.io/version"    = "2.9.2"
+    }
   }
 
   role_ref {

modules/kube-state-metrics/deployment.tf

@@ -0,0 +1,98 @@
+resource "kubernetes_deployment" "kube_state_metrics" {
+  metadata {
+    name      = "kube-state-metrics"
+    namespace = "kube-system"
+    labels = {
+      "app.kubernetes.io/name"       = "kube-state-metrics"
+      "app.kubernetes.io/owner"      = "sre"
+      "app.kubernetes.io/managed-by" = "Terraform"
+      "app.kubernetes.io/component"  = "exporter"
+      "app.kubernetes.io/version"    = "2.9.2"
+    }
+  }
+
+  spec {
+    replicas               = var.replicas.min
+    revision_history_limit = var.revision_history_limit
+
+    selector {
+      match_labels = {
+        "app.kubernetes.io/name" = "kube-state-metrics"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          "app.kubernetes.io/owner"      = "sre"
+          "app.kubernetes.io/managed-by" = "Terraform"
+          "app.kubernetes.io/component"  = "exporter"
+          "app.kubernetes.io/version"    = "2.9.2"
+        }
+        annotations = {}
+      }
+
+      spec {
+        service_account_name = kubernetes_service_account.kube_state_metrics.metadata.0.name
+        node_selector        = var.deployment_node_selector
+        priority_class_name  = var.priority_class_name
+
+        affinity {
+          node_affinity {
+            preferred_during_scheduling_ignored_during_execution {
+              weight = 1
+              preference {
+                match_expressions {
+                  key      = "restart"
+                  operator = "In"
+                  values   = ["unlikely"]
+                }
+              }
+            }
+          }
+        }
+
+        toleration {
+          effect   = "NoSchedule"
+          key      = "onlyfor"
+          operator = "Equal"
+          value    = "highcpu"
+        }
+
+        toleration {
+          effect   = "NoSchedule"
+          key      = "dbonly"
+          operator = "Equal"
+          value    = "yes"
+        }
+
+        container {
+          name              = "kube-state-metrics"
+          image             = "quay.io/coreos/kube-state-metrics:v1.9.7"
+          image_pull_policy = "IfNotPresent"
+
+          port {
+            container_port = 8080
+            name           = "http-metrics"
+          }
+
+          port {
+            container_port = 8081
+            name           = "telemetry"
+          }
+
+          readiness_probe {
+            http_get {
+              path = "/healthz"
+              port = 8080
+            }
+
+            initial_delay_seconds = 15
+            timeout_seconds       = 5
+          }
+
+        }
+      }
+    }
+  }
+}

role.tf → modules/kube-state-metrics/role.tf

@@ -1,52 +1,12 @@
-resource "kubernetes_role" "prometheus" {
-  metadata {
-    name      = local.app_name
-    namespace = var.namespace
-    labels    = local.labels
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["namespaces"]
-    verbs      = ["get"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps", "pods", "secrets", "endpoints"]
-    verbs      = ["get", "list", "watch"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["services"]
-    verbs      = ["get", "list", "watch"]
-  }
-
-  rule {
-    api_groups = ["extensions", "networking.k8s.io"]
-    resources  = ["ingresses"]
-    verbs      = ["get", "list", "watch"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["configmaps"]
-    verbs      = ["create", "update"]
-  }
-
-  rule {
-    api_groups = [""]
-    resources  = ["events"]
-    verbs      = ["create", "patch"]
-  }
-}
-
 resource "kubernetes_role" "kube_state_metrics" {
   metadata {
     name      = "kube-state-metrics"
-    namespace = var.namespace
-    labels    = local.labels
+    namespace = "kube-system"
+    labels    = {
+        "app.kubernetes.io/app"        = "kube-state-metrics"
+        "app.kubernetes.io/owner"      = "sre"
+        "app.kubernetes.io/managed-by" = "Terraform"
+    }
   }
 
   rule {
@@ -66,8 +26,12 @@ resource "kubernetes_role" "kube_state_metrics" {
 resource "kubernetes_role_binding" "kube_state_metrics" {
   metadata {
     name      = "kube-state-metrics"
-    namespace = var.namespace
-    labels    = local.labels
+    namespace = "kube-system"
+    labels    = {
+        "app.kubernetes.io/app"        = "kube-state-metrics"
+        "app.kubernetes.io/owner"      = "sre"
+        "app.kubernetes.io/managed-by" = "Terraform"
+    } 
   }
 
   role_ref {

modules/kube-state-metrics/service-account.tf

@@ -0,0 +1,13 @@
+resource "kubernetes_service_account" "kube_state_metrics" {
+  metadata {
+    name      = "kube-state-metrics"
+    namespace = "kube-system"
+    labels = {
+      "app.kubernetes.io/app"        = "kube-state-metrics"
+      "app.kubernetes.io/owner"      = "sre"
+      "app.kubernetes.io/managed-by" = "Terraform"
+      "app.kubernetes.io/component"  = "exporter"
+      "app.kubernetes.io/version"    = "2.9.2"
+    }
+  }
+}

modules/kube-state-metrics/service.tf

@@ -0,0 +1,30 @@
+resource "kubernetes_service" "kube_state_metrics" {
+  metadata {
+    name      = "kube-state-metrics"
+    namespace = "kube-system"
+    labels = {
+      "app.kubernetes.io/app"        = "kube-state-metrics"
+      "app.kubernetes.io/owner"      = "sre"
+      "app.kubernetes.io/managed-by" = "Terraform"
+    }
+  }
+
+  spec {
+    type = var.service_type
+    selector = {
+      "app.kubernetes.io/name" = "kube-state-metrics"
+    }
+
+    port {
+      name        = "http"
+      port        = 8080
+      target_port = 8080
+    }
+
+    port {
+      name        = "telemetry"
+      port        = 8081
+      target_port = 8081
+    }
+  }
+}

modules/kube-state-metrics/variables.tf

@@ -0,0 +1,59 @@
+variable "replicas" {
+  description = "Number of deployment replicas"
+  type = object({
+    max = number
+    min = number
+  })
+  default = {
+    max = 2
+    min = 1
+  }
+}
+
+variable "pod_management_policy" {
+  description = "Value for podManagementPolicy"
+  type        = string
+  default     = "Parallel"
+}
+
+variable "revision_history_limit" {
+  type        = number
+  description = "Value for revisionHistoryLimit"
+  default     = 5
+}
+
+variable "deployment_node_selector" {
+  description = "Map of label names and values to assign the podspec's nodeSelector property"
+  type        = map(string)
+  default     = null
+}
+
+variable "priority_class_name" {
+  description = "The priority class to attach to the deployment"
+  type        = string
+  default     = null
+}
+
+variable "retention" {
+  type        = string
+  description = "retention period (i.e.: 6h)"
+  default     = "7d"
+}
+
+variable "node_selector" {
+  type        = map(string)
+  description = "labels to determine which node we run on"
+  default     = {}
+}
+
+variable "service_type" {
+  type        = string
+  description = "service type (i.e.: LoadBalancer or ClusterIP"
+  default     = "ClusterIP"
+}
+
+
+
+
+
+