Merge pull request #281 from mojaloop/IPROD-542/open-mimir-ports

IPROD-542: Expose ports for mimir
mojaloop · Jun 10, 2024 · 0691ba1 · 0691ba1
2 parents 36df107 + 8a885f4
commit 0691ba1
Show file tree

Hide file tree

Showing 11 changed files with 91 additions and 13 deletions.
diff --git a/terraform/aws/control-center-infra/outputs.tf b/terraform/aws/control-center-infra/outputs.tf
@@ -71,6 +71,14 @@ output "minio_fqdn" {
   value = aws_route53_record.minio_server_private.fqdn
 }
 
+output "mimir_listening_port" {
+  value = var.mimir_listening_port
+}
+
+output "mimir_fqdn" {
+  value = aws_route53_record.central_observability_mimir_server_private.fqdn
+}
+
 output "minio_server_url" {
   value = "${aws_route53_record.minio_server_private.fqdn}:${var.minio_listening_port}"
 }
@@ -83,6 +91,8 @@ output "vault_fqdn" {
   value = aws_route53_record.vault_server_private.fqdn
 }
 
+
+
 output "gitlab_hosts_var_maps" {
   sensitive = true
   value = {
@@ -142,6 +152,8 @@ output "docker_hosts_var_maps" {
     vault_gitlab_token               = random_password.gitlab_root_token.result
     mimir_minio_user                 = var.mimir_minio_user
     mimir_minio_password             = random_password.mimir_minio_password.result
+    mimir_fqdn                       = aws_route53_record.central_observability_mimir_server_private.fqdn
+    mimir_listening_port             = var.mimir_listening_port
   }
 }
 

diff --git a/terraform/aws/control-center-infra/route53.tf b/terraform/aws/control-center-infra/route53.tf
@@ -97,3 +97,11 @@ resource "aws_route53_record" "central_observability_grafana_server_private" {
   ttl     = "300"
   records = [aws_instance.docker_server.private_ip]
 }
+
+resource "aws_route53_record" "central_observability_mimir_server_private" {
+  zone_id = module.base_infra.public_zone.id
+  name    = "mimir"
+  type    = "A"
+  ttl     = "300"
+  records = [aws_instance.docker_server.private_ip]
+}
diff --git a/terraform/aws/control-center-infra/security-groups.tf b/terraform/aws/control-center-infra/security-groups.tf
@@ -103,12 +103,21 @@ resource "aws_security_group" "docker_server" {
 
   ingress {
     description = "central-observability grafana access"
-    from_port   = 3000
-    to_port     = 3000
+    from_port   = var.grafana_listening_port
+    to_port     = var.grafana_listening_port
     protocol    = "tcp"
     cidr_blocks = [var.vpc_cidr]
   }
 
+  ingress {
+    description = "central-observability mimir access"
+    from_port   = var.mimir_listening_port
+    to_port     = var.mimir_listening_port
+    protocol    = "tcp"
+    cidr_blocks = [var.vpc_cidr]
+  }
+
+
   ingress {
     description = "wireguard access"
     from_port   = 51820

diff --git a/terraform/aws/control-center-infra/variables.tf b/terraform/aws/control-center-infra/variables.tf
@@ -166,6 +166,18 @@ variable "vault_listening_port" {
   description = "which port to listen for vault"
 }
 
+variable "mimir_listening_port" {
+  type        = number
+  default     = 9009
+  description = "which port to listen for central observability mimir"
+}
+
+variable "grafana_listening_port" {
+  type        = number
+  default     = 3000
+  description = "which port to listen for central observability grafana"
+}
+
 variable "days_retain_gitlab_snapshot" {
   type        = number
   description = "number of days to retain gitlab snapshots"

diff --git a/terraform/config-params/control-center-pre-config/gitlab.tf b/terraform/config-params/control-center-pre-config/gitlab.tf
@@ -1,15 +1,15 @@
 resource "gitlab_group" "gitlab_admin_rbac_group" {
-  name        = var.gitlab_admin_rbac_group
-  path        = var.gitlab_admin_rbac_group
-  description = "${var.gitlab_admin_rbac_group} group"
+  name                              = var.gitlab_admin_rbac_group
+  path                              = var.gitlab_admin_rbac_group
+  description                       = "${var.gitlab_admin_rbac_group} group"
   require_two_factor_authentication = true
   two_factor_grace_period           = var.two_factor_grace_period
 }
 
 resource "gitlab_group" "gitlab_readonly_rbac_group" {
-  name        = var.gitlab_readonly_rbac_group
-  path        = var.gitlab_readonly_rbac_group
-  description = "${var.gitlab_readonly_rbac_group} group"
+  name                              = var.gitlab_readonly_rbac_group
+  path                              = var.gitlab_readonly_rbac_group
+  description                       = "${var.gitlab_readonly_rbac_group} group"
   require_two_factor_authentication = true
   two_factor_grace_period           = var.two_factor_grace_period
 }
@@ -149,6 +149,24 @@ resource "gitlab_group_variable" "minio_listening_port" {
   environment_scope = "*"
 }
 
+resource "gitlab_group_variable" "mimir_fqdn" {
+  group             = gitlab_group.iac.id
+  key               = "MIMIR_FQDN"
+  value             = var.mimir_fqdn
+  protected         = true
+  masked            = false
+  environment_scope = "*"
+}
+
+resource "gitlab_group_variable" "mimir_listening_port" {
+  group             = gitlab_group.iac.id
+  key               = "MIMIR_LISTENING_PORT"
+  value             = var.mimir_listening_port
+  protected         = true
+  masked            = false
+  environment_scope = "*"
+}
+
 resource "gitlab_group_variable" "vault_fqdn" {
   group             = gitlab_group.iac.id
   key               = "VAULT_FQDN"
@@ -167,7 +185,7 @@ resource "gitlab_group_variable" "tenant_vault_listening_port" {
   environment_scope = "*"
 }
 resource "gitlab_application" "tenant_vault_oidc" {
-  count     = var.enable_vault_oidc ? 1 : 0
+  count        = var.enable_vault_oidc ? 1 : 0
   confidential = true
   scopes       = ["openid"]
   name         = "tenant_vault_oidc"

diff --git a/terraform/config-params/control-center-pre-config/variables.tf b/terraform/config-params/control-center-pre-config/variables.tf
@@ -1,6 +1,6 @@
 
 variable "iac_user_key_secret" {
-  sensitive = true
+  sensitive   = true
   description = "iam user key secret"
 }
 
@@ -44,7 +44,7 @@ variable "private_repo" {
 
 variable "private_repo_token" {
   sensitive = true
-  default = ""
+  default   = ""
 }
 
 variable "iac_terraform_modules_tag" {
@@ -64,6 +64,14 @@ variable "minio_listening_port" {
   description = "minio_listening_port"
 }
 
+variable "mimir_fqdn" {
+  description = "central observability mimir fqdn"
+}
+
+variable "mimir_listening_port" {
+  description = "central observability mimir listening port"
+}
+
 variable "nexus_fqdn" {
   description = "nexus_fqdn"
 }

diff --git a/terraform/control-center/init/control-center-pre-config/terragrunt.hcl b/terraform/control-center/init/control-center-pre-config/terragrunt.hcl
@@ -16,6 +16,8 @@ dependency "control_center_deploy" {
     minio_listening_port             = "temporary-dummy-id"
     nexus_docker_repo_listening_port = "temporary-dummy-id"
     minio_fqdn                       = "temporary-dummy-id"
+    mimir_fqdn                       = "temporary-dummy-id"
+    mimir_listening_port             = "temporary-dummy-id"
     nexus_fqdn                       = "temporary-dummy-id"
     tenant_vault_listening_port      = "temporary-dummy-id"
     vault_fqdn                       = "temporary-dummy-id"
@@ -34,6 +36,8 @@ inputs = {
   minio_listening_port             = dependency.control_center_deploy.outputs.minio_listening_port
   nexus_docker_repo_listening_port = dependency.control_center_deploy.outputs.nexus_docker_repo_listening_port
   minio_fqdn                       = dependency.control_center_deploy.outputs.minio_fqdn
+  mimir_fqdn                       = dependency.control_center_deploy.outputs.mimir_fqdn
+  mimir_listening_port             = dependency.control_center_deploy.outputs.mimir_listening_port
   nexus_fqdn                       = dependency.control_center_deploy.outputs.nexus_fqdn
   tenant_vault_listening_port      = dependency.control_center_deploy.outputs.tenant_vault_listening_port
   vault_fqdn                       = dependency.control_center_deploy.outputs.vault_fqdn

diff --git a/terraform/gitops/k8s-cluster-config/monitoring.tf b/terraform/gitops/k8s-cluster-config/monitoring.tf
@@ -59,7 +59,7 @@ module "generate_monitoring_files" {
     cluster_label                      = var.cluster_name # cluster identifier in central observability stack
     enable_central_observability_write = try(var.common_var_map.enable_central_observability_write, local.enable_central_observability_write)
     enable_central_observability_read  = try(var.common_var_map.enable_central_observability_read, local.enable_central_observability_read)
-    central_observability_endpoint     = try(var.common_var_map.central_observability_endpoint, local.central_observability_endpoint)
+    central_observability_endpoint     = var.central_observability_endpoint
     central_observability_tenant_id    = try(var.common_var_map.central_observability_tenant_id, local.central_observability_tenant_id)
   }
   file_list       = [for f in fileset(local.monitoring_template_path, "**/*.tpl") : trimsuffix(f, ".tpl") if !can(regex(local.monitoring_app_file, f))]
@@ -145,6 +145,5 @@ locals {
   grafana_istio_wildcard_gateway_name = local.grafana_wildcard_gateway == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name
   enable_central_observability_write  = false
   enable_central_observability_read   = false
-  central_observability_endpoint      = "http://to-be-updated"
   central_observability_tenant_id     = "infitx"
 }
diff --git a/terraform/gitops/k8s-cluster-config/variables.tf b/terraform/gitops/k8s-cluster-config/variables.tf
@@ -102,6 +102,11 @@ variable "minio_api_url" {
   description = "minio_api_url"
 }
 
+variable "central_observability_endpoint" {
+  type        = string
+  description = "central observability endpoint (mimir api)"
+}
+
 variable "default_ssl_certificate" {
   type        = string
   description = "default_ssl_certificate"

diff --git a/terraform/k8s/ansible-k8s-deploy/terragrunt.hcl b/terraform/k8s/ansible-k8s-deploy/terragrunt.hcl
@@ -113,6 +113,8 @@ locals {
   }
   all_hosts_var_maps = {
     minio_listening_port             = get_env("MINIO_LISTENING_PORT")
+    mimir_fqdn                       = get_env("MIMIR_FQDN")
+    mimir_listening_port             = get_env("MIMIR_LISTENING_PORT")
     nexus_docker_repo_listening_port = get_env("NEXUS_DOCKER_REPO_LISTENING_PORT")
     nexus_fqdn                       = get_env("NEXUS_FQDN")
     vault_listening_port             = get_env("TENANT_VAULT_LISTENING_PORT")

diff --git a/terraform/k8s/gitops-build/terragrunt.hcl b/terraform/k8s/gitops-build/terragrunt.hcl
@@ -88,6 +88,7 @@ inputs = {
   transit_vault_key_name                   = local.TRANSIT_VAULT_UNSEAL_KEY_NAME
   transit_vault_url                        = "http://${dependency.k8s_deploy.outputs.haproxy_server_fqdn}:8200"
   minio_api_url                            = "${dependency.k8s_deploy.outputs.haproxy_server_fqdn}:9000"
+  central_observability_endpoint           = "${dependency.k8s_deploy.outputs.haproxy_server_fqdn}:${get_env("MIMIR_LISTENING_PORT")}"
   managed_db_host                          = "${dependency.k8s_deploy.outputs.haproxy_server_fqdn}"
   private_network_cidr                     = dependency.k8s_deploy.outputs.private_network_cidr
   dns_provider                             = dependency.k8s_deploy.outputs.dns_provider