diff --git a/.gitignore b/.gitignore index 3e6dd831..e5fc6462 100644 --- a/.gitignore +++ b/.gitignore @@ -1,65 +1,69 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. - -.DS_Store - -#### -## Ignore PEM files -#### - -**.pem - -#### -## gitignore for terraform artifacts -#### - -# Local .terraform directories -**/.terraform/* - -## Terraform Locck files -*.terraform.lock.hcl - -# .tfstate filesdas -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Include sample tfvars -!terraform-sample.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc - -# Ignore util dir -logan/util/* - -# helm-chart -charts/oci-onm/Chart.lock -charts/oci-onm/charts/ - -# zip artifacts -releases/ \ No newline at end of file +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +.DS_Store + +#### +## Ignore PEM files +#### + +**.pem + +#### +## gitignore for terraform artifacts +#### + +# Local .terraform directories +**/.terraform/* + +## Terraform Locck files +*.terraform.lock.hcl + +# .tfstate filesdas +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Include sample tfvars +!terraform-sample.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# Ignore util dir +logan/util/* + +# helm-chart +charts/oci-onm/Chart.lock +charts/oci-onm/charts/ +charts/.tests/ + +# zip artifacts +releases/ + +# VSCode +.vscode/ \ No newline at end of file diff --git a/README.md b/README.md index e9776848..5769ce55 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ It does extensive enrichment of logs, metrics and object information to enable c ![Kubernetes Cluster Summary Dashboard](logan/images/kubernetes-cluster-summary-dashboard.png)
- Expand for more dasshboard screenshots + Expand for more dashboard screenshots ![Kubernetes Nodes Dashboard](logan/images/kubernetes-nodes-dashboard.png) @@ -67,9 +67,9 @@ It does extensive enrichment of logs, metrics and object information to enable c ```
-### Installation instructions +### Installation instructions -#### Multiple methods of installation are avialble, with following differences: +#### Multiple methods of installation are available, with following differences | Deployment Method | Supported Environments | Collection Automation | Dashboards | Customzations | | ----| :----:| :----:| :---: | ---| @@ -114,7 +114,7 @@ It does extensive enrichment of logs, metrics and object information to enable c # Provide the base64 encoded content of the Management Agent Install Key file installKeyFileContent: ``` -* **Refer to the oci-onm chart and sub-charts values.yaml for customising or modifying any other configuration.** It is recommended to not modify the values.yaml provided with the charts, instead use override_values.yaml to achieve the same. +* **Refer to the values.yaml file in oci-onm chart and sub-charts for customising or modifying any other configuration.** It is recommended to not modify the values.yaml provided with the charts, instead use override_values.yaml to achieve the same. ##### 3.a Install helm release diff --git a/charts/logan/README.md b/charts/logan/README.md index 6e1d6f3b..1f8d00f5 100644 --- a/charts/logan/README.md +++ b/charts/logan/README.md @@ -15,7 +15,7 @@ Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Object | Key | Type | Default | Description | |-----|------|---------|-------------| | authtype | string | `"InstancePrincipal"` | Allowed values: InstancePrincipal, config | -| extraEnv | list | `[]` | Logging Analytics OCID for OKE Cluster ociLAEntityID: Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. Key must be a valid field in Logging Analytics metadata: "Client Host Region": "PCT" "Environment": "Production" "Third key": "Third Value" @param extra environment variables. Example name: ENV_VARIABLE_NAME value: ENV_VARIABLE_VALUE | +| extraEnv | list | `[]` | Use this to tag all the collected logs with one or more key:value pairs. Key must be a valid field in Logging Analytics metadata: "Client Host Region": "PCT" "Environment": "Production" "Third key": "Third Value" @param extra environment variables. Example name: ENV_VARIABLE_NAME value: ENV_VARIABLE_VALUE | | extraVolumeMounts | list | `[]` | @param extraVolumeMounts Mount extra volume(s). Example: - name: tmpDir mountPath: /tmp | | extraVolumes | list | `[]` | @param extraVolumes Extra volumes. Example: - name: tmpDir hostPath: path: /tmp log | | fluentd.baseDir | string | `"/var/log"` | Base directory on the node (with read write permission) for storing fluentd plugins related data. | @@ -60,7 +60,7 @@ Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Object | global.resourceNamePrefix | string | `"oci-onm"` | Resource names prefix used, where allowed. | | image.imagePullPolicy | string | `"Always"` | Image pull policy | | image.imagePullSecrets | string | `nil` | | -| image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | Replace this value with actual docker image url | +| image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2"` | Replace this value with actual docker image url | | kubernetesClusterID | string | `nil` | OKE Cluster OCID e.g. ocid1.cluster.oc1.phx.aaaaaaaahhbadf3rxa62faaeixanvr7vftmkg6hupycbf4qszctf2wbmqqxq | | kubernetesClusterName | string | `nil` | Kubernetes Cluster name. Need not be the OKE Cluster display name. e.g. production-cluster | | namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace for deploying monitoring resources deployed by this chart. | diff --git a/charts/logan/templates/logs-configmap.yaml b/charts/logan/templates/logs-configmap.yaml index 5933ef75..2511a0e6 100644 --- a/charts/logan/templates/logs-configmap.yaml +++ b/charts/logan/templates/logs-configmap.yaml @@ -100,11 +100,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.kubernetesSystem.logs.%s.ociLALogSourceName is required" $name) }}" - {{- if $logDefinition.ociLAEntityID }} - oci_la_entity_id "{{ $logDefinition.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.kubernetesSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $logDefinition.ociLALogSet }} oci_la_log_set "{{ $logDefinition.ociLALogSet }}" {{- else }} @@ -205,11 +200,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.linuxSystem.logs.%s.ociLALogSourceName is required" $name) }}" - {{- if $logDefinition.ociLAEntityID }} - oci_la_entity_id "{{ $logDefinition.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $logDefinition.ociLALogSet }} oci_la_log_set "{{ $logDefinition.ociLALogSet }}" {{- else }} @@ -294,11 +284,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ required "fluentd.linuxSystem.logs.kubeletlog.ociLALogSourceName is required" $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSourceName }}" - {{- if $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLAEntityID }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSet }} oci_la_log_set "{{ $.Values.fluentd.linuxSystem.logs.kubeletlog.ociLALogSet }}" {{- else }} @@ -329,11 +314,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ required "fluentd.linuxSystem.logs.syslog.ociLALogSourceName is required" $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSourceName }}" - {{- if $.Values.fluentd.linuxSystem.logs.syslog.ociLAEntityID }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.logs.syslog.ociLAEntityID }}" - {{- else }} - oci_la_entity_id "{{ $.Values.fluentd.linuxSystem.ociLAEntityID | default $.Values.ociLAEntityID }}" - {{- end }} {{- if $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSet }} oci_la_log_set "{{ $.Values.fluentd.linuxSystem.logs.syslog.ociLALogSet }}" {{- else }} @@ -408,7 +388,6 @@ data: {{- end }} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.customLogs.%s.ociLALogSourceName is required" $name) }}" - oci_la_entity_id "{{ $logDefinition.ociLAEntityID | default $.Values.ociLAEntityID }}" oci_la_log_set "{{ $logDefinition.ociLALogSet | default $.Values.ociLALogSet }}" {{- if and (ne "false" ($logDefinition.isContainerLog | toString)) (eq $runtime "docker") }} message "${record['log']}" @@ -515,7 +494,6 @@ data: oci_la_log_group_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogGroupID | default $.Values.ociLALogGroupID }}"} oci_la_log_path "${record['tailed_path']}" oci_la_log_source_name ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogSourceName | default "Kubernetes Container Generic Logs" }}"} - oci_la_entity_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") : "{{ $.Values.fluentd.genericContainerLogs.ociLAEntityID | default $.Values.ociLAEntityID }}"} oci_la_log_set ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") : "{{ $.Values.fluentd.genericContainerLogs.ociLALogSet | default $.Values.ociLALogSet }}"} {{- if eq $runtime "docker" }} message "${record['log']}" diff --git a/charts/logan/templates/objects-configmap.yaml b/charts/logan/templates/objects-configmap.yaml index 91687cb7..c4836a0d 100644 --- a/charts/logan/templates/objects-configmap.yaml +++ b/charts/logan/templates/objects-configmap.yaml @@ -100,7 +100,6 @@ data: oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := .Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} {{- end }} oci_la_log_group_id "{{ .Values.fluentd.kubernetesObjects.ociLALogGroupID | default .Values.ociLALogGroupID }}" - oci_la_entity_id "{{ .Values.fluentd.kubernetesObjects.ociLAEntityID | default .Values.ociLAEntityID }}" oci_la_log_set "{{ .Values.fluentd.kubernetesObjects.ociLALogSet | default .Values.ociLALogSet }}" oci_la_log_path ${tag} oci_la_log_source_name "Kubernetes Object Logs" diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml index 0561df70..034e976c 100644 --- a/charts/logan/values.yaml +++ b/charts/logan/values.yaml @@ -48,7 +48,7 @@ image: # Image pull secrets for. Secret must be in the namespace defined by namespace imagePullSecrets: # -- Replace this value with actual docker image url - url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0 + url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2 # -- Image pull policy imagePullPolicy: Always @@ -67,8 +67,9 @@ kubernetesClusterID: # e.g. production-cluster kubernetesClusterName: -# -- Logging Analytics OCID for OKE Cluster -#ociLAEntityID: +# -- Kubernetes Cluster Entity OCID. +# e.g. ocid1.loganalyticsentity.oc1.phx.amaaaaaabulluiqabqeq4delvhdlmd7aqcjrdla57n2szsxyz7pfdvnhwuua +ociLAClusterEntityID: # Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. # Key must be a valid field in Logging Analytics @@ -231,7 +232,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -249,7 +249,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #ociLALogGroupID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. @@ -311,7 +310,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -417,7 +415,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #encoding: # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. #worker: @@ -445,7 +442,6 @@ fluentd: #"Client Host Region": "America" #"Environment": "Production" #"Third Key": "Third Value" - #ociLAEntityID: #ociLALogGroupID: objectsList: nodes: diff --git a/charts/oci-onm/README.md b/charts/oci-onm/README.md index 8184698c..e9af022c 100644 --- a/charts/oci-onm/README.md +++ b/charts/oci-onm/README.md @@ -25,7 +25,7 @@ Helm chart for collecting Kubernetes logs & objects and metrics using Fluentd an | oci-onm-common.namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace in which the serviceaccount to be created. | | oci-onm-common.resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | | oci-onm-common.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Name of the Kubernetes ServiceAccount | -| oci-onm-logan.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0"` | | +| oci-onm-logan.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2"` | | | oci-onm-logan.kubernetesClusterID | string | `"{{ .Values.global.kubernetesClusterID }}"` | | | oci-onm-logan.kubernetesClusterName | string | `"{{ .Values.global.kubernetesClusterName }}"` | | | oci-onm-logan.namespace | string | `"{{ .Values.global.namespace }}"` | | diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml index dcd56c10..e54cc39f 100644 --- a/charts/oci-onm/values.yaml +++ b/charts/oci-onm/values.yaml @@ -31,7 +31,7 @@ oci-onm-logan: kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}" kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}" image: - url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0 + url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2 # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. ociLANamespace: # OCI Logging Analytics Default Log Group OCID diff --git a/terraform/modules/helm/helm.tf b/terraform/modules/helm/helm.tf index 9d63d28e..09af2536 100644 --- a/terraform/modules/helm/helm.tf +++ b/terraform/modules/helm/helm.tf @@ -6,8 +6,13 @@ data "oci_containerengine_clusters" "oke_clusters_list" { } locals { + helm_repo_url = "https://oracle-quickstart.github.io/oci-kubernetes-monitoring" + helm_repo_chart = "oci-onm" + oke_clusters_list = data.oci_containerengine_clusters.oke_clusters_list.clusters - oke_cluster_name = [for c in local.oke_clusters_list : c.name if c.id == var.oke_cluster_ocid][0] + oke_cluster_name = var.oke_cluster_name == "DEFAULT" ? [for c in local.oke_clusters_list : + c.name if c.id == var.oke_cluster_ocid][0] : var.oke_cluster_name + oke_cluster_entity_ocid = var.oke_cluster_entity_ocid == "DEFAULT" ? null : var.oke_cluster_entity_ocid helm_inputs = { # global @@ -32,12 +37,13 @@ locals { "createServiceAccount" = false "serviceAccount" = var.livelab_service_account } - } +# Create helm release resource "helm_release" "oci-kubernetes-monitoring" { name = "oci-kubernetes-monitoring" - chart = var.helm_abs_path + repository = var.use_local_helm_chart ? null : local.helm_repo_url + chart = var.use_local_helm_chart ? var.helm_abs_path : local.helm_repo_chart wait = true dependency_update = true atomic = true @@ -52,6 +58,14 @@ resource "helm_release" "oci-kubernetes-monitoring" { } } + dynamic "set" { + for_each = var.oke_cluster_entity_ocid == "DEFAULT" ? [] : ["run_once"] + content { + name = "oci-onm-logan.ociLAClusterEntityID" + value = var.oke_cluster_entity_ocid + } + } + dynamic "set" { for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {} content { @@ -60,12 +74,16 @@ resource "helm_release" "oci-kubernetes-monitoring" { } } - count = var.generate_helm_template ? 0 : 1 + count = var.install_helm ? 1 : 0 } +# Create helm template data "helm_template" "oci-kubernetes-monitoring" { - name = "oci-kubernetes-monitoring" - chart = var.helm_abs_path + name = "oci-kubernetes-monitoring" + # default behaviour is to use remote helm repo | var.use_local_helm_chart = false + # the option to use local helm chart is for development purpose only + repository = var.use_local_helm_chart ? null : local.helm_repo_url + chart = var.use_local_helm_chart ? var.helm_abs_path : local.helm_repo_chart dependency_update = true values = var.deploy_mushop_config ? ["${file("${path.module}/mushop_values.yaml")}"] : null @@ -78,6 +96,14 @@ data "helm_template" "oci-kubernetes-monitoring" { } } + dynamic "set" { + for_each = var.oke_cluster_entity_ocid == "DEFAULT" ? [] : ["run_once"] + content { + name = "oci-onm-logan.ociLAClusterEntityID" + value = var.oke_cluster_entity_ocid + } + } + dynamic "set" { for_each = var.deploy_mushop_config ? local.mushop_helm_inputs : {} content { @@ -87,11 +113,4 @@ data "helm_template" "oci-kubernetes-monitoring" { } count = var.generate_helm_template ? 1 : 0 -} - -# Helm release artifacts for local testing and validation. Not used by helm resource. -resource "local_file" "helm_release" { - content = tostring(data.helm_template.oci-kubernetes-monitoring[0].manifest) - filename = "${path.module}/local/helmrelease.yaml" - count = var.generate_helm_template ? 1 : 0 } \ No newline at end of file diff --git a/terraform/modules/helm/inputs.tf b/terraform/modules/helm/inputs.tf index 828a960f..80819af5 100644 --- a/terraform/modules/helm/inputs.tf +++ b/terraform/modules/helm/inputs.tf @@ -10,13 +10,25 @@ variable "generate_helm_template" { default = false } +variable "install_helm" { + type = bool + default = true +} + +variable "use_local_helm_chart" { + type = bool + default = false +} + #### ## Helm chart #### +# Used for local testing # Absoulte path to helm chart directory variable "helm_abs_path" { - type = string + type = string + default = "optional" } #### @@ -33,6 +45,18 @@ variable "oke_cluster_ocid" { type = string } +# OKE Cluster Name +variable "oke_cluster_name" { + type = string + default = "DEFAULT" +} + +# OKE Cluster Entity OCID +variable "oke_cluster_entity_ocid" { + type = string + default = "DEFAULT" +} + # Kubernetes Namespace variable "kubernetes_namespace" { type = string @@ -60,7 +84,7 @@ variable "oci_la_namespace" { # OCI LA Fluentd Container Image variable "logan_container_image_url" { type = string - default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0" + default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2" } # Fluentd Base Directory diff --git a/terraform/modules/helm/outputs.tf b/terraform/modules/helm/outputs.tf new file mode 100644 index 00000000..de072787 --- /dev/null +++ b/terraform/modules/helm/outputs.tf @@ -0,0 +1,4 @@ +# Helm release artifacts for local testing and validation. +output "helm_template" { + value = var.generate_helm_template ? data.helm_template.oci-kubernetes-monitoring[0].manifest : null +} \ No newline at end of file diff --git a/terraform/modules/iam/inputs.tf b/terraform/modules/iam/inputs.tf index 084439ac..900269a9 100644 --- a/terraform/modules/iam/inputs.tf +++ b/terraform/modules/iam/inputs.tf @@ -19,5 +19,4 @@ variable "oke_compartment_ocid" { # OKE Cluster OCID variable "oke_cluster_ocid" { type = string -} - +} \ No newline at end of file diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf new file mode 100644 index 00000000..10537beb --- /dev/null +++ b/terraform/modules/iam/outputs.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "oke_dynamic_group_ocid" { + value = oci_identity_dynamic_group.oke_dynamic_group.id +} + +output "oke_monitoring_policy_ocid" { + value = oci_identity_policy.oke_monitoring_policy.id +} \ No newline at end of file diff --git a/terraform/modules/livelab/inputs.tf b/terraform/modules/livelab/inputs.tf new file mode 100644 index 00000000..9619d199 --- /dev/null +++ b/terraform/modules/livelab/inputs.tf @@ -0,0 +1,7 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +# OCID of user running the marketplace app / Resoruce Manager stack +variable "current_user_ocid" { + type = string +} \ No newline at end of file diff --git a/terraform/modules/livelab/livelab.tf b/terraform/modules/livelab/livelab.tf new file mode 100644 index 00000000..549d9db9 --- /dev/null +++ b/terraform/modules/livelab/livelab.tf @@ -0,0 +1,13 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +locals { + oci_username = data.oci_identity_user.livelab_user.name + livelab_res_num = trimprefix(trimsuffix(lower(local.oci_username), "-user"), "ll") + livelab_reservationId = "resr${local.livelab_res_num}" + livelab_fluentd_baseDir_path = "/var/log/${local.livelab_reservationId}" +} + +data "oci_identity_user" "livelab_user" { + user_id = var.current_user_ocid +} \ No newline at end of file diff --git a/terraform/modules/livelab/outputs.tf b/terraform/modules/livelab/outputs.tf new file mode 100644 index 00000000..71edd61b --- /dev/null +++ b/terraform/modules/livelab/outputs.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "service_account" { + value = local.livelab_reservationId +} + +output "fluentd_baseDir_path" { + value = local.livelab_fluentd_baseDir_path +} \ No newline at end of file diff --git a/terraform/modules/livelab/provider.tf b/terraform/modules/livelab/provider.tf new file mode 100644 index 00000000..a820a625 --- /dev/null +++ b/terraform/modules/livelab/provider.tf @@ -0,0 +1,13 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_version = ">= 1.0" + required_providers { + oci = { + source = "oracle/oci" + version = ">= 4.96.0" + # https://registry.terraform.io/providers/hashicorp/oci/4.85.0 + } + } +} \ No newline at end of file diff --git a/terraform/modules/logan/inputs.tf b/terraform/modules/logan/inputs.tf index 070d1e36..abcb1336 100644 --- a/terraform/modules/logan/inputs.tf +++ b/terraform/modules/logan/inputs.tf @@ -27,4 +27,4 @@ variable "existing_logGroup_id" { variable "new_logGroup_name" { type = string default = "" // This is expected to rasie terraform error if ran with default value -} +} \ No newline at end of file diff --git a/terraform/modules/logan/logAnalytics.tf b/terraform/modules/logan/logAnalytics.tf index 67a96071..bc1d2888 100644 --- a/terraform/modules/logan/logAnalytics.tf +++ b/terraform/modules/logan/logAnalytics.tf @@ -28,4 +28,4 @@ resource "oci_log_analytics_log_analytics_log_group" "new_log_group" { # error_message = "Tenancy is not on-boarded to OCI Logging Analytics Service in ${var.region} region." # } # } -} +} \ No newline at end of file diff --git a/terraform/modules/mgmt_agent/agent.tf b/terraform/modules/mgmt_agent/agent.tf index 45f50c3e..8dfd8481 100644 --- a/terraform/modules/mgmt_agent/agent.tf +++ b/terraform/modules/mgmt_agent/agent.tf @@ -9,4 +9,9 @@ locals { resource "oci_management_agent_management_agent_install_key" "Kubernetes_AgentInstallKey" { compartment_id = var.compartment_ocid display_name = "k8_mgmt_agent_key-${var.uniquifier}" + time_expires = timeadd(timestamp(), "8760h") # 1 year + + lifecycle { + ignore_changes = [time_expires] + } } \ No newline at end of file diff --git a/terraform/modules/mgmt_agent/inputs.tf b/terraform/modules/mgmt_agent/inputs.tf index 9b94fdcb..4f389324 100644 --- a/terraform/modules/mgmt_agent/inputs.tf +++ b/terraform/modules/mgmt_agent/inputs.tf @@ -3,7 +3,7 @@ # A unique key to be associated with a single OKE cluster variable "uniquifier" { - type = string + type = string } # OCID of compartment where management agent installation key is to be created diff --git a/terraform/oke/datasources.tf b/terraform/oke/datasources.tf index 98ed84d9..cadf5e6c 100644 --- a/terraform/oke/datasources.tf +++ b/terraform/oke/datasources.tf @@ -1,10 +1,6 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -data "oci_identity_user" "livelab_user" { - user_id = var.current_user_ocid -} - data "oci_identity_tenancy" "tenant_details" { tenancy_id = var.tenancy_ocid } @@ -14,4 +10,8 @@ data "oci_identity_regions" "region_map" { data "oci_containerengine_cluster_kube_config" "oke" { cluster_id = var.oke_cluster_ocid +} + +data "oci_containerengine_clusters" "oke_clusters" { + compartment_id = var.oke_compartment_ocid } \ No newline at end of file diff --git a/terraform/oke/debug-inputs.tf b/terraform/oke/debug-inputs.tf deleted file mode 100644 index 13d69628..00000000 --- a/terraform/oke/debug-inputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. - -#### -## Switches - These inputs are meant to be used for development purpose only -## Leave it to default for production use -#### - -# Enable/Disable helm module -variable "enable_helm_module" { - type = bool - default = true -} - -# Enable/Disable helm template. When set as true, -# - helm module will generate template file inside ../modules/helm/local directory -# - Setting this to true disables/skips the helm release -variable "generate_helm_template" { - type = bool - default = false -} - -# Enable/Disable logan dashboards module -variable "enable_dashboard_module" { - type = bool - default = true -} \ No newline at end of file diff --git a/terraform/oke/developer-options.tf b/terraform/oke/developer-options.tf new file mode 100644 index 00000000..c905ca61 --- /dev/null +++ b/terraform/oke/developer-options.tf @@ -0,0 +1,63 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +#### +## Switches - These inputs are meant to be used for development purpose only +## Leave it to default for production use +#### + +# Enable/Disable livelab module +variable "dev_switch_livelab_module" { + type = bool + default = true +} + +# Enable/Disable helm module +variable "dev_switch_helm_module" { + type = bool + default = true +} + +# when false, public helm repo is used for deployment +variable "dev_switch_use_local_helm_chart" { + type = bool + default = false +} + +# Enable/Disable helm template. When set as true, +# - helm module will generate template file inside ../modules/helm/local directory +# - Setting this to true disables/skips the helm release +variable "dev_switch_generate_helm_template" { + type = bool + default = false +} + +# Enable/Disable helm installation. +variable "dev_switch_install_helm" { + type = bool + default = true +} + +# Enable/Disable logan dashboards module +variable "dev_switch_dashboards_module" { + type = bool + default = true +} + +# Enable/Disable management agent module +variable "dev_switch_mgmt_agent_module" { + type = bool + default = true +} + +# Enable/Disable management agent module +variable "dev_switch_logan_module" { + type = bool + default = true +} + +# Enable/Disable IAM module +variable "dev_switch_iam_module" { + type = bool + default = true +} \ No newline at end of file diff --git a/terraform/oke/inputs.tf b/terraform/oke/inputs.tf index a2c8b1bc..19ec3a49 100644 --- a/terraform/oke/inputs.tf +++ b/terraform/oke/inputs.tf @@ -47,7 +47,8 @@ variable "compartment_ocid" { # OCID of user running the marketplace app / Resoruce Manager stack variable "current_user_ocid" { - type = string + type = string + default = "" } #### @@ -82,8 +83,7 @@ variable "opt_create_dynamicGroup_and_policies" { # OKE Cluster Compartment variable "oke_compartment_ocid" { - type = string - default = "" + type = string } # OKE Cluster OCID @@ -101,6 +101,12 @@ variable "kubernetes_namespace" { ## OCI Observability and Management Information #### +# Stack Deployment Options +variable "stack_deployment_option" { + type = string + default = "Full" +} + # Compartment for creating OCI Observability and Management resources variable "oci_onm_compartment_ocid" { type = string @@ -138,7 +144,7 @@ variable "fluentd_baseDir_path" { # OCI LA Fluentd Container Image variable "logan_container_image_url" { type = string - default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.0" + default = "container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.0.2" } #### @@ -155,4 +161,26 @@ variable "mgmt_agent_container_image_url" { variable "opt_deploy_metric_server" { type = bool default = true +} + +#### +## Input options hidden from stack UI +#### + +# add data flow identifier +variable "triggered_by_add_data_flow" { + type = bool + default = false +} + +# OKE Cluster Name +variable "oke_cluster_name" { + type = string + default = "DEFAULT" +} + +# OKE Cluster Entity OCID +variable "oke_cluster_entity_ocid" { + type = string + default = "DEFAULT" } \ No newline at end of file diff --git a/terraform/oke/livelab.tf b/terraform/oke/livelab_switch.tf similarity index 100% rename from terraform/oke/livelab.tf rename to terraform/oke/livelab_switch.tf diff --git a/terraform/oke/main.tf b/terraform/oke/main.tf index 6e845a99..0b646fbd 100644 --- a/terraform/oke/main.tf +++ b/terraform/oke/main.tf @@ -2,12 +2,37 @@ # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { - ## livelab - oci_username = data.oci_identity_user.livelab_user.name - livelab_service_account = local.oci_username + livelab_service_account = var.livelab_switch ? module.livelab[0].service_account : "" + fluentd_baseDir_path = var.livelab_switch ? module.livelab[0].fluentd_baseDir_path : var.fluentd_baseDir_path - ## Helm release - fluentd_baseDir_path = var.livelab_switch ? "/var/log/${local.oci_username}" : var.fluentd_baseDir_path + oke_cluster_name = [for c in data.oci_containerengine_clusters.oke_clusters.clusters : c.name if c.id == var.oke_cluster_ocid][0] + + deploy_helm = var.stack_deployment_option == "Full" ? true : false + + ## Module Controls are are final verdicts on if a module should be executed or not + ## Module dependencies should be included here as well so a module does not run when it's depenedent moudle is disabled + + module_controls_enable_livelab_module = alltrue([var.dev_switch_livelab_module, var.livelab_switch]) + module_controls_enable_dashboards_module = alltrue([var.dev_switch_dashboards_module]) + module_controls_enable_iam_module = alltrue([var.dev_switch_iam_module, var.opt_create_dynamicGroup_and_policies, !var.livelab_switch]) + module_controls_enable_logan_module = alltrue([var.dev_switch_logan_module]) + module_controls_enable_mgmt_agent_module = alltrue([var.dev_switch_mgmt_agent_module]) + module_controls_enable_helm_module = alltrue([var.dev_switch_helm_module, local.deploy_helm, + local.module_controls_enable_mgmt_agent_module, local.module_controls_enable_logan_module]) +} + +// Only execute for livelab stack +// livelab module only supports local users +// it will error out when an identity domain user is used and livelab_switch is set as true +module "livelab" { + source = "./modules/livelab" + current_user_ocid = var.current_user_ocid + + count = local.module_controls_enable_livelab_module ? 1 : 0 + + /* providers = { + oci = oci.home_region + } */ } // Import Kubernetes Dashboards @@ -15,7 +40,7 @@ module "import_kubernetes_dashbords" { source = "./modules/dashboards" compartment_ocid = var.oci_onm_compartment_ocid - count = var.enable_dashboard_module ? 1 : 0 + count = local.module_controls_enable_dashboards_module ? 1 : 0 } // Create Required Polcies and Dynamic Group @@ -27,22 +52,13 @@ module "policy_and_dynamic-group" { oke_compartment_ocid = var.oke_compartment_ocid oke_cluster_ocid = var.oke_cluster_ocid - count = var.opt_create_dynamicGroup_and_policies && !var.livelab_switch ? 1 : 0 + count = local.module_controls_enable_iam_module ? 1 : 0 providers = { oci = oci.home_region } } -module "management_agent" { - source = "./modules/mgmt_agent" - uniquifier = md5(var.oke_cluster_ocid) - compartment_ocid = var.oci_onm_compartment_ocid - - # this module is only required in case of helm deployment - count = var.enable_helm_module ? 1 : 0 -} - // Create Logging Analytics Resorces module "loggingAnalytics" { source = "./modules/logan" @@ -51,30 +67,40 @@ module "loggingAnalytics" { new_logGroup_name = var.oci_la_logGroup_name compartment_ocid = var.oci_onm_compartment_ocid existing_logGroup_id = var.oci_la_logGroup_id + + count = local.module_controls_enable_logan_module ? 1 : 0 } +# Create a management agent key +module "management_agent" { + source = "./modules/mgmt_agent" + uniquifier = md5(var.oke_cluster_ocid) + compartment_ocid = var.oci_onm_compartment_ocid + + count = local.module_controls_enable_mgmt_agent_module ? 1 : 0 +} // deploy oke-monitoring solution (helm release) module "helm_release" { - source = "./modules/helm" - helm_abs_path = abspath("./charts/oci-onm") - generate_helm_template = var.generate_helm_template - - oke_compartment_ocid = var.oke_compartment_ocid - oke_cluster_ocid = var.oke_cluster_ocid - logan_container_image_url = var.logan_container_image_url - kubernetes_namespace = var.kubernetes_namespace - - oci_la_logGroup_id = module.loggingAnalytics.oci_la_logGroup_ocid - oci_la_namespace = module.loggingAnalytics.oci_la_namespace - fluentd_baseDir_path = local.fluentd_baseDir_path - + source = "./modules/helm" + helm_abs_path = abspath("./charts/oci-onm") + use_local_helm_chart = var.dev_switch_use_local_helm_chart + install_helm = var.dev_switch_install_helm + generate_helm_template = var.dev_switch_generate_helm_template + oke_compartment_ocid = var.oke_compartment_ocid + oke_cluster_ocid = var.oke_cluster_ocid + logan_container_image_url = var.logan_container_image_url + kubernetes_namespace = var.kubernetes_namespace + oci_la_logGroup_id = module.loggingAnalytics[0].oci_la_logGroup_ocid + oci_la_namespace = module.loggingAnalytics[0].oci_la_namespace + fluentd_baseDir_path = local.fluentd_baseDir_path mgmt_agent_install_key_content = module.management_agent[0].mgmt_agent_install_key_content mgmt_agent_container_image_url = var.mgmt_agent_container_image_url - opt_deploy_metric_server = var.livelab_switch ? true : var.opt_deploy_metric_server - - deploy_mushop_config = var.livelab_switch - livelab_service_account = local.livelab_service_account + opt_deploy_metric_server = var.livelab_switch ? true : var.opt_deploy_metric_server + deploy_mushop_config = var.livelab_switch + livelab_service_account = local.livelab_service_account + oke_cluster_name = var.oke_cluster_name + oke_cluster_entity_ocid = var.oke_cluster_entity_ocid - count = var.enable_helm_module ? 1 : 0 + count = local.module_controls_enable_helm_module ? 1 : 0 } diff --git a/terraform/oke/meta-schema.yaml b/terraform/oke/meta-schema.yaml new file mode 100644 index 00000000..8a88c7b6 --- /dev/null +++ b/terraform/oke/meta-schema.yaml @@ -0,0 +1,1394 @@ +# Meta JSON Schema. +# +# This is used to validate the Schema file when the package is uploaded/loaded into Resource Manager. +# For marketplace, it is also used to validate the package when the package artifact is created in Partner Portal. +# +# NOTE: additionalProperties are set to true explicitly even though this is the default. It must be set to true in +# cases where we use the allOf. This is a quirk of JSON Schema. During validation, allOf means it has to match all of +# the individual definitions separately. It doesn't mean it has to match a Union of the individual definitions. This +# is a known issue with JSON Schema. +title: Schema +type: object +required: + - variables + - schemaVersion +additionalProperties: true +properties: + title: + type: string + description: + type: string + stackDescription: + type: string + packageVersion: + type: string + version: + type: string + schemaVersion: + type: string + enum: + - 1.0.0 + - 1.1.0 + locale: + $ref: "#/definitions/locale" + logoUrl: + $ref: "#/definitions/url" + source: + $ref: "#/definitions/source" + informationalText: + type: string + instructions: + type: string + troubleshooting: + type: string + allowViewState: + type: boolean + variables: + $ref: "#/definitions/variables" + # Deprecated - use variableGroups instead + groupings: + $ref: "#/definitions/variableGroups" + variableGroups: + $ref: "#/definitions/variableGroups" + outputs: + $ref: "#/definitions/outputs" + outputGroups: + $ref: "#/definitions/outputGroups" + primaryOutputButton: + type: string + format: variablereference + +definitions: + source: + type: object + properties: + type: + enum: + - marketplace + - quickstart + - web + reference: + type: + - string + - number + additionalProperties: false + + variableGroups: + type: array + items: + $ref: "#/definitions/variableGroup" + + variableGroup: + type: object + required: + - title + - variables + properties: + title: + type: string + variables: + type: array + items: + type: string + format: variablereference + visible: + $ref: "#/definitions/booleanStatement" + additionalProperties: true + + locale: + enum: + - en + default: en + + url: + type: string + pattern: ^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,4}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)$ + + ocid: + type: string + pattern: ^ocid1\.([a-z0-9_-]{1,32})\.([a-z0-9_-]{1,15})\.([a-z0-9]{0,24})\.([a-z0-9]{60})$ + + variables: + type: object + additionalProperties: + $ref: "#/definitions/variable" + + variable: + oneOf: + - $ref: "#/definitions/staticVariable" + - $ref: "#/definitions/dynamicVariable" + + baseVariable: + type: object + properties: + title: + type: string + minLength: 1 + description: + type: string + required: + type: boolean + default: false + visible: + $ref: "#/definitions/booleanStatement" + + booleanStatement: + oneOf: + - type: boolean + - type: string + - $ref: "#/definitions/equality" + - $ref: "#/definitions/greaterThanOrEqual" + - $ref: "#/definitions/lessThanOrEqual" + - $ref: "#/definitions/greaterThan" + - $ref: "#/definitions/lessThan" + - $ref: "#/definitions/booleanOr" + - $ref: "#/definitions/booleanAnd" + - $ref: "#/definitions/booleanNot" + + equality: + type: object + properties: + eq: + type: array + items: + - type: [string, number] + - type: [string, number] + additionalItems: false + additionalProperties: false + + greaterThanOrEqual: + type: object + properties: + ge: + type: array + items: + - type: [string, number] + - type: [string, number] + additionalItems: false + additionalProperties: false + + lessThanOrEqual: + type: object + properties: + le: + type: array + items: + - type: [string, number] + - type: [string, number] + additionalItems: false + additionalProperties: false + + greaterThan: + type: object + properties: + gt: + type: array + items: + - type: [string, number] + - type: [string, number] + additionalItems: false + additionalProperties: false + + lessThan: + type: object + properties: + lt: + type: array + items: + - type: [string, number] + - type: [string, number] + additionalItems: false + additionalProperties: false + + booleanOr: + type: object + properties: + or: + type: array + items: + - $ref: "#/definitions/booleanStatement" + - $ref: "#/definitions/booleanStatement" + additionalItems: false + additionalProperties: false + + booleanAnd: + type: object + properties: + and: + type: array + items: + - $ref: "#/definitions/booleanStatement" + - $ref: "#/definitions/booleanStatement" + additionalItems: false + additionalProperties: false + + booleanNot: + type: object + properties: + not: + type: array + items: + - $ref: "#/definitions/booleanStatement" + additionalItems: false + additionalProperties: false + + dependsOnCompartment: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - dependsOn + properties: + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + staticVariable: + oneOf: + - $ref: "#/definitions/arrayVariable" + - $ref: "#/definitions/booleanVariable" + - $ref: "#/definitions/enumVariable" + - $ref: "#/definitions/integerVariable" + - $ref: "#/definitions/numberVariable" + - $ref: "#/definitions/stringVariable" + - $ref: "#/definitions/multilineVariable" + - $ref: "#/definitions/fileVariable" + + - $ref: "#/definitions/passwordVariable" + - $ref: "#/definitions/datetimeVariable" + + dynamicVariable: + oneOf: + - $ref: "#/definitions/imageVariable" + - $ref: "#/definitions/instanceShapeVariable" + - $ref: "#/definitions/subnetVariable" + - $ref: "#/definitions/vcnVariable" + - $ref: "#/definitions/availabilityDomainVariable" + - $ref: "#/definitions/compartmentVariable" + - $ref: "#/definitions/faultDomainVariable" + - $ref: "#/definitions/regionVariable" + - $ref: "#/definitions/dbSystemVariable" + - $ref: "#/definitions/dbHomeVariable" + - $ref: "#/definitions/dbHomeVersionVariable" + - $ref: "#/definitions/databaseVariable" + - $ref: "#/definitions/autonomousDatabaseVariable" + - $ref: "#/definitions/autonomousDatabaseVersionVariable" + - $ref: "#/definitions/autonomousContainerDBVariable" + - $ref: "#/definitions/kmsVaultVariable" + - $ref: "#/definitions/containerClusterVariable" + - $ref: "#/definitions/volumeBackupPoliciesVariable" + - $ref: "#/definitions/loadBalancerVariable" + - $ref: "#/definitions/serviceGatewayVariable" + - $ref: "#/definitions/kubernetesVersionsVariable" + - $ref: "#/definitions/instanceVariable" + - $ref: "#/definitions/natGatewayVariable" + - $ref: "#/definitions/tagVariable" + - $ref: "#/definitions/nsgVariable" + - $ref: "#/definitions/mountTargetsVariable" + - $ref: "#/definitions/kmsKeyVariable" + - $ref: "#/definitions/kmsSecretVariable" + - $ref: "#/definitions/odsProjectVariable" + - $ref: "#/definitions/instanceShapeVariableWithFlex" + - $ref: "#/definitions/groupsVariable" + - $ref: "#/definitions/dynamicGroupsVariable" + - $ref: "#/definitions/logAnalyticsLogGroup" + - $ref: "#/definitions/logAnalyticsLogEntities" + - $ref: "#/definitions/logAnalyticsScheduledTasks" + - $ref: "#/definitions/logAnalyticsEntityTypes" + - $ref: "#/definitions/managementAgents" + - $ref: "#/definitions/logAnalyticsSources" + - $ref: "#/definitions/privateEndpointVariable" + - $ref: "#/definitions/apmDomainVariable" + + nonNegativeInteger: + type: integer + minimum: 0 + + nonNegativeIntegerDefault0: + allOf: + - $ref: "#/definitions/nonNegativeInteger" + - default: 0 + + arrayVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [array] + items: + $ref: "#/definitions/variable" + maxItems: + $ref: "#/definitions/nonNegativeInteger" + minItems: + $ref: "#/definitions/nonNegativeIntegerDefault0" + uniqueItems: + type: boolean + default: false + contains: + $ref: "#/definitions/variable" + additionalProperties: true + + booleanVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [boolean] + default: + $ref: "#/definitions/booleanStatement" + default: false + additionalProperties: true + + enumVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [enum] + enum: + type: array + items: + type: string + default: + $ref: "#/definitions/booleanStatement" + allowMultiple: + type: boolean + default: false + additionalProperties: true + + integerVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [integer] + default: + type: integer + multipleOf: + type: number + exclusiveMinimum: 0 + minimum: + type: number + maximum: + type: number + exclusiveMinimum: + type: number + exclusiveMaximum: + type: number + additionalProperties: true + + numberVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [number] + default: + type: number + multipleOf: + type: number + exclusiveMinimum: 0 + minimum: + type: number + maximum: + type: number + exclusiveMinimum: + type: number + exclusiveMaximum: + type: number + additionalProperties: true + + stringVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [string] + default: + $ref: "#/definitions/booleanStatement" + pattern: + type: string + maxLength: + $ref: "#/definitions/nonNegativeInteger" + minLength: + $ref: "#/definitions/nonNegativeIntegerDefault0" + additionalProperties: true + + multilineVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [text] + default: + $ref: "#/definitions/booleanStatement" + pattern: + type: string + multiline: + type: boolean + maxLength: + $ref: "#/definitions/nonNegativeInteger" + minLength: + $ref: "#/definitions/nonNegativeIntegerDefault0" + additionalProperties: true + + fileVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [file] + additionalProperties: true + + passwordVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [password] + default: + $ref: "#/definitions/booleanStatement" + confirmation: + $ref: "#/definitions/booleanStatement" + additionalProperties: true + + datetimeVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [datetime] + default: + $ref: "#/definitions/booleanStatement" + additionalProperties: true + + imageVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:image:id] + pattern: + type: string + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + shape: + type: string + format: variablereference + operatingSystem: + type: string + format: variablereference + operatingSystemVersion: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + instanceShapeVariableWithFlex: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:instanceshapewithflex:name] + pattern: + type: string + dependsOn: + type: object + required: + - compartmentId + properties: + imageId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + availabilityDomain: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + instanceShapeVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:instanceshape:name] + pattern: + type: string + dependsOn: + type: object + required: + - compartmentId + properties: + imageId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + availabilityDomain: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + natGatewayVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:natgateway:id] + dependsOn: + type: object + required: + - compartmentId + properties: + vcnId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + instanceVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:instance:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + subnetVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:subnet:id] + dependsOn: + type: object + required: + - vcnId + - compartmentId + properties: + vcnId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + hidePublicSubnet: + $ref: "#/definitions/booleanStatement" + hidePrivateSubnet: + $ref: "#/definitions/booleanStatement" + hideRegionalSubnet: + $ref: "#/definitions/booleanStatement" + hideAdSubnet: + $ref: "#/definitions/booleanStatement" + additionalProperties: false + additionalProperties: true + + serviceGatewayVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:servicegateway:id] + dependsOn: + type: object + required: + - compartmentId + properties: + vcnId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + logAnalyticsLogGroup: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:logan:loggroup:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + logAnalyticsScheduledTasks: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:logan:scheduledtask:id] + dependsOn: + type: object + required: + - compartmentId + - taskType + properties: + compartmentId: + type: string + format: variablereference + taskType: + type: string + additionalProperties: false + additionalProperties: true + + logAnalyticsLogEntities: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:logan:logentity:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + logAnalyticsEntityTypes: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + properties: + type: + enum: [oci:logan:entitytype:id] + additionalProperties: true + + managementAgents: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:mgmt:agent:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + logAnalyticsSources: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:logan:source:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + nsgVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:core:nsg:id] + dependsOn: + type: object + required: + - compartmentId + properties: + vcnId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + vcnVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:core:vcn:id] + additionalProperties: true + + availabilityDomainVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:identity:availabilitydomain:name] + additionalProperties: true + + compartmentVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [oci:identity:compartment:id] + default: + $ref: "#/definitions/booleanStatement" + additionalProperties: true + + faultDomainVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:identity:faultdomain:name] + dependsOn: + type: object + required: + - compartmentId + - availabilityDomainName + properties: + compartmentId: + type: string + format: variablereference + availabilityDomainName: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + regionVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [oci:identity:region:name] + default: + $ref: "#/definitions/booleanStatement" + default: ${session.region} + additionalProperties: true + + dbSystemVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:database:dbsystem:id] + additionalProperties: true + + dbHomeVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:database:dbhome:id] + dependsOn: + type: object + required: + - dbSystemId + - compartmentId + properties: + dbSystemId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + dbHomeVersionVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:database:dbhome:dbversion] + dependsOn: + type: object + required: + - dbHomeId + properties: + dbHomeId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + databaseVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:database:database:id] + dependsOn: + type: object + required: + - dbHomeId + - compartmentId + properties: + dbHomeId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + autonomousDatabaseVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:database:autonomousdatabase:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + dbWorkload: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + autonomousDatabaseVersionVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:database:autonomousdatabaseversion:id] + dependsOn: + type: object + properties: + compartmentId: + type: string + format: variablereference + dbWorkload: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + autonomousContainerDBVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:database:autonomouscontainerdatabase:id] + additionalProperties: true + + kmsVaultVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:kms:vault:id] + additionalProperties: true + + kmsKeyVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:kms:key:id] + dependsOn: + type: object + required: + - compartmentId + - vaultId + properties: + compartmentId: + type: string + format: variablereference + vaultId: + type: string + format: variablereference + protectionMode: + type: string + format: variablereference + algorithm: + type: string + format: variablereference + length: + type: number + format: variablereference + curveId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + kmsSecretVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:kms:secret:id] + dependsOn: + type: object + required: + - compartmentId + properties: + compartmentId: + type: string + format: variablereference + vaultId: + type: string + format: variablereference + name: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + containerClusterVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:container:cluster:id] + additionalProperties: true + + sshPublicKeyVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [oci:core:ssh:publickey] + additionalProperties: true + + kubernetesVersionsVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:kubernetes:versions:id] + dependsOn: + type: object + required: + - clusterOptionId + - compartmentId + properties: + clusterOptionId: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + volumeBackupPoliciesVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [oci:blockstorage:policies:id] + dependsOn: + type: object + properties: + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + groupsVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:identity:groups:id] + additionalProperties: true + + dynamicGroupsVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:identity:dynamicgroups:id] + additionalProperties: true + + loadBalancerVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:loadbalancer:loadbalancer:id] + pattern: + type: string + additionalProperties: true + + mountTargetsVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: + - type + - dependsOn + properties: + type: + enum: [oci:mount:target:id] + dependsOn: + type: object + required: + - compartmentId + - availabilityDomain + properties: + availabilityDomain: + type: string + format: variablereference + compartmentId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + tagVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:identity:tag:value] + additionalProperties: true + + odsProjectVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:ods:project:id] + additionalProperties: true + + privateEndpointVariable: + allOf: + - $ref: "#/definitions/baseVariable" + - required: [type] + properties: + type: + enum: [oci:resourcemanager:privateendpoint:id] + dependsOn: + type: object + required: + - compartmentId + - vcnId + properties: + compartmentId: + type: string + format: variablereference + vcnId: + type: string + format: variablereference + additionalProperties: false + additionalProperties: true + + apmDomainVariable: + allOf: + - $ref: "#/definitions/dependsOnCompartment" + - required: [type] + properties: + type: + enum: [oci:apm:domain:id] + additionalProperties: true + + outputs: + type: object + additionalProperties: + $ref: "#/definitions/output" + + output: + oneOf: + - $ref: "#/definitions/booleanOutput" + - $ref: "#/definitions/numberOutput" + - $ref: "#/definitions/stringOutput" + - $ref: "#/definitions/copyableStringOutput" + - $ref: "#/definitions/linkOutput" + - $ref: "#/definitions/ocidOutput" + - $ref: "#/definitions/mapOutput" + - $ref: "#/definitions/jsonOutput" + - $ref: "#/definitions/listOutput" + - $ref: "#/definitions/csvOutput" + + outputGroups: + type: array + items: + $ref: "#/definitions/outputGroup" + + outputGroup: + type: object + required: + - title + - outputs + properties: + title: + type: string + outputs: + type: array + items: + type: string + additionalProperties: true + + baseOutput: + type: object + properties: + title: + type: string + description: + type: string + sensitive: + type: boolean + default: false + format: + type: string + visible: + type: boolean + default: true + additionalProperties: true + + booleanOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [boolean] + value: + type: boolean + additionalProperties: true + + numberOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [number] + value: + type: number + additionalProperties: true + + stringOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [string] + value: + type: string + additionalProperties: true + + copyableStringOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [copyableString] + value: + type: string + additionalProperties: true + + mapOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [map] + value: + type: object + additionalProperties: true + + jsonOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [json] + value: + type: object + additionalProperties: true + + listOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [list] + value: + type: array + additionalProperties: true + + csvOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [csv] + value: + type: array + additionalProperties: true + + linkOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [link] + displayText: + type: string + minLength: 3 + maxLength: 45 + value: + $ref: "#/definitions/url" + additionalProperties: true + + ocidOutput: + allOf: + - $ref: "#/definitions/baseOutput" + - required: [type] + properties: + type: + enum: [ocid] + value: + $ref: "#/definitions/ocid" + additionalProperties: true \ No newline at end of file diff --git a/terraform/oke/outputs.tf b/terraform/oke/outputs.tf index abc612c1..b26f23b4 100644 --- a/terraform/oke/outputs.tf +++ b/terraform/oke/outputs.tf @@ -1,2 +1,96 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +locals { + generate_helm_output = alltrue([local.module_controls_enable_mgmt_agent_module, local.module_controls_enable_logan_module]) + + output_helm_external_values = local.generate_helm_output ? yamlencode({ + "global" = { + "kubernetesClusterID" = var.oke_cluster_ocid + "kubernetesClusterName" = local.oke_cluster_name + } + "oci-onm-logan" = { + "ociLANamespace" = module.loggingAnalytics[0].oci_la_namespace + "ociLALogGroupID" = module.loggingAnalytics[0].oci_la_logGroup_ocid + "ociLAClusterEntityID" = var.oke_cluster_entity_ocid == "DEFAULT" ? null : var.oke_cluster_entity_ocid + } + "oci-onm-mgmt-agent" = { + "mgmtagent" = { + "installKeyFileContent" = module.management_agent[0].mgmt_agent_install_key_content + } + } + }) : null + + + cmd_1_helm_repo_add = "helm repo add oci-onm https://oracle-quickstart.github.io/oci-kubernetes-monitoring" + + cmd_2_helm_repo_update = "helm repo update" + + helm_install_opt_entity_id = var.oke_cluster_entity_ocid == "DEFAULT" ? "" : "--set oci-onm-logan.ociLAClusterEntityID=${var.oke_cluster_entity_ocid}" + + cmd_3_helm_install = local.generate_helm_output ? join(" ", [ + "helm install oci-kubernetes-monitoring oci-onm/oci-onm", + "--set global.kubernetesClusterID=${var.oke_cluster_ocid}", + "--set global.kubernetesClusterName=${local.oke_cluster_name}", + "--set oci-onm-logan.ociLALogGroupID=${module.loggingAnalytics[0].oci_la_logGroup_ocid}", + "--set oci-onm-logan.ociLANamespace=${module.loggingAnalytics[0].oci_la_namespace}", + local.helm_install_opt_entity_id, + "--set oci-onm-mgmt-agent.mgmtagent.installKeyFileContent=${module.management_agent[0].mgmt_agent_install_key_content}" + ]) : null +} + +### +# helm outputs +### + +output "cmd_1_helm_repo_add" { + value = local.generate_helm_output ? local.cmd_1_helm_repo_add : null +} + +output "cmd_2_helm_repo_update" { + value = local.generate_helm_output ? local.cmd_2_helm_repo_update : null +} + +output "cmd_3_helm_install" { + value = local.generate_helm_output ? local.cmd_3_helm_install : null +} + +output "oke_cluster_name" { + value = local.oke_cluster_name +} + +output "oke_cluster_entity_ocid" { + value = var.oke_cluster_entity_ocid == "DEFAULT" ? null : var.oke_cluster_entity_ocid +} + +/* output "external_values_yaml" { + value = local.output_helm_external_values +} */ + +### +# Module outputs +### + +output "oke_dynamic_group_ocid" { + value = local.module_controls_enable_iam_module ? module.policy_and_dynamic-group[0].oke_dynamic_group_ocid : null +} + +output "oke_monitoring_policy_ocid" { + value = local.module_controls_enable_iam_module ? module.policy_and_dynamic-group[0].oke_monitoring_policy_ocid : null +} + +output "oci_la_namespace" { + value = local.module_controls_enable_logan_module ? module.loggingAnalytics[0].oci_la_namespace : null +} + +output "oci_la_logGroup_ocid" { + value = local.module_controls_enable_logan_module ? module.loggingAnalytics[0].oci_la_logGroup_ocid : null +} + +output "mgmt_agent_install_key" { + value = local.module_controls_enable_mgmt_agent_module ? module.management_agent[0].mgmt_agent_install_key_content : null +} + +output "helm_template" { + value = local.module_controls_enable_helm_module && var.dev_switch_generate_helm_template ? module.helm_release[0].helm_template : null +} \ No newline at end of file diff --git a/terraform/oke/providers.tf b/terraform/oke/providers.tf index 89b07367..33453510 100644 --- a/terraform/oke/providers.tf +++ b/terraform/oke/providers.tf @@ -2,7 +2,7 @@ # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. terraform { - required_version = ">= 1.0.0, <= 1.5" + required_version = ">= 1.0.0, <= 1.6" required_providers { oci = { source = "oracle/oci" diff --git a/terraform/oke/schema.yaml b/terraform/oke/schema.yaml index 3c6c924b..068c189e 100644 --- a/terraform/oke/schema.yaml +++ b/terraform/oke/schema.yaml @@ -1,9 +1,10 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. +# yaml-language-server: $schema=./meta-schema.yaml title: OCI Kubernetes Monitoring Solution -description: OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on OCI Logging Analytics cloud service, OCI Monitoring, OCI Management Agent. -informationalText: OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on OCI Logging Analytics cloud service, OCI Monitoring, OCI Management Agent. +description: "OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on the following OCI services: Logging Analytics, Monitoring, and Management Agent." +informationalText: "OCI Kubernetes Monitoring Solution is a turn-key Kubernetes monitoring and management package based on the following OCI services: Logging Analytics, Monitoring, and Management Agent." schemaVersion: 1.1.0 version: "20221004" @@ -17,37 +18,44 @@ source: locale: "en" variableGroups: - - title: "configuration inputs" + - title: "hidden inputs" variables: - tenancy_ocid - region - user_ocid - private_key_path - fingerprint - - generate_helm_template - - enable_dashboard_module - - enable_helm_module - boat_auth - boat_tenancy_ocid + - dev_switch_generate_helm_template + - dev_switch_install_helm + - dev_switch_use_local_helm_chart + - dev_switch_dashboards_module + - dev_switch_helm_module + - dev_switch_mgmt_agent_module + - dev_switch_logan_module + - dev_switch_livelab_module + - dev_switch_iam_module - compartment_ocid - logan_container_image_url - mgmt_agent_container_image_url - kubernetes_namespace - current_user_ocid - livelab_switch + - triggered_by_add_data_flow + - oke_cluster_name + - oke_cluster_entity_ocid + - stack_deployment_option visible: false - - title: "Select an OKE Cluster deployed in this region to start monitoring" - description: "Use CLI (Helm) if your cluster does not have public API Endpoint or restricted from accessing container-registry.oracle.com. See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" + - title: Select an OKE cluster deployed in this region to start monitoring. + description: "Use CLI (Helm) if your cluster does not have a public API endpoint or if it's restricted from accessing container-registry.oracle.com. See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" variables: - oke_compartment_ocid - oke_cluster_ocid - visible: - and: - - enable_helm_module - - title: "OCI Observability & Management Services Configuration" - description: "See: https://github.com/oracle-quickstart/oci-kubernetes-monitoring for list of resources created" + - title: "OCI Observability and Management Services Configuration" + description: "For a list of resources created, see: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" variables: - opt_deploy_metric_server - oci_onm_compartment_ocid @@ -55,31 +63,13 @@ variableGroups: - oci_la_logGroup_id - oci_la_logGroup_name - fluentd_baseDir_path - visible: - and: - - enable_helm_module - - title: "OCI IAM Policies and Dynaimic Groups (Optional)" + - title: OCI IAM Policies and Dynamic Groups (Optional) variables: - opt_create_dynamicGroup_and_policies - visible: - and: - - enable_helm_module variables: - #### - ## Deployment Options - #### - - # Option to install helm chart - # enable_helm_module: - # type: boolean - # title: Deploy Kubernetes Monitoring Solution - # description: "Ref: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" - # default: true - # required: true - #### ## OKE Cluster Information #### @@ -88,7 +78,7 @@ variables: oke_compartment_ocid: type: oci:identity:compartment:id required: true - title: "Select OKE Cluster Compartment" + title: "Select OKE cluster compartment" default: compartment_ocid # OKE Cluster OCID @@ -96,10 +86,9 @@ variables: type: oci:container:cluster:id dependsOn: compartmentId: ${oke_compartment_ocid} - title: Select OKE Cluster + title: Select OKE cluster required: true - # Kubernetes Namespace # kubernetes_namespace: # type: string # minLength: 1 @@ -111,47 +100,61 @@ variables: # required: true #### - ## OCI Observability & Management Services Configuration + ## OCI Observability and Management Services Configuration #### - + + # Stack Deployment Options + stack_deployment_option: + title: Deployment options + description: 'The "Full" option creates both OCI and K8s resources.' + type: enum + enum: # Dev Note - # Any change in following options must be refactored across schema.yaml + - "Full" + - "Only OCI Resources" + default: "Full" + required: true + visible: + not: + - livelab_switch + # Option to enable/disable metric server installation during helm deployment opt_deploy_metric_server: type: boolean - title: Enable Metric Server Installation - description: Uncheck this if Metric Server is already installed in your cluster. + title: Enable Metric Server installation + description: Clear this check box if Metric Server is already installed in your cluster. default: true visible: and: - - enable_helm_module - - not: - - livelab_switch + - eq: + - ${stack_deployment_option} + - "Full" + - not: + - livelab_switch # Compartment for creating OCI Observability and Management resources oci_onm_compartment_ocid: type: oci:identity:compartment:id required: true - title: Select compartment for Logging Analytics, Management Agent, and Monitoring service resources - description: This compartment will be used for creating Dashboards, Log Groups, Entities, Management Agent Keys, Metrics Namespace etc. See https://github.com/oracle-quickstart/oci-kubernetes-monitoring for full list of resources. + title: Select compartment for Logging Analytics, Management Agent, and Monitoring service resources. + description: "This compartment will be used for creating dashboards, log groups, entities, Management Agent keys, metric namespaces, and related resources. For a full list of resources, see: https://github.com/oracle-quickstart/oci-kubernetes-monitoring" default: compartment_ocid # Option to create Logging Analytics opt_create_new_la_logGroup: # change this to create new log group type: boolean - title: Check if you want to create a new Log Group + title: Select this check box if you want to create a new log group. default: false visible: - and: - - enable_helm_module - - not: - - livelab_switch + not: + - livelab_switch # OCI Logging Analytics LogGroup OCID of existing LogGroup oci_la_logGroup_id: type: oci:logan:loggroup:id dependsOn: compartmentId: ${oci_onm_compartment_ocid} - title: OCI Logging Analytics Log Group - description: Log Groups are logical containers for log data, and provide access control for your data using IAM Policies + title: OCI Logging Analytics log group + description: Log groups are logical containers for log data, and they provide access control for your data using IAM policies. required: true visible: not: @@ -163,25 +166,29 @@ variables: maxLength: 255 minLength: 1 required: true - title: "OCI Logging Analytics Log Group Name" - description: "Tip: Give a unique name which can be identified with your cluster name to make it easy to find in Dashboards and Logs Explorer" + title: OCI Logging Analytics log group name + description: "Tip: To make the log group easy to find in Dashboards and Logs Explorer pages, provide a unique name associated with your cluster name." visible: and: - opt_create_new_la_logGroup - pattern: '^([a-zA-Z0-9]|[a-zA-Z0-9][\\ a-zA-Z0-9_\-]*[\\a-zA-Z\-0-9_])$' + pattern: '^([a-zA-Z0-9]|[a-zA-Z0-9][\\ a-zA-Z0-9_\-]*[\\a-zA-Z\-0-9_])$' # Fluentd Base Directory fluentd_baseDir_path: type: string maxLength: 255 minLength: 1 - title: FluentD Working Directory - description: A directory on the node (with read & write permission) to use for storing Fluentd related data + title: FluentD working directory + description: A directory on the node (with read & write permission) to use for storing data related to Fluentd. default: /var/log required: true pattern: '^/[\w- /]*$' visible: - not: + and: + - eq: + - ${stack_deployment_option} + - "Full" + - not: - livelab_switch #### @@ -191,8 +198,8 @@ variables: # Option to create Dynamic Group and Policies opt_create_dynamicGroup_and_policies: type: boolean - title: Check to create Dynamic Group and Policies required for deploying monitoring solution + title: Select this check box to create dynamic groups and policies that are required for deploying the monitoring solution. #description: "Ref: https://github.com/oracle-quickstart/oci-kubernetes-monitoring#pre-requisites" - description: "Note: The dynamic group definition must be updated, if node pool(s) and OKE Cluster are in different compartments." + description: "Note: If node pools and the OKE cluster are in different compartments, then the dynamic group definition must be updated." default: false required: true \ No newline at end of file diff --git a/terraform/oke/terraform-sample.tfvars b/terraform/oke/terraform-sample.tfvars index ea195b37..79858109 100644 --- a/terraform/oke/terraform-sample.tfvars +++ b/terraform/oke/terraform-sample.tfvars @@ -45,28 +45,23 @@ oci_onm_compartment_ocid = "" opt_create_new_la_logGroup = false # OCI Logging Analytics LogGroup -# Add OCID of logGroup if opt_use_existing_la_logGroup=true, leave it empty otherwise +# Add OCID of logGroup if opt_create_new_la_logGroup=false, leave it empty otherwise oci_la_logGroup_id = "" -# leave it unchanged, if opt_use_existing_la_logGroup=false +# leave it unchanged, if opt_create_new_la_logGroup=true oci_la_logGroup_name = "NewLogGroupName" #### ## Optional Stack inputs #### +# "Full" or "Only OCI Resources" +stack_deployment_option = "Only OCI Resources" + # Option to create Dynamic Group and Policies opt_create_dynamicGroup_and_policies = true # Fluentd installation path fluentd_baseDir_path = "/var/log" -#### -## Optional Switches -#### - -enable_dashboard_module = false -enable_helm_module = false -generate_helm_template = false - diff --git a/util/build_stack.sh b/util/build_stack.sh index e7fb20a8..f8fee895 100755 --- a/util/build_stack.sh +++ b/util/build_stack.sh @@ -136,19 +136,20 @@ echo -e "Removed terraform modules symlink" cp -R "$MODULES_SOURCE" "$TEMP_DIR" || error_and_exit "Could not copy modules" echo -e "Copied orignal modules" -# to be fixed from here - - +# switch back to temp dir cd "$TEMP_DIR" || error_and_exit "Could not switch to temp dir" echo -e "Switched to temp dir" # update livelab switch input to true if [ -n "$LIVE_LAB_BUILD" ]; then - sed "s/false/true/g" -i livelab.tf - echo -e "Enabled livelab switch in livelab.tf" + sed "s/false/true/g" -i livelab_switch.tf + echo -e "Enabled livelab switch in livelab_switch.tf" fi +# create zip zip -r "${RELEASE_ZIP}" ./* >/dev/null || error_and_exit "Could not zip temp dir" +# switch back to util dir cd "$RELEASE_PATH" || error_and_exit "Could not switch to Util dir" # clean up temp zip file