Support: IKS integrations opt out

Author: kavya498

examples/iks-integration/README.md

@@ -0,0 +1,43 @@
+# Opt-Out Integrations on IBM Cloud cluster
+
+Use this IBM Cloud Provider Plug-in for Terraform template to integrate Logging, Monitoring and Activity Tracker Instances on IBM Cloud Clusters
+## Template functionalities
+
+1. [main.tf](main.tf)
+
+    - Integrates the cluster with an IBM Cloud Log Analysis instance.
+    - Integrates the cluster with an IBM Cloud Monitoring instance.
+
+2. [logging.tf](logging.tf) - Provisions or retrieves the Log Analysis instance.
+
+3. [monitoring.tf](monitoring.tf) - Provisions or retrieves the Monitoring instance.ded before creating cluster.
+
+## Inputs
+
+Review the following variables that you can customize in your Terraform templates to create the related IBM Cloud resources for your secure OpenShift cluster.
+
+|Name|Description|Type|Default|Required|
+|-----|----------|----|-------|--------|
+|ibmcloud_api_key|[IBM Cloud IAM API key](https://cloud.ibm.com/docs/account?topic=account-userapikey#create_user_key).|string|N/A|Yes|
+|region|[IBM Cloud region for the VPC cluster](https://cloud.ibm.com/docs/openshift?topic=openshift-regions-and-zones#zones-vpc).|string|N/A|Yes|
+|resource_group|Name of the [IBM Cloud resource group](https://cloud.ibm.com/docs/account?topic=account-rgs) to create the resources in. If set to `null`, the default resource group is used.|string|`null`|No|
+|resource_prefix|Prefix to use for created resource names.|string|N/A|Yes|
+|cluster|Id of the cluster.|string|N/A|Yes|
+|monitoring_instance| GUID of the IBM Cloud Monitoring instance. If set to `null`, an instance is created with the following naming convention: `<var.resource_prefix>-sysdig`|string|`null`|No|
+|monitoring_access_key|The IBM Cloud Monitoring ingestion key that you want to use for your configuration.|string|N/A|No|
+|logging_instance|GUID of IBM Cloud Log Analysis instance. If set to `null`, an instance is created with the following naming convention: `<var.resource_prefix>-logdna`|string|`null`|No|
+|logging_ingestion_key|The IBM Cloud Log Analysis ingestion key that you want to use for your configuration.|string|N/A|No|
+|private_endpoint|Add this option to connect to your Log Analysis and Monitoring service instances through the private cloud service endpoint.|bool|N/A|No|
+|activity_tracker_instance|GUID of the IBM Cloud Activity Tracker instance. If set to `null`, a instance is created with the following naming convention: `<var.resource_prefix>-at`|string|`null`|No|
+
+## Usage
+
+```bash
+terraform init
+
+terraform plan
+
+terraform apply
+
+terraform destroy
+```

examples/iks-integration/activity-tracker.tf

@@ -0,0 +1,9 @@
+resource "ibm_resource_instance" "activity_tracker_instance" {
+  count             = var.activity_tracker_instance != null ? 0 : 1
+  name              = "${var.resource_prefix}-at"
+  location          = var.region
+  resource_group_id = data.ibm_resource_group.resource_group.id
+  service           = "logdnaat"
+  plan              = "lite"
+  tags              = ["opt-out", var.resource_prefix]
+}

examples/iks-integration/locals.tf

@@ -0,0 +1,4 @@
+locals {
+  sysdig_instance_id = var.monitoring_instance != null ? var.monitoring_instance : module.monitoring_instance[0].sysdig_guid
+  logdna_instance_id = var.logging_instance != null ? var.logging_instance : module.logging_instance[0].logdna_instance_guid
+}

examples/iks-integration/logging.tf

@@ -0,0 +1,18 @@
+module "logging_instance" {
+  source            = "terraform-ibm-modules/observability/ibm//modules/logging-logdna"
+  version           = "1.3.0"
+  count             = var.logging_instance == null ? 1 : 0
+  bind_resource_key = true
+  service_name      = "${var.resource_prefix}-logging"
+  resource_group_id = data.ibm_resource_group.resource_group.id
+  plan              = "lite"
+  region            = var.region
+  tags              = ["opt-out", var.resource_prefix]
+  create_timeout    = "30m"
+  resource_key_name = "${var.resource_prefix}-logging-key"
+  role              = "Manager"
+  resource_key_tags = ["opt-out", var.resource_prefix]
+  parameters = {
+    default_receiver = true #enable for platform metrics
+  }
+}

examples/iks-integration/main.tf

@@ -0,0 +1,30 @@
+data "ibm_resource_group" "resource_group" {
+  name       = (var.resource_group != null ? var.resource_group : null)
+  is_default = (var.resource_group == null ? true : null)
+}
+
+module "configure_cluster_sysdig" {
+  source             = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor"
+  version            = "1.4.0"
+  depends_on         = [module.configure_cluster_logdna]
+  cluster            = var.cluster
+  sysdig_instance_id = local.sysdig_instance_id
+  private_endpoint   = var.private_endpoint
+  sysdig_access_key  = var.monitoring_access_key
+}
+
+module "configure_cluster_logdna" {
+  source               = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna"
+  version              = "1.4.0"
+  cluster              = var.cluster
+  logdna_instance_id   = local.logdna_instance_id
+  private_endpoint     = var.private_endpoint
+  logdna_ingestion_key = var.logging_ingestion_key
+}
+
+module "patch_monitoring" {
+  source            = "./patch-sysdig"
+  depends_on        = [module.configure_cluster_sysdig]
+  cluster           = var.cluster
+  resource_group_id = data.ibm_resource_group.resource_group.id
+}

examples/iks-integration/monitoring.tf

@@ -0,0 +1,18 @@
+module "monitoring_instance" {
+  source            = "terraform-ibm-modules/observability/ibm//modules/monitoring-sysdig"
+  version           = "1.3.0"
+  count             = var.monitoring_instance == null ? 1 : 0
+  bind_resource_key = true
+  service_name      = "${var.resource_prefix}-monitoring"
+  resource_group_id = data.ibm_resource_group.resource_group.id
+  plan              = "lite"
+  region            = var.region
+  tags              = ["opt-out", var.resource_prefix]
+  create_timeout    = "30m"
+  resource_key_name = "${var.resource_prefix}-monitoring-key"
+  role              = "Manager"
+  resource_key_tags = ["opt-out", var.resource_prefix]
+  parameters = {
+    default_receiver = true #enable for platform metrics
+  }
+}

examples/iks-integration/patch-sysdig/main.tf

@@ -0,0 +1,42 @@
+data "ibm_container_cluster_config" "clusterConfig" {
+  cluster_name_id   = var.cluster
+  resource_group_id = var.resource_group_id
+  config_dir        = "/tmp"
+}
+data "ibm_container_cluster_config" "clusterConfigRetry" {
+  depends_on        = [data.ibm_container_cluster_config.clusterConfig]
+  cluster_name_id   = var.cluster
+  resource_group_id = var.resource_group_id
+  config_dir        = "/tmp"
+}
+resource "time_sleep" "wait_1m" {
+  create_duration = "1m"
+}
+resource "null_resource" "patch_sysdig" {
+  depends_on = [
+    time_sleep.wait_1m, data.ibm_container_cluster_config.clusterConfigRetry
+  ]
+  provisioner "local-exec" {
+    environment = {
+      KUBECONFIG = data.ibm_container_cluster_config.clusterConfigRetry.config_file_path
+    }
+    command = <<EOT
+          export KUBECONFIG=$KUBECONFIG
+          kubectl -n ibm-observe set image ds/sysdig-agent  sysdig-agent=icr.io/ext/sysdig/agent
+        EOT
+  }
+}
+variable "cluster" {
+
+}
+variable "resource_group_id" {
+
+}
+terraform {
+  required_providers {
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = ">=1.31.0"
+    }
+  }
+}

examples/iks-integration/provider.tf

@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}

examples/iks-integration/variables.tf

@@ -0,0 +1,61 @@
+######################################################
+#IBM-Cloud Authentication Credentials
+######################################################
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "IBM-Cloud API Key"
+}
+variable "region" {
+  type        = string
+  description = "IBM-Cloud Region"
+}
+variable "resource_group" {
+  type        = string
+  description = "Name of Resource Group. If null default resource group is considered"
+  default     = null
+}
+variable "resource_prefix" {
+  type        = string
+  description = "Prefix to the resource names"
+  default     = null
+}
+
+
+######################################################
+#IBM-Cloud Logging and Monitoring Variables
+######################################################
+variable "cluster" {
+  type        = string
+  description = "Id of cluster"
+}
+variable "monitoring_instance" {
+  default     = null
+  type        = string
+  description = "GUID of Sysdig Instance. If null it creates an instance with name `<var.resource_prefix>-sysdig`"
+}
+variable "monitoring_access_key" {
+  description = "The sysdig monitoring ingestion key that you want to use for your configuration"
+  type        = string
+  default     = null
+}
+variable "logging_instance" {
+  default     = null
+  type        = string
+  description = "GUID of Logging Instance. If null it creates an instance with `<var.resource_prefix>-logdna`"
+}
+variable "logging_ingestion_key" {
+  description = "The LogDNA ingestion key that you want to use for your configuration"
+  type        = string
+  default     = null
+}
+variable "private_endpoint" {
+  description = "Add this option to connect to your Sysdig and logDNA service instance through the private service endpoint."
+  type        = bool
+  default     = true
+}
+variable "activity_tracker_instance" {
+  description = "GUID of Activity Tracker Instance. If null it doesnt create activity tracker instance."
+  default     = null
+  type        = string
+}

examples/iks-integration/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = ">=1.31.0"
+    }
+  }
+}