Skip to content

lsst-sqre/terraform-efd

BranchesTags

Repository files navigation

terraform efd "app" deployment

Build Status

Deploys an efd instance onto a k8s cluster.

Usage

Oauth2 configuration

The prometheus and grafana dashboards require github oauth2 credentials for user authentication.

The required callback URLs are:

  • grafna: https://[<env_name>-]grafana-<deploy_name>.<domain_name>/login/github
  • prometheus: https://[<env_name>-]prometheus-<deploy_name>.<domain_name>/oauth2

Example

# required providers
provider "aws" {
  version = "~> 2.10.0"
  region  = "us-east-1"
}

provider "kubernetes" {
  version = "~> 1.6.2"

  config_path      = "/tmp/kubeconfig"
  load_config_file = true
}

provider "helm" {
  version = "~> 0.9.1"

  service_account = "${module.tiller.service_account}"
  namespace       = "${module.tiller.namespace}"
  install_tiller  = false

  kubernetes {
    load_config_file       = false
    host                   = "${module.gke.host}"
    cluster_ca_certificate = "${base64decode(module.gke.cluster_ca_certificate)}"
    token                  = "${module.gke.token}"
  }
}

provider "influxdb" {
  url      = "https://${local.dns_prefix}influxdb-${var.deploy_name}.${var.domain_name}"
  username = "${var.influxdb_admin_user}"
  password = "${var.influxdb_admin_pass}"
}

module "efd" {
  source = "git::git@github.com:lsst-sqre/terraform-efd.git//?ref=master"

  aws_zone_id                    = "${var.aws_zone_id}"
  brokers_disk_size              = "${var.brokers_disk_size}"
  deploy_name                    = "${var.deploy_name}"
  dns_enable                     = "${var.dns_enable}"
  domain_name                    = "${var.domain_name}"
  env_name                       = "${var.env_name}"
  github_token                   = "${var.github_token}"
  github_user                    = "${var.github_user}"
  grafana_admin_pass             = "${var.grafana_admin_pass}"
  grafana_admin_user             = "${var.grafana_admin_user}"
  grafana_oauth_client_id        = "${var.grafana_oauth_client_id}"
  grafana_oauth_client_secret    = "${var.grafana_oauth_client_secret}"
  grafana_oauth_team_ids         = "${var.grafana_oauth_team_ids}"
  influxdb_admin_pass            = "${var.influxdb_admin_pass}"
  influxdb_admin_user            = "${var.influxdb_admin_user}"
  influxdb_telegraf_pass         = "${var.influxdb_telegraf_pass}"
  prometheus_oauth_client_id     = "${var.prometheus_oauth_client_id}"
  prometheus_oauth_client_secret = "${var.prometheus_oauth_client_secret}"
  prometheus_oauth_github_org    = "${var.prometheus_oauth_github_org}"
  tls_crt                        = "${file(var.tls_crt_path)}"
  tls_key                        = "${file(var.tls_key_path)}"
  zookeeper_data_dir_size        = "${var.zookeeper_data_dir_size}"
  zookeeper_log_dir_size         = "${var.zookeeper_log_dir_size}"
}

Inputs

Name Description Type Default Required
aws_zone_id route53 Hosted Zone ID to manage DNS records in. string n/a yes
brokers_disk_size Disk size for the cp-kafka brokers. string "15Gi" no
deploy_name Name of deployment. string "efd" no
dns_enable create route53 dns records. string "false" no
dns_overwrite overwrite pre-existing DNS records. string "false" no
domain_name DNS domain name to use when creating route53 records. string n/a yes
enable_telegraf_daemonset If true Telegraf client will run on all nodes. Set false for k3s single node deployment. string "true" no
env_name Name of deployment environment. string n/a yes
github_token GitHub personal access token for authenticating to the GitHub API string n/a yes
github_user GitHub username for authenticating to the GitHub API. string n/a yes
grafana_admin_pass grafana admin account passphrase. string n/a yes
grafana_admin_user grafana admin account name. string "admin" no
grafana_oauth_client_id github oauth Client ID for grafana string n/a yes
grafana_oauth_client_secret github oauth Client Secret for grafana. string n/a yes
grafana_oauth_team_ids github team id (integer value treated as string) string n/a yes
influxdb_admin_pass influxdb admin account passphrase. string n/a yes
influxdb_admin_user influxdb admin account name. string "admin" no
influxdb_disk_size Disk size for InfluxDB. string "128Gi" no
influxdb_telegraf_pass InfluxDB password for the telegraf user. string n/a yes
prometheus_oauth_client_id github oauth client id string n/a yes
prometheus_oauth_client_secret github oauth client secret string n/a yes
prometheus_oauth_github_org limit access to prometheus dashboard to members of this org string n/a yes
storage_class Storage class to be used for all persistent disks. For a deployment on k3s use 'local-path'. string "pd-ssd" no
tls_crt wildcard tls certificate. string n/a yes
tls_key wildcard tls private key. string n/a yes
zookeeper_data_dir_size Size for Data dir, where ZooKeeper will store the in-memory database snapshots. string "15Gi" no
zookeeper_log_dir_size Size for data log dir, which is a dedicated log device to be used, and helps avoid competition between logging and snaphots. string "15Gi" no

Outputs

Name Description
confluent_lb0
confluent_lb1
confluent_lb2
grafana_fqdn
influxdb_fqdn
nginx_ingress_ip
prometheus_fqdn
registry_fqdn

helm

Note that the helm provider is used, which requires an initialized helm repo configuration.

pre-commit hooks

go get github.com/segmentio/terraform-docs
pip install --user pre-commit
pre-commit install

# manual run
pre-commit run -a

See Also

About

terraform driven k8s deployment of an efd instance

Topics

kubernetes route53 aws kafka influxdb deployment terraform helm k8s efd

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages