feat: add module to install otel in eks cluster (#30)

edersonbrilhante · web-flow · commit 8510f7f52ada · 2025-06-02T12:49:46.000+03:00
diff --git a/modules/integrations/splunk_otel_eks/README.md b/modules/integrations/splunk_otel_eks/README.md
@@ -0,0 +1,45 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.90 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.17.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.36.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.99.1 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.splunk_otel_collector](https://registry.terraform.io/providers/hashicorp/helm/2.17.0/docs/resources/release) | resource |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_secretsmanager_secret.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
+| [aws_secretsmanager_secret_version.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_profile"></a> [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes |
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster | `string` | n/a | yes |
+| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes |
+| <a name="input_splunk_otel_collector"></a> [splunk\_otel\_collector](#input\_splunk\_otel\_collector) | Configuration for the Splunk OpenTelemetry Collector | <pre>object({<br/>    splunk_observability_realm     = string<br/>    splunk_platform_endpoint       = string<br/>    splunk_platform_index          = string<br/>    gateway                        = bool<br/>    splunk_observability_profiling = bool<br/>    environment                    = string<br/>    discovery                      = bool<br/>  })</pre> | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/modules/integrations/splunk_otel_eks/backend.tf b/modules/integrations/splunk_otel_eks/backend.tf
@@ -0,0 +1,4 @@
+terraform {
+  # Intentionally empty. Will be filled by Terragrunt.
+  backend "s3" {}
+}
diff --git a/modules/integrations/splunk_otel_eks/data.tf b/modules/integrations/splunk_otel_eks/data.tf
@@ -0,0 +1,7 @@
+data "aws_eks_cluster" "cluster" {
+  name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = var.cluster_name
+}
diff --git a/modules/integrations/splunk_otel_eks/otel.tf b/modules/integrations/splunk_otel_eks/otel.tf
@@ -0,0 +1,67 @@
+resource "helm_release" "splunk_otel_collector" {
+  name             = "splunk-otel-collector"
+  repository       = "https://signalfx.github.io/splunk-otel-collector-chart"
+  chart            = "splunk-otel-collector"
+  version          = "0.122.0"
+  namespace        = "splunk-otel-collector"
+  create_namespace = true
+  set {
+    name  = "cloudProvider"
+    value = "aws"
+  }
+
+  set {
+    name  = "distribution"
+    value = "eks"
+  }
+
+  set {
+    name  = "splunkObservability.accessToken"
+    value = data.aws_secretsmanager_secret_version.secrets["splunk_access_ingest_token"].secret_string
+  }
+
+  set {
+    name  = "clusterName"
+    value = var.cluster_name
+  }
+
+  set {
+    name  = "splunkObservability.realm"
+    value = var.splunk_otel_collector.splunk_observability_realm
+  }
+
+  set {
+    name  = "splunkPlatform.endpoint"
+    value = var.splunk_otel_collector.splunk_platform_endpoint
+  }
+
+  set {
+    name  = "splunkPlatform.index"
+    value = var.splunk_otel_collector.splunk_platform_index
+  }
+
+  set {
+    name  = "splunkPlatform.token"
+    value = data.aws_secretsmanager_secret_version.secrets["splunk_cloud_hec_token_eks"].secret_string
+  }
+
+  set {
+    name  = "gateway.enabled"
+    value = var.splunk_otel_collector.gateway
+  }
+
+  set {
+    name  = "splunkObservability.profilingEnabled"
+    value = var.splunk_otel_collector.splunk_observability_profiling
+  }
+
+  set {
+    name  = "environment"
+    value = var.splunk_otel_collector.environment
+  }
+
+  set {
+    name  = "agent.discovery.enabled"
+    value = var.splunk_otel_collector.discovery
+  }
+}
diff --git a/modules/integrations/splunk_otel_eks/providers.tf b/modules/integrations/splunk_otel_eks/providers.tf
@@ -0,0 +1,24 @@
+# Re-use AWS settings from root module.
+provider "aws" {
+  region  = var.aws_region
+  profile = var.aws_profile
+
+  # Required, as per security guidelines.
+  default_tags {
+    tags = var.default_tags
+  }
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
diff --git a/modules/integrations/splunk_otel_eks/secrets.tf b/modules/integrations/splunk_otel_eks/secrets.tf
@@ -0,0 +1,20 @@
+locals {
+  secrets = {
+    splunk_access_ingest_token = {
+      name = "/app/tf/splunk_access_ingest_token"
+    }
+    splunk_cloud_hec_token_eks = {
+      name = "/app/tf/splunk_cloud_hec_token_eks"
+    }
+  }
+}
+
+data "aws_secretsmanager_secret" "secrets" {
+  for_each = local.secrets
+  name     = each.value.name
+}
+
+data "aws_secretsmanager_secret_version" "secrets" {
+  for_each  = data.aws_secretsmanager_secret.secrets
+  secret_id = each.value.id
+}
diff --git a/modules/integrations/splunk_otel_eks/variables.tf b/modules/integrations/splunk_otel_eks/variables.tf
@@ -0,0 +1,32 @@
+variable "aws_profile" {
+  type        = string
+  description = "AWS profile to use."
+}
+
+variable "aws_region" {
+  type        = string
+  description = "Default AWS region."
+}
+
+variable "cluster_name" {
+  description = "The name of the EKS cluster"
+  type        = string
+}
+
+variable "splunk_otel_collector" {
+  description = "Configuration for the Splunk OpenTelemetry Collector"
+  type = object({
+    splunk_observability_realm     = string
+    splunk_platform_endpoint       = string
+    splunk_platform_index          = string
+    gateway                        = bool
+    splunk_observability_profiling = bool
+    environment                    = string
+    discovery                      = bool
+  })
+}
+
+variable "default_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to resources."
+}
diff --git a/modules/integrations/splunk_otel_eks/versions.tf b/modules/integrations/splunk_otel_eks/versions.tf
@@ -0,0 +1,20 @@
+terraform {
+  # Provider versions.
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.90"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.17.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.36.0"
+    }
+  }
+
+  # OpenTofu version.
+  required_version = ">= 1.9.1"
+}
