Skip to content

feat: add Logs Agent #368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 54 commits into from
Oct 2, 2024
Merged

feat: add Logs Agent #368

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
fbd3f13
feat: add log routing agent
Jul 26, 2024
0a9288c
fix: add log-routing-agent charts and remove tflint error
Jul 29, 2024
64da445
Merge branch 'main' into 9800-lr
iamar7 Jul 29, 2024
33d88c8
fix: update pr_test
Jul 29, 2024
e246104
fix: update permission
Jul 29, 2024
98258f8
Merge branch 'main' into 9800-lr
iamar7 Sep 4, 2024
0be893f
fix: added log routing selected log source path
Sep 5, 2024
b15c02a
Merge branch 'main' of https://github.com/terraform-ibm-modules/terra…
Sep 20, 2024
2fce492
update common-dev-assets
Sep 20, 2024
2e9c129
fix: added support for sending logs directly to ICL
Sep 20, 2024
c16039b
fix: pre-commit issues
Sep 20, 2024
f623416
remove common dev
Sep 24, 2024
9917642
update common dev
Sep 24, 2024
86d1b5a
Merge branch 'main' of https://github.com/terraform-ibm-modules/terra…
Sep 24, 2024
c414473
Merge branch 'main' into 9800-lr
iamar7 Sep 24, 2024
390c295
fix: update helm chart
Sep 25, 2024
863dc86
Merge branch '9800-lr' of https://github.com/terraform-ibm-modules/te…
Sep 25, 2024
0abe150
fix: pre-commit issues
Sep 25, 2024
f04d4bb
empty commit
Sep 25, 2024
2f676be
skipping other tests
Sep 25, 2024
85fa6ee
use logs-agent helm chart
Aashiq-J Sep 25, 2024
1a2cb38
precommit
Aashiq-J Sep 25, 2024
2ebfcf1
remove helm charts
Aashiq-J Sep 25, 2024
82c6b22
revert skip
Aashiq-J Sep 25, 2024
412ddd2
update scc
Aashiq-J Sep 25, 2024
ea98fb5
few review changes
Aashiq-J Sep 27, 2024
3db545f
review changes
Aashiq-J Sep 27, 2024
8f56d30
update module
Sep 27, 2024
91ae59e
remove common dev
Sep 27, 2024
f67699f
fix: resolve review comments
Sep 27, 2024
4760266
fix: resolve comments
Sep 27, 2024
93ff8b3
fix: upgrade terraform version
Sep 27, 2024
6c5cd31
fix: resolve comments
Sep 30, 2024
a20999c
Merge branch 'main' into 9800-lr
iamar7 Sep 30, 2024
d852aae
review changes
Aashiq-J Sep 30, 2024
d484fe7
precommit changes
Aashiq-J Sep 30, 2024
ab66224
fixes
Aashiq-J Sep 30, 2024
a815564
update variable description
Aashiq-J Sep 30, 2024
ec318b9
skip for this version
Aashiq-J Sep 30, 2024
bbbb480
wait till IngressReady
Aashiq-J Sep 30, 2024
f18d20e
update provider
Aashiq-J Oct 1, 2024
e33e8fc
test
Aashiq-J Oct 1, 2024
6e5a433
increase time
Aashiq-J Oct 1, 2024
ff34453
add cert
Aashiq-J Oct 1, 2024
fbd8024
update version
Aashiq-J Oct 1, 2024
195f954
test
Aashiq-J Oct 1, 2024
3a2f08e
Merge branch 'main' into 9800-lr
Aashiq-J Oct 1, 2024
ece3a59
test
Aashiq-J Oct 1, 2024
259367c
cleanup
ocofaigh Oct 1, 2024
48b3bbd
address cra
ocofaigh Oct 2, 2024
2f84a7f
baseline update
ocofaigh Oct 2, 2024
c8e81ea
SKIP UPGRADE TEST
ocofaigh Oct 2, 2024
964549d
fix
ocofaigh Oct 2, 2024
89011f0
test: ignore update
ocofaigh Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions .secrets.baseline
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
"generated_at": "2023-12-09T09:50:09Z",
"generated_at": "2024-10-02T13:57:09Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -76,7 +76,28 @@
"name": "TwilioKeyDetector"
}
],
"results": {},
"results": {
"README.md": [
{
"hashed_secret": "3f0155e75563ab3adc0505000a86da5baa207d1f",
"is_secret": false,
"is_verified": false,
"line_number": 64,
"type": "Secret Keyword",
"verified_result": null
}
],
"modules/logs-agent/README.md": [
{
"hashed_secret": "3f0155e75563ab3adc0505000a86da5baa207d1f",
"is_secret": false,
"is_verified": false,
"line_number": 36,
"type": "Secret Keyword",
"verified_result": null
}
]
},
"version": "0.13.1+ibm.62.dss",
"word_list": {
"file": null,
Expand Down
100 changes: 64 additions & 36 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion cra-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
version: "v1"
CRA_TARGETS:
- CRA_TARGET: "examples/basic" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
- CRA_TARGET: "examples/obs-agent-ocp" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
# SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
Expand Down
7 changes: 0 additions & 7 deletions examples/basic/README.md
View file
Open in desktop

This file was deleted.

27 changes: 0 additions & 27 deletions examples/basic/version.tf
View file
Open in desktop

This file was deleted.

11 changes: 11 additions & 0 deletions examples/obs-agent-iks/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Monitoring agent + Cloud Logs agent on Kubernetes using CSE ingress endpoint with an apikey

An example that shows how to deploy Logs agents and Monitoring agent in a Kubernetes cluster to send Logs directly to IBM Cloud Logs and Cloud Monitoring instance respectively.

The example provisions the following resources:
- A new resource group, if an existing one is not passed in.
- A basic VPC (if `is_vpc_cluster` is true).
- A Kubernetes cluster.
- A Service ID with `Sender` role to `logs` service and an apikey.
- An IBM Cloud Logs and Cloud Monitoring instance
- Logs agents and Monitoring agent
131 changes: 62 additions & 69 deletions examples/basic/main.tf → examples/obs-agent-iks/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,36 +3,36 @@
##############################################################################

module "resource_group" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.1.6"
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.1.6"
# if an existing resource group is not set (null) create a new one using prefix
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
existing_resource_group_name = var.resource_group
}

##############################################################################
# Observability Instances
# Service ID with logs sender role + apikey
##############################################################################

module "observability_instances" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-observability-instances?ref=v2.18.1"
providers = {
logdna.at = logdna.at
logdna.ld = logdna.ld
# As a `Sender`, you can send logs to your IBM Cloud Logs service instance - but not query or tail logs. This role is meant to be used by agents and routers sending logs.
module "iam_service_id" {
source = "terraform-ibm-modules/iam-service-id/ibm"
version = "1.2.0"
iam_service_id_name = "${var.prefix}-service-id"
iam_service_id_description = "Logs Agent service id"
iam_service_id_apikey_provision = true
iam_service_policies = {
logs = {
roles = ["Sender"]
resources = [{
service = "logs"
}]
}
}
resource_group_id = module.resource_group.resource_group_id
region = var.region
log_analysis_plan = "7-day"
cloud_monitoring_plan = "graduated-tier"
activity_tracker_provision = false
enable_platform_logs = false
enable_platform_metrics = false
cloud_logs_provision = false
log_analysis_instance_name = "${var.prefix}-log-analysis"
cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring"
}

##############################################################################
# Create VPC and Cluster
# Create VPC and IKS Cluster
##############################################################################

resource "ibm_is_vpc" "example_vpc" {
Expand All @@ -42,63 +42,36 @@ resource "ibm_is_vpc" "example_vpc" {
tags = var.resource_tags
}

resource "ibm_is_public_gateway" "public_gateway" {
count = var.is_vpc_cluster ? 1 : 0
name = "${var.prefix}-gateway-1"
vpc = ibm_is_vpc.example_vpc[0].id
resource_group = module.resource_group.resource_group_id
zone = "${var.region}-1"
}

resource "ibm_is_subnet" "testacc_subnet" {
count = var.is_vpc_cluster ? 1 : 0
name = "${var.prefix}-subnet"
vpc = ibm_is_vpc.example_vpc[0].id
zone = "${var.region}-1"
total_ipv4_address_count = 256
resource_group = module.resource_group.resource_group_id
public_gateway = ibm_is_public_gateway.public_gateway[0].id
}

resource "ibm_resource_instance" "cos_instance" {
count = var.is_openshift ? 1 : 0
name = "${var.prefix}-cos"
service = "cloud-object-storage"
plan = "standard"
location = "global"
resource_group_id = module.resource_group.resource_group_id
tags = var.resource_tags
}

# Lookup the current default kube version
data "ibm_container_cluster_versions" "cluster_versions" {}
locals {
default_version = var.is_openshift ? "${data.ibm_container_cluster_versions.cluster_versions.default_openshift_version}_openshift" : data.ibm_container_cluster_versions.cluster_versions.default_kube_version
default_version = data.ibm_container_cluster_versions.cluster_versions.default_kube_version
}

# Create either a VPC or classic cluster, depending on the is_vpc_cluster variable
resource "ibm_container_vpc_cluster" "cluster" {
count = var.is_vpc_cluster ? 1 : 0
name = var.prefix
vpc_id = ibm_is_vpc.example_vpc[0].id
kube_version = local.default_version
flavor = "bx2.4x16"
worker_count = "2"
entitlement = var.is_openshift ? "cloud_pak" : null
cos_instance_crn = var.is_openshift ? ibm_resource_instance.cos_instance[0].id : null
force_delete_storage = true
wait_till = "Normal"
wait_till = "IngressReady"
zones {
subnet_id = ibm_is_subnet.testacc_subnet[0].id
name = "${var.region}-1"
}
resource_group_id = module.resource_group.resource_group_id
tags = var.resource_tags

timeouts {
delete = "2h"
create = "3h"
}
}

resource "ibm_container_cluster" "cluster" {
Expand All @@ -109,7 +82,6 @@ resource "ibm_container_cluster" "cluster" {
default_pool_size = 2
hardware = "shared"
kube_version = local.default_version
entitlement = var.is_openshift ? "cloud_pak" : null
force_delete_storage = true
machine_type = "b3c.4x16"
public_vlan_id = ibm_network_vlan.public_vlan[0].id
Expand All @@ -124,6 +96,10 @@ resource "ibm_container_cluster" "cluster" {
}
}

locals {
cluster_name_id = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id
}

resource "ibm_network_vlan" "public_vlan" {
count = var.is_vpc_cluster ? 0 : 1
datacenter = var.datacenter
Expand All @@ -137,39 +113,56 @@ resource "ibm_network_vlan" "private_vlan" {
}

data "ibm_container_cluster_config" "cluster_config" {
cluster_name_id = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id
cluster_name_id = local.cluster_name_id
resource_group_id = module.resource_group.resource_group_id
}

# Sleep to allow RBAC sync on cluster
resource "time_sleep" "wait_operators" {
depends_on = [data.ibm_container_cluster_config.cluster_config]
create_duration = "5s"
create_duration = "45s"
}

##############################################################################
# Observability Agents
# Observability Instance
##############################################################################

module "observability_instances" {
source = "terraform-ibm-modules/observability-instances/ibm"
version = "2.19.1"
providers = {
logdna.at = logdna.at
logdna.ld = logdna.ld
}
resource_group_id = module.resource_group.resource_group_id
region = var.region
cloud_logs_plan = "standard"
cloud_monitoring_plan = "graduated-tier"
enable_platform_logs = false
enable_platform_metrics = false
cloud_logs_instance_name = "${var.prefix}-cloud-logs"
cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring"
}

##############################################################################
# Observability Agents
##############################################################################

module "observability_agents" {
source = "../.."
depends_on = [time_sleep.wait_operators]
is_vpc_cluster = var.is_vpc_cluster
cluster_id = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id
cluster_resource_group_id = module.resource_group.resource_group_id
log_analysis_instance_region = module.observability_instances.region
log_analysis_ingestion_key = module.observability_instances.log_analysis_ingestion_key
cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key
log_analysis_agent_tags = var.resource_tags
log_analysis_add_cluster_name = true
# example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics
cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
cloud_monitoring_agent_tags = var.resource_tags
source = "../.."
depends_on = [time_sleep.wait_operators]
cluster_id = local.cluster_name_id
is_vpc_cluster = var.is_vpc_cluster
cluster_resource_group_id = module.resource_group.resource_group_id
# Logs Agent
logs_agent_enabled = true
logs_agent_iam_mode = "IAMAPIKey"
logs_agent_iam_api_key = module.iam_service_id.service_id_apikey
cloud_logs_ingress_endpoint = module.observability_instances.cloud_logs_ingress_private_endpoint
cloud_logs_ingress_port = 3443
logs_agent_enable_scc = false # only true for Openshift
# # Monitoring agent
cloud_monitoring_enabled = true
cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key
cloud_monitoring_instance_region = module.observability_instances.region
# Log Analysis agent custom settings to setup Kubernetes metadata logs filtering by setting
# LOGDNA_K8S_METADATA_LINE_INCLUSION and LOGDNA_K8S_METADATA_LINE_EXCLUSION in the agent daemonset definition
# Ref https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering
log_analysis_agent_custom_line_exclusion = "label.app.kubernetes.io/name:sample-app\\, annotation.user:sample-user"
log_analysis_agent_custom_line_inclusion = "namespace:default"
}
0 examples/basic/outputs.tf → examples/obs-agent-iks/outputs.tf
View file
Open in desktop
File renamed without changes.
33 changes: 20 additions & 13 deletions examples/basic/provider.tf → examples/obs-agent-iks/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,26 @@ provider "ibm" {
region = var.region
}

provider "helm" {
kubernetes {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
}
# IBM Cloud credentials are required to authenticate to the helm repo
registry {
url = "oci://icr.io/ibm/observe/logs-agent-helm"
username = "iamapikey"
password = var.ibmcloud_api_key
}
}

provider "kubernetes" {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
}

locals {
at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}
Expand All @@ -18,16 +38,3 @@ provider "logdna" {
servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : ""
url = local.at_endpoint
}

provider "kubernetes" {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
}

provider "helm" {
kubernetes {
host = data.ibm_container_cluster_config.cluster_config.host
token = data.ibm_container_cluster_config.cluster_config.token
cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
}
}
Loading