Skip to content

Commit

Permalink
Merge pull request #352 from DFE-Digital/1715-alertmanager-config-rel…
Browse files Browse the repository at this point in the history 
…oader-container

Alertmanager config reloader container
  • Loading branch information
@shaheislamdfe
shaheislamdfe authored Jan 15, 2025
2 parents 0f09517 + 7738929 commit 4a42bbf
Show file tree
Hide file tree
Showing 3 changed files with 137 additions and 0 deletions.
3 changes: 3 additions & 0 deletions cluster/terraform_kubernetes/alertmanager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ resource "kubernetes_deployment" "alertmanager" {
labels = {
app = "alertmanager"
}
annotations = {
"reloader.stakater.com/auto" = "true"
}
}

spec {
Expand Down
116 changes: 116 additions & 0 deletions cluster/terraform_kubernetes/reloader.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# ClusterRole for Reloader
resource "kubernetes_cluster_role" "reloader" {
metadata {
name = "reloader-role"
}

rule {
api_groups = [""]
resources = ["configmaps", "secrets"]
verbs = ["list", "get", "watch"]
}

rule {
api_groups = ["apps"]
resources = ["deployments", "daemonsets", "statefulsets"]
verbs = ["list", "get", "update", "patch"]
}

rule {
api_groups = ["extensions"]
resources = ["deployments", "daemonsets"]
verbs = ["list", "get", "update", "patch"]
}
}

# ServiceAccount for Reloader
resource "kubernetes_service_account" "reloader" {
metadata {
name = "reloader"
namespace = "monitoring"
}
}

# ClusterRoleBinding for Reloader
resource "kubernetes_cluster_role_binding" "reloader" {
metadata {
name = "reloader-role-binding"
}

role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = kubernetes_cluster_role.reloader.metadata[0].name
}

subject {
kind = "ServiceAccount"
name = kubernetes_service_account.reloader.metadata[0].name
namespace = kubernetes_service_account.reloader.metadata[0].namespace
}
}

# Deployment for Reloader
resource "kubernetes_deployment" "reloader" {
metadata {
name = "reloader"
namespace = "monitoring"
labels = {
app = "reloader"
}
}

spec {
replicas = 1

selector {
match_labels = {
app = "reloader"
}
}

template {
metadata {
labels = {
app = "reloader"
}
}

spec {
service_account_name = kubernetes_service_account.reloader.metadata[0].name

container {
name = "reloader"
image = "stakater/reloader:v${var.reloader_version}"

args = ["--reload-strategy=annotations"]

resources {
limits = {
cpu = var.reloader_app_cpu
memory = var.reloader_app_mem
}
requests = {
cpu = var.reloader_app_cpu
memory = var.reloader_app_mem
}
}

security_context {
run_as_user = 65534 # nobody user
run_as_group = 65534 # nobody group
capabilities {
drop = ["ALL"]
}
allow_privilege_escalation = false
privileged = false
read_only_root_filesystem = true
seccomp_profile {
type = "RuntimeDefault"
}
}
}
}
}
}
}
18 changes: 18 additions & 0 deletions cluster/terraform_kubernetes/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,24 @@ variable "filebeat_version" {
default = "8.12.2"
}

variable "reloader_version" {
type = string
description = "Version of the Reloader container image to use"
default = "1.0.69"
}

variable "reloader_app_cpu" {
type = string
description = "Reloader app cpu request/limit"
default = "100m"
}

variable "reloader_app_mem" {
type = string
description = "Reloader app memory request/limit"
default = "512Mi"
}

variable "alertmanager_slack_receiver_list" {
type = list(any)
description = "List of alertmanager Slack receivers. Each entry must have a corresponding webhook in the keyvault."
Expand Down

0 comments on commit 4a42bbf

Please sign in to comment.