diff --git a/README.md b/README.md
index f7954bd..f74b81f 100644
--- a/README.md
+++ b/README.md
@@ -195,6 +195,7 @@ worker_groups = {
|------|---------|
| [aws](#provider\_aws) | >= 3.31, < 5.0.0 |
| [helm](#provider\_helm) | >= 2.4.1 |
+| [kubernetes](#provider\_kubernetes) | n/a |
## Modules
@@ -223,6 +224,7 @@ worker_groups = {
|------|------|
| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.kube-state-metrics](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.meta-system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
diff --git a/adot.tf b/adot.tf
new file mode 100644
index 0000000..35b4192
--- /dev/null
+++ b/adot.tf
@@ -0,0 +1,18 @@
+module "adot" {
+ source = "./modules/adot"
+
+ count = var.metrics_exporter == "adot" ? 1 : 0
+
+ cluster_name = var.cluster_name
+ eks_oidc_root_ca_thumbprint = local.eks_oidc_root_ca_thumbprint
+ oidc_provider_arn = module.eks-cluster[0].oidc_provider_arn
+ adot_config = var.adot_config
+ adot_version = var.adot_version
+ prometheus_metrics = var.prometheus_metrics
+ region = local.region
+ depends_on = [
+ module.eks-cluster,
+ helm_release.cert-manager,
+ kubernetes_namespace.meta-system
+ ]
+}
diff --git a/fluent-bit.tf b/fluent-bit.tf
index 22909ac..247054f 100644
--- a/fluent-bit.tf
+++ b/fluent-bit.tf
@@ -40,4 +40,8 @@ module "fluent-bit" {
outputs = ""
filters = ""
})
+
+ depends_on = [
+ module.eks-cluster
+ ]
}
diff --git a/main.tf b/main.tf
index 2f30f0e..ad86f11 100644
--- a/main.tf
+++ b/main.tf
@@ -249,6 +249,10 @@ module "alb-ingress-controller" {
# create_alb_log_bucket = true
# alb_log_bucket_name = var.alb_log_bucket_name != "" ? var.alb_log_bucket_name : "${module.eks-cluster[0].cluster_id}-ingress-controller-log-bucket"
# alb_log_bucket_path = var.alb_log_bucket_path != "" ? var.alb_log_bucket_path : module.eks-cluster[0].cluster_id
+
+ depends_on = [
+ module.eks-cluster
+ ]
}
module "metrics-server" {
@@ -256,7 +260,7 @@ module "metrics-server" {
count = var.create ? 1 : 0
- name = var.metrics_server_name != "" ? var.metrics_server_name : "${module.eks-cluster[0].cluster_id}-metrics-server"
+ name = var.metrics_server_name != "" ? var.metrics_server_name : "${module.eks-cluster[0].cluster_name}-metrics-server"
}
module "external-secrets" {
@@ -296,24 +300,6 @@ module "efs-csi-driver" {
cluster_oidc_arn = module.eks-cluster[0].oidc_provider_arn
}
-module "adot" {
- source = "./modules/adot"
-
- count = var.metrics_exporter == "adot" ? 1 : 0
-
- cluster_name = var.cluster_name
- eks_oidc_root_ca_thumbprint = local.eks_oidc_root_ca_thumbprint
- oidc_provider_arn = module.eks-cluster[0].oidc_provider_arn
- adot_config = var.adot_config
- adot_version = var.adot_version
- prometheus_metrics = var.prometheus_metrics
- region = local.region
- depends_on = [
- module.eks-cluster,
- helm_release.cert-manager
- ]
-}
-
resource "helm_release" "cert-manager" {
count = var.create_cert_manager ? 1 : var.metrics_exporter == "adot" ? 1 : 0
diff --git a/meta-system.tf b/meta-system.tf
new file mode 100644
index 0000000..dd88ef2
--- /dev/null
+++ b/meta-system.tf
@@ -0,0 +1,5 @@
+resource "kubernetes_namespace" "meta-system" {
+ metadata {
+ name = "meta-system"
+ }
+}
diff --git a/modules/adot/main.tf b/modules/adot/main.tf
index a93788d..860f5c0 100644
--- a/modules/adot/main.tf
+++ b/modules/adot/main.tf
@@ -19,8 +19,8 @@ resource "helm_release" "adot-collector" {
wait = false
values = [
- contains(keys(var.adot_config), "helm_values") && var.adot_config.helm_values != null ?
- var.adot_config.helm_values :
+ contains(keys(var.adot_config), "helm_values") && contains(keys(var.adot_config), "helm_values") != null ?
+ contains(keys(var.adot_config), "helm_values") :
templatefile("${path.module}/templates/adot-values.yaml.tpl", {
region = local.region
cluster_name = var.cluster_name
@@ -29,6 +29,7 @@ resource "helm_release" "adot-collector" {
metrics = local.merged_metrics
metrics_namespace_specific = local.merged_namespace_specific
prometheus_metrics = var.prometheus_metrics
+ namespace = var.namespace
})
]
diff --git a/modules/adot/templates/adot-values.yaml.tpl b/modules/adot/templates/adot-values.yaml.tpl
index 4d9b73f..7ff56e2 100644
--- a/modules/adot/templates/adot-values.yaml.tpl
+++ b/modules/adot/templates/adot-values.yaml.tpl
@@ -12,7 +12,7 @@ adotCollector:
sidecarPullPolicy: "Always"
daemonSet:
createNamespace: false
- namespace: adot
+ namespace: ${namespace}
serviceAccount:
create: false
annotations: {}
diff --git a/modules/adot/tests/promethus_metrics/README.md b/modules/adot/tests/promethus_metrics/README.md
index a0fa462..a04381b 100644
--- a/modules/adot/tests/promethus_metrics/README.md
+++ b/modules/adot/tests/promethus_metrics/README.md
@@ -12,7 +12,7 @@
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | 2.11.0 |
+| [helm](#provider\_helm) | n/a |
| [test](#provider\_test) | n/a |
## Modules
diff --git a/modules/adot/tests/template_file/README.md b/modules/adot/tests/template_file/README.md
index a04381b..2935c08 100644
--- a/modules/adot/tests/template_file/README.md
+++ b/modules/adot/tests/template_file/README.md
@@ -12,7 +12,7 @@
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | n/a |
+| [helm](#provider\_helm) | 2.9.0 |
| [test](#provider\_test) | n/a |
## Modules
diff --git a/modules/eks/README.md b/modules/eks/README.md
index 6429818..5142c29 100644
--- a/modules/eks/README.md
+++ b/modules/eks/README.md
@@ -47,7 +47,7 @@ module "cluster_min" {
| Name | Source | Version |
|------|--------|---------|
-| [eks-cluster](#module\_eks-cluster) | terraform-aws-modules/eks/aws | 18.30.0 |
+| [eks-cluster](#module\_eks-cluster) | terraform-aws-modules/eks/aws | 18.31.2 |
## Resources
diff --git a/modules/eks/locals.tf b/modules/eks/locals.tf
index 26baba6..4715aef 100644
--- a/modules/eks/locals.tf
+++ b/modules/eks/locals.tf
@@ -24,6 +24,14 @@ locals {
type = "ingress"
source_cluster_security_group = true
},
+ ingress_cluster_self = {
+ description = "Access Security Group Self"
+ protocol = "-1"
+ from_port = 0
+ to_port = 0
+ type = "ingress"
+ self = true
+ },
egress_all = {
description = "Node all egress"
protocol = "-1"
diff --git a/modules/eks/main.tf b/modules/eks/main.tf
index 2c24348..ed68e32 100644
--- a/modules/eks/main.tf
+++ b/modules/eks/main.tf
@@ -4,7 +4,7 @@
module "eks-cluster" {
source = "terraform-aws-modules/eks/aws"
- version = "18.30.0"
+ version = "18.31.2"
# per Upgrade from v17.x to v18.x, see here for details https://github.com/terraform-aws-modules/terraform-aws-eks/blob/681e00aafea093be72ec06ada3825a23a181b1c5/docs/UPGRADE-18.0.md
prefix_separator = ""
diff --git a/modules/fluent-bit/README.md b/modules/fluent-bit/README.md
index b8f9adc..e5ebbb5 100644
--- a/modules/fluent-bit/README.md
+++ b/modules/fluent-bit/README.md
@@ -51,10 +51,11 @@ No modules.
| [cluster\_name](#input\_cluster\_name) | AWS EKS Cluster name. | `string` | n/a | yes |
| [create\_log\_group](#input\_create\_log\_group) | Wether or no to create log group. | `bool` | `true` | no |
| [create\_namespace](#input\_create\_namespace) | Wether or no to create namespace. | `bool` | `false` | no |
-| [drop\_namespaces](#input\_drop\_namespaces) | Flunt bit doesn't send logs for this namespaces | `list(string)` | [
"kube-system",
"opentelemetry-operator-system",
"adot",
"cert-manager"
]
| no |
+| [drop\_namespaces](#input\_drop\_namespaces) | Flunt bit doesn't send logs for this namespaces | `list(string)` | [
"kube-system",
"opentelemetry-operator-system",
"adot",
"cert-manager",
"opentelemetry.*",
"meta.*"
]
| no |
| [eks\_oidc\_root\_ca\_thumbprint](#input\_eks\_oidc\_root\_ca\_thumbprint) | n/a | `string` | n/a | yes |
| [fluent\_bit\_config](#input\_fluent\_bit\_config) | You can add other inputs,outputs and filters which module doesn't have by default | `any` | {
"filters": "",
"inputs": "",
"outputs": ""
} | no |
| [fluent\_bit\_name](#input\_fluent\_bit\_name) | Container resource name. | `string` | `"fluent-bit"` | no |
+| [kube\_namespaces](#input\_kube\_namespaces) | Kubernates namespaces | `list(string)` | [
"kube.*",
"meta.*",
"adot.*",
"devops.*",
"cert-manager.*",
"git.*",
"opentelemetry.*",
"stakater.*",
"renovate.*"
]
| no |
| [log\_filters](#input\_log\_filters) | Fluent bit doesn't send logs if message consists of this values | `list(string)` | [
"kube-probe",
"health",
"prometheus",
"liveness"
]
| no |
| [log\_group\_name](#input\_log\_group\_name) | Log group name fluent-bit will be streaming logs into. | `string` | `"fluentbit-default-log-group"` | no |
| [log\_retention\_days](#input\_log\_retention\_days) | If set to a number greater than zero, and newly create log group's retention policy is set to this many days. Valid values are: [0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] | `number` | `90` | no |
diff --git a/modules/fluent-bit/locals.tf b/modules/fluent-bit/locals.tf
index 0c321e2..0dae146 100644
--- a/modules/fluent-bit/locals.tf
+++ b/modules/fluent-bit/locals.tf
@@ -14,6 +14,7 @@ locals {
inputs = try(var.fluent_bit_config.inputs, "")
outputs = try(var.fluent_bit_config.outputs, "")
filters = try(var.fluent_bit_config.filters, "")
+ kube_namespaces = var.kube_namespaces
}
values = var.values_yaml == "" ? templatefile("${path.module}/values.yaml.tpl", local.config_settings) : var.values_yaml
diff --git a/modules/fluent-bit/values.yaml.tpl b/modules/fluent-bit/values.yaml.tpl
index 29a1524..bc23097 100644
--- a/modules/fluent-bit/values.yaml.tpl
+++ b/modules/fluent-bit/values.yaml.tpl
@@ -31,24 +31,31 @@ config:
[FILTER]
Name grep
- Match app.*
- Exclude $message ${log_filters}
+ Match kube.*
+ Exclude $log ${log_filters}
[FILTER]
Name grep
- Match app.*
- Exclude $message ${additional_log_filters}
+ Match kube.*
+ Exclude $log ${additional_log_filters}
+%{ for value in kube_namespaces }
[FILTER]
- Name grep
+ Name rewrite_tag
Match kube.*
+ Rule $kubernetes['namespace_name'] ^${value}$ system.$TAG false
+%{ endfor ~}
+
+ [FILTER]
+ Name grep
+ Match *
Exclude $kubernetes['namespace_name'] ${drop_namespaces}
${indent(4, filters)}
outputs: |
[OUTPUT]
Name cloudwatch_logs
- Match *
+ Match kube.*
region ${region}
log_group_name ${log_group_name}
log_stream_prefix from-fluent-bit-
@@ -57,7 +64,16 @@ config:
[OUTPUT]
Name cloudwatch_logs
- Match kube.*
+ Match host.*
+ region ${region}
+ log_group_name ${system_log_group_name}
+ log_stream_prefix eks-
+ auto_create_group Off
+ log_retention_days ${log_retention_days}
+
+ [OUTPUT]
+ Name cloudwatch_logs
+ Match system.*
region ${region}
log_group_name ${system_log_group_name}
log_stream_prefix from-fluent-bit-
diff --git a/modules/fluent-bit/variables.tf b/modules/fluent-bit/variables.tf
index d57ff68..21cb6f5 100644
--- a/modules/fluent-bit/variables.tf
+++ b/modules/fluent-bit/variables.tf
@@ -95,11 +95,29 @@ variable "drop_namespaces" {
"kube-system",
"opentelemetry-operator-system",
"adot",
- "cert-manager"
+ "cert-manager",
+ "opentelemetry.*",
+ "meta.*",
]
description = "Flunt bit doesn't send logs for this namespaces"
}
+variable "kube_namespaces" {
+ type = list(string)
+ default = [
+ "kube.*",
+ "meta.*",
+ "adot.*",
+ "devops.*",
+ "cert-manager.*",
+ "git.*",
+ "opentelemetry.*",
+ "stakater.*",
+ "renovate.*"
+ ]
+ description = "Kubernates namespaces"
+}
+
variable "log_filters" {
type = list(string)
default = [
diff --git a/tests/basic/README.md b/tests/basic/README.md
index bcd75fe..3f65220 100644
--- a/tests/basic/README.md
+++ b/tests/basic/README.md
@@ -9,7 +9,7 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.67.0 |
+| [aws](#provider\_aws) | n/a |
## Modules