├── .github └── workflows │ └── release.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── README.md ├── charts ├── common │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── namespace.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ └── serviceAccount.yaml │ └── values.yaml ├── logan │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── discovery-cronjob.yaml │ │ ├── ekscp-logs-configmap.yaml │ │ ├── fluentd-daemonset.yaml │ │ ├── fluentd-deployment.yaml │ │ ├── logs-configmap.yaml │ │ └── oci-config-secret.yaml │ ├── values.schema.json │ └── values.yaml ├── mgmt-agent │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── resources │ │ ├── input.rsp │ │ ├── mgmtagent_kubernetes_dashboard.json │ │ └── sample_mgmtagent_kubernetes_dashboard.png │ ├── templates │ │ ├── _helpers.tpl │ │ ├── agent-configmap.yaml │ │ ├── env-configmap.yaml │ │ ├── metric_server.yaml │ │ ├── metrics-configmap.yaml │ │ ├── mgmt-agent-daemonset.yaml │ │ ├── mgmt-agent-headless-service.yaml │ │ ├── mgmt-agent-secrets.yaml │ │ └── mgmt-agent-statefulset.yaml │ ├── values.schema.json │ └── values.yaml └── oci-onm │ ├── Chart.yaml │ ├── README.md │ ├── templates │ └── _helpers.tpl │ └── values.yaml ├── docs ├── FAQ.md ├── custom-images.md ├── custom-logs.md ├── eks-cp-logs-streaming.png ├── eks-cp-logs.md ├── license-short.txt └── s3-partitioned-logs.png ├── logan ├── docker-images │ └── v1.0 │ │ └── oraclelinux │ │ └── 8-slim │ │ ├── Dockerfile │ │ ├── Gemfile │ │ ├── Gemfile.lock │ │ └── entrypoint.sh ├── images │ ├── cluster-view.png │ ├── kubernetes-cluster-summary-dashboard.png │ ├── kubernetes-nodes-dashboard.png │ ├── kubernetes-pods-dashboard.png │ ├── kubernetes-workloads-dashboard.png │ └── list-clusters.png └── kubernetes-resources │ ├── logs-collection │ ├── configmap-cri.yaml │ ├── configmap-docker.yaml │ ├── fluentd-daemonset.yaml │ └── secrets.yaml │ └── objects-collection │ ├── configmap-objects.yaml │ ├── fluentd-deployment.yaml │ └── secrets.yaml ├── oke-infra-logs-collection ├── debug.tf ├── filter-logs.py ├── inputs.tf ├── main.tf ├── outputs.tf └── provider.tf ├── terraform ├── modules │ ├── dashboards │ │ ├── dashboard-inputs.tf │ │ ├── dashboard.tf │ │ ├── dashboards_json │ │ │ ├── cluster.json │ │ │ ├── node.json │ │ │ ├── pod.json │ │ │ ├── service-type-lb.json │ │ │ └── workload.json │ │ ├── format_tags │ │ │ └── format_tags.tf │ │ └── required-providers.tf │ ├── helm │ │ ├── helm-inputs.tf │ │ ├── helm-outputs.tf │ │ ├── helm.tf │ │ ├── local │ │ │ └── .gitignore │ │ └── required-providers.tf │ ├── iam │ │ ├── iam-debug.tf │ │ ├── iam-inputs.tf │ │ ├── iam-outputs.tf │ │ ├── iam.tf │ │ ├── parse_namespaces │ │ │ └── namespaces.tf │ │ └── required-providers.tf │ ├── logan │ │ ├── logan-debug.tf │ │ ├── logan-input-validations.tf │ │ ├── logan-inputs.tf │ │ ├── logan-outputs.tf │ │ ├── logan.tf │ │ └── required-providers.tf │ ├── main │ │ ├── developer-options.tf │ │ ├── main-debug.tf │ │ ├── main-inputs.tf │ │ ├── main-outputs.tf │ │ ├── main-required-providers.tf │ │ └── main.tf │ ├── mgmt_agent │ │ ├── agent-debug.tf │ │ ├── agent-inputs.tf │ │ ├── agent-outputs.tf │ │ ├── agent.tf │ │ ├── format_tags │ │ │ └── format_tags.tf │ │ └── required-providers.tf │ └── rms_pe │ │ ├── required-providers.tf │ │ ├── rms-debug.tf │ │ ├── rms-inputs.tf │ │ ├── rms-outputs.tf │ │ └── rms_pe.tf └── oke │ ├── charts │ ├── modules │ ├── oci_images.tf │ ├── providers.tf │ ├── resources │ ├── metadata.sh │ └── oke-status-check.sh │ ├── ruby_sdk_regions.tf │ ├── schema.yaml │ ├── stack-debug.tf │ ├── stack-input-validations.tf │ ├── stack-inputs.tf │ ├── stack-outputs.tf │ ├── stack-required-providers.tf │ ├── stack.tf │ ├── terraform-sample.tfvars │ └── version.auto.tfvars └── util ├── build_oke_infra_logs_collection_stack.sh └── build_stack.sh /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # # # # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # # # # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | name: Release Charts 4 | 5 | on: 6 | push: 7 | branches: 8 | - main 9 | 10 | jobs: 11 | release: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v3 16 | with: 17 | fetch-depth: 0 18 | 19 | - name: Configure Git 20 | run: | 21 | git config user.name "$GITHUB_ACTOR" 22 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 23 | 24 | - name: Run chart-releaser 25 | uses: helm/chart-releaser-action@v1.5.0 26 | with: 27 | charts_dir: charts 28 | env: 29 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 30 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | .DS_Store 5 | 6 | #### 7 | ## Ignore PEM files 8 | #### 9 | 10 | **.pem 11 | 12 | #### 13 | ## gitignore for terraform artifacts 14 | #### 15 | 16 | # Local .terraform directories 17 | **/.terraform/* 18 | 19 | ## Terraform Locck files 20 | *.terraform.lock.hcl 21 | 22 | # .tfstate filesdas 23 | *.tfstate 24 | *.tfstate.* 25 | 26 | # Crash log files 27 | crash.log 28 | crash.*.log 29 | 30 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 31 | # password, private keys, and other secrets. These should not be part of version 32 | # control as they are data points which are potentially sensitive and subject 33 | # to change depending on the environment. 34 | *.tfvars 35 | !*.auto.tfvars 36 | *.tfvars.json 37 | !*.auto.tfvars.json 38 | 39 | # Include sample tfvars 40 | !terraform-sample.tfvars 41 | 42 | # Ignore override files as they are usually used to override resources locally and so 43 | # are not checked in 44 | override.tf 45 | override.tf.json 46 | *_override.tf 47 | *_override.tf.json 48 | 49 | # Include override files you do wish to add to version control using negated pattern 50 | # !example_override.tf 51 | 52 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 53 | # example: *tfplan* 54 | 55 | # Ignore CLI configuration files 56 | .terraformrc 57 | terraform.rc 58 | 59 | # Ignore util dir 60 | logan/util/* 61 | 62 | # helm-chart 63 | charts/tests/ 64 | charts/**/Chart.lock 65 | charts/**/charts/ 66 | 67 | # RM Schema Validation 68 | meta-schema.yaml 69 | 70 | # zip artifacts 71 | releases/ 72 | 73 | # vscode 74 | .vscode 75 | 76 | # debug files 77 | tf-debug/ -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | repos: 5 | - repo: https://github.com/pre-commit/pre-commit-hooks 6 | rev: v2.3.0 7 | hooks: 8 | - id: check-yaml 9 | args: [--allow-multiple-documents] 10 | exclude: '^charts/.*/templates/' 11 | - id: end-of-file-fixer 12 | - id: trailing-whitespace 13 | #- id: check-json 14 | - id: check-merge-conflict 15 | - id: check-symlinks 16 | #- repo: https://github.com/Lucas-C/pre-commit-hooks 17 | # rev: v1.5.1 18 | # hooks: 19 | # - id: insert-license 20 | # exclude: '*.json|*.txt|.*.md|.*.txt|.pre-commit-config.yaml' 21 | # args: 22 | # - --license-filepath 23 | # - ./docs/license-short.txt 24 | - repo: https://github.com/norwoodj/helm-docs 25 | rev: v1.2.0 26 | hooks: 27 | - id: helm-docs 28 | args: 29 | - --chart-search-root=charts 30 | # The `./` makes it relative to the chart-search-root set above 31 | #- --template-files=./_templates.gotmpl 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this 6 | software, associated documentation and/or data (collectively the "Software"), free of charge and under any and 7 | all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor 8 | hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or 9 | (ii) the Larger Works (as defined below), to deal in both 10 | 11 | (a) the Software, and 12 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software 13 | (each a “Larger Work” to which the Software is contributed by such licensors), 14 | 15 | without restriction, including without limitation the rights to copy, create derivative works of, display, 16 | perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have 17 | sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. 18 | 19 | This license is subject to the following condition: 20 | The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must 21 | be included in all copies or substantial portions of the Software. 22 | 23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 24 | THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 25 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 26 | CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 27 | IN THE SOFTWARE. 28 | -------------------------------------------------------------------------------- /charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v2 5 | name: oci-onm-common 6 | description: Common resources for OCI Kubernetes Monitoring solution helm charts 7 | type: application 8 | version: 3.1.0 9 | appVersion: "3.0.0" 10 | -------------------------------------------------------------------------------- /charts/common/README.md: -------------------------------------------------------------------------------- 1 | # oci-onm-common 2 | 3 | ![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) 4 | 5 | Common resources for OCI Kubernetes Monitoring solution helm charts 6 | 7 | ## Values 8 | 9 | | Key | Type | Default | Description | 10 | |-----|------|---------|-------------| 11 | | createNamespace | bool | `true` | Automatically create namespace for all resources (namespaced) used by OCI Kubernetes Monitoring Solution. | 12 | | createServiceAccount | bool | `true` | Automatically create, a readonly cluster role, cluster role binding and serviceaccount is required # to read various cluster objects for monitoring. If set to false serviceaccount value must be provided in the parent chart. Refer, README for the cluster role definition and other details. | 13 | | namespace | string | `"oci-onm"` | Kubernetes Namespace for creating serviceaccount. Default: oci-onm | 14 | | resourceNamePrefix | string | `"oci-onm"` | Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart | 15 | 16 | ---------------------------------------------- 17 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 18 | -------------------------------------------------------------------------------- /charts/common/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | # tpl render function 6 | {{- define "common.tplvalues.render" -}} 7 | {{- if typeIs "string" .value }} 8 | {{- tpl .value .context }} 9 | {{- else }} 10 | {{- tpl (.value | toYaml) .context }} 11 | {{- end }} 12 | {{- end -}} 13 | 14 | # Prefix for all resources created using this chart. 15 | {{- define "common.resourceNamePrefix" -}} 16 | {{- if .Values.resourceNamePrefix -}} 17 | {{ include "common.tplvalues.render" ( dict "value" .Values.resourceNamePrefix "context" .) | trunc 63 | trimSuffix "-" }} 18 | {{- else -}} 19 | {{- "oci-onm" -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | #createNamespace 24 | {{- define "common.createNamespace" -}} 25 | {{ include "common.tplvalues.render" ( dict "value" .Values.createNamespace "context" .) }} 26 | {{- end -}} 27 | 28 | # namespace 29 | {{- define "common.namespace" -}} 30 | {{- if .Values.namespace -}} 31 | {{ include "common.tplvalues.render" ( dict "value" .Values.namespace "context" .) }} 32 | {{- else -}} 33 | {{- "oci-onm" -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | #createServiceAccount 38 | {{- define "common.createServiceAccount" -}} 39 | {{ include "common.tplvalues.render" ( dict "value" .Values.createServiceAccount "context" .) }} 40 | {{- end -}} 41 | 42 | #serviceAccount 43 | {{- define "common.serviceAccount" -}} 44 | {{- if .Values.serviceAccount -}} 45 | {{ include "common.tplvalues.render" ( dict "value" .Values.serviceAccount "context" .) }} 46 | {{- else -}} 47 | {{ include "common.resourceNamePrefix" . }} 48 | {{- end -}} 49 | {{- end -}} 50 | -------------------------------------------------------------------------------- /charts/common/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createServiceAccount" .) "true" }} 5 | --- 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | kind: ClusterRole 8 | metadata: 9 | name: {{ include "common.resourceNamePrefix" . }} 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - '*' 15 | verbs: 16 | - get 17 | - list 18 | - watch 19 | - nonResourceURLs: ["/metrics"] 20 | verbs: ["get"] 21 | - apiGroups: 22 | - apps 23 | - batch 24 | - discovery.k8s.io 25 | - metrics.k8s.io 26 | - storage.k8s.io 27 | resources: 28 | - '*' 29 | verbs: 30 | - get 31 | - list 32 | - watch 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/common/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createServiceAccount" .) "true" }} 5 | --- 6 | kind: ClusterRoleBinding 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | metadata: 9 | name: {{ include "common.resourceNamePrefix" . }} 10 | roleRef: 11 | kind: ClusterRole 12 | name: {{ include "common.resourceNamePrefix" . }} 13 | apiGroup: rbac.authorization.k8s.io 14 | subjects: 15 | - kind: ServiceAccount 16 | name: {{ include "common.resourceNamePrefix" . }} 17 | namespace: {{ include "common.namespace" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/common/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createNamespace" .) "true" }} 5 | --- 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: {{ include "common.namespace" . }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/common/templates/role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createServiceAccount" .) "true" }} 5 | --- 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | kind: Role 8 | metadata: 9 | name: {{ include "common.resourceNamePrefix" . }} 10 | namespace: {{ include "common.namespace" . }} 11 | rules: 12 | - apiGroups: [""] 13 | resources: ["configmaps"] 14 | verbs: ["create"] 15 | - apiGroups: [""] 16 | resources: ["configmaps"] 17 | verbs: ["get", "patch"] 18 | resourceNames: ["{{ include "common.resourceNamePrefix" . }}-discovery-state-tracker"] 19 | {{- end }} -------------------------------------------------------------------------------- /charts/common/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createServiceAccount" .) "true" }} 5 | --- 6 | kind: RoleBinding 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | metadata: 9 | name: {{ include "common.resourceNamePrefix" . }} 10 | namespace: {{ include "common.namespace" . }} 11 | roleRef: 12 | kind: Role 13 | name: {{ include "common.resourceNamePrefix" . }} 14 | apiGroup: rbac.authorization.k8s.io 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ include "common.resourceNamePrefix" . }} 18 | namespace: {{ include "common.namespace" . }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/common/templates/serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if eq (include "common.createServiceAccount" .) "true" }} 5 | --- 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | name: {{ include "common.serviceAccount" . }} 10 | namespace: {{ include "common.namespace" . }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/common/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # -- Automatically create, a readonly cluster role, cluster role binding and 5 | # serviceaccount is required # to read various cluster objects for monitoring. 6 | # If set to false serviceaccount value must be provided in the parent chart. 7 | # Refer, README for the cluster role definition and other details. 8 | createServiceAccount: true 9 | 10 | # -- Automatically create namespace for all resources (namespaced) used by OCI Kubernetes Monitoring Solution. 11 | createNamespace: true 12 | 13 | # -- Kubernetes Namespace for creating serviceaccount. Default: oci-onm 14 | namespace: oci-onm 15 | 16 | # -- Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart 17 | resourceNamePrefix: oci-onm 18 | -------------------------------------------------------------------------------- /charts/logan/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v2 5 | name: oci-onm-logan 6 | description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics. 7 | type: application 8 | version: 3.6.0 9 | appVersion: "3.0.0" 10 | 11 | dependencies: 12 | - name: oci-onm-common 13 | version: "3.1.0" 14 | repository: "file://../common" 15 | condition: oci-onm-common.enabled 16 | -------------------------------------------------------------------------------- /charts/logan/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | # tpl render function 6 | {{- define "common.tplvalues.render" -}} 7 | {{- if typeIs "string" .value }} 8 | {{- tpl .value .context }} 9 | {{- else }} 10 | {{- tpl (.value | toYaml) .context }} 11 | {{- end }} 12 | {{- end -}} 13 | 14 | # Prefix for all resources created using this chart. 15 | {{- define "logan.resourceNamePrefix" -}} 16 | {{- if .Values.resourceNamePrefix -}} 17 | {{ include "common.tplvalues.render" ( dict "value" .Values.resourceNamePrefix "context" .) | trunc 63 | trimSuffix "-" }} 18 | {{- else -}} 19 | {{- "oci-onm" -}} 20 | {{- end -}} 21 | {{- end -}} 22 | 23 | # namespace 24 | {{- define "logan.namespace" -}} 25 | {{- if .Values.namespace -}} 26 | {{ include "common.tplvalues.render" ( dict "value" .Values.namespace "context" .) }} 27 | {{- else -}} 28 | {{- "oci-onm" -}} 29 | {{- end -}} 30 | {{- end -}} 31 | 32 | #serviceAccount 33 | {{- define "logan.serviceAccount" -}} 34 | {{ include "common.tplvalues.render" ( dict "value" .Values.serviceAccount "context" .) }} 35 | {{- end -}} 36 | 37 | #kubernetesClusterId 38 | {{- define "logan.kubernetesClusterId" -}} 39 | {{- if .Values.kubernetesClusterID -}} 40 | {{ include "common.tplvalues.render" ( dict "value" .Values.kubernetesClusterID "context" .) }} 41 | {{- else -}} 42 | {{- "UNDEFINED" -}} 43 | {{- end -}} 44 | {{- end -}} 45 | 46 | #kubernetesClusterName 47 | {{- define "logan.kubernetesClusterName" -}} 48 | {{- if .Values.kubernetesClusterName -}} 49 | {{ include "common.tplvalues.render" ( dict "value" .Values.kubernetesClusterName "context" .) }} 50 | {{- else -}} 51 | {{- "UNDEFINED" -}} 52 | {{- end -}} 53 | {{- end -}} 54 | -------------------------------------------------------------------------------- /charts/logan/templates/fluentd-daemonset.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | --- 5 | {{- $authtype := .Values.authtype | lower }} 6 | {{- $imagePullSecrets := .Values.image.imagePullSecrets }} 7 | {{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} 8 | apiVersion: apps/v1 9 | kind: DaemonSet 10 | metadata: 11 | name: {{ $resourceNamePrefix }}-logan 12 | namespace: {{ include "logan.namespace" . }} 13 | labels: 14 | app: {{ $resourceNamePrefix }}-logan 15 | version: v1 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ $resourceNamePrefix }}-logan 20 | version: v1 21 | template: 22 | metadata: 23 | annotations: 24 | {{- if eq $authtype "config" }} 25 | checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secret.yaml") . | sha256sum }} 26 | {{- end}} 27 | checksum/configmap: {{ include (print $.Template.BasePath "/logs-configmap.yaml") . | sha256sum }} 28 | labels: 29 | app: {{ $resourceNamePrefix }}-logan 30 | version: v1 31 | spec: 32 | serviceAccountName: {{ include "logan.serviceAccount" . }} 33 | tolerations: 34 | - key: node-role.kubernetes.io/master 35 | effect: NoSchedule 36 | - key: node-role.kubernetes.io/control-plane 37 | effect: NoSchedule 38 | {{- if $imagePullSecrets }} 39 | imagePullSecrets: 40 | - name: {{ .Values.image.imagePullSecrets }} 41 | {{- end}} 42 | containers: 43 | - name: {{ $resourceNamePrefix }}-fluentd 44 | image: {{ .Values.image.url }} 45 | imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} 46 | {{- if .Values.privileged }} 47 | securityContext: 48 | privileged: {{ .Values.privileged }} 49 | {{- end}} 50 | env: 51 | - name: FLUENTD_CONF 52 | value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} 53 | - name: K8S_NODE_NAME 54 | valueFrom: 55 | fieldRef: 56 | fieldPath: spec.nodeName 57 | - name: FLUENT_OCI_DEFAULT_LOGGROUP_ID 58 | value: {{ .Values.ociLALogGroupID }} 59 | - name: FLUENT_OCI_NAMESPACE 60 | value: {{ .Values.ociLANamespace }} 61 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID 62 | value: {{ include "logan.kubernetesClusterId" . }} 63 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME 64 | value: {{ include "logan.kubernetesClusterName" . }} 65 | {{- if eq $authtype "config" }} 66 | - name: FLUENT_OCI_CONFIG_LOCATION 67 | value: {{ .Values.oci.path }}/{{ .Values.oci.file }} 68 | {{- end }} 69 | {{- if .Values.extraEnv }} 70 | {{- toYaml .Values.extraEnv | nindent 10 }} 71 | {{- end }} 72 | {{- if .Values.resources }} 73 | resources: {{- toYaml .Values.resources | nindent 10 }} 74 | {{- end }} 75 | volumeMounts: 76 | # Mount all relevant locations depending on where the actual logs presents. 77 | - name: varlog 78 | mountPath: /var/log 79 | {{- if ne .Values.fluentd.baseDir "/var/log" }} 80 | readOnly: true 81 | {{- end }} 82 | - name: dockercontainerlogdirectory 83 | mountPath: {{ .Values.volumes.podsHostPath }} 84 | readOnly: true 85 | - name: dockercontainerdatadirectory 86 | mountPath: {{ .Values.volumes.containerdataHostPath }} 87 | readOnly: true 88 | # RW mount to store pos files, buffer and output plugin logs (if baseDir is not /var/log) 89 | {{- if ne .Values.fluentd.baseDir "/var/log" }} 90 | - name: basedir 91 | mountPath: {{ .Values.fluentd.baseDir }} 92 | {{- end }} 93 | {{- if eq $authtype "config" }} 94 | # Mount directory where oci config exists 95 | - name: ociconfigdir 96 | mountPath: {{ .Values.oci.path }} 97 | readOnly: true 98 | {{- end }} 99 | # Mount directory where fluentd config exists 100 | - name: fluentdconfigdir 101 | mountPath: {{ .Values.fluentd.path }} 102 | readOnly: true 103 | {{- if .Values.extraVolumeMounts }} 104 | {{- toYaml .Values.extraVolumeMounts | nindent 8 }} 105 | {{- end }} 106 | terminationGracePeriodSeconds: 30 107 | volumes: 108 | {{- if .Values.extraVolumes }} 109 | {{- toYaml .Values.extraVolumes | nindent 6 }} 110 | {{- end }} 111 | # Mount all relevant locations depending on where the actual logs presents. 112 | - name: varlog 113 | hostPath: 114 | path: /var/log 115 | - name: dockercontainerlogdirectory 116 | hostPath: 117 | path: {{ .Values.volumes.podsHostPath }} 118 | - name: dockercontainerdatadirectory 119 | hostPath: 120 | path: {{ .Values.volumes.containerdataHostPath }} 121 | # RW mount to store tail plugin pos files, output plugin buffer and logs (if baseDir is not /var/log) 122 | {{- if ne .Values.fluentd.baseDir "/var/log" }} 123 | - name: basedir 124 | hostPath: 125 | path: {{ .Values.fluentd.baseDir }} 126 | {{- end }} 127 | {{- if eq $authtype "config" }} 128 | # Mount directory where oci config exists 129 | - name: ociconfigdir 130 | projected: 131 | sources: 132 | - secret: 133 | name: {{ $resourceNamePrefix }}-oci-config 134 | {{- end }} 135 | # Mount directory where fluentd config exists 136 | - name: fluentdconfigdir 137 | configMap: 138 | # Provide the name of the ConfigMap to mount. 139 | name: {{ $resourceNamePrefix }}-logs 140 | -------------------------------------------------------------------------------- /charts/logan/templates/fluentd-deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | --- 5 | {{- if .Values.enableEKSControlPlaneLogs }} 6 | {{- $authtype := .Values.authtype | lower }} 7 | {{- $imagePullSecrets := .Values.image.imagePullSecrets }} 8 | {{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | metadata: 12 | name: {{ $resourceNamePrefix }}-logan 13 | namespace: {{ include "logan.namespace" . }} 14 | labels: 15 | app: {{ $resourceNamePrefix }}-logan 16 | version: v1 17 | spec: 18 | selector: 19 | matchLabels: 20 | app: {{ $resourceNamePrefix }}-logan 21 | version: v1 22 | template: 23 | metadata: 24 | annotations: 25 | {{- if eq $authtype "config" }} 26 | checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secret.yaml") . | sha256sum }} 27 | {{- end}} 28 | checksum/ekscpconfigmap: {{ include (print $.Template.BasePath "/ekscp-logs-configmap.yaml") . | sha256sum }} 29 | labels: 30 | app: {{ $resourceNamePrefix }}-logan 31 | version: v1 32 | spec: 33 | serviceAccountName: {{ include "logan.serviceAccount" . }} 34 | {{- if $imagePullSecrets }} 35 | imagePullSecrets: 36 | - name: {{ .Values.image.imagePullSecrets }} 37 | {{- end}} 38 | containers: 39 | - name: {{ $resourceNamePrefix }}-ekscp-fluentd 40 | image: {{ .Values.image.url }} 41 | imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} 42 | env: 43 | - name: FLUENTD_CONF 44 | value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} 45 | - name: K8S_NODE_NAME 46 | valueFrom: 47 | fieldRef: 48 | fieldPath: spec.nodeName 49 | - name: FLUENT_OCI_DEFAULT_LOGGROUP_ID 50 | value: {{ .Values.ociLALogGroupID }} 51 | - name: FLUENT_OCI_NAMESPACE 52 | value: {{ .Values.ociLANamespace }} 53 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID 54 | value: {{ include "logan.kubernetesClusterId" . }} 55 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME 56 | value: {{ include "logan.kubernetesClusterName" . }} 57 | {{- if eq $authtype "config" }} 58 | - name: FLUENT_OCI_CONFIG_LOCATION 59 | value: {{ .Values.oci.path }}/{{ .Values.oci.file }} 60 | {{- end }} 61 | {{- if .Values.extraEnv }} 62 | {{- toYaml .Values.extraEnv | nindent 10 }} 63 | {{- end }} 64 | {{- if .Values.resources }} 65 | resources: {{- toYaml .Values.resources | nindent 10 }} 66 | {{- end }} 67 | volumeMounts: 68 | # RW mount to store tail plugin output plugin buffer and logs 69 | - name: basedir 70 | mountPath: {{ .Values.fluentd.baseDir }} 71 | {{- if eq $authtype "config" }} 72 | # Mount directory where oci config exists 73 | - name: ociconfigdir 74 | mountPath: {{ .Values.oci.path }} 75 | readOnly: true 76 | {{- end }} 77 | # Mount directory where fluentd config exists 78 | - name: ekscpfluentdconfigdir 79 | mountPath: {{ .Values.fluentd.path }} 80 | readOnly: true 81 | {{- if .Values.extraVolumeMounts }} 82 | {{- toYaml .Values.extraVolumeMounts | nindent 8 }} 83 | {{- end }} 84 | terminationGracePeriodSeconds: 30 85 | volumes: 86 | {{- if .Values.extraVolumes }} 87 | {{- toYaml .Values.extraVolumes | nindent 6 }} 88 | {{- end }} 89 | # RW mount to store tail plugin output plugin buffer and logs 90 | - name: basedir 91 | hostPath: 92 | path: {{ .Values.fluentd.baseDir }} 93 | {{- if eq $authtype "config" }} 94 | # Mount directory where oci config exists 95 | - name: ociconfigdir 96 | projected: 97 | sources: 98 | - secret: 99 | name: {{ $resourceNamePrefix }}-oci-config 100 | {{- end }} 101 | # Mount directory where fluentd ekscp config exists 102 | - name: ekscpfluentdconfigdir 103 | configMap: 104 | # Provide the name of the ConfigMap to mount. 105 | name: {{ $resourceNamePrefix }}-ekscp-logs 106 | {{- end }} 107 | -------------------------------------------------------------------------------- /charts/logan/templates/oci-config-secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- $authtype := .Values.authtype | lower }} 5 | {{- if eq $authtype "config" }} 6 | apiVersion: v1 7 | kind: Secret 8 | type: Opaque 9 | metadata: 10 | name: {{ include "logan.resourceNamePrefix" . }}-oci-config 11 | namespace: {{ include "logan.namespace" . }} 12 | stringData: 13 | {{- range $key, $value := .Values.oci.configFiles }} 14 | {{ $key }}: | 15 | {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 4 }} 16 | {{- end }} 17 | {{- end}} 18 | -------------------------------------------------------------------------------- /charts/logan/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/schema#", 3 | "required": [ 4 | "runtime", 5 | "authtype", 6 | "namespace", 7 | "image", 8 | "ociLANamespace", 9 | "ociLALogGroupID", 10 | "fluentd" 11 | ], 12 | "properties": { 13 | "image": { 14 | "type": "object", 15 | "required": [ 16 | "url" 17 | ], 18 | "properties": { 19 | "url": { 20 | "type": "string" 21 | }, 22 | "pullPolicy": { 23 | "type": "string", 24 | "pattern": "^(Always|Never|IfNotPresent)$" 25 | } 26 | } 27 | }, 28 | "runtime": { 29 | "type": "string", 30 | "enum": ["docker", "cri"] 31 | }, 32 | "authtype": { 33 | "type": "string", 34 | "enum": ["InstancePrincipal", "config"] 35 | }, 36 | "namespace": { 37 | "type": "string" 38 | }, 39 | "ociLANamespace": { 40 | "type": "string" 41 | }, 42 | "ociLALogGroupID": { 43 | "type": "string" 44 | }, 45 | "fluentd": { 46 | "type": "object", 47 | "required": [ 48 | "baseDir" 49 | ], 50 | "properties": { 51 | "baseDir": { 52 | "type": "string" 53 | } 54 | } 55 | }, 56 | "collectionType": { 57 | "type": "string", 58 | "enum": ["cloudwatch", "s3"] 59 | }, 60 | "region": { 61 | "type": "string" 62 | }, 63 | "s3Bucket": { 64 | "type": "string", 65 | "minLength": 3, 66 | "maxLength": 63 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /charts/mgmt-agent/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # Patterns to ignore when building packages. 5 | # This supports shell glob matching, relative path matching, and 6 | # negation (prefixed with !). Only one pattern per line. 7 | .DS_Store 8 | # Common VCS dirs 9 | .git/ 10 | .gitignore 11 | .bzr/ 12 | .bzrignore 13 | .hg/ 14 | .hgignore 15 | .svn/ 16 | # Common backup files 17 | *.swp 18 | *.bak 19 | *.tmp 20 | *.orig 21 | *~ 22 | # Various IDEs 23 | .project 24 | .idea/ 25 | *.tmproj 26 | .vscode/ 27 | -------------------------------------------------------------------------------- /charts/mgmt-agent/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v2 5 | name: oci-onm-mgmt-agent 6 | description: A Helm chart for collecting Kubernetes Metrics using OCI Management Agent into OCI Monitoring. 7 | 8 | # A chart can be either an 'application' or a 'library' chart. 9 | # 10 | # Application charts are a collection of templates that can be packaged into versioned archives 11 | # to be deployed. 12 | # 13 | # Library charts provide useful utilities or functions for the chart developer. They're included as 14 | # a dependency of application charts to inject those utilities and functions into the rendering 15 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 16 | type: application 17 | 18 | # This is the chart version. This version number should be incremented each time you make changes 19 | # to the chart and its templates, including the app version. 20 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 21 | version: 3.0.4 22 | 23 | # This is the version number of the application being deployed. This version number should be 24 | # incremented each time you make changes to the application. Versions are not expected to 25 | # follow Semantic Versioning. They should reflect the version the application is using. 26 | # It is recommended to use it with quotes. 27 | appVersion: "1.16.0" 28 | 29 | dependencies: 30 | - name: oci-onm-common 31 | version: "3.1.0" 32 | repository: "file://../common" 33 | condition: oci-onm-common.enabled 34 | -------------------------------------------------------------------------------- /charts/mgmt-agent/README.md: -------------------------------------------------------------------------------- 1 | # oci-onm-mgmt-agent 2 | 3 | ![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) 4 | 5 | A Helm chart for collecting Kubernetes Metrics using OCI Management Agent into OCI Monitoring. 6 | 7 | ## Requirements 8 | 9 | | Repository | Name | Version | 10 | |------------|------|---------| 11 | | file://../common | oci-onm-common | 3.0.0 | 12 | 13 | ## Values 14 | 15 | | Key | Type | Default | Description | 16 | |-----|------|---------|-------------| 17 | | deployMetricServer | bool | `true` | By default, metric server will be deployed and used by Management Agent to collect metrics. You can set this to false if you already have metric server installed on your cluster | 18 | | global.namespace | string | `"oci-onm"` | Kubernetes Namespace in which the resources to be created. Set oci-kubernetes-monitoring-common:createNamespace set to true, if the namespace doesn't exist. | 19 | | global.resourceNamePrefix | string | `"oci-onm"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | 20 | | kubernetesCluster.compartmentId | string | `nil` | OCI Compartment Id to push Kubernetes Monitoring metrics. If not specified default is same as Agent compartment | 21 | | kubernetesCluster.name | string | `nil` | Kubernetes cluster name | 22 | | kubernetesCluster.namespace | string | `"*"` | Kubernetes cluster namespace(s) to monitor. This can be a comma-separated list of namespaces or '*' to monitor all the namespaces | 23 | | kubernetesCluster.monitoringNamespace | string | `nil` | OCI namespace to push Kubernetes Monitoring metrics. The namespace should match the pattern '^[a-z][a-z0-9_]*[a-z0-9]$'. By default metrics will be pushed to 'mgmtagent_kubernetes_metrics' | 24 | | kubernetesCluster.overrideAllowMetricsAPIServer | string | `nil` | Provide the specific list of comma separated metric names for agent computed metrics to be collected. | 25 | | kubernetesCluster.overrideAllowMetricsCluster | string | `nil` | Provide the specific list of comma separated metric names for agent computed metrics to be collected | 26 | | kubernetesCluster.overrideAllowMetricsKubelet | string | `nil` | Provide the specific list of comma separated metric names for Kubelet (/api/v1/nodes//proxy/metrics) metrics to be collected | 27 | | kubernetesCluster.overrideAllowMetricsNode | string | `nil` | Provide the specific list of comma separated metric names for Node (/api/v1/nodes//proxy/metrics/resource, /api/v1/nodes//proxy/metrics/cadvisor) metrics to be collected | 28 | | mgmtagent.image.secret | string | `nil` | Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) | 29 | | mgmtagent.image.url | string | `nil` | Replace this value with actual docker image URL for Management Agent | 30 | | mgmtagent.installKey | string | `"resources/input.rsp"` | Copy the downloaded Management Agent Install Key file under root helm directory as resources/input.rsp | 31 | | mgmtagent.installKeyFileContent | string | `nil` | Provide the base64 encoded content of the Management Agent Install Key file (e.g. `cat input.rsp \| base64 -w 0`) | 32 | | mgmtagent.extraEnv | string | `nil` | Please specify additional environment variables in name:value pairs | 33 | | namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes namespace to create and install this helm chart in | 34 | | oci-onm-common.createNamespace | bool | `true` | If createNamespace is set to true, it tries to create the namespace defined in 'namespace' variable. | 35 | | oci-onm-common.createServiceAccount | bool | `true` | By default, a cluster role, cluster role binding and serviceaccount will be created for the monitoring pods to be able to (readonly) access various objects within the cluster, to support collection of various telemetry data. You may set this to false and provide your own serviceaccount (in the parent chart(s)) which has the necessary cluster role(s) binded to it. Refer, README for the cluster role definition and other details. | 36 | | oci-onm-common.namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace in which the serviceaccount to be created. | 37 | | oci-onm-common.resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | 38 | | oci-onm-common.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Name of the Kubernetes ServiceAccount | 39 | | serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Name of the Kubernetes ServiceAccount | 40 | | deployment.security.runAsUser | integer | `1000` | Processes in the Container will use the specified user ID | 41 | | deployment.security.runAsGroup | integer | `2000` | Processes in the Container will use the specified group ID | 42 | | deployment.security.fsGroup | integer | `2000` | Files created in the Container will use the specified group ID | 43 | | deployment.cleanupEpochTime | integer | `nil` | Please provide the current epoch time in seconds (Eg: Executing the following command in a bash shell will provide the epoch time: "date +%s") to clean up the agent installation directory from previous deployment | 44 | | deployment.daemonSetDeployment | bool | `false` | Setting the daemonset deployment to true, will deploy the Management Agents as a daemonset in addition to deploying the Management Agent as a statefulset. This is done to to distribute the node metrics collection to agents running on the node | 45 | | deployment.daemonSet.hostPath | string | `nil` | The host path to store data, if Agent is deployed as DaemonSet. Management Agent Pod should have read-write access to it | 46 | | deployment.daemonSet.overrideOwnership | bool | `true` | Override the ownership and permissions on the hostPath. The hostPath will be owned by the runAsUser and runAsGroup provided under security context and the permission as 750.
Note: This requires oraclelinux:8-slim image

Setting overrideOwnership to false will disable the ownership change. | 47 | | deployment.resource.request.cpuCore | string | `200m` | Minimum CPU cores(millicore) for each agent instance | 48 | | deployment.resource.request.memory | string | `500Mi` | Minimum memory(mebibytes) for each agent instance | 49 | | deployment.resource.request.storage | string | `2Gi` | Minimum storage(gibibyte) for StatefulSet's PVC | 50 | | deployment.resource.limit.cpuCore | string | `500m` | Maximum CPU cores(millicore) for each agent instance | 51 | | deployment.resource.limit.memory | string | `1Gi` | Maximum memory(gibibyte) for each agent instance | 52 | | deployment.storageClass | string | `nil` | The storage class for StatefulSet's PVC. If not provided then the Cluster's default storage class will be used | 53 | 54 | ---------------------------------------------- 55 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 56 | -------------------------------------------------------------------------------- /charts/mgmt-agent/resources/input.rsp: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | -------------------------------------------------------------------------------- /charts/mgmt-agent/resources/sample_mgmtagent_kubernetes_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/charts/mgmt-agent/resources/sample_mgmtagent_kubernetes_dashboard.png -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tpl render function 5 | {{- define "common.tplvalues.render" -}} 6 | {{- if typeIs "string" .value }} 7 | {{- tpl .value .context }} 8 | {{- else }} 9 | {{- tpl (.value | toYaml) .context }} 10 | {{- end }} 11 | {{- end -}} 12 | 13 | # Prefix for all resources created using this chart. 14 | {{- define "mgmt-agent.resourceNamePrefix" -}} 15 | {{- if .Values.resourceNamePrefix -}} 16 | {{ include "common.tplvalues.render" ( dict "value" .Values.resourceNamePrefix "context" .) | trunc 63 | trimSuffix "-" }} 17 | {{- else -}} 18 | {{- "oci-onm" -}} 19 | {{- end -}} 20 | {{- end -}} 21 | 22 | # namespace 23 | {{- define "mgmt-agent.namespace" -}} 24 | {{- if .Values.namespace -}} 25 | {{ include "common.tplvalues.render" ( dict "value" .Values.namespace "context" .) }} 26 | {{- else -}} 27 | {{- "oci-onm" -}} 28 | {{- end -}} 29 | {{- end -}} 30 | 31 | #serviceAccount 32 | {{- define "mgmt-agent.serviceAccount" -}} 33 | {{ include "common.tplvalues.render" ( dict "value" .Values.serviceAccount "context" .) }} 34 | {{- end -}} 35 | 36 | #kubernetesClusterName 37 | {{- define "mgmt-agent.kubernetesClusterName" -}} 38 | {{- if .Values.kubernetesCluster.name -}} 39 | {{ include "common.tplvalues.render" ( dict "value" .Values.kubernetesCluster.name "context" .) }} 40 | {{- else -}} 41 | {{- "UNDEFINED" -}} 42 | {{- end -}} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/agent-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-agent 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | data: 10 | emd.properties: | 11 | # provide the key=value pair below to override 12 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/env-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-env 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | data: 10 | # Unmodifiable properties 11 | # Please do not remove/modify the below properties 12 | DAEMONSET_DEPLOYMENT: "{{ .Values.deployment.daemonSetDeployment }}" 13 | HELM_DEPLOYMENT: "true" 14 | INSTALL_NAMESPACE: "{{ include "mgmt-agent.namespace" . }}" 15 | {{- if .Values.deployment.cleanupEpochTime }} 16 | POD_CLEANUP_ID: "{{ .Values.deployment.cleanupEpochTime }}" 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/metric_server.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if .Values.deployMetricServer }} 5 | --- 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | labels: 10 | k8s-app: metrics-server 11 | name: metrics-server 12 | namespace: kube-system 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRole 16 | metadata: 17 | labels: 18 | k8s-app: metrics-server 19 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 20 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 21 | rbac.authorization.k8s.io/aggregate-to-view: "true" 22 | name: system:aggregated-metrics-reader 23 | rules: 24 | - apiGroups: 25 | - metrics.k8s.io 26 | resources: 27 | - pods 28 | - nodes 29 | verbs: 30 | - get 31 | - list 32 | - watch 33 | --- 34 | apiVersion: rbac.authorization.k8s.io/v1 35 | kind: ClusterRole 36 | metadata: 37 | labels: 38 | k8s-app: metrics-server 39 | name: system:metrics-server 40 | rules: 41 | - apiGroups: 42 | - "" 43 | resources: 44 | - nodes/metrics 45 | verbs: 46 | - get 47 | - apiGroups: 48 | - "" 49 | resources: 50 | - pods 51 | - nodes 52 | verbs: 53 | - get 54 | - list 55 | - watch 56 | --- 57 | apiVersion: rbac.authorization.k8s.io/v1 58 | kind: RoleBinding 59 | metadata: 60 | labels: 61 | k8s-app: metrics-server 62 | name: metrics-server-auth-reader 63 | namespace: kube-system 64 | roleRef: 65 | apiGroup: rbac.authorization.k8s.io 66 | kind: Role 67 | name: extension-apiserver-authentication-reader 68 | subjects: 69 | - kind: ServiceAccount 70 | name: metrics-server 71 | namespace: kube-system 72 | --- 73 | apiVersion: rbac.authorization.k8s.io/v1 74 | kind: ClusterRoleBinding 75 | metadata: 76 | labels: 77 | k8s-app: metrics-server 78 | name: metrics-server:system:auth-delegator 79 | roleRef: 80 | apiGroup: rbac.authorization.k8s.io 81 | kind: ClusterRole 82 | name: system:auth-delegator 83 | subjects: 84 | - kind: ServiceAccount 85 | name: metrics-server 86 | namespace: kube-system 87 | --- 88 | apiVersion: rbac.authorization.k8s.io/v1 89 | kind: ClusterRoleBinding 90 | metadata: 91 | labels: 92 | k8s-app: metrics-server 93 | name: system:metrics-server 94 | roleRef: 95 | apiGroup: rbac.authorization.k8s.io 96 | kind: ClusterRole 97 | name: system:metrics-server 98 | subjects: 99 | - kind: ServiceAccount 100 | name: metrics-server 101 | namespace: kube-system 102 | --- 103 | apiVersion: v1 104 | kind: Service 105 | metadata: 106 | labels: 107 | k8s-app: metrics-server 108 | name: metrics-server 109 | namespace: kube-system 110 | spec: 111 | ports: 112 | - name: https 113 | port: 443 114 | protocol: TCP 115 | targetPort: https 116 | selector: 117 | k8s-app: metrics-server 118 | --- 119 | apiVersion: apps/v1 120 | kind: Deployment 121 | metadata: 122 | labels: 123 | k8s-app: metrics-server 124 | name: metrics-server 125 | namespace: kube-system 126 | spec: 127 | selector: 128 | matchLabels: 129 | k8s-app: metrics-server 130 | strategy: 131 | rollingUpdate: 132 | maxUnavailable: 0 133 | template: 134 | metadata: 135 | labels: 136 | k8s-app: metrics-server 137 | spec: 138 | containers: 139 | - args: 140 | - --cert-dir=/tmp 141 | - --secure-port=10250 142 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 143 | - --kubelet-use-node-status-port 144 | - --metric-resolution=15s 145 | image: registry.k8s.io/metrics-server/metrics-server:v0.7.2 146 | imagePullPolicy: IfNotPresent 147 | name: metrics-server 148 | ports: 149 | - containerPort: 10250 150 | name: https 151 | protocol: TCP 152 | resources: 153 | requests: 154 | cpu: 100m 155 | memory: 200Mi 156 | securityContext: 157 | allowPrivilegeEscalation: false 158 | capabilities: 159 | drop: 160 | - ALL 161 | readOnlyRootFilesystem: true 162 | runAsNonRoot: true 163 | runAsUser: 1000 164 | seccompProfile: 165 | type: RuntimeDefault 166 | volumeMounts: 167 | - mountPath: /tmp 168 | name: tmp-dir 169 | nodeSelector: 170 | kubernetes.io/os: linux 171 | priorityClassName: system-cluster-critical 172 | serviceAccountName: metrics-server 173 | volumes: 174 | - emptyDir: {} 175 | name: tmp-dir 176 | --- 177 | apiVersion: apiregistration.k8s.io/v1 178 | kind: APIService 179 | metadata: 180 | labels: 181 | k8s-app: metrics-server 182 | name: v1beta1.metrics.k8s.io 183 | spec: 184 | group: metrics.k8s.io 185 | groupPriorityMinimum: 100 186 | insecureSkipTLSVerify: true 187 | service: 188 | name: metrics-server 189 | namespace: kube-system 190 | version: v1beta1 191 | versionPriority: 100 192 | {{- end }} 193 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/metrics-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-metrics 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | data: 10 | monitoring.properties: | 11 | # compartmentId to push Monitoring metrics 12 | compartmentId={{ .Values.kubernetesCluster.compartmentId }} 13 | # Kubernetes cluster name 14 | clusterName={{ include "mgmt-agent.kubernetesClusterName" . }} 15 | # Kubernetes Namespace to monitor 16 | kubernetesNamespace={{ .Values.kubernetesCluster.namespace }} 17 | {{- if .Values.kubernetesCluster.monitoringNamespace }} 18 | # namespace to push monitoring metrics 19 | monitoringNamespace={{ .Values.kubernetesCluster.monitoringNamespace }} 20 | {{- end }} 21 | {{- if .Values.kubernetesCluster.overrideAllowMetricsAPIServer }} 22 | # list of comma separated metric names for API server (/metrics) metrics 23 | overrideAllowMetricsAPIServer={{ .Values.kubernetesCluster.overrideAllowMetricsAPIServer }} 24 | {{- end }} 25 | {{- if .Values.kubernetesCluster.overrideAllowMetricsCluster }} 26 | # list of comma separated metric names for agent computed metrics 27 | overrideAllowMetricsCluster={{ .Values.kubernetesCluster.overrideAllowMetricsCluster }} 28 | {{- end }} 29 | {{- if .Values.kubernetesCluster.overrideAllowMetricsKubelet }} 30 | # list of comma separated metric names for Kubelet (/api/v1/nodes//proxy/metrics) metrics 31 | overrideAllowMetricsKubelet={{ .Values.kubernetesCluster.overrideAllowMetricsKubelet }} 32 | {{- end }} 33 | {{- if .Values.kubernetesCluster.overrideAllowMetricsNode }} 34 | # list of comma separated metric names for Node (/api/v1/nodes//proxy/metrics/resource, /api/v1/nodes//proxy/metrics/cadvisor) metrics 35 | overrideAllowMetricsNode={{ .Values.kubernetesCluster.overrideAllowMetricsNode }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/mgmt-agent-daemonset.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | {{- if .Values.deployment.daemonSetDeployment }} 5 | apiVersion: apps/v1 6 | kind: DaemonSet 7 | metadata: 8 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 9 | namespace: {{ include "mgmt-agent.namespace" . }} 10 | labels: 11 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 16 | template: 17 | metadata: 18 | annotations: 19 | checksum/metrics-configmap: {{ include (print $.Template.BasePath "/metrics-configmap.yaml") . | sha256sum }} 20 | checksum/agent-configmap: {{ include (print $.Template.BasePath "/agent-configmap.yaml") . | sha256sum }} 21 | checksum/env-configmap: {{ include (print $.Template.BasePath "/env-configmap.yaml") . | sha256sum }} 22 | labels: 23 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 24 | spec: 25 | securityContext: 26 | runAsUser: {{ default 0 .Values.deployment.security.runAsUser }} 27 | runAsGroup: {{ default 0 .Values.deployment.security.runAsGroup }} 28 | fsGroup: {{ default 0 .Values.deployment.security.fsGroup }} 29 | serviceAccountName: {{ include "mgmt-agent.serviceAccount" . }} 30 | {{- if .Values.mgmtagent.image.secret }} 31 | imagePullSecrets: 32 | - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key 33 | {{- end }} 34 | restartPolicy: Always 35 | containers: 36 | - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 37 | image: {{ .Values.mgmtagent.image.url }} 38 | envFrom: 39 | - configMapRef: 40 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-env 41 | env: 42 | {{- if .Values.mgmtagent.extraEnv }} 43 | {{- range .Values.mgmtagent.extraEnv }} 44 | - name: {{ .name }} 45 | value: {{ .value | quote }} 46 | {{- end }} 47 | {{- end }} 48 | resources: 49 | requests: 50 | cpu: {{ .Values.deployment.resource.request.cpuCore }} 51 | memory: {{ .Values.deployment.resource.request.memory }} 52 | limits: 53 | cpu: {{ .Values.deployment.resource.limit.cpuCore }} 54 | memory: {{ .Values.deployment.resource.limit.memory }} 55 | volumeMounts: 56 | - name: mgmtagent-secret 57 | mountPath: /opt/oracle/mgmtagent_secret 58 | readOnly: true 59 | - name: mgmtagent-hostpath 60 | mountPath: /opt/oracle 61 | - name: mgmtagent-config 62 | mountPath: /opt/oracle/mgmtagent_config 63 | - name: mgmtagent-env 64 | mountPath: /opt/oracle/mgmtagent_env 65 | - name: mgmtagent-agent-config 66 | mountPath: /opt/oracle/mgmtagent_agent_config 67 | - mountPath: /tmp 68 | name: tmp 69 | securityContext: 70 | allowPrivilegeEscalation: false 71 | readOnlyRootFilesystem: true 72 | {{- if .Values.deployment.daemonSet.overrideOwnership }} 73 | initContainers: 74 | - name: change-ownership-container 75 | image: container-registry.oracle.com/os/oraclelinux:8-slim 76 | command: ["/bin/sh", "-c", "chmod 750 /opt/oracle && chown -R {{ .Values.deployment.security.runAsUser }}:{{ .Values.deployment.security.runAsGroup }} /opt/oracle"] 77 | securityContext: 78 | runAsUser: 0 79 | privileged: true 80 | volumeMounts: 81 | - name: mgmtagent-hostpath 82 | mountPath: /opt/oracle 83 | {{- end }} 84 | volumes: 85 | - name: mgmtagent-secret 86 | secret: 87 | secretName: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-rsp 88 | - name: mgmtagent-config 89 | configMap: 90 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-metrics 91 | - name: mgmtagent-env 92 | configMap: 93 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-env 94 | - name: mgmtagent-agent-config 95 | configMap: 96 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-agent 97 | - name: mgmtagent-hostpath 98 | hostPath: 99 | path: "{{ required "deployment.daemonSet.hostPath is required" .Values.deployment.daemonSet.hostPath }}" 100 | {{- if regexMatch "^/opt/oracle/*$" .Values.deployment.daemonSet.hostPath }} 101 | {{- fail "Error: deployment.daemonSet.hostPath cannot be /opt/oracle. Please provide another location or create a sub-directory under /opt/oracle and use that as hostPath" }} 102 | {{- end }} 103 | - emptyDir: {} 104 | name: tmp 105 | {{- end }} 106 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/mgmt-agent-headless-service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | labels: 10 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 11 | spec: 12 | clusterIP: None 13 | selector: 14 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 15 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/mgmt-agent-secrets.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-rsp 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | type: Opaque 10 | data: 11 | input.rsp: | 12 | {{- if .Values.mgmtagent.installKeyFileContent }} 13 | {{ .Values.mgmtagent.installKeyFileContent }} 14 | {{ else }} 15 | {{ .Files.Get .Values.mgmtagent.installKey | b64enc }} 16 | {{- end }} 17 | 18 | --- 19 | {{- if .Values.mgmtagent.image.secret }} 20 | --- 21 | apiVersion: v1 22 | kind: Secret 23 | metadata: 24 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key 25 | namespace: {{ include "mgmt-agent.namespace" . }} 26 | type: kubernetes.io/dockerconfigjson 27 | data: 28 | .dockerconfigjson: | 29 | {{ .Values.mgmtagent.image.secret }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/mgmt-agent/templates/mgmt-agent-statefulset.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: apps/v1 5 | kind: StatefulSet 6 | metadata: 7 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 8 | namespace: {{ include "mgmt-agent.namespace" . }} 9 | labels: 10 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 11 | spec: 12 | serviceName: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 13 | replicas: 1 14 | selector: 15 | matchLabels: 16 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 17 | template: 18 | metadata: 19 | annotations: 20 | checksum/metrics-configmap: {{ include (print $.Template.BasePath "/metrics-configmap.yaml") . | sha256sum }} 21 | checksum/agent-configmap: {{ include (print $.Template.BasePath "/agent-configmap.yaml") . | sha256sum }} 22 | checksum/env-configmap: {{ include (print $.Template.BasePath "/env-configmap.yaml") . | sha256sum }} 23 | labels: 24 | app: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 25 | spec: 26 | securityContext: 27 | runAsUser: {{ default 0 .Values.deployment.security.runAsUser }} 28 | runAsGroup: {{ default 0 .Values.deployment.security.runAsGroup }} 29 | fsGroup: {{ default 0 .Values.deployment.security.fsGroup }} 30 | serviceAccountName: {{ include "mgmt-agent.serviceAccount" . }} 31 | {{- if .Values.mgmtagent.image.secret }} 32 | imagePullSecrets: 33 | - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-container-registry-key 34 | {{- end }} 35 | restartPolicy: Always 36 | containers: 37 | - name: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent 38 | image: {{ .Values.mgmtagent.image.url }} 39 | envFrom: 40 | - configMapRef: 41 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-env 42 | env: 43 | {{- if .Values.mgmtagent.extraEnv }} 44 | {{- range .Values.mgmtagent.extraEnv }} 45 | - name: {{ .name }} 46 | value: {{ .value | quote }} 47 | {{- end }} 48 | {{- end }} 49 | resources: 50 | requests: 51 | cpu: {{ .Values.deployment.resource.request.cpuCore }} 52 | memory: {{ .Values.deployment.resource.request.memory }} 53 | limits: 54 | cpu: {{ .Values.deployment.resource.limit.cpuCore }} 55 | memory: {{ .Values.deployment.resource.limit.memory }} 56 | volumeMounts: 57 | - name: mgmtagent-secret 58 | mountPath: /opt/oracle/mgmtagent_secret 59 | readOnly: true 60 | - name: mgmtagent-pvc 61 | mountPath: /opt/oracle 62 | - name: mgmtagent-config 63 | mountPath: /opt/oracle/mgmtagent_config 64 | - name: mgmtagent-env 65 | mountPath: /opt/oracle/mgmtagent_env 66 | - name: mgmtagent-agent-config 67 | mountPath: /opt/oracle/mgmtagent_agent_config 68 | - mountPath: /tmp 69 | name: tmp 70 | securityContext: 71 | allowPrivilegeEscalation: false 72 | readOnlyRootFilesystem: true 73 | volumes: 74 | - name: mgmtagent-secret 75 | secret: 76 | secretName: {{ include "mgmt-agent.resourceNamePrefix" . }}-mgmt-agent-rsp 77 | - name: mgmtagent-config 78 | configMap: 79 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-metrics 80 | - name: mgmtagent-env 81 | configMap: 82 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-env 83 | - name: mgmtagent-agent-config 84 | configMap: 85 | name: {{ include "mgmt-agent.resourceNamePrefix" . }}-agent 86 | - emptyDir: {} 87 | name: tmp 88 | volumeClaimTemplates: 89 | - metadata: 90 | name: mgmtagent-pvc 91 | spec: 92 | accessModes: [ "ReadWriteOnce" ] 93 | {{- if .Values.deployment.storageClass }} 94 | storageClassName: {{ .Values.deployment.storageClass }} 95 | {{- end }} 96 | resources: 97 | requests: 98 | storage: {{ .Values.deployment.resource.request.storage }} 99 | -------------------------------------------------------------------------------- /charts/mgmt-agent/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | global: 5 | # -- Kubernetes Namespace in which the resources to be created. Set oci-kubernetes-monitoring-common:createNamespace set to true, if the namespace doesn't exist. 6 | namespace: oci-onm 7 | # -- Prefix to be attached to resources created through this chart. Not all resources may have this prefix. 8 | resourceNamePrefix: oci-onm 9 | 10 | oci-onm-common: 11 | # -- By default, a cluster role, cluster role binding and serviceaccount will be created for the monitoring pods to be able to (readonly) access various objects within the cluster, to support collection of various telemetry data. You may set this to false and provide your own serviceaccount (in the parent chart(s)) which has the necessary cluster role(s) binded to it. Refer, README for the cluster role definition and other details. 12 | createServiceAccount: true 13 | # -- If createNamespace is set to true, it tries to create the namespace defined in 'namespace' variable. 14 | createNamespace: true 15 | # -- Kubernetes Namespace in which the serviceaccount to be created. 16 | namespace: "{{ .Values.global.namespace }}" 17 | # -- Prefix to be attached to resources created through this chart. Not all resources may have this prefix. 18 | resourceNamePrefix: "{{ .Values.global.resourceNamePrefix }}" 19 | # -- Name of the Kubernetes ServiceAccount 20 | serviceAccount: "{{ .Values.global.resourceNamePrefix }}" 21 | 22 | mgmtagent: 23 | # Provide either installKeyFileContent or installKey as an install key. If both provided then installKeyFileContent will take higher precedence. 24 | 25 | # -- Provide the base64 encoded content of the Management Agent Install Key file (e.g. cat input.rsp | base64 -w 0) 26 | installKeyFileContent: 27 | # -- Copy the downloaded Management Agent Install Key file under root helm directory as resources/input.rsp 28 | installKey: resources/input.rsp 29 | # Follow steps documented at https://github.com/oracle/docker-images/tree/main/OracleManagementAgent to build docker image. 30 | image: 31 | # -- Replace this value with actual docker image URL for Management Agent 32 | url: 33 | # -- Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) 34 | secret: 35 | # Please specify additional environment variables in name:value pairs 36 | extraEnv: 37 | # Openjdk on RHEL with FIPS requires the default security property to be disabled, 38 | # so that Management Agent can use its own bcfips security provider. 39 | # Set this to true to disable, and pass disableJREDefaultSecurityPropertiesFile=true via the rsp file. 40 | - name: DISABLE_JRE_DEFAULT_SECURITY_PROPERTIES_FILE 41 | value: "false" 42 | 43 | # -- Kubernetes namespace to create and install this helm chart in 44 | namespace: "{{ .Values.global.namespace }}" 45 | 46 | # -- Name of the Kubernetes ServiceAccount 47 | serviceAccount: "{{ .Values.global.resourceNamePrefix }}" 48 | 49 | # -- By default, metric server will be deployed and used by Management Agent to collect metrics. You can set this to false if you already have metric server installed on your cluster 50 | deployMetricServer: true 51 | 52 | # Kubernetes Cluster details to monitor 53 | kubernetesCluster: 54 | # -- OCI Compartment Id to push Kubernetes Monitoring metrics. If not specified default is same as Agent compartment 55 | compartmentId: 56 | # -- Kubernetes cluster name 57 | name: 58 | # -- Kubernetes cluster namespace(s) to monitor. This can be a comma-separated list of namespaces or '*' to monitor all the namespaces 59 | namespace: '*' 60 | # -- OCI namespace to push Kubernetes Monitoring metrics. The namespace should match the pattern '^[a-z][a-z0-9_]*[a-z0-9]$'. By default metrics will be pushed to 'mgmtagent_kubernetes_metrics' 61 | monitoringNamespace: 62 | # -- Provide the specific list of comma separated metric names for API server (/metrics) metrics to be collected. 63 | overrideAllowMetricsAPIServer: 64 | # -- Provide the specific list of comma separated metric names for agent computed metrics to be collected. 65 | overrideAllowMetricsCluster: 66 | # -- Provide the specific list of comma separated metric names for Kubelet (/api/v1/nodes//proxy/metrics) metrics to be collected. 67 | overrideAllowMetricsKubelet: 68 | # -- Provide the specific list of comma separated metric names for Node (/api/v1/nodes//proxy/metrics/resource, /api/v1/nodes//proxy/metrics/cadvisor) metrics to be collected. 69 | overrideAllowMetricsNode: 70 | 71 | deployment: 72 | security: 73 | # Processes in the Container will run as user ID 1000, replace it with a different value if desired 74 | runAsUser: 1000 75 | # Processes in the Container will use group ID 2000, replace it with a different value if desired 76 | runAsGroup: 2000 77 | # Files created in the Container will use group ID 2000, replace it with a different value if desired 78 | fsGroup: 2000 79 | 80 | # Please provide the current epoch time in seconds (Eg: Executing the following command in a bash shell will provide the epoch time: "date +%s") to clean up the agent installation directory from previous deployment 81 | cleanupEpochTime: 82 | 83 | # Setting the daemonset deployment to true, will deploy the Management Agents as a daemonset in addition to deploying the Management Agent as a statefulset. This is done to to distribute the node metrics collection to agents running on the node 84 | daemonSetDeployment: false 85 | 86 | daemonSet: 87 | # Provide the host path if Agent is deployed as DaemonSet. Management Agent Pod should have read-write access to it. 88 | # Note: The hostPath cannot point to /opt/oracle, please provide another location or create a sub-directory under /opt/oracle and use that as hostPath. 89 | # The Management Agent helm chart will attempt to change ownership and permissions on the host path provided here. 90 | hostPath: 91 | # Override the ownership and permissions on the hostPath. The hostPath will be owned by the runAsUser and runAsGroup provided under security context above and the permission as 750. 92 | # Note: This requires oraclelinux:8-slim image 93 | # Setting overrideOwnership to false will disable the ownership change. 94 | overrideOwnership: true 95 | 96 | # Provide the agent resources as per Kubernetes resource quantity 97 | resource: 98 | # Provide the minimum required resources 99 | request: 100 | # specify the cpu cores 101 | cpuCore: 200m 102 | # specify the memory 103 | memory: 500Mi 104 | # specify the storage capacity for StatefulSet's PVC 105 | storage: 2Gi 106 | # Provide the maximum limit for resources 107 | limit: 108 | # specify the cpu cores 109 | cpuCore: 500m 110 | # specify the memory 111 | memory: 1Gi 112 | 113 | # Provide the storage class for StatefulSet's PVC. If not provided then the Cluster's default storage class will be used. 114 | storageClass: 115 | -------------------------------------------------------------------------------- /charts/oci-onm/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v2 5 | name: oci-onm 6 | description: Helm chart for collecting Kubernetes logs & objects and metrics using Fluentd and ManagementAgent into OCI Logging Analytics and OCI Monitoring respectively. 7 | 8 | # A chart can be either an 'application' or a 'library' chart. 9 | # 10 | # Application charts are a collection of templates that can be packaged into versioned archives 11 | # to be deployed. 12 | # 13 | # Library charts provide useful utilities or functions for the chart developer. They're included as 14 | # a dependency of application charts to inject those utilities and functions into the rendering 15 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 16 | type: application 17 | 18 | # This is the chart version. This version number should be incremented each time you make changes 19 | # to the chart and its templates, including the app version. 20 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 21 | version: 3.6.0 22 | 23 | # This is the version number of the application being deployed. This version number should be 24 | # incremented each time you make changes to the application. Versions are not expected to 25 | # follow Semantic Versioning. They should reflect the version the application is using. 26 | # It is recommended to use it with quotes. 27 | appVersion: "3.0.0" 28 | 29 | dependencies: 30 | - name: oci-onm-common 31 | version: "3.1.0" 32 | repository: "file://../common" 33 | condition: oci-onm-common.enabled 34 | - name: oci-onm-logan 35 | version: "3.6.0" 36 | repository: "file://../logan" 37 | condition: oci-onm-logan.enabled 38 | - name: oci-onm-mgmt-agent 39 | version: "3.0.4" 40 | repository: "file://../mgmt-agent" 41 | condition: oci-onm-mgmt-agent.enabled 42 | -------------------------------------------------------------------------------- /charts/oci-onm/README.md: -------------------------------------------------------------------------------- 1 | # oci-onm 2 | 3 | ![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) 4 | 5 | Helm chart for collecting Kubernetes logs & objects and metrics using Fluentd and ManagementAgent into OCI Logging Analytics and OCI Monitoring respectively. 6 | 7 | ## Requirements 8 | 9 | | Repository | Name | Version | 10 | |------------|------|---------| 11 | | file://../common | oci-onm-common | 3.0.0 | 12 | | file://../logan | oci-onm-logan | 3.0.0 | 13 | | file://../mgmt-agent | oci-onm-mgmt-agent | 3.0.0 | 14 | 15 | ## Values 16 | 17 | | Key | Type | Default | Description | 18 | |-----|------|---------|-------------| 19 | | global.kubernetesClusterID | string | `nil` | OKE OCID for an OKE cluster or an unique ID for other Kubernetes clusters. | 20 | | global.kubernetesClusterName | string | `nil` | Provide a unique name for the cluster. This would help uniquely identifying the logs and metrics data at OCI Logging Analytics and OCI Monitoring respectivelt, when moitoring multiple clustersa | 21 | | global.namespace | string | `"oci-onm"` | Kubernetes Namespace in which the resources to be created. Set oci-kubernetes-monitoring-common:createNamespace set to true, if the namespace doesn't exist. | 22 | | global.resourceNamePrefix | string | `"oci-onm"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | 23 | | oci-onm-common.createNamespace | bool | `true` | If createNamespace is set to true, it tries to create the namespace defined in 'namespace' variable. | 24 | | oci-onm-common.createServiceAccount | bool | `true` | By default, a cluster role, cluster role binding and serviceaccount will be created for the monitoring pods to be able to (readonly) access various objects within the cluster, to support collection of various telemetry data. You may set this to false and provide your own serviceaccount which has the necessary cluster role(s) binded to it. Refer, README for the cluster role definition and other details. | 25 | | oci-onm-common.namespace | string | `"{{ .Values.global.namespace }}"` | Kubernetes Namespace in which the serviceaccount to be created. | 26 | | oci-onm-common.resourceNamePrefix | string | `"{{ .Values.global.resourceNamePrefix }}"` | Prefix to be attached to resources created through this chart. Not all resources may have this prefix. | 27 | | oci-onm-common.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | Name of the Kubernetes ServiceAccount | 28 | | oci-onm-logan.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.1.0"` | | 29 | | oci-onm-logan.kubernetesClusterID | string | `"{{ .Values.global.kubernetesClusterID }}"` | | 30 | | oci-onm-logan.kubernetesClusterName | string | `"{{ .Values.global.kubernetesClusterName }}"` | | 31 | | oci-onm-logan.namespace | string | `"{{ .Values.global.namespace }}"` | | 32 | | oci-onm-logan.oci-onm-common.enabled | bool | `false` | | 33 | | oci-onm-logan.ociLALogGroupID | string | `nil` | | 34 | | oci-onm-logan.ociLANamespace | string | `nil` | | 35 | | oci-onm-logan.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | | 36 | | oci-onm-mgmt-agent.kubernetesCluster.name | string | `"{{ .Values.global.kubernetesClusterName }}"` | | 37 | | oci-onm-mgmt-agent.mgmtagent.image.secret | string | `nil` | | 38 | | oci-onm-mgmt-agent.mgmtagent.image.url | string | `"container-registry.oracle.com/oci_observability_management/oci-management-agent:1.3.0"` | | 39 | | oci-onm-mgmt-agent.mgmtagent.installKey | string | `"resources/input.rsp"` | Copy the downloaded Management Agent Install Key file under root helm directory as resources/input.rsp . Provide either installKeyFileContent or installKey as an install key | 40 | | oci-onm-mgmt-agent.mgmtagent.installKeyFileContent | string | `nil` | Provide the base64 encoded content of the Management Agent Install Key file (e.g. `cat input.rsp \| base64 -w 0`). Provide either installKeyFileContent or installKey as an install key | 41 | | oci-onm-mgmt-agent.namespace | string | `"{{ .Values.global.namespace }}"` | | 42 | | oci-onm-mgmt-agent.oci-onm-common.enabled | bool | `false` | | 43 | | oci-onm-mgmt-agent.serviceAccount | string | `"{{ .Values.global.resourceNamePrefix }}"` | | 44 | 45 | ---------------------------------------------- 46 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 47 | -------------------------------------------------------------------------------- /charts/oci-onm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tpl render function 5 | {{- define "common.tplvalues.render" -}} 6 | {{- if typeIs "string" .value }} 7 | {{- tpl .value .context }} 8 | {{- else }} 9 | {{- tpl (.value | toYaml) .context }} 10 | {{- end }} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /charts/oci-onm/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | global: 5 | # -- Kubernetes Namespace in which the resources to be created. Set oci-kubernetes-monitoring-common:createNamespace set to true, if the namespace doesn't exist. 6 | namespace: oci-onm 7 | # -- Prefix to be attached to resources created through this chart. Not all resources may have this prefix. 8 | resourceNamePrefix: oci-onm 9 | # -- OKE OCID for an OKE cluster or an unique ID for other Kubernetes clusters. 10 | kubernetesClusterID: 11 | # -- Provide a unique name for the cluster. This would help uniquely identifying the logs and metrics data at OCI Logging Analytics and OCI Monitoring respectivelt, when moitoring multiple clustersa 12 | kubernetesClusterName: 13 | 14 | oci-onm-common: 15 | # -- By default, a cluster role, cluster role binding and serviceaccount will be created for the monitoring pods to be able to (readonly) access various objects within the cluster, to support collection of various telemetry data. You may set this to false and provide your own serviceaccount which has the necessary cluster role(s) binded to it. Refer, README for the cluster role definition and other details. 16 | createServiceAccount: true 17 | # -- If createNamespace is set to true, it tries to create the namespace defined in 'namespace' variable. 18 | createNamespace: true 19 | # -- Kubernetes Namespace in which the serviceaccount to be created. 20 | namespace: "{{ .Values.global.namespace }}" 21 | # -- Prefix to be attached to resources created through this chart. Not all resources may have this prefix. 22 | resourceNamePrefix: "{{ .Values.global.resourceNamePrefix }}" 23 | # -- Name of the Kubernetes ServiceAccount 24 | serviceAccount: "{{ .Values.global.resourceNamePrefix }}" 25 | 26 | oci-onm-logan: 27 | oci-onm-common: 28 | enabled: false 29 | namespace: "{{ .Values.global.namespace }}" 30 | serviceAccount: "{{ .Values.global.resourceNamePrefix }}" 31 | kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}" 32 | kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}" 33 | image: 34 | url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.6.0 35 | # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. 36 | ociLANamespace: 37 | # OCI Logging Analytics Default Log Group OCID 38 | ociLALogGroupID: 39 | # OCI Logging Analytics Entity OCID representing the target cluster 40 | ociLAClusterEntityID: 41 | # This parameter is required only for realms where the OCI Ruby SDK is not supported. 42 | # Format: .oci. 43 | # Example: us-ashburn-1.oci.oraclecloud.com 44 | ociDomain: 45 | 46 | oci-onm-mgmt-agent: 47 | oci-onm-common: 48 | enabled: false 49 | namespace: "{{ .Values.global.namespace }}" 50 | serviceAccount: "{{ .Values.global.resourceNamePrefix }}" 51 | kubernetesCluster: 52 | name: "{{ .Values.global.kubernetesClusterName }}" 53 | mgmtagent: 54 | # Provide the base64 encoded content of the Management Agent Install Key file (e.g. cat input.rsp | base64 -w 0) 55 | installKeyFileContent: 56 | # Follow steps documented at https://github.com/oracle/docker-images/tree/main/OracleManagementAgent to build docker image. 57 | image: 58 | # Replace this value with actual docker image URL for Management Agent 59 | url: container-registry.oracle.com/oci_observability_management/oci-management-agent:1.7.0 60 | # Image secrets to use for pulling container image (base64 encoded content of ~/.docker/config.json file) 61 | secret: 62 | -------------------------------------------------------------------------------- /docs/custom-images.md: -------------------------------------------------------------------------------- 1 | ### Container Images 2 | 3 | By default, pre-built images by Oracle are used. 4 | 5 | #### Pre-built images 6 | 7 | * [Fluentd Container Image](https://container-registry.oracle.com/ords/f?p=113:4:13515970073310:::4:P4_REPOSITORY,AI_REPOSITORY,AI_REPOSITORY_NAME,P4_REPOSITORY_NAME,P4_EULA_ID,P4_BUSINESS_AREA_ID:1843,1843,OCI%20Logging%20Analytics%20Fluentd%20based%20Collector,OCI%20Logging%20Analytics%20Fluentd%20based%20Collector,1,0&cs=3UtJ-CmXRZ5iKQ-QrQfja1Mxp3EIiFQ7TwBty97eqA8LmTyZtsiaFZgLmGu-qD28SwH3RIUZVXxYevRBNBR5yng) 8 | * [Management Agent Container Image](https://container-registry.oracle.com/ords/f?p=113:4:13515970073310:::4:P4_REPOSITORY,AI_REPOSITORY,AI_REPOSITORY_NAME,P4_REPOSITORY_NAME,P4_EULA_ID,P4_BUSINESS_AREA_ID:2004,2004,OCI%20Management%20Agent%20Container%20Image,OCI%20Management%20Agent%20Container%20Image,1,0&cs=35eEP-Hh_4zhB7KLZ1uShwA7SEd5xmbYo-gwkV-TJaxhVB25CIxgQN7EfUbBlUcZQHiX-peQRtm7MAGxO-hEjTA) 9 | 10 | #### Building images 11 | 12 | ##### Fluentd Container Image 13 | 14 | - Download all the files from the below mentioned dir into a local machine having access to internet and docker installed. 15 | - [OL8-Slim](logan/docker-images/v1.0/oraclelinux/8-slim/) 16 | - Run the following command to build the image. 17 | - `docker build -t oci-la-fluentd-collector-custom -f Dockerfile .` 18 | - The docker image built from the above step, can either be pushed to Docker Hub or OCI Container Registry (OCIR) or to a Local Docker Registry depending on the requirements. 19 | - [How to push the image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub) 20 | - [How to push the image to OCIR](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html). 21 | - [How to push the image to Local Registry](https://docs.docker.com/registry/deploying/). 22 | 23 | ##### Management Agent Container Image 24 | Instructions to build the container image for Management Agent are available in the Oracle's Docker Images repository on [Github](https://github.com/oracle/docker-images/tree/main/OracleManagementAgent) 25 | 26 | -------------------------------------------------------------------------------- /docs/custom-logs.md: -------------------------------------------------------------------------------- 1 | ## Custom Logs Configuration 2 | 3 | ### How to use custom logSource (oci_la_log_source_name) and/or other custom configuration for Pod/Container Logs collected through "Kubernetes Container Generic Logs" logSource ? 4 | 5 | A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. 6 | This is to ensure that all the logs generated by all pods are collected and pushed to Logging Analytics. 7 | Often you may need to configure a custom logSource for a particular pod log, either by using one of the existing OOB logSources at Logging Analytics or by defining one custom logSource matching to the requirements. 8 | Once you have defined/identified a logSource for a particular pod log, the following are couple of ways to get those pod logs associated to the logSource. 9 | 10 | #### Use Pod Annotations 11 | 12 | In this approach, all that you need to do is add the following annotation, `oracle.com/oci_la_log_source_name` (with logSourceName as value) to all the pods of choice. 13 | This approach works for all the use-cases, except for multi-line plain text formatted logs. 14 | 15 | * Refer [this doc](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to find how to add the annotation through Pod's metadata section. This is the recommended approach as it provides the persistent behavior. 16 | * Refer [this doc](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#annotate) to find how to add annotation through 'kubectl annotate' command. You may use this approach for quick testing. 17 | 18 | **Note** The following configuration parameters are supported for customisation through Pod Annotations in addition to logSource, 19 | 20 | * oracle.com/oci_la_log_group_id => to use custom logGroupId (oci_la_log_group_id) 21 | * oracle.com/oci_la_entity_id => to use custom entityId (oci_la_entity_id) 22 | 23 | #### customLogs section in helm chart values.yaml 24 | 25 | In this approach, all that you need to do is to provide the necessary configuration information like log file path, logSource, multiline start regular expression (in case of multi-line logs) in the customLogs section of override_values.yaml. 26 | Using this information the corresponding Fluentd configuration is generated automatically. 27 | 28 | **Note** This approach is valid only when using helm chart based installation. 29 | 30 | The following example demonstrates a container customLogs configuration 31 | 32 | ``` 33 | ... 34 | ... 35 | oci-onm-logan: 36 | ... 37 | ... 38 | fluentd: 39 | ... 40 | ... 41 | customLogs: 42 | custom-log1: 43 | path: /var/log/containers/custom-1.log 44 | ociLALogSourceName: "Custom1 Logs" 45 | multilineStartRegExp: 46 | isContainerLog: true 47 | ``` 48 | 49 | The following example demonstrates a non container customLogs configuration 50 | 51 | ``` 52 | ... 53 | ... 54 | oci-onm-logan: 55 | ... 56 | ... 57 | fluentd: 58 | ... 59 | ... 60 | customLogs: 61 | custom-log2: 62 | path: /var/log/custom/custom-2.log 63 | ociLALogSourceName: "Custom2 Logs" 64 | multilineStartRegExp: 65 | isContainerLog: false 66 | ``` 67 | 68 | #### Use Fluentd conf 69 | 70 | In this approach, a new set of Source, Filter sections have to be created in the customFluentdConf section of values.yaml. 71 | The following example demonstrates a custom fluentd config to tag `/var/log/containers/frontend*.log` with logSource "Guestbook Frontend Logs" 72 | (*To be added to helm-chart override_values.yaml, under customFluentdConf section*). 73 | 74 | ``` 75 | ... 76 | ... 77 | oci-onm-logan: 78 | ... 79 | ... 80 | fluentd: 81 | ... 82 | ... 83 | customFluentdConf: | 84 | 85 | @type tail 86 | @id in_tail_frontend 87 | path_key tailed_path 88 | path /var/log/containers/frontend-*.log 89 | pos_file /var/log/oci_la_fluentd_outplugin/pos/frontend.logs.pos 90 | tag oci.oke.frontend.* 91 | read_from_head "#{ENV['FLUENT_OCI_READ_FROM_HEAD'] || true}" 92 | 93 | {{- if eq $runtime "docker" }} 94 | @type json 95 | {{- else}} 96 | @type cri 97 | {{- end }} 98 | 99 | 100 | 101 | # Record transformer filter to apply Logging Analytics configuration to each record. 102 | 103 | @type record_transformer 104 | enable_ruby true 105 | 106 | oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_NAME'] || 'UNDEFINED'}", "Kubernetes Cluster ID": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_ID'] || 'UNDEFINED'}"{{"}}"}} 107 | oci_la_log_group_id "#{ENV['FLUENT_OCI_KUBERNETES_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}" 108 | oci_la_log_path "${record['tailed_path']}" 109 | oci_la_log_source_name "Guestbook Frontend Logs" 110 | {{- if eq $runtime "docker" }} 111 | message "${record['log']}" 112 | {{- end }} 113 | tag ${tag} 114 | 115 | 116 | ``` 117 | 118 | **Note**: The log path `/var/log/containers/frontend-*.log` has to be excluded from the generic container logs to avoid duplicate log collection. Add the log path to*exclude_path*value under*in_tail_containerlogs* source section. 119 | 120 | ``` 121 | ... 122 | ... 123 | oci-onm-logan: 124 | ... 125 | ... 126 | fluentd: 127 | ... 128 | ... 129 | genericContainerLogs: 130 | exclude_path: 131 | - '"/var/log/containers/kube-proxy-*.log"' 132 | ... 133 | ... 134 | - '"/var/log/containers/frontend-*.log"' 135 | ``` 136 | 137 | In addition to the above, you may need to modify the source section to add `multiline parser`, if the logs are of plain text multi-line format (OR) add a concat plugin filter if the logs are of say multi-line but wrapped in json. Refer oci-onm-logan chart logs-configmap template for examples. 138 | -------------------------------------------------------------------------------- /docs/eks-cp-logs-streaming.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/docs/eks-cp-logs-streaming.png -------------------------------------------------------------------------------- /docs/license-short.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2023, Oracle and/or its affiliates. 2 | Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | -------------------------------------------------------------------------------- /docs/s3-partitioned-logs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/docs/s3-partitioned-logs.png -------------------------------------------------------------------------------- /logan/docker-images/v1.0/oraclelinux/8-slim/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | ### Build the docker image using multi-stage build 5 | 6 | ## To build/install all the dependencies 7 | 8 | FROM container-registry.oracle.com/os/oraclelinux:8-slim AS builder 9 | 10 | USER root 11 | WORKDIR /fluentd 12 | 13 | # Environment variables 14 | ENV PATH /fluentd/vendor/bundle/ruby/3.3/bin:$PATH 15 | ENV GEM_PATH /fluentd/vendor/bundle/ruby/3.3:$GEM_PATH 16 | ENV GEM_HOME /fluentd/vendor/bundle/ruby/3.3 17 | # skip runtime bundler installation 18 | ENV FLUENTD_DISABLE_BUNDLER_INJECTION 1 19 | 20 | COPY Gemfile* /fluentd/ 21 | 22 | # Install ruby, ruby-libs along with rubygems and bundler. 23 | RUN microdnf -y module enable ruby:3.3 \ 24 | # Install ruby and ruby-libs, disabling week dependencies 25 | && microdnf -y install --setopt=install_weak_deps=0 --nodocs ruby ruby-libs \ 26 | # Install rubygems (it's dependencies rubygem-openssl rubygem-psych), disabling week dependencies 27 | && microdnf -y install --setopt=install_weak_deps=0 --nodocs rubygems \ 28 | && gem install bundler -v 2.5.16 \ 29 | # Install development dependent packages for gems native installation 30 | && microdnf --enablerepo ol8_codeready_builder -y install --nodocs gcc make redhat-rpm-config openssl ruby-devel gcc-c++ libtool libffi-devel bzip2 git libyaml-devel \ 31 | # Install Fluentd, it's dependencies along with other run time dependencies for OCI Logging Analytics Solution 32 | && bundle config silence_root_warning true \ 33 | && bundle config --local path /fluentd/vendor/bundle \ 34 | && bundle config --global jobs 9 \ 35 | && bundle install --gemfile=/fluentd/Gemfile \ 36 | # Install tini, init for containers (from EPEL repo) 37 | && microdnf -y install --setopt=install_weak_deps=0 --nodocs oracle-epel-release-el8 \ 38 | && microdnf -y install --nodocs tini-0.19.0 \ 39 | # Install jemalloc (custom make with no docs) 40 | && cd /tmp && ls /tmp \ 41 | && git clone -b 5.3.0 https://github.com/jemalloc/jemalloc.git && cd jemalloc/ \ 42 | && ./autogen.sh && make && make install_bin install_include install_lib \ 43 | && mv lib/libjemalloc.so.2 /usr/lib 44 | 45 | ## To build the final docker image 46 | 47 | FROM container-registry.oracle.com/os/oraclelinux:8-slim 48 | 49 | USER root 50 | WORKDIR /fluentd 51 | 52 | # Environment variables 53 | ENV PATH /fluentd/vendor/bundle/ruby/3.3/bin:$PATH 54 | ENV GEM_PATH /fluentd/vendor/bundle/ruby/3.3:$GEM_PATH 55 | ENV GEM_HOME /fluentd/vendor/bundle/ruby/3.3 56 | # skip runtime bundler installation 57 | ENV FLUENTD_DISABLE_BUNDLER_INJECTION 1 58 | 59 | # Install ruby, ruby-libs along with rubygems and bundler. 60 | RUN microdnf -y module enable ruby:3.3 \ 61 | # Install ruby and ruby-libs, disabling week dependencies 62 | && microdnf -y install --setopt=install_weak_deps=0 --nodocs ruby ruby-libs \ 63 | # Install rubygems (it's dependencies rubygem-openssl rubygem-psych), disabling week dependencies 64 | && microdnf -y install --setopt=install_weak_deps=0 --nodocs rubygems \ 65 | && gem install bundler -v 2.5.16 \ 66 | && bundle config --local path /fluentd/vendor/bundle \ 67 | # clear caches 68 | && microdnf clean all \ 69 | && rm -rf /var/cache/dnf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem 70 | 71 | # Copy binaries (tini & jemallco) and rubygems bundler environment from build stage 72 | COPY --from=builder /fluentd /fluentd 73 | COPY --from=builder /usr/bin/tini /usr/bin/tini 74 | COPY --from=builder /usr/lib/libjemalloc.so.2 /usr/lib/libjemalloc.so.2 75 | 76 | RUN mkdir -p /fluentd/etc /fluentd/plugins \ 77 | && touch /fluentd/etc/disable.conf 78 | 79 | # Environment variables 80 | ENV FLUENTD_CONF="/fluentd/etc/fluent.conf" 81 | ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2" 82 | 83 | COPY entrypoint.sh /fluentd/entrypoint.sh 84 | # Give execution permission to entrypoint.sh 85 | RUN ["chmod", "+x", "/fluentd/entrypoint.sh"] 86 | 87 | # Overwrite ENTRYPOINT to run fluentd as root for /var/log / /var/lib 88 | ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"] 89 | -------------------------------------------------------------------------------- /logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | source "https://rubygems.org" 5 | 6 | gem "oj", "3.16.4" 7 | gem "json", "2.7.2" 8 | gem "fluentd", "1.17.1" 9 | gem "fluent-plugin-oci-logging-analytics", "2.0.6" 10 | gem "fluent-plugin-concat", "~> 2.5.0" 11 | gem "fluent-plugin-rewrite-tag-filter", "~> 2.4.0" 12 | gem "fluent-plugin-parser-cri", "~> 0.1.1" 13 | gem "fluent-plugin-kubernetes_metadata_filter", "3.5.0" 14 | gem "oci-logging-analytics-kubernetes-discovery", "1.0.2" 15 | gem "fluent-plugin-record-modifier", "2.2.0" 16 | gem "fluent-plugin-cloudwatch-logs", "0.14.3" 17 | gem "fluent-plugin-s3", "1.7.2" 18 | gem "rexml", "3.4.0" 19 | -------------------------------------------------------------------------------- /logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | addressable (2.8.7) 5 | public_suffix (>= 2.0.2, < 7.0) 6 | aws-eventstream (1.3.0) 7 | aws-partitions (1.958.0) 8 | aws-sdk-cloudwatchlogs (1.87.0) 9 | aws-sdk-core (~> 3, >= 3.201.0) 10 | aws-sigv4 (~> 1.5) 11 | aws-sdk-core (3.201.3) 12 | aws-eventstream (~> 1, >= 1.3.0) 13 | aws-partitions (~> 1, >= 1.651.0) 14 | aws-sigv4 (~> 1.8) 15 | jmespath (~> 1, >= 1.6.1) 16 | aws-sdk-kms (1.88.0) 17 | aws-sdk-core (~> 3, >= 3.201.0) 18 | aws-sigv4 (~> 1.5) 19 | aws-sdk-s3 (1.156.0) 20 | aws-sdk-core (~> 3, >= 3.201.0) 21 | aws-sdk-kms (~> 1) 22 | aws-sigv4 (~> 1.5) 23 | aws-sdk-sqs (1.80.0) 24 | aws-sdk-core (~> 3, >= 3.201.0) 25 | aws-sigv4 (~> 1.5) 26 | aws-sigv4 (1.9.0) 27 | aws-eventstream (~> 1, >= 1.0.2) 28 | base64 (0.2.0) 29 | bigdecimal (3.1.8) 30 | concurrent-ruby (1.3.3) 31 | cool.io (1.8.1) 32 | csv (3.3.0) 33 | domain_name (0.6.20240107) 34 | drb (2.2.1) 35 | event_stream_parser (1.0.0) 36 | ffi (1.15.5) 37 | ffi-compiler (1.0.1) 38 | ffi (>= 1.0.0) 39 | rake 40 | fluent-config-regexp-type (1.0.0) 41 | fluentd (> 1.0.0, < 2) 42 | fluent-plugin-cloudwatch-logs (0.14.3) 43 | aws-sdk-cloudwatchlogs (~> 1.0) 44 | fluentd (>= 1.8.0) 45 | fluent-plugin-concat (2.5.0) 46 | fluentd (>= 0.14.0, < 2) 47 | fluent-plugin-kubernetes_metadata_filter (3.5.0) 48 | fluentd (>= 0.14.0, < 1.18) 49 | kubeclient (>= 4.0.0, < 5.0.0) 50 | lru_redux 51 | fluent-plugin-oci-logging-analytics (2.0.6) 52 | fluentd (>= 0.14.10, < 2) 53 | oci (~> 2.16) 54 | prometheus-client (~> 4.0) 55 | rubyzip (~> 2.3.2) 56 | yajl-ruby (~> 1.4, >= 1.4.3) 57 | fluent-plugin-parser-cri (0.1.1) 58 | fluentd (>= 1) 59 | fluent-plugin-record-modifier (2.2.0) 60 | fluentd (>= 1.1, < 2) 61 | fluent-plugin-rewrite-tag-filter (2.4.0) 62 | fluent-config-regexp-type 63 | fluentd (>= 0.14.2, < 2) 64 | fluent-plugin-s3 (1.7.2) 65 | aws-sdk-s3 (~> 1.60) 66 | aws-sdk-sqs (~> 1.23) 67 | fluentd (>= 0.14.22, < 2) 68 | fluentd (1.17.1) 69 | base64 (~> 0.2) 70 | bundler 71 | cool.io (>= 1.4.5, < 2.0.0) 72 | csv (~> 3.2) 73 | drb (~> 2.2) 74 | http_parser.rb (>= 0.5.1, < 0.9.0) 75 | logger (~> 1.6) 76 | msgpack (>= 1.3.1, < 2.0.0) 77 | serverengine (>= 2.3.2, < 3.0.0) 78 | sigdump (~> 0.2.5) 79 | strptime (>= 0.2.4, < 1.0.0) 80 | tzinfo (>= 1.0, < 3.0) 81 | tzinfo-data (~> 1.0) 82 | webrick (~> 1.4) 83 | yajl-ruby (~> 1.0) 84 | http (5.2.0) 85 | addressable (~> 2.8) 86 | base64 (~> 0.1) 87 | http-cookie (~> 1.0) 88 | http-form_data (~> 2.2) 89 | llhttp-ffi (~> 0.5.0) 90 | http-accept (1.7.0) 91 | http-cookie (1.0.6) 92 | domain_name (~> 0.5) 93 | http-form_data (2.3.0) 94 | http_parser.rb (0.8.0) 95 | inifile (3.0.0) 96 | jmespath (1.6.2) 97 | json (2.7.2) 98 | jsonpath (1.1.5) 99 | multi_json 100 | jwt (2.8.2) 101 | base64 102 | kubeclient (4.12.0) 103 | http (>= 3.0, < 6.0) 104 | jsonpath (~> 1.0) 105 | recursive-open-struct (~> 1.1, >= 1.1.1) 106 | rest-client (~> 2.0) 107 | llhttp-ffi (0.5.0) 108 | ffi-compiler (~> 1.0) 109 | rake (~> 13.0) 110 | logger (1.6.1) 111 | lru_redux (1.1.0) 112 | mime-types (3.5.2) 113 | mime-types-data (~> 3.2015) 114 | mime-types-data (3.2024.0702) 115 | msgpack (1.7.2) 116 | multi_json (1.15.0) 117 | netrc (0.11.0) 118 | oci (2.21.1) 119 | event_stream_parser (~> 1.0.0) 120 | inifile (~> 3.0, >= 3.0.0) 121 | json (>= 1.4.6, < 3.0.0) 122 | jwt (~> 2.1) 123 | psych (~> 5.0, >= 5.0.1) 124 | oci-logging-analytics-kubernetes-discovery (1.0.2) 125 | concurrent-ruby (~> 1.2, >= 1.2.2) 126 | kubeclient (~> 4.9, >= 4.9.3) 127 | oci (~> 2.20) 128 | rubyzip (~> 2.3.2) 129 | yajl-ruby (~> 1.0) 130 | oj (3.16.4) 131 | bigdecimal (>= 3.0) 132 | prometheus-client (4.2.3) 133 | base64 134 | psych (5.1.2) 135 | stringio 136 | public_suffix (6.0.1) 137 | rake (13.2.1) 138 | recursive-open-struct (1.2.2) 139 | rest-client (2.1.0) 140 | http-accept (>= 1.7.0, < 2.0) 141 | http-cookie (>= 1.0.2, < 2.0) 142 | mime-types (>= 1.16, < 4.0) 143 | netrc (~> 0.8) 144 | rexml (3.4.0) 145 | rubyzip (2.3.2) 146 | serverengine (2.3.2) 147 | sigdump (~> 0.2.2) 148 | sigdump (0.2.5) 149 | stringio (3.1.1) 150 | strptime (0.2.5) 151 | tzinfo (2.0.6) 152 | concurrent-ruby (~> 1.0) 153 | tzinfo-data (1.2024.1) 154 | tzinfo (>= 1.0.0) 155 | webrick (1.9.1) 156 | yajl-ruby (1.4.3) 157 | 158 | PLATFORMS 159 | x86_64-linux 160 | 161 | DEPENDENCIES 162 | fluent-plugin-cloudwatch-logs (= 0.14.3) 163 | fluent-plugin-concat (~> 2.5.0) 164 | fluent-plugin-kubernetes_metadata_filter (= 3.5.0) 165 | fluent-plugin-oci-logging-analytics (= 2.0.6) 166 | fluent-plugin-parser-cri (~> 0.1.1) 167 | fluent-plugin-record-modifier (= 2.2.0) 168 | fluent-plugin-rewrite-tag-filter (~> 2.4.0) 169 | fluent-plugin-s3 (= 1.7.2) 170 | fluentd (= 1.17.1) 171 | json (= 2.7.2) 172 | oci-logging-analytics-kubernetes-discovery (= 1.0.2) 173 | oj (= 3.16.4) 174 | rexml (= 3.4.0) 175 | 176 | BUNDLED WITH 177 | 2.5.16 178 | -------------------------------------------------------------------------------- /logan/docker-images/v1.0/oraclelinux/8-slim/entrypoint.sh: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #!/usr/bin/env sh 5 | 6 | bundle exec fluentd -c ${FLUENTD_CONF} -p /fluentd/plugins --gemfile /fluentd/Gemfile ${FLUENTD_OPT} 7 | -------------------------------------------------------------------------------- /logan/images/cluster-view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/cluster-view.png -------------------------------------------------------------------------------- /logan/images/kubernetes-cluster-summary-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/kubernetes-cluster-summary-dashboard.png -------------------------------------------------------------------------------- /logan/images/kubernetes-nodes-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/kubernetes-nodes-dashboard.png -------------------------------------------------------------------------------- /logan/images/kubernetes-pods-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/kubernetes-pods-dashboard.png -------------------------------------------------------------------------------- /logan/images/kubernetes-workloads-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/kubernetes-workloads-dashboard.png -------------------------------------------------------------------------------- /logan/images/list-clusters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-kubernetes-monitoring/093aafdbefb5c0d8c5df0049008160efef111268/logan/images/list-clusters.png -------------------------------------------------------------------------------- /logan/kubernetes-resources/logs-collection/fluentd-daemonset.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | --- 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: oci-la-fluentd-serviceaccount 9 | namespace: kube-system 10 | 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: oci-la-fluentd-logs-clusterrole 16 | namespace: kube-system 17 | rules: 18 | - apiGroups: 19 | - "" 20 | resources: 21 | - '*' 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | 27 | --- 28 | kind: ClusterRoleBinding 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | metadata: 31 | name: oci-la-fluentd-logs-clusterrolebinding 32 | roleRef: 33 | kind: ClusterRole 34 | name: oci-la-fluentd-logs-clusterrole 35 | apiGroup: rbac.authorization.k8s.io 36 | subjects: 37 | - kind: ServiceAccount 38 | name: oci-la-fluentd-serviceaccount 39 | namespace: kube-system 40 | --- 41 | apiVersion: apps/v1 42 | kind: DaemonSet 43 | metadata: 44 | name: oci-la-fluentd-daemonset 45 | namespace: kube-system 46 | labels: 47 | app: oci-la-fluentd-logs 48 | version: v1 49 | spec: 50 | selector: 51 | matchLabels: 52 | app: oci-la-fluentd-logs 53 | version: v1 54 | template: 55 | metadata: 56 | labels: 57 | app: oci-la-fluentd-logs 58 | version: v1 59 | spec: 60 | serviceAccountName: oci-la-fluentd-serviceaccount 61 | tolerations: 62 | - key: node-role.kubernetes.io/master 63 | effect: NoSchedule 64 | ## Uncomment the following section if a secret is associated to pull the image 65 | #imagePullSecrets: 66 | # Replace this value with actual image pull secrets. 67 | # Make sure the secret is in the same namespace as defined above. 68 | #- name: 69 | containers: 70 | - name: oci-la-fluentd-logs 71 | # Replace this value with actual docker image url 72 | image: 73 | # Replace this value with desired value for image pull policy 74 | imagePullPolicy: Always 75 | env: 76 | - name: K8S_NODE_NAME 77 | valueFrom: 78 | fieldRef: 79 | fieldPath: spec.nodeName 80 | - name: FLUENTD_CONF 81 | value: "/var/opt/conf/fluent.conf" # change as required 82 | - name: FLUENT_OCI_DEFAULT_LOGGROUP_ID 83 | # Replace this value with actual logging analytics log group 84 | value: 85 | - name: FLUENT_OCI_NAMESPACE 86 | # Replace this value with actual namespace of logging analytics 87 | value: 88 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID 89 | # Replace this value with Kubernetes Cluster ID 90 | value: 91 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME 92 | # Replace this value with Kubernetes Cluster Name 93 | value: 94 | - name: OCI_READ_FROM_HEAD 95 | value: "true" # set it false to collect only current logs 96 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 97 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 98 | #- name: FLUENT_OCI_CONFIG_LOCATION 99 | #value: "/var/opt/.oci/config" 100 | ## parameters to limit the memory and requests for the pods 101 | resources: 102 | limits: 103 | memory: 500Mi 104 | requests: 105 | cpu: 100m 106 | memory: 250Mi 107 | volumeMounts: 108 | - name: varlog 109 | mountPath: /var/log 110 | # Mount all relevant locations depending on where the actual logs presents. 111 | - name: dockercontainerlogdirectory 112 | mountPath: /var/log/pods 113 | readOnly: true 114 | - name: dockercontainerdatadirectory 115 | mountPath: /u01/data/docker/containers 116 | readOnly: true 117 | # Mount directory where fluentd config exists 118 | - name: fluentdconfigdir 119 | mountPath: /var/opt/conf 120 | readOnly: true 121 | # Mount directory where oci config exists 122 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 123 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 124 | #- name: ociconfigdir 125 | #mountPath: /var/opt/.oci 126 | #readOnly: true 127 | terminationGracePeriodSeconds: 30 128 | volumes: 129 | - name: varlog 130 | hostPath: 131 | path: /var/log 132 | # Mount all relevant locations depending on where the actual logs presents. 133 | - name: dockercontainerlogdirectory 134 | hostPath: 135 | path: /var/log/pods 136 | - name: dockercontainerdatadirectory 137 | hostPath: 138 | path: /u01/data/docker/containers 139 | # Mount directory where fluentd config exists 140 | - name: fluentdconfigdir 141 | configMap: 142 | # Provide the name of the ConfigMap Name to mount. 143 | name: oci-la-fluentd-logs-configmap # change as required 144 | # Mount directory where oci config exists 145 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 146 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 147 | #- name: ociconfigdir 148 | #projected: 149 | #sources: 150 | #- secret: 151 | #name: oci-la-credentials-secret # change as required 152 | -------------------------------------------------------------------------------- /logan/kubernetes-resources/logs-collection/secrets.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: Secret 6 | type: Opaque 7 | metadata: 8 | name: oci-la-credentials-secret 9 | namespace: kube-system 10 | stringData: 11 | config: |- 12 | [DEFAULT] 13 | user= 14 | fingerprint= 15 | key_file= 16 | tenancy= 17 | region= 18 | private.pem: |- 19 | -----BEGIN RSA PRIVATE KEY----- 20 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 21 | -----END RSA PRIVATE KEY----- 22 | -------------------------------------------------------------------------------- /logan/kubernetes-resources/objects-collection/configmap-objects.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: oci-la-fluentd-objects-configmap 8 | namespace: kube-system 9 | data: 10 | # file-like keys 11 | fluent.conf: | 12 | @include kubernetes.conf 13 | 14 | # Match block to set info required for oci-logging-analytics fluentd outplugin 15 | 16 | @type oci-logging-analytics 17 | enable_ruby true 18 | namespace "#{ENV['FLUENT_OCI_NAMESPACE']}" 19 | endpoint "#{ENV['FLUENT_OCI_ENDPOINT']}" 20 | config_file_location "#{ENV['FLUENT_OCI_CONFIG_LOCATION'] || ''}" 21 | profile_name "#{ENV['FLUENT_OCI_PROFILE'] || 'DEFAULT'}" 22 | plugin_log_location "#{ENV['FLUENT_OCI_LOG_LOCATION'] || '/var/log/'}" 23 | plugin_log_level "#{ENV['FLUENT_OCI_LOG_LEVEL'] || 'info'}" 24 | plugin_log_file_size "#{ENV['FLUENT_OCI_LOG_FILE_SIZE'] || '10MB'}" 25 | plugin_log_file_count "#{ENV['FLUENT_OCI_LOG_FILE_COUNT'] || 10}" 26 | 27 | @type file 28 | path "#{ENV['FLUENT_OCI_BUFFER_PATH'] || '/var/log/oci_la_fluentd_outplugin/objects/buffer/'}" 29 | flush_thread_count "#{ENV['FLUENT_OCI_FLUSH_THREAD_COUNT'] || 1}" 30 | chunk_limit_size "#{ENV['FLUENT_OCI_CHUNK_LIMIT_SIZE'] || '2m'}" # 2MB 31 | total_limit_size "#{ENV['FLUENT_OCI_TOTAL_LIMIT_SIZE'] || 5368709120}" # 5GB 32 | flush_interval "#{ENV['FLUENT_OCI_FLUSH_INTERVAL'] || 30}" # seconds 33 | flush_thread_interval "#{ENV['FLUENT_OCI_FLUSH_THREAD_INTERVAL'] || 0.5}" 34 | flush_thread_burst_interval "#{ENV['FLUENT_OCI_FLUSH_THREAD_BURST_INTERVAL'] || 0.05}" 35 | retry_wait "#{ENV['FLUENT_OCI_RETRY_WAIT'] || 2}" # seconds 36 | retry_max_times "#{ENV['FLUENT_OCI_RETRY_MAX_TIMES'] || 17}" 37 | retry_exponential_backoff_base "#{ENV['FLUENT_OCI_RETRY_EXPONENTIAL_BACKOFF_BASE'] || 2}" 38 | retry_forever "#{ENV['FLUENT_OCI_RETRY_FOREVER'] || true}" 39 | disable_chunk_backup true 40 | 41 | 42 | kubernetes.conf: | 43 | # To ignore all the fluentd core generated events 44 | 50 | 51 | 52 | @type kubernetes_objects 53 | tag k8s.* 54 | 55 | 56 | resource_name nodes 57 | interval 5m 58 | 59 | 60 | resource_name pods 61 | interval 5m 62 | 63 | 64 | resource_name namespaces 65 | interval 5m 66 | 67 | 68 | 69 | resource_name events 70 | 71 | 72 | 73 | 74 | 75 | 76 | @type kubernetes_objects 77 | tag k8s.* 78 | api_version v1 79 | api_endpoint apis/apps 80 | 81 | 82 | resource_name daemon_sets 83 | interval 5m 84 | 85 | 86 | resource_name replica_sets 87 | interval 5m 88 | 89 | 90 | resource_name deployments 91 | interval 5m 92 | 93 | 94 | resource_name stateful_sets 95 | interval 5m 96 | 97 | 98 | 99 | 100 | 101 | 102 | @type kubernetes_objects 103 | tag k8s.* 104 | api_version v1 105 | api_endpoint apis/batch 106 | 107 | 108 | resource_name jobs 109 | interval 5m 110 | 111 | 112 | resource_name cron_jobs 113 | interval 5m 114 | 115 | 116 | 117 | 118 | # To support cronJob Object collection for Kubernetes versions <= 1.19 where cronJob is available under v1beta1 api version. 119 | 120 | 121 | @type kubernetes_objects 122 | tag k8s.* 123 | api_version v1beta1 124 | api_endpoint apis/batch 125 | 126 | 127 | resource_name cron_jobs 128 | interval 5m 129 | 130 | 131 | 132 | 133 | 134 | @type record_transformer 135 | enable_ruby true 136 | 137 | oci_la_metadata ${{'Kubernetes Cluster Name': "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_NAME'] || 'UNDEFINED'}", 'Kubernetes Cluster ID': "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_ID'] || 'UNDEFINED'}"}} 138 | oci_la_log_group_id "#{ENV['FLUENT_OCI_KUBERNETES_OBJECTS_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}" 139 | oci_la_log_path ${tag} 140 | oci_la_log_source_name "Kubernetes Object Logs" 141 | message ${record} 142 | tag ${tag} 143 | 144 | 145 | -------------------------------------------------------------------------------- /logan/kubernetes-resources/objects-collection/fluentd-deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | --- 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: oci-la-fluentd-serviceaccount 9 | namespace: kube-system 10 | 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: oci-la-fluentd-objects-clusterrole 16 | namespace: kube-system 17 | rules: 18 | - apiGroups: 19 | - "" 20 | resources: 21 | - '*' 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - apiGroups: 27 | - apps 28 | - batch 29 | resources: 30 | - '*' 31 | verbs: 32 | - get 33 | - list 34 | - watch 35 | 36 | --- 37 | kind: ClusterRoleBinding 38 | apiVersion: rbac.authorization.k8s.io/v1 39 | metadata: 40 | name: oci-la-fluentd-objects-clusterrolebinding 41 | roleRef: 42 | kind: ClusterRole 43 | name: oci-la-fluentd-objects-clusterrole 44 | apiGroup: rbac.authorization.k8s.io 45 | subjects: 46 | - kind: ServiceAccount 47 | name: oci-la-fluentd-serviceaccount 48 | namespace: kube-system 49 | --- 50 | apiVersion: apps/v1 51 | kind: Deployment 52 | metadata: 53 | name: oci-la-fluentd-deployment 54 | namespace: kube-system 55 | labels: 56 | app: oci-la-fluentd-objects 57 | version: v1 58 | spec: 59 | replicas: 1 60 | selector: 61 | matchLabels: 62 | app: oci-la-fluentd-objects 63 | version: v1 64 | template: 65 | metadata: 66 | labels: 67 | app: oci-la-fluentd-objects 68 | version: v1 69 | spec: 70 | serviceAccountName: oci-la-fluentd-serviceaccount 71 | ## Uncomment the following section if a secret is associated to pull the image 72 | #imagePullSecrets: 73 | # Replace this value with actual image pull secrets. 74 | # Make sure the secret is in the same namespace as defined above. 75 | #- name: 76 | containers: 77 | - name: oci-la-fluentd-objects 78 | # Replace this value with actual docker image url 79 | image: 80 | # Replace this value with desired value for image pull policy 81 | imagePullPolicy: Always 82 | env: 83 | - name: FLUENTD_CONF 84 | value: "/var/opt/conf/fluent.conf" # change as required 85 | - name: FLUENT_OCI_DEFAULT_LOGGROUP_ID 86 | # Replace this value with actual logging analytics log group 87 | value: 88 | - name: FLUENT_OCI_NAMESPACE 89 | # Replace this value with actual namespace of logging analytics 90 | value: 91 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID 92 | # Replace this value with Kubernetes Cluster ID 93 | value: 94 | - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME 95 | # Replace this value with Kubernetes Cluster Name 96 | value: 97 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 98 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 99 | #- name: FLUENT_OCI_CONFIG_LOCATION 100 | #value: "/var/opt/.oci/config" 101 | ## parameters to limit the memory and requests for the pods 102 | resources: 103 | limits: 104 | memory: 500Mi 105 | requests: 106 | cpu: 100m 107 | memory: 250Mi 108 | volumeMounts: 109 | - name: varlog 110 | mountPath: /var/log 111 | # Mount directory where fluentd config exists 112 | - name: fluentdconfigdir 113 | mountPath: /var/opt/conf 114 | readOnly: true 115 | # Mount directory where oci config exists 116 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 117 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 118 | #- name: ociconfigdir 119 | #mountPath: /var/opt/.oci 120 | #readOnly: true 121 | terminationGracePeriodSeconds: 30 122 | volumes: 123 | - name: varlog 124 | hostPath: 125 | path: /var/log 126 | # Mount directory where fluentd config exists 127 | - name: fluentdconfigdir 128 | configMap: 129 | # Provide the name of the ConfigMap you want to mount. 130 | name: oci-la-fluentd-objects-configmap # change as required 131 | # Mount directory where oci config exists 132 | # Uncomment the following section if using config file base AuthZ instead of default InstancePrincipal based AuthZ. 133 | # For OKE, recommended AuthZ approach to connect to OCI Logging Analytics APIs is InstancePrincipal. 134 | #- name: ociconfigdir 135 | #projected: 136 | #sources: 137 | #- secret: 138 | #name: oci-la-credentials-secret # change as required 139 | -------------------------------------------------------------------------------- /logan/kubernetes-resources/objects-collection/secrets.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | apiVersion: v1 5 | kind: Secret 6 | type: Opaque 7 | metadata: 8 | name: oci-la-credentials-secret 9 | namespace: kube-system 10 | stringData: 11 | config: |- 12 | [DEFAULT] 13 | user= 14 | fingerprint= 15 | key_file= 16 | tenancy= 17 | region= 18 | private.pem: |- 19 | -----BEGIN RSA PRIVATE KEY----- 20 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 21 | -----END RSA PRIVATE KEY----- 22 | -------------------------------------------------------------------------------- /oke-infra-logs-collection/debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | resource "local_file" "invoke_raw_request_script" { 5 | count = var.debug ? 1 : 0 6 | content = jsonencode(local.oci_logging_log_data) 7 | filename = "${path.module}/oci_logging_log_data.json" 8 | } -------------------------------------------------------------------------------- /oke-infra-logs-collection/inputs.tf: -------------------------------------------------------------------------------- 1 | # ex: us-ashburn-1 2 | variable "oci_region" { 3 | type = string 4 | } 5 | 6 | # ex: oraclecloud.com 7 | variable "oci_domain" { 8 | type = string 9 | default = "None" # Hard coded value for python script, filter-logs.py 10 | } 11 | 12 | variable "load_balancers" { 13 | type = map(object({ 14 | name = string 15 | ocid = string 16 | compartment_id = string 17 | })) 18 | } 19 | 20 | variable "subnets" { 21 | type = map(object({ 22 | name = string 23 | ocid = string 24 | compartment_id = string 25 | })) 26 | } 27 | 28 | variable "cluster" { 29 | type = map(object({ 30 | name = string 31 | ocid = string 32 | compartment_id = string 33 | })) 34 | } 35 | 36 | variable "onm_compartment_id" { 37 | type = string 38 | } 39 | 40 | variable "log_analytics_log_group" { 41 | type = string 42 | } 43 | 44 | variable "tags" { 45 | type = object({ freeformTags = map(string), definedTags = map(string) }) 46 | default = { "freeformTags" = {}, "definedTags" = {} } 47 | } 48 | 49 | ##### 50 | ## Only for Dev Testing 51 | ##### 52 | 53 | variable "oci_tenancy_ocid" { 54 | type = string 55 | default = null 56 | } 57 | 58 | variable "oci_user_ocid" { 59 | type = string 60 | default = null 61 | } 62 | 63 | variable "private_key_path" { 64 | type = string 65 | default = null 66 | } 67 | 68 | variable "fingerprint" { 69 | type = string 70 | default = null 71 | } 72 | 73 | variable "oci_config_file" { 74 | type = string 75 | default = null 76 | } 77 | 78 | variable "debug" { 79 | type = bool 80 | default = false 81 | } -------------------------------------------------------------------------------- /oke-infra-logs-collection/main.tf: -------------------------------------------------------------------------------- 1 | # Prepare list of resources (in JSON format) to pass them to Python script 2 | locals { 3 | oke_ocid = [for k, v in var.cluster : k][0] 4 | oke_id = substr(local.oke_ocid, -11, 11) 5 | } 6 | 7 | locals { 8 | python_script = "filter-logs.py" 9 | python_path = "python3" # [for-rms 'python3' or '/usr/bin/python3'] 10 | operation_initiator = "oci-kubernetes-monitoring" 11 | 12 | subnet_list = format("[%s]", join(", ", [for key, value in var.subnets : jsonencode(value)])) 13 | load_balancer_list = format("[%s]", join(", ", [for key, value in var.load_balancers : jsonencode(value)])) 14 | cluster_details = format("[%s]", join(", ", [for key, value in var.cluster : jsonencode(value)])) 15 | 16 | freeform_managedBy_tag = { "managedBy" : local.operation_initiator } 17 | 18 | freeform_tags = merge(var.tags.freeformTags, local.freeform_managedBy_tag) 19 | defined_tags = var.tags.definedTags 20 | 21 | # Read collected data (fetched by Python script) 22 | oci_logging_log_data = jsondecode(data.external.invoke_raw_request_script.result.value) 23 | 24 | logs_managed_by_stack = { 25 | for index, resource in local.oci_logging_log_data["logs"] : 26 | "${resource.ocid}_${resource.log_type}" => resource 27 | if resource.managed_by_stack == true 28 | } 29 | } 30 | 31 | # Invoke Python script 32 | data "external" "invoke_raw_request_script" { 33 | program = [local.python_path, local.python_script, 34 | "-r", "${var.oci_region}", 35 | "-s", "${local.subnet_list}", 36 | "-l", "${local.load_balancer_list}", 37 | "-k", "${local.cluster_details}", 38 | "-t", "${local.operation_initiator}", 39 | "-d", "${var.oci_domain}", 40 | "-c", "${var.oci_config_file == null ? "None" : var.oci_config_file}"] 41 | } 42 | 43 | # resource "time_static" "setup_time" {} 44 | 45 | locals { 46 | oci_logging_log_group_name = "logging_analytics_automatic_discovery_${local.oke_id}_source" 47 | } 48 | 49 | # Log group for OCI logging service (logging_analytics_automatic_discovery_source) 50 | resource "oci_logging_log_group" "logging_analytics_automatic_discovery_source" { 51 | count = length(local.logs_managed_by_stack) > 0 ? 1 : 0 52 | compartment_id = var.onm_compartment_id 53 | display_name = local.oci_logging_log_group_name 54 | 55 | description = "This log group was automatically created when you configured monitoring for OKE cluster - ${local.oke_ocid}" 56 | 57 | freeform_tags = local.freeform_tags 58 | defined_tags = local.defined_tags 59 | 60 | lifecycle { 61 | ignore_changes = [display_name, freeform_tags, defined_tags] 62 | } 63 | } 64 | 65 | locals { 66 | oci_logging_log_group_ocid = length(local.logs_managed_by_stack) > 0 ? ( 67 | oci_logging_log_group.logging_analytics_automatic_discovery_source[0].id) : null 68 | 69 | logs_enabled_via_stack = { for key, log in oci_logging_log.logs : key => log } 70 | 71 | logs_already_enabled = { for key, log in local.oci_logging_log_data["logs"] : 72 | "${log.ocid}_${log.log_type}" => log if log.is_log_enabled == true } 73 | 74 | merged_object_log_details_map = merge(local.logs_enabled_via_stack, local.logs_already_enabled) 75 | } 76 | 77 | # Enable log collections 78 | resource "oci_logging_log" "logs" { 79 | for_each = local.logs_managed_by_stack 80 | 81 | display_name = "${replace(each.value.name, " ", "_")}_LA_${each.value.log_type}" 82 | log_group_id = local.oci_logging_log_group_ocid 83 | log_type = "SERVICE" 84 | 85 | configuration { 86 | source { 87 | category = each.value.log_type 88 | resource = each.value.ocid 89 | service = each.value.service 90 | source_type = "OCISERVICE" 91 | } 92 | 93 | compartment_id = var.onm_compartment_id 94 | } 95 | 96 | freeform_tags = local.freeform_tags 97 | defined_tags = local.defined_tags 98 | 99 | lifecycle { 100 | ignore_changes = [display_name, freeform_tags, defined_tags] 101 | } 102 | } 103 | 104 | # Service Connector (logging_analytics_oci_discovery) 105 | resource "oci_sch_service_connector" "logging_analytics_oci_discovery" { 106 | count = length(local.merged_object_log_details_map) > 0 ? 1 : 0 107 | compartment_id = var.onm_compartment_id 108 | display_name = "logging_analytics_oke_discovery_${local.oke_id}" 109 | description = "This service connector was automatically created when you configured monitoring for OKE cluster - ${local.oke_ocid}" 110 | 111 | # TODO: Duplicate log sources 112 | source { 113 | kind = "logging" 114 | dynamic "log_sources" { 115 | for_each = local.merged_object_log_details_map 116 | iterator = log_detail 117 | content { 118 | compartment_id = var.onm_compartment_id 119 | log_group_id = log_detail.value.log_group_id 120 | log_id = log_detail.value.id 121 | } 122 | } 123 | } 124 | 125 | target { 126 | kind = "loggingAnalytics" 127 | log_group_id = var.log_analytics_log_group 128 | } 129 | 130 | freeform_tags = local.freeform_tags 131 | defined_tags = local.defined_tags 132 | 133 | depends_on = [oci_logging_log.logs] 134 | 135 | lifecycle { 136 | ignore_changes = [display_name, freeform_tags, defined_tags] 137 | } 138 | } -------------------------------------------------------------------------------- /oke-infra-logs-collection/outputs.tf: -------------------------------------------------------------------------------- 1 | output "invoke_raw_request_script" { 2 | value = var.debug == true ? join(" ", data.external.invoke_raw_request_script.program) : null 3 | } 4 | 5 | output "log_status" { 6 | value = local.oci_logging_log_data 7 | } 8 | -------------------------------------------------------------------------------- /oke-infra-logs-collection/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | oci = { 4 | source = "oracle/oci" 5 | version = "~> 6.7" 6 | } 7 | external = { 8 | source = "hashicorp/external" 9 | version = "~> 2.3.3" 10 | } 11 | time = { 12 | source = "hashicorp/time" 13 | version = "~> 0.12.1" 14 | } 15 | } 16 | } 17 | 18 | provider "oci" { 19 | # Documentation: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm 20 | 21 | # Instance Principal Authorization 22 | region = var.oci_region 23 | 24 | # Config file based authentication 25 | tenancy_ocid = var.oci_tenancy_ocid 26 | user_ocid = var.oci_user_ocid 27 | private_key = var.private_key_path 28 | fingerprint = var.fingerprint 29 | } 30 | 31 | provider "external" { 32 | } 33 | 34 | # provider "time" { 35 | # } -------------------------------------------------------------------------------- /terraform/modules/dashboards/dashboard-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # Compartment for creating dashboards and it's associated saved-searches 5 | variable "compartment_ocid" { 6 | type = string 7 | } 8 | 9 | variable "debug" { 10 | type = bool 11 | default = false 12 | } 13 | 14 | variable "tags" { 15 | type = object({ freeformTags = map(string), definedTags = map(string) }) 16 | default = { "freeformTags" = {}, "definedTags" = {} } 17 | } -------------------------------------------------------------------------------- /terraform/modules/dashboards/dashboard.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | dashboards = ["cluster.json", "node.json", "pod.json", "workload.json", "service-type-lb.json"] 6 | 7 | #tags 8 | defined_tags = module.format_tags.defined_tags_string 9 | freeform_tags = module.format_tags.freeform_tags_string 10 | 11 | template_values = { 12 | "compartment_ocid" = "${var.compartment_ocid}" 13 | 14 | # Expected format of tags: https://docs.oracle.com/en-us/iaas/api/#/en/managementdashboard/20200901/ManagementDashboardImportDetails/ 15 | "defined_tags" = local.defined_tags 16 | "freeform_tags" = local.freeform_tags 17 | } 18 | } 19 | 20 | # format tags; as required in dashboard JSON files 21 | module "format_tags" { 22 | source = "./format_tags" 23 | tags = var.tags 24 | } 25 | 26 | resource "oci_management_dashboard_management_dashboards_import" "multi_management_dashboards_import" { 27 | for_each = toset(local.dashboards) 28 | import_details = templatefile(format("%s/%s/%s", "${path.module}", "dashboards_json", each.value), local.template_values) 29 | 30 | lifecycle { 31 | ignore_changes = [import_details] 32 | } 33 | } 34 | 35 | resource "local_file" "dashboard_template" { 36 | for_each = var.debug ? toset(local.dashboards) : [] 37 | content = templatefile(format("%s/%s/%s", "${path.module}", "dashboards_json", each.value), local.template_values) 38 | filename = "${path.module}/tf-debug/${each.value}" 39 | } -------------------------------------------------------------------------------- /terraform/modules/dashboards/format_tags/format_tags.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tags" { 5 | type = object({ freeformTags = map(string), definedTags = map(string) }) 6 | default = { "freeformTags" = {}, "definedTags" = {} } 7 | } 8 | 9 | # "freeformTags" = { 10 | # "project" = "logan", 11 | # "owner" = "paritosh" 12 | # }, 13 | # "definedTags" = { 14 | # "Oracle-Recommended-Tags.ResourceOwner" = "paritosh", 15 | # "Oracle-Recommended-Tags.ResourceType" = "DevResource", 16 | # "OracleInternalReserved.OwnerEmail" = "paritosh.paliwal@oracle.com" 17 | # } 18 | 19 | locals { 20 | freeform_tags = var.tags.freeformTags 21 | # freeform_tags = tomap({ 22 | # "owner" = "paritosh" 23 | # "project" = "logan" 24 | # }) 25 | 26 | freeform_tags_string = "{${join(",", [for key, value in var.tags.freeformTags : "\"${key}\": \"${value}\""])}}" 27 | # freeform_tags_string = "{\"owner\": \"paritosh\",\"project\": \"logan\"}" 28 | 29 | defined_tags = var.tags.definedTags 30 | # defined_tags = tomap({ 31 | # "Oracle-Recommended-Tags.ResourceOwner" = "paritosh" 32 | # "Oracle-Recommended-Tags.ResourceType" = "DevResource" 33 | # "OracleInternalReserved.OwnerEmail" = "paritosh.paliwal@oracle.com" 34 | # }) 35 | 36 | defined_tag_list_by_ns = { for key, value in local.defined_tags : "\"${split(".", key)[0]}\"" => "\"${split(".", key)[1]}\": \"${value}\""... } 37 | # defined_tag_list_by_ns = { 38 | # "\"Oracle-Recommended-Tags\"" = [ 39 | # "\"ResourceOwner\": \"paritosh\"", 40 | # "\"ResourceType\": \"DevResource\"", 41 | # ] 42 | # "\"OracleInternalReserved\"" = [ 43 | # "\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"", 44 | # ] 45 | # } 46 | 47 | defined_tags_by_ns = { for ns, tag_list in local.defined_tag_list_by_ns : ns => join(", ", tag_list) } 48 | # defined_tags_by_ns = { 49 | # "\"Oracle-Recommended-Tags\"" = "\"ResourceOwner\": \"paritosh\", \"ResourceType\": \"DevResource\"" 50 | # "\"OracleInternalReserved\"" = "\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"" 51 | # } 52 | 53 | defined_tags_list = [for ns, tags in local.defined_tags_by_ns : "${ns}: {${tags}}"] 54 | # defined_tags_list = [ 55 | # "\"Oracle-Recommended-Tags\": {\"ResourceOwner\": \"paritosh\", \"ResourceType\": \"DevResource\"}", 56 | # "\"OracleInternalReserved\": {\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"}", 57 | # ] 58 | 59 | # Expected format of tags: https://docs.oracle.com/en-us/iaas/api/#/en/managementdashboard/20200901/ManagementDashboardImportDetails/ 60 | 61 | defined_tags_string = "{${join(", ", local.defined_tags_list)}}" 62 | # defined_tags_string = "{\"Oracle-Recommended-Tags\": {\"ResourceOwner\": \"paritosh\", \"ResourceType\": \"DevResource\"}, \"OracleInternalReserved\": {\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"}}" 63 | } 64 | 65 | output "defined_tags_string" { 66 | value = local.defined_tags_string 67 | } 68 | 69 | output "freeform_tags_string" { 70 | value = local.freeform_tags_string 71 | } 72 | 73 | ## Debug Outputs 74 | 75 | # output "tags" { 76 | # value = var.tags 77 | # } 78 | 79 | # output "freeform_tags" { 80 | # value = local.freeform_tags 81 | # } 82 | 83 | # output "freeform_tags_string" { 84 | # value = local.freeform_tags_string 85 | # } 86 | 87 | # output "defined_tags" { 88 | # value = local.defined_tags 89 | # } 90 | 91 | # output "defined_tag_list_by_ns" { 92 | # value = local.defined_tag_list_by_ns 93 | # } 94 | 95 | # output "defined_tags_by_ns" { 96 | # value = local.defined_tags_by_ns 97 | # } 98 | 99 | # output "defined_tags_list" { 100 | # value = local.defined_tags_list 101 | # } 102 | 103 | # output "defined_tags_string" { 104 | # value = local.defined_tags_string 105 | # } -------------------------------------------------------------------------------- /terraform/modules/dashboards/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/modules/helm/helm-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #### 5 | ## Switches 6 | #### 7 | 8 | variable "generate_helm_template" { 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "install_helm_chart" { 14 | type = bool 15 | default = true 16 | } 17 | 18 | variable "local_helm_chart" { 19 | type = string 20 | default = null 21 | } 22 | 23 | #### 24 | ## Helm chart 25 | #### 26 | 27 | # Option to use latest helm chart 28 | variable "helm_chart_version" { 29 | type = string 30 | } 31 | 32 | #### 33 | ## Kubernetes Cluster Information 34 | #### 35 | 36 | # Kubernetes Cluster OCID 37 | variable "kubernetes_cluster_id" { 38 | type = string 39 | } 40 | 41 | # Kubernetes Cluster Name 42 | variable "kubernetes_cluster_name" { 43 | type = string 44 | } 45 | 46 | # Kubernetes Namespace 47 | variable "kubernetes_namespace" { 48 | type = string 49 | } 50 | 51 | #### 52 | ## OCI Logging Analytics Information 53 | #### 54 | 55 | # OCI Logging Analytics LogGroup OCID 56 | variable "oci_la_log_group_ocid" { 57 | type = string 58 | default = "" 59 | } 60 | 61 | # OCI Log Analytics Namespace 62 | variable "oci_la_namespace" { 63 | type = string 64 | } 65 | 66 | # OCI Logging Analytics Kubernetes Cluster Entity OCID 67 | variable "oci_la_cluster_entity_ocid" { 68 | type = string 69 | } 70 | 71 | #### 72 | ## Fluentd Configuration 73 | #### 74 | 75 | # Fluentd Base Directory 76 | variable "fluentd_base_dir_path" { 77 | type = string 78 | default = "/var/log" 79 | } 80 | 81 | #### 82 | ## Management Agent Configuration 83 | #### 84 | 85 | # Management Agent Key 86 | variable "mgmt_agent_install_key_content" { 87 | type = string 88 | } 89 | 90 | # Option to control the metric server deployment inside kubernetes cluster 91 | variable "opt_deploy_metric_server" { 92 | type = bool 93 | default = true 94 | } 95 | 96 | #### 97 | ## OCI Client Config 98 | #### 99 | 100 | # OCI domain 101 | variable "oci_domain" { 102 | type = string 103 | default = null 104 | } 105 | 106 | #### 107 | ## Discovery Configuration 108 | #### 109 | 110 | # Enable service logs collection for OKE infra components 111 | variable "enable_service_log" { 112 | type = bool 113 | default = false 114 | } 115 | 116 | # OCI Tags 117 | variable "tags" { 118 | type = object({ freeformTags = map(string), definedTags = map(string) }) 119 | default = { "freeformTags" = {}, "definedTags" = {} } 120 | } 121 | 122 | #### 123 | ## Others 124 | #### 125 | 126 | variable "LOGAN_ENDPOINT" { 127 | description = "Logging Analytics Endpoint." 128 | type = string 129 | default = null 130 | } 131 | 132 | # Save data resources in local_file for debug purposes 133 | variable "debug" { 134 | type = bool 135 | default = false 136 | } -------------------------------------------------------------------------------- /terraform/modules/helm/helm-outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | cmd_1_helm_repo_add = "helm repo add oci-onm https://oracle-quickstart.github.io/oci-kubernetes-monitoring" 6 | cmd_2_helm_repo_update = "helm repo update" 7 | 8 | cmd_3_layer_0 = join(" ", [ 9 | "helm install oci-kubernetes-monitoring oci-onm/oci-onm", 10 | "--set global.namespace=${var.kubernetes_namespace}", 11 | "--set global.kubernetesClusterID=${var.kubernetes_cluster_id}", 12 | "--set global.kubernetesClusterName=${local.kubernetes_cluster_name}", 13 | "--set oci-onm-logan.ociLALogGroupID=${var.oci_la_log_group_ocid}", 14 | "--set oci-onm-logan.ociLANamespace=${var.oci_la_namespace}", 15 | "--set oci-onm-logan.ociLAClusterEntityID=${var.oci_la_cluster_entity_ocid}", 16 | "--set oci-onm-mgmt-agent.deployMetricServer=${var.opt_deploy_metric_server}", 17 | "--set oci-onm-mgmt-agent.mgmtagent.installKeyFileContent=${var.mgmt_agent_install_key_content}", 18 | "--set oci-onm-logan.k8sDiscovery.infra.enable_service_log=${var.enable_service_log}", 19 | "--set oci-onm-logan.k8sDiscovery.infra.oci_tags_base64=${base64encode(jsonencode(var.tags))}" 20 | ]) 21 | 22 | cmd_3_layer_1 = var.oci_domain == null ? local.cmd_3_layer_0 : "${local.cmd_3_layer_0} --set oci-onm-logan.ociDomain=${var.oci_domain}" 23 | 24 | cmd_3_helm_install = local.cmd_3_layer_1 25 | } 26 | 27 | # Helm release artifacts for local testing and validation. 28 | output "helm_template" { 29 | value = var.generate_helm_template ? data.helm_template.oci-kubernetes-monitoring[0].manifest : null 30 | } 31 | 32 | output "cmd_1_helm_repo_add" { 33 | value = local.cmd_1_helm_repo_add 34 | } 35 | 36 | output "cmd_2_helm_repo_update" { 37 | value = local.cmd_2_helm_repo_update 38 | } 39 | 40 | output "cmd_3_helm_install" { 41 | value = local.cmd_3_helm_install 42 | } -------------------------------------------------------------------------------- /terraform/modules/helm/helm.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | remote_helm_repo = "https://oracle-quickstart.github.io/oci-kubernetes-monitoring" 6 | chart_name = "oci-onm" 7 | 8 | is_local_helm_chart = var.local_helm_chart != null 9 | 10 | chart = local.is_local_helm_chart ? var.local_helm_chart : local.chart_name 11 | repository = local.is_local_helm_chart ? null : local.remote_helm_repo 12 | version = local.is_local_helm_chart ? null : var.helm_chart_version 13 | 14 | kubernetes_cluster_name = var.kubernetes_cluster_name 15 | 16 | # freeformTags_as_String = "join(",", [for key, value in var.tags.freeformTags : "\"${key}\" = \"${value}\""])" 17 | # tags_as_string = "{${join(",", [for key, value in var.tags : "\"${key}\" = \"${value}\""])}}" 18 | 19 | helm_inputs_base = { 20 | # global 21 | "global.namespace" = var.kubernetes_namespace 22 | "global.kubernetesClusterID" = var.kubernetes_cluster_id 23 | "global.kubernetesClusterName" = local.kubernetes_cluster_name 24 | 25 | # oci-onm-logan 26 | "oci-onm-logan.ociLANamespace" = var.oci_la_namespace 27 | "oci-onm-logan.ociLALogGroupID" = var.oci_la_log_group_ocid 28 | "oci-onm-logan.fluentd.baseDir" = var.fluentd_base_dir_path 29 | "oci-onm-logan.ociLAClusterEntityID" = var.oci_la_cluster_entity_ocid 30 | 31 | # discovery 32 | "oci-onm-logan.k8sDiscovery.infra.enable_service_log" = var.enable_service_log 33 | "oci-onm-logan.k8sDiscovery.infra.oci_tags_base64" = base64encode(jsonencode(var.tags)) 34 | # Note - we do not support probe all compartment input via stack 35 | 36 | # oci-onm-mgmt-agent 37 | "oci-onm-mgmt-agent.mgmtagent.installKeyFileContent" = var.mgmt_agent_install_key_content 38 | "oci-onm-mgmt-agent.deployMetricServer" = var.opt_deploy_metric_server 39 | } 40 | 41 | helm_input_domain = var.oci_domain == null ? {} : { "oci-onm-logan.ociDomain" = var.oci_domain } 42 | discovery_la_endpoint = var.LOGAN_ENDPOINT == null ? {} : { "oci-onm-logan.ociLAEndpoint" = "${var.LOGAN_ENDPOINT}" } 43 | fluentd_la_endpoint = var.LOGAN_ENDPOINT == null ? {} : { "oci-onm-logan.fluentd.ociLoggingAnalyticsOutputPlugin.endpoint" = "${var.LOGAN_ENDPOINT}" } 44 | 45 | helm_inputs = merge(local.helm_inputs_base, local.helm_input_domain, local.discovery_la_endpoint, local.fluentd_la_endpoint) 46 | } 47 | 48 | # Create helm release 49 | resource "helm_release" "oci-kubernetes-monitoring" { 50 | name = "oci-kubernetes-monitoring" 51 | repository = local.repository 52 | chart = local.chart 53 | version = local.version 54 | wait = true 55 | dependency_update = true 56 | cleanup_on_fail = true 57 | atomic = true 58 | 59 | dynamic "set" { 60 | for_each = local.helm_inputs 61 | content { 62 | name = set.key 63 | value = set.value 64 | } 65 | } 66 | 67 | # To be released in future; if required 68 | # Run Helm Apply every time terraform apply job is executed 69 | # Check if this will pick up the latest helm chart as well 70 | # set { 71 | # name = "HelmApplyOnEveryTerraformApply" 72 | # value = timestamp() 73 | # } 74 | 75 | count = var.install_helm_chart ? 1 : 0 76 | } 77 | 78 | # Create helm template 79 | data "helm_template" "oci-kubernetes-monitoring" { 80 | name = "oci-kubernetes-monitoring" 81 | # default behavior is to use remote helm repo | var.use_local_helm_chart = false 82 | # the option to use local helm chart is for development purpose only 83 | repository = local.repository 84 | chart = local.chart 85 | version = local.version 86 | dependency_update = true 87 | 88 | dynamic "set" { 89 | for_each = local.helm_inputs 90 | content { 91 | name = set.key 92 | value = set.value 93 | } 94 | } 95 | 96 | count = var.generate_helm_template ? 1 : 0 97 | } 98 | 99 | resource "local_file" "helm_template" { 100 | count = var.debug && var.generate_helm_template ? 1 : 0 101 | content = jsonencode(data.helm_template.oci-kubernetes-monitoring[0]) 102 | filename = "${path.module}/tf-debug/helm_template.json" 103 | } -------------------------------------------------------------------------------- /terraform/modules/helm/local/.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | * 5 | */ 6 | !.gitignore 7 | -------------------------------------------------------------------------------- /terraform/modules/helm/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | helm = { 8 | source = "hashicorp/helm" 9 | version = "~> 2.7" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/modules/iam/iam-debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -------------------------------------------------------------------------------- /terraform/modules/iam/iam-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy ocid 5 | variable "root_compartment_ocid" { 6 | type = string 7 | } 8 | 9 | # Compartment for OCI Observability and Management service resources 10 | variable "oci_onm_compartment_ocid" { 11 | type = string 12 | } 13 | 14 | # OKE Cluster Compartment 15 | variable "oke_compartment_ocid" { 16 | type = string 17 | } 18 | 19 | # OKE Cluster OCID 20 | variable "oke_cluster_ocid" { 21 | type = string 22 | } 23 | 24 | # Create policies for service logs discovery 25 | variable "create_service_discovery_policies" { 26 | type = string 27 | } 28 | 29 | # Save data resources in local_file for debug purposes 30 | variable "debug" { 31 | type = bool 32 | default = false 33 | } 34 | 35 | # OCI Tags 36 | variable "tags" { 37 | type = object({ freeformTags = map(string), definedTags = map(string) }) 38 | default = { "freeformTags" = {}, "definedTags" = {} } 39 | } -------------------------------------------------------------------------------- /terraform/modules/iam/iam-outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "oke_dynamic_group_ocid" { 5 | value = oci_identity_dynamic_group.oke_dynamic_group.id 6 | } 7 | 8 | output "oke_monitoring_policy_ocid" { 9 | value = oci_identity_policy.oke_monitoring_policy.id 10 | } -------------------------------------------------------------------------------- /terraform/modules/iam/parse_namespaces/namespaces.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "definedTags" { 5 | type = map(string) 6 | default = {} 7 | } 8 | 9 | # definedTags = tomap({ 10 | # "Oracle-Recommended-Tags.ResourceOwner" = "paritosh" 11 | # "Oracle-Recommended-Tags.ResourceUsage" = "DevResource" 12 | # }) 13 | 14 | locals { 15 | keys = [for k, v in var.definedTags : split(".", k)] 16 | # keys = [ 17 | # tolist([ 18 | # "Oracle-Recommended-Tags", 19 | # "ResourceOwner", 20 | # ]), 21 | # tolist([ 22 | # "Oracle-Recommended-Tags", 23 | # "ResourceUsage", 24 | # ]), 25 | # ] 26 | 27 | namespaces = distinct([for ns in local.keys : ns[0] if length(ns) > 0]) 28 | # namespaces = tolist([ 29 | # "Oracle-Recommended-Tags", 30 | # ]) 31 | 32 | } 33 | 34 | # output "keys" { 35 | # value = local.keys 36 | # } 37 | 38 | output "namespaces" { 39 | value = local.namespaces 40 | } -------------------------------------------------------------------------------- /terraform/modules/iam/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/modules/logan/logan-debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | resource "local_file" "oke_cluster_entity" { 5 | count = !local.create_new_k8s_entity && var.debug ? 1 : 0 6 | content = jsonencode(data.oci_log_analytics_log_analytics_entity.oke_cluster_entity[0]) 7 | filename = "${path.module}/tf-debug/oke_cluster_entity.json" 8 | } 9 | 10 | resource "local_file" "logan_namespaces" { 11 | count = var.debug ? 1 : 0 12 | content = jsonencode(data.oci_log_analytics_namespaces.logan_namespaces) 13 | filename = "${path.module}/tf-debug/logan_namespaces.json" 14 | } 15 | 16 | # Following resource to be used for dev validations 17 | 18 | # data "oci_log_analytics_log_analytics_entity" "stack_created_entity" { 19 | # count = var.debug && local.create_new_k8s_entity ? 1 : 0 20 | # log_analytics_entity_id = oci_log_analytics_log_analytics_entity.oke_entity[0].id 21 | # namespace = local.oci_la_namespace 22 | # } 23 | 24 | # resource "local_file" "stack_created_entity" { 25 | # count = var.debug && local.create_new_k8s_entity ? 1 : 0 26 | # content = jsonencode(data.oci_log_analytics_log_analytics_entity.stack_created_entity) 27 | # filename = "${path.module}/tf-debug/stack_created_entity.json" 28 | # } -------------------------------------------------------------------------------- /terraform/modules/logan/logan-input-validations.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # Case: User Opt to NOT create a new log group 5 | resource "null_resource" "user_opts_out_to_create_log_group_check" { 6 | count = !var.opt_create_new_la_log_group ? 1 : 0 7 | lifecycle { 8 | # Not a User Facing Error 9 | # Check: User has provided an existing log group id 10 | precondition { 11 | condition = var.log_group_ocid != null 12 | error_message = "var.log_group_ocid must be set to a valid value when var.opt_create_new_la_log_group is false." 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /terraform/modules/logan/logan-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy OCID 5 | variable "tenancy_ocid" { 6 | type = string 7 | } 8 | 9 | # region 10 | variable "region" { 11 | type = string 12 | } 13 | 14 | # Compartment for creating new logan resources 15 | variable "compartment_ocid" { 16 | type = string 17 | } 18 | 19 | # Option to create Logging Analytics 20 | variable "opt_create_new_la_log_group" { 21 | type = bool 22 | } 23 | 24 | # OCI Logging Analytics Log Group name (user input) 25 | variable "log_group_display_name" { 26 | type = string 27 | } 28 | 29 | # OCI Logging Analytics LogGroup OCID (user input) 30 | variable "log_group_ocid" { 31 | type = string 32 | } 33 | 34 | # OKE Cluster Entity OCID 35 | variable "oke_entity_ocid" { 36 | type = string 37 | } 38 | 39 | # OKE Entity metadata 40 | variable "entity_metadata_list" { 41 | type = list(object({ name = string, type = string, value = string })) 42 | } 43 | 44 | # OKE Entity name 45 | variable "new_entity_name" { 46 | type = string 47 | default = null 48 | } 49 | 50 | # Save data resources in local_file for debug purposes 51 | variable "debug" { 52 | type = bool 53 | default = false 54 | } 55 | 56 | # OCI Tags 57 | variable "tags" { 58 | type = object({ freeformTags = map(string), definedTags = map(string) }) 59 | default = { "freeformTags" = {}, "definedTags" = {} } 60 | } -------------------------------------------------------------------------------- /terraform/modules/logan/logan-outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "oci_la_namespace" { 5 | value = local.oci_la_namespace 6 | } 7 | 8 | output "log_group_ocid" { 9 | value = !var.opt_create_new_la_log_group ? var.log_group_ocid : oci_log_analytics_log_analytics_log_group.new_log_group[0].id 10 | } 11 | 12 | output "oke_entity_ocid" { 13 | value = local.create_new_k8s_entity ? oci_log_analytics_log_analytics_entity.oke_entity[0].id : var.oke_entity_ocid 14 | } -------------------------------------------------------------------------------- /terraform/modules/logan/logan.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | oci_la_namespace = data.oci_log_analytics_namespaces.logan_namespaces.namespace_collection[0].items[0].namespace 6 | k8s_entity_type = "Kubernetes Cluster" 7 | create_new_k8s_entity = var.oke_entity_ocid == null 8 | } 9 | 10 | data "oci_log_analytics_namespaces" "logan_namespaces" { 11 | compartment_id = var.tenancy_ocid 12 | 13 | lifecycle { 14 | # User Facing Error 15 | postcondition { 16 | condition = !(self.namespace_collection == null) 17 | error_message = "Tenancy is not on-boarded to OCI Logging Analytics service." 18 | } 19 | } 20 | } 21 | 22 | data "oci_log_analytics_log_analytics_entity" "oke_cluster_entity" { 23 | count = !local.create_new_k8s_entity ? 1 : 0 24 | log_analytics_entity_id = var.oke_entity_ocid 25 | namespace = local.oci_la_namespace 26 | 27 | lifecycle { 28 | # User Facing Error 29 | postcondition { 30 | # Incorrect Entity OCID check 31 | condition = self.entity_type_name != null 32 | error_message = <<-EOT 33 | Authorization failed or requested resource not found. 34 | EOT 35 | } 36 | 37 | # User Facing Error 38 | postcondition { 39 | # Incorrect Entity Type check 40 | condition = self.entity_type_name == local.k8s_entity_type 41 | error_message = "Invalid Entity Type. Entity must be of type: Kubernetes Cluster." 42 | } 43 | } 44 | } 45 | 46 | resource "oci_log_analytics_log_analytics_log_group" "new_log_group" { 47 | count = var.opt_create_new_la_log_group ? 1 : 0 48 | #Required 49 | compartment_id = var.compartment_ocid 50 | display_name = var.log_group_display_name # display_name is updatable property 51 | namespace = local.oci_la_namespace 52 | description = "LogGroup for Kubernetes Logs" 53 | 54 | #tags 55 | defined_tags = var.tags.definedTags 56 | freeform_tags = var.tags.freeformTags 57 | 58 | lifecycle { 59 | ignore_changes = [defined_tags, freeform_tags] 60 | } 61 | } 62 | 63 | resource "oci_log_analytics_log_analytics_entity" "oke_entity" { 64 | count = local.create_new_k8s_entity ? 1 : 0 65 | #Required 66 | compartment_id = var.compartment_ocid 67 | entity_type_name = local.k8s_entity_type 68 | name = var.new_entity_name 69 | namespace = local.oci_la_namespace 70 | 71 | metadata { 72 | dynamic "items" { 73 | for_each = [for x in var.entity_metadata_list : x] 74 | content { 75 | name = items.value.name 76 | value = items.value.value 77 | type = items.value.type 78 | } 79 | } 80 | } 81 | 82 | # Optional 83 | # cloud_resource_id = null #TODO 84 | 85 | # Tags 86 | defined_tags = var.tags.definedTags 87 | freeform_tags = var.tags.freeformTags 88 | 89 | lifecycle { 90 | ignore_changes = [name, metadata, defined_tags, freeform_tags] 91 | # Not a User Facing Error 92 | precondition { 93 | condition = !(var.new_entity_name == null && var.oke_entity_ocid == null) 94 | error_message = <<-EOT 95 | Cause : This is likely a logical error with the terraform module. 96 | Fix : Report the issue at https://github.com/oracle-quickstart/oci-kubernetes-monitoring/issues 97 | Error : var.new_entity_name and var.oke_entity_ocid, both can not be null 98 | EOT 99 | } 100 | } 101 | } -------------------------------------------------------------------------------- /terraform/modules/logan/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/modules/main/developer-options.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #### 5 | ## Switches - These inputs are meant to be used for development purpose only 6 | ## Leave it to default for production use 7 | #### 8 | 9 | # Enable/Disable helm module 10 | variable "toggle_helm_module" { 11 | type = bool 12 | default = true 13 | } 14 | 15 | # when false, public helm repo is used for deployment 16 | variable "toggle_use_local_helm_chart" { 17 | type = bool 18 | default = false 19 | } 20 | 21 | # Enable/Disable helm template. When set as true, 22 | # - helm module will generate template file inside ../modules/helm/local directory 23 | # - Setting this to true disables/skips the helm release 24 | variable "toggle_generate_helm_template" { 25 | type = bool 26 | default = false 27 | } 28 | 29 | # Enable/Disable helm installation. 30 | variable "toggle_install_helm" { 31 | type = bool 32 | default = true 33 | } 34 | 35 | # Enable/Disable logan dashboards module 36 | variable "toggle_dashboards_module" { 37 | type = bool 38 | default = true 39 | } 40 | 41 | # Enable/Disable management agent module 42 | variable "toggle_mgmt_agent_module" { 43 | type = bool 44 | default = true 45 | } 46 | 47 | # Enable/Disable management agent module 48 | variable "toggle_logan_module" { 49 | type = bool 50 | default = true 51 | } 52 | 53 | # Enable/Disable IAM module 54 | variable "toggle_iam_module" { 55 | type = bool 56 | default = true 57 | } -------------------------------------------------------------------------------- /terraform/modules/main/main-debug.tf: -------------------------------------------------------------------------------- 1 | resource "local_file" "oci_containerengine_clusters" { 2 | count = var.debug ? 1 : 0 3 | content = jsonencode(data.oci_containerengine_clusters.oke_clusters) 4 | filename = "${path.module}/tf-debug/oci_containerengine_clusters.json" 5 | } -------------------------------------------------------------------------------- /terraform/modules/main/main-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #### 5 | ## Provider Variables 6 | #### 7 | 8 | variable "tenancy_ocid" { 9 | type = string 10 | } 11 | 12 | variable "region" { 13 | type = string 14 | } 15 | 16 | variable "user_ocid" { 17 | type = string 18 | default = "" 19 | } 20 | 21 | variable "private_key_path" { 22 | type = string 23 | default = "" 24 | } 25 | 26 | variable "fingerprint" { 27 | type = string 28 | default = "" 29 | } 30 | 31 | #### 32 | ## Boat configuration - Used for internal development purpose only. 33 | #### 34 | 35 | # Option to enable BOAT authentication. 36 | variable "boat_auth" { 37 | type = bool 38 | default = false 39 | } 40 | 41 | # OCID of BOAT tenancy. 42 | variable "boat_tenancy_ocid" { 43 | type = string 44 | default = "" 45 | } 46 | 47 | #### 48 | ## Shared Inputs 49 | #### 50 | 51 | # Compartment for creating OCI Observability and Management resources 52 | variable "oci_onm_compartment_ocid" { 53 | type = string 54 | } 55 | 56 | # OKE Cluster Compartment 57 | variable "oke_compartment_ocid" { 58 | type = string 59 | } 60 | 61 | # OKE Cluster OCID 62 | variable "oke_cluster_ocid" { 63 | type = string 64 | } 65 | 66 | # OCI Tags 67 | variable "tags" { 68 | type = object({ freeformTags = map(string), definedTags = map(string) }) 69 | default = { "freeformTags" = {}, "definedTags" = {} } 70 | } 71 | 72 | #### 73 | ## IAM Module Inputs 74 | #### 75 | 76 | # Option to create Dynamic Group and Policies 77 | variable "opt_create_dynamicGroup_and_policies" { 78 | type = bool 79 | default = false 80 | } 81 | 82 | #### 83 | ## Dashboards Module Inputs 84 | #### 85 | 86 | # Option to import dashboards 87 | variable "opt_import_dashboards" { 88 | type = bool 89 | default = true 90 | } 91 | 92 | #### 93 | ## Logan Module 94 | #### 95 | 96 | # Option to create Logging Analytics 97 | variable "opt_create_new_la_log_group" { 98 | type = bool 99 | default = false 100 | } 101 | 102 | # New Log Group to collect Kubernetes data 103 | variable "log_group_name" { 104 | type = string 105 | } 106 | 107 | #### 108 | ## Helm Module 109 | #### 110 | 111 | # Option to install helm chart 112 | variable "install_helm_chart" { 113 | type = bool 114 | } 115 | 116 | # Option to use latest helm chart 117 | variable "helm_chart_version" { 118 | type = string 119 | } 120 | 121 | # Kubernetes Namespace 122 | variable "kubernetes_namespace" { 123 | type = string 124 | default = "oci-onm" 125 | } 126 | 127 | # OCI domain 128 | variable "oci_domain" { 129 | type = string 130 | default = null 131 | } 132 | 133 | # Kubernetes Cluster OCID 134 | variable "kubernetes_cluster_id" { 135 | type = string 136 | } 137 | 138 | # Kubernetes Cluster Name 139 | variable "kubernetes_cluster_name" { 140 | type = string 141 | } 142 | 143 | # Local Path to oci-onm helm chart 144 | variable "path_to_local_onm_helm_chart" { 145 | type = string 146 | } 147 | 148 | # Option to deploy metric server 149 | variable "opt_deploy_metric_server" { 150 | type = bool 151 | } 152 | 153 | # Fluentd Base Directory 154 | variable "fluentd_base_dir_path" { 155 | type = string 156 | default = "/var/log" 157 | } 158 | 159 | # OKE Cluster Entity OCID 160 | variable "oke_cluster_entity_ocid" { 161 | type = string 162 | } 163 | 164 | # OCI Logging Analytics LogGroup OCID provided by user 165 | variable "log_group_ocid" { 166 | type = string 167 | } 168 | 169 | # Enable service logs collection for OKE infra components 170 | variable "enable_service_log" { 171 | type = bool 172 | default = false 173 | } 174 | 175 | #### 176 | ## Developer Options 177 | #### 178 | 179 | variable "LOGAN_ENDPOINT" { 180 | description = "Logging Analytics Endpoint." 181 | type = string 182 | default = null 183 | } 184 | 185 | # Save data resources in local_file for debug purposes 186 | variable "debug" { 187 | type = bool 188 | default = false 189 | } -------------------------------------------------------------------------------- /terraform/modules/main/main-outputs.tf: -------------------------------------------------------------------------------- 1 | # # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # ### 5 | # # Module outputs 6 | # ### 7 | 8 | output "cmd_1_helm_repo_add" { 9 | value = local.module_controls_enable_helm_module ? module.helm_release[0].cmd_1_helm_repo_add : null 10 | } 11 | 12 | output "cmd_2_helm_repo_update" { 13 | value = local.module_controls_enable_helm_module ? module.helm_release[0].cmd_2_helm_repo_update : null 14 | } 15 | 16 | output "cmd_3_helm_install" { 17 | value = local.module_controls_enable_helm_module ? module.helm_release[0].cmd_3_helm_install : null 18 | } 19 | 20 | output "oke_dynamic_group_ocid" { 21 | value = local.module_controls_enable_iam_module ? module.iam[0].oke_dynamic_group_ocid : null 22 | } 23 | 24 | output "oke_monitoring_policy_ocid" { 25 | value = local.module_controls_enable_iam_module ? module.iam[0].oke_monitoring_policy_ocid : null 26 | } 27 | 28 | output "oci_la_namespace" { 29 | value = local.module_controls_enable_logan_module ? module.logan[0].oci_la_namespace : null 30 | } 31 | 32 | output "oci_la_log_group_ocid" { 33 | value = local.module_controls_enable_logan_module ? module.logan[0].log_group_ocid : null 34 | } 35 | 36 | output "oke_cluster_entity_ocid" { 37 | value = local.module_controls_enable_logan_module ? module.logan[0].oke_entity_ocid : null 38 | } 39 | 40 | output "mgmt_agent_install_key" { 41 | value = local.module_controls_enable_mgmt_agent_module ? module.management_agent[0].mgmt_agent_install_key_content : null 42 | } 43 | 44 | output "helm_template" { 45 | value = local.module_controls_enable_helm_module && var.toggle_generate_helm_template ? module.helm_release[0].helm_template : null 46 | } -------------------------------------------------------------------------------- /terraform/modules/main/main-required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | configuration_aliases = [oci, oci.home_region] 11 | } 12 | helm = { 13 | source = "hashicorp/helm" 14 | version = "~> 2.7" 15 | } 16 | local = { 17 | source = "hashicorp/local" 18 | version = "~> 2.5.1" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /terraform/modules/main/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | local_helm_path = var.path_to_local_onm_helm_chart != null && var.toggle_use_local_helm_chart ? abspath(var.path_to_local_onm_helm_chart) : null 6 | 7 | # Log Group Display Name 8 | default_log_group_display_name = local.new_oke_entity_name 9 | log_group_display_name = var.log_group_name != null ? var.log_group_name : local.default_log_group_display_name 10 | 11 | # OKE Metadata 12 | all_clusters_in_compartment = data.oci_containerengine_clusters.oke_clusters.clusters 13 | cluster_data = [for c in local.all_clusters_in_compartment : c if c.id == var.oke_cluster_ocid][0] 14 | 15 | # OCI LA Kubernetes Cluster Entity Name 16 | # OKE always responds with same time format string in UTC regardless or realm or region [Validated with OKE Team] 17 | oke_metadata_time_created = local.cluster_data.metadata[0].time_created # "2021-05-21 16:20:30 +0000 UTC" 18 | oke_time_created_rfc3398 = replace(replace(local.oke_metadata_time_created, " +0000 UTC", "Z", ), " ", "T") #"2021-05-21T16:20:30Z" 19 | oke_metadata_is_private = !local.cluster_data.endpoint_config[0].is_public_ip_enabled 20 | oke_name = local.cluster_data.name 21 | new_oke_entity_name = "${local.oke_name}_${local.oke_time_created_rfc3398}" 22 | k8s_version = local.cluster_data.kubernetes_version 23 | 24 | entity_metadata_list = [ 25 | { name : "cluster", value : local.new_oke_entity_name, type : "k8s_solution" }, 26 | { name : "cluster_name", value : local.oke_name, type : "k8s_solution" }, 27 | { name : "cluster_date", value : local.oke_time_created_rfc3398, type : "k8s_solution" }, 28 | { name : "cluster_ocid", value : var.oke_cluster_ocid, type : "k8s_solution" }, 29 | { name : "solution_type", value : "OKE", type : "k8s_solution" }, 30 | { name : "k8s_version", value : local.k8s_version, type : "k8s_solution" }, 31 | { name : "metrics_namespace", value : "mgmtagent_kubernetes_metrics", type : "k8s_solution" }, 32 | { name : "onm_compartment", value : var.oci_onm_compartment_ocid, type : "k8s_solution" }, 33 | { name : "deployment_status", value : "UNKNOWN", type : "k8s_solution" }, 34 | { name : "deployment_stack_ocid", value : "UNKNOWN", type : "k8s_solution" } 35 | ] 36 | 37 | # OKE Cluster Name in Helm 38 | oke_cluster_name_in_helm = var.kubernetes_cluster_name == null ? local.new_oke_entity_name : var.kubernetes_cluster_name 39 | 40 | # Module Controls are are final verdicts on if a module should be executed or not 41 | # Module dependencies should be included here as well so a module does not run when it's dependent module is disabled 42 | 43 | module_controls_enable_iam_module = alltrue([var.toggle_iam_module, var.opt_create_dynamicGroup_and_policies]) 44 | module_controls_enable_logan_module = alltrue([var.toggle_logan_module]) 45 | module_controls_enable_mgmt_agent_module = alltrue([var.toggle_mgmt_agent_module]) 46 | module_controls_enable_helm_module = alltrue([var.toggle_helm_module, local.module_controls_enable_mgmt_agent_module, local.module_controls_enable_logan_module]) 47 | module_controls_enable_dashboards_module = alltrue([var.toggle_dashboards_module, var.opt_import_dashboards]) 48 | } 49 | 50 | # We are querying all clusters in the compartment cause 51 | # OKE service does not support data resource for specific OKE Cluster 52 | data "oci_containerengine_clusters" "oke_clusters" { 53 | compartment_id = var.oke_compartment_ocid 54 | } 55 | 56 | # Create Required Policies and Dynamic Group 57 | # Needs to be called with OCI Home Region Provider 58 | module "iam" { 59 | source = "../iam" 60 | count = local.module_controls_enable_iam_module ? 1 : 0 61 | 62 | root_compartment_ocid = var.tenancy_ocid 63 | oci_onm_compartment_ocid = var.oci_onm_compartment_ocid 64 | oke_compartment_ocid = var.oke_compartment_ocid 65 | oke_cluster_ocid = var.oke_cluster_ocid 66 | create_service_discovery_policies = var.enable_service_log 67 | tags = var.tags 68 | 69 | providers = { 70 | oci = oci.home_region 71 | } 72 | } 73 | 74 | # Create Logging Analytics Resources 75 | module "logan" { 76 | source = "../logan" 77 | count = local.module_controls_enable_logan_module ? 1 : 0 78 | 79 | tenancy_ocid = var.tenancy_ocid 80 | region = var.region 81 | compartment_ocid = var.oci_onm_compartment_ocid 82 | 83 | new_entity_name = local.new_oke_entity_name 84 | entity_metadata_list = local.entity_metadata_list 85 | oke_entity_ocid = var.oke_cluster_entity_ocid 86 | 87 | opt_create_new_la_log_group = var.opt_create_new_la_log_group 88 | log_group_ocid = var.log_group_ocid 89 | log_group_display_name = local.log_group_display_name 90 | 91 | debug = var.debug 92 | tags = var.tags 93 | } 94 | 95 | # Create a management agent key 96 | module "management_agent" { 97 | source = "../mgmt_agent" 98 | count = local.module_controls_enable_mgmt_agent_module ? 1 : 0 99 | 100 | uniquifier = md5(var.oke_cluster_ocid) 101 | compartment_ocid = var.oci_onm_compartment_ocid 102 | tags = var.tags 103 | debug = var.debug 104 | } 105 | 106 | # deploy oke-monitoring solution (helm release) 107 | module "helm_release" { 108 | source = "../helm" 109 | count = local.module_controls_enable_helm_module ? 1 : 0 110 | 111 | # module controls 112 | install_helm_chart = var.install_helm_chart && var.toggle_install_helm 113 | generate_helm_template = var.toggle_generate_helm_template 114 | debug = var.debug 115 | 116 | # helm command 117 | local_helm_chart = local.local_helm_path 118 | helm_chart_version = var.helm_chart_version 119 | 120 | # values.yaml 121 | kubernetes_cluster_id = var.kubernetes_cluster_id 122 | kubernetes_cluster_name = local.oke_cluster_name_in_helm 123 | kubernetes_namespace = var.kubernetes_namespace 124 | oci_la_log_group_ocid = module.logan[0].log_group_ocid 125 | oci_la_namespace = module.logan[0].oci_la_namespace 126 | oci_la_cluster_entity_ocid = module.logan[0].oke_entity_ocid 127 | mgmt_agent_install_key_content = module.management_agent[0].mgmt_agent_install_key_content 128 | opt_deploy_metric_server = var.opt_deploy_metric_server 129 | fluentd_base_dir_path = var.fluentd_base_dir_path 130 | oci_domain = var.oci_domain 131 | enable_service_log = var.enable_service_log 132 | LOGAN_ENDPOINT = var.LOGAN_ENDPOINT 133 | tags = var.tags 134 | } 135 | 136 | # Import Kubernetes Dashboards 137 | module "import_kubernetes_dashboards" { 138 | source = "../dashboards" 139 | count = local.module_controls_enable_dashboards_module ? 1 : 0 140 | 141 | compartment_ocid = var.oci_onm_compartment_ocid 142 | debug = var.debug 143 | tags = var.tags 144 | } 145 | -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/agent-debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | resource "local_file" "inputRspFileContent" { 5 | count = var.debug ? 1 : 0 6 | content = base64decode(local.inputRspFileContent) 7 | filename = "${path.module}/tf-debug/inputRspFileContent.txt" 8 | } -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/agent-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # A unique key to be associated with a single OKE cluster 5 | variable "uniquifier" { 6 | type = string 7 | } 8 | 9 | # OCID of compartment where management agent installation key is to be created 10 | variable "compartment_ocid" { 11 | type = string 12 | } 13 | 14 | # Save data resources in local_file for debug purposes 15 | variable "debug" { 16 | type = bool 17 | default = false 18 | } 19 | 20 | # OCI Tags 21 | variable "tags" { 22 | type = object({ freeformTags = map(string), definedTags = map(string) }) 23 | default = { "freeformTags" = {}, "definedTags" = {} } 24 | } -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/agent-outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # Management Agent Install Key 5 | output "mgmt_agent_install_key_content" { 6 | value = local.inputRspFileContent 7 | } -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/agent.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | install_key = oci_management_agent_management_agent_install_key.Kubernetes_AgentInstallKey.key 6 | freeform_tags = module.format_tags.freeform_tags_string 7 | defined_tags = module.format_tags.defined_tags_string 8 | inputRspFileContent = base64encode(join("\n", [ 9 | "ManagementAgentInstallKey = ${local.install_key}", 10 | "AgentDisplayName = k8_mgmt_agent-${var.uniquifier}", 11 | "FreeFormTags = ${local.freeform_tags}", 12 | "DefinedTags = ${local.defined_tags}" 13 | ])) 14 | } 15 | 16 | output "defined_tags_string" { 17 | value = module.format_tags.defined_tags_string 18 | } 19 | 20 | output "freeform_tags_string" { 21 | value = module.format_tags.freeform_tags_string 22 | } 23 | 24 | # format tags; as required in Agent Response file 25 | module "format_tags" { 26 | source = "./format_tags" 27 | tags = var.tags 28 | } 29 | 30 | resource "oci_management_agent_management_agent_install_key" "Kubernetes_AgentInstallKey" { 31 | compartment_id = var.compartment_ocid 32 | display_name = "k8_mgmt_agent_key-${var.uniquifier}" 33 | time_expires = timeadd(timestamp(), "8760h") # 1 year 34 | 35 | lifecycle { 36 | ignore_changes = [time_expires] 37 | } 38 | } -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/format_tags/format_tags.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # Goal: 5 | # Format the tags input from OCI RMS stack into acceptable value for Management Agent Response File 6 | # Ref - https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html#OCIAG-GUID-3008AAB9-B871-47B6-BC05-3A6FE5BDD470 7 | 8 | variable "tags" { 9 | type = object({ freeformTags = map(string), definedTags = map(string) }) 10 | default = { "freeformTags" = {}, "definedTags" = {} } 11 | } 12 | 13 | # tags = { 14 | # "definedTags" = tomap({ 15 | # "Oracle-Recommended-Tags.ResourceOwner" = "paritosh" 16 | # "Oracle-Recommended-Tags.ResourceType" = "DevResource" 17 | # "OracleInternalReserved.OwnerEmail" = "paritosh.paliwal@oracle.com" 18 | # }) 19 | # "freeformTags" = tomap({ 20 | # "project" = "logan" 21 | # "test_number" = "1" 22 | # }) 23 | # } 24 | 25 | locals { 26 | freeform_tags = var.tags.freeformTags 27 | # freeform_tags_string = "{{\"project\": \"logan\",{\"test_number\": \"1\"}" 28 | 29 | freeform_tags_string = "[${join(",", [for key, value in var.tags.freeformTags : "{\"${key}\": \"${value}\"}"])}]" 30 | # freeform_tags_string = "[{\"project\": \"logan\"},{\"test_number\": \"1\"}]" 31 | 32 | 33 | defined_tags = var.tags.definedTags 34 | # defined_tags = tomap({ 35 | # "Oracle-Recommended-Tags.ResourceOwner" = "paritosh" 36 | # "Oracle-Recommended-Tags.ResourceType" = "DevResource" 37 | # "OracleInternalReserved.OwnerEmail" = "paritosh.paliwal@oracle.com" 38 | # }) 39 | 40 | defined_tag_list_by_ns = { for key, value in local.defined_tags : "\"${split(".", key)[0]}\"" => "\"${split(".", key)[1]}\": \"${value}\""... } 41 | # defined_tag_list_by_ns = { 42 | # "\"Oracle-Recommended-Tags\"" = [ 43 | # "\"ResourceOwner\": \"paritosh\"", 44 | # "\"ResourceType\": \"DevResource\"", 45 | # ] 46 | # "\"OracleInternalReserved\"" = [ 47 | # "\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"", 48 | # ] 49 | # } 50 | 51 | defined_tags_by_ns = { for ns, tag_list in local.defined_tag_list_by_ns : ns => "{ ${join(", ", [for tag in tag_list : "${tag}"])} }" } 52 | # defined_tags_by_ns = { 53 | # "\"Oracle-Recommended-Tags\"" = "{\"ResourceOwner\": \"paritosh\"}, {\"ResourceType\": \"DevResource\"}" 54 | # "\"OracleInternalReserved\"" = "{\"OwnerEmail\": \"paritosh.paliwal@oracle.com\"}" 55 | # } 56 | 57 | defined_tags_list = [for ns, tags in local.defined_tags_by_ns : "{${ns} : ${tags}}"] 58 | # defined_tags_list = [ 59 | # "{\"Oracle-Recommended-Tags\" : { \"ResourceOwner\": \"paritosh\", \"ResourceType\": \"DevResource\" }}", 60 | # "{\"OracleInternalReserved\" : { \"OwnerEmail\": \"paritosh.paliwal@oracle.com\" }}", 61 | 62 | defined_tags_string = "[${join(", ", local.defined_tags_list)}]" 63 | # defined_tags_string = "[{\"Oracle-Recommended-Tags\" : { \"ResourceOwner\": \"paritosh\", \"ResourceType\": \"DevResource\" }}, {\"OracleInternalReserved\" : { \"OwnerEmail\": \"paritosh.paliwal@oracle.com\" }}]" 64 | 65 | } 66 | 67 | output "defined_tags_string" { 68 | value = local.defined_tags_string 69 | } 70 | 71 | output "freeform_tags_string" { 72 | value = local.freeform_tags_string 73 | } 74 | 75 | # # Debug Outputs 76 | 77 | # output "tags" { 78 | # value = var.tags 79 | # } 80 | 81 | # output "freeform_tags" { 82 | # value = local.freeform_tags 83 | # } 84 | 85 | 86 | 87 | # output "defined_tags" { 88 | # value = local.defined_tags 89 | # } 90 | 91 | # output "defined_tag_list_by_ns" { 92 | # value = local.defined_tag_list_by_ns 93 | # } 94 | 95 | # output "defined_tags_by_ns" { 96 | # value = local.defined_tags_by_ns 97 | # } 98 | 99 | # output "defined_tags_list" { 100 | # value = local.defined_tags_list 101 | # } -------------------------------------------------------------------------------- /terraform/modules/mgmt_agent/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/modules/rms_pe/required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/modules/rms_pe/rms-debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -------------------------------------------------------------------------------- /terraform/modules/rms_pe/rms-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # # RMS private endpoint OCID provided by user 5 | variable "private_endpoint_ocid" { 6 | type = string 7 | # Not a User Facing Error 8 | validation { 9 | condition = var.private_endpoint_ocid == null ? true : length(regexall("^ocid1\\.ormprivateendpoint\\S*$", var.private_endpoint_ocid)) > 0 10 | error_message = "Incorrect format: var.private_endpoint_ocid" 11 | } 12 | } 13 | 14 | # OCI Subnet OCID provided by user 15 | variable "oke_subnet_ocid" { 16 | type = string 17 | # Not a User Facing Error 18 | validation { 19 | condition = var.oke_subnet_ocid == null ? true : length(regexall("^ocid1\\.subnet\\S*$", var.oke_subnet_ocid)) > 0 20 | error_message = "Incorrect format: var.oke_subnet_ocid" 21 | } 22 | } 23 | 24 | # Compartment to host RMS private endpoint 25 | variable "pe_compartment_ocid" { 26 | type = string 27 | } 28 | 29 | # OKE Cluster Private IP Address 30 | variable "private_ip_address" { 31 | type = string 32 | nullable = false 33 | } 34 | 35 | # OKE Cluster OCID 36 | variable "oke_vcn_ocid" { 37 | type = string 38 | } 39 | 40 | # OCI Tags 41 | variable "tags" { 42 | type = object({ freeformTags = map(string), definedTags = map(string) }) 43 | default = { "freeformTags" = {}, "definedTags" = {} } 44 | } 45 | 46 | # Save data resources in local_file for debug purposes 47 | variable "debug" { 48 | type = bool 49 | default = false 50 | } -------------------------------------------------------------------------------- /terraform/modules/rms_pe/rms-outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "private_endpoint_reachable_ip" { 5 | value = data.oci_resourcemanager_private_endpoint_reachable_ip.reachable_ip.ip_address 6 | } -------------------------------------------------------------------------------- /terraform/modules/rms_pe/rms_pe.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | private_endpoint_ocid = var.private_endpoint_ocid == null ? oci_resourcemanager_private_endpoint.rms_pe[0].id : var.private_endpoint_ocid 6 | } 7 | 8 | # https://docs.oracle.com/en-us/iaas/api/#/en/resourcemanager/20180917/PrivateEndpoint/ 9 | resource "oci_resourcemanager_private_endpoint" "rms_pe" { 10 | count = var.private_endpoint_ocid == null ? 1 : 0 11 | compartment_id = var.pe_compartment_ocid 12 | display_name = "oci-kubernetes-monitoring" 13 | vcn_id = var.oke_vcn_ocid 14 | subnet_id = var.oke_subnet_ocid 15 | 16 | # tags 17 | defined_tags = var.tags.definedTags 18 | freeform_tags = var.tags.freeformTags 19 | 20 | lifecycle { 21 | ignore_changes = [defined_tags, freeform_tags] 22 | # Not a User Facing Error 23 | precondition { 24 | condition = var.oke_subnet_ocid != null 25 | error_message = <<-EOT 26 | Cause : This is likely a logical error with the terraform module. 27 | Fix : Report the issue at https://github.com/oracle-quickstart/oci-kubernetes-monitoring/issues 28 | Error : var.oke_subnet_ocid is NULL in rme_pe module 29 | EOT 30 | } 31 | } 32 | } 33 | 34 | data "oci_core_subnet" "oke_subnet" { 35 | count = var.oke_subnet_ocid != null ? 1 : 0 36 | subnet_id = var.oke_subnet_ocid 37 | 38 | lifecycle { 39 | # User Facing Error 40 | postcondition { 41 | condition = self.vcn_id == var.oke_vcn_ocid 42 | error_message = "Invalid Subnet. Subnet must be part of OKE cluster's VCN." 43 | } 44 | } 45 | } 46 | 47 | data "oci_resourcemanager_private_endpoint" "rms_pe" { 48 | count = var.private_endpoint_ocid != null ? 1 : 0 49 | private_endpoint_id = var.private_endpoint_ocid 50 | 51 | lifecycle { 52 | # User Facing Error 53 | postcondition { 54 | condition = self.vcn_id == var.oke_vcn_ocid 55 | error_message = "Invalid Subnet. Private Endpoint must be configured with OKE cluster's VCN." 56 | } 57 | } 58 | } 59 | 60 | data "oci_resourcemanager_private_endpoint_reachable_ip" "reachable_ip" { 61 | private_endpoint_id = local.private_endpoint_ocid 62 | private_ip = var.private_ip_address 63 | } -------------------------------------------------------------------------------- /terraform/oke/charts: -------------------------------------------------------------------------------- 1 | ../../charts -------------------------------------------------------------------------------- /terraform/oke/modules: -------------------------------------------------------------------------------- 1 | ../modules/ -------------------------------------------------------------------------------- /terraform/oke/oci_images.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -------------------------------------------------------------------------------- /terraform/oke/providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | ##### Note ##### 5 | ## Locals, resources and provider in this file should not depend on any other file 6 | ## so that we can move providers.tf file to a main module when it's required to run main module independent of the stack 7 | ## TODO: Main module should be able to execute idependenlty of the stack. 8 | ## - This requirement is not met yet and is Work in progress. 9 | ##### Note ##### 10 | 11 | locals { 12 | # OCI Provider config 13 | home_region_key = data.oci_identity_tenancy.tenant_details.home_region_key 14 | home_region = [for r in data.oci_identity_regions.region_map.regions : r.name if r.key == local.home_region_key][0] 15 | 16 | 17 | # Helm provider config 18 | oke_host = yamldecode(data.oci_containerengine_cluster_kube_config.oke.content)["clusters"][0]["cluster"]["server"] 19 | 20 | cluster_private_ip_port = replace(local.oke_host, "https://", "") 21 | cluster_private_ip = split(":", local.cluster_private_ip_port)[0] 22 | cluster_private_port = split(":", local.cluster_private_ip_port)[1] 23 | 24 | oke_cert = base64decode(yamldecode(data.oci_containerengine_cluster_kube_config.oke.content)["clusters"][0]["cluster"]["certificate-authority-data"]) 25 | 26 | kube_config = { 27 | host = local.use_rms_private_endpoint ? "https://${module.rms_private_endpoint[0].private_endpoint_reachable_ip}:${local.cluster_private_port}" : local.oke_host 28 | cluster_ca_certificate = local.use_rms_private_endpoint ? null : local.oke_cert 29 | cluster_id = var.oke_cluster_ocid #yamldecode(data.oci_containerengine_cluster_kube_config.oke.content)["users"][0]["user"]["exec"]["args"][4] 30 | cluster_region = var.region #yamldecode(data.oci_containerengine_cluster_kube_config.oke.content)["users"][0]["user"]["exec"]["args"][6] 31 | insecure = local.use_rms_private_endpoint 32 | } 33 | } 34 | 35 | data "oci_identity_tenancy" "tenant_details" { 36 | tenancy_id = var.tenancy_ocid 37 | } 38 | 39 | data "oci_identity_regions" "region_map" { 40 | } 41 | 42 | data "oci_containerengine_cluster_kube_config" "oke" { 43 | cluster_id = var.oke_cluster_ocid 44 | depends_on = [null_resource.wait-for-oke-active-status[0]] 45 | } 46 | 47 | provider "oci" { 48 | tenancy_ocid = var.boat_auth ? var.boat_tenancy_ocid : var.tenancy_ocid 49 | region = var.region 50 | private_key_path = var.private_key_path 51 | fingerprint = var.fingerprint 52 | user_ocid = var.user_ocid 53 | } 54 | 55 | provider "oci" { 56 | alias = "home_region" 57 | tenancy_ocid = var.boat_auth ? var.boat_tenancy_ocid : var.tenancy_ocid 58 | region = local.home_region 59 | private_key_path = var.private_key_path 60 | fingerprint = var.fingerprint 61 | user_ocid = var.user_ocid 62 | } 63 | 64 | provider "helm" { 65 | kubernetes { 66 | host = local.kube_config.host 67 | cluster_ca_certificate = local.kube_config.cluster_ca_certificate 68 | exec { 69 | api_version = "client.authentication.k8s.io/v1beta1" 70 | args = ["ce", "cluster", "generate-token", "--cluster-id", 71 | local.kube_config.cluster_id, "--region", local.kube_config.cluster_region] 72 | command = "oci" 73 | } 74 | insecure = local.kube_config.insecure 75 | } 76 | } 77 | 78 | provider "local" {} 79 | 80 | provider "external" {} 81 | -------------------------------------------------------------------------------- /terraform/oke/resources/metadata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) 2024, Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | set -e 5 | curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq .regionInfo 6 | # example output => 7 | # echo '{ 8 | # "realmDomainComponent": "oraclecloud.com", 9 | # "realmKey": "oc1", 10 | # "regionIdentifier": "us-phoenix-1", 11 | # "regionKey": "PHX" 12 | # }' -------------------------------------------------------------------------------- /terraform/oke/resources/oke-status-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) 2024, Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | ############################################################ 6 | ## 7 | ## Check the lifecycle-state of OKE cluster [$OKE_OCID] 8 | ## every $CHECK_INTERVAL seconds 9 | ## untill 10 | ## - lifecycle state is "ACTIVE" 11 | ## or 12 | ## - time limit $WAIT_TIME is breached 13 | ## 14 | ## exit with status 0, iff lifecycle-state is "ACTIVE", 15 | ## otherwise exit with status 1 16 | ## 17 | ############################################################ 18 | 19 | # Exit on error 20 | set -e 21 | 22 | # Inputs from ENV is preferred over CLI 23 | if [ -z "${WAIT_TIME}" ]; then WAIT_TIME=$1; fi 24 | if [ -z "${CHECK_INTERVAL}" ]; then CHECK_INTERVAL=$2; fi 25 | if [ -z "${OKE_OCID}" ]; then OKE_OCID=$3; fi 26 | 27 | timer=0 28 | 29 | while true; 30 | do 31 | oke_status=$(oci ce cluster get --cluster-id "$OKE_OCID" --query 'data."lifecycle-state"' --raw-output) 32 | echo -e "OKE status: $oke_status" 33 | 34 | if [[ "$oke_status" == "ACTIVE" ]]; then 35 | echo -e "Returning with success." 36 | break; 37 | fi 38 | 39 | echo -e "Next check scheduled after seconds: $CHECK_INTERVAL" 40 | sleep "$CHECK_INTERVAL" 41 | 42 | (( timer = timer + CHECK_INTERVAL )) 43 | if [ $timer -ge "$WAIT_TIME" ]; then 44 | echo -e "Timeout limit breached: $WAIT_TIME" 45 | echo -e "ERROR: OKE status is not ACTIVE." 46 | exit 1 47 | fi 48 | done 49 | 50 | exit 0 -------------------------------------------------------------------------------- /terraform/oke/ruby_sdk_regions.tf: -------------------------------------------------------------------------------- 1 | 2 | # source: https://github.com/oracle/oci-ruby-sdk/blob/v2.21.1/lib/oci/regions_definitions.rb 3 | # ruby SDK version: 2.21.1 4 | locals { 5 | ruby_sdk_supported_regions = [ 6 | "ap-chuncheon-1", 7 | "ap-hyderabad-1", 8 | "ap-melbourne-1", 9 | "ap-mumbai-1", 10 | "ap-osaka-1", 11 | "ap-seoul-1", 12 | "ap-sydney-1", 13 | "ap-tokyo-1", 14 | "ca-montreal-1", 15 | "ca-toronto-1", 16 | "eu-amsterdam-1", 17 | "eu-frankfurt-1", 18 | "eu-zurich-1", 19 | "me-jeddah-1", 20 | "me-dubai-1", 21 | "sa-saopaulo-1", 22 | "uk-cardiff-1", 23 | "uk-london-1", 24 | "us-ashburn-1", 25 | "us-phoenix-1", 26 | "us-sanjose-1", 27 | "sa-vinhedo-1", 28 | "sa-santiago-1", 29 | "il-jerusalem-1", 30 | "eu-marseille-1", 31 | "ap-singapore-1", 32 | "me-abudhabi-1", 33 | "eu-milan-1", 34 | "eu-stockholm-1", 35 | "af-johannesburg-1", 36 | "eu-paris-1", 37 | "mx-queretaro-1", 38 | "eu-madrid-1", 39 | "us-chicago-1", 40 | "mx-monterrey-1", 41 | "us-saltlake-2", 42 | "sa-bogota-1", 43 | "sa-valparaiso-1", 44 | "us-langley-1", 45 | "us-luke-1", 46 | "us-gov-ashburn-1", 47 | "us-gov-chicago-1", 48 | "us-gov-phoenix-1", 49 | "uk-gov-london-1", 50 | "uk-gov-cardiff-1", 51 | "ap-chiyoda-1", 52 | "ap-ibaraki-1", 53 | "me-dcc-muscat-1", 54 | "ap-dcc-canberra-1", 55 | "eu-dcc-milan-1", 56 | "eu-dcc-milan-2", 57 | "eu-dcc-dublin-2", 58 | "eu-dcc-rating-2", 59 | "eu-dcc-rating-1", 60 | "eu-dcc-dublin-1", 61 | "ap-dcc-gazipur-1", 62 | "eu-madrid-2", 63 | "eu-frankfurt-2", 64 | "eu-jovanovac-1", 65 | "me-dcc-doha-1", 66 | "eu-dcc-zurich-1", 67 | "me-abudhabi-3" 68 | ] 69 | } -------------------------------------------------------------------------------- /terraform/oke/stack-debug.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | resource "local_file" "tenant_details" { 5 | count = var.debug ? 1 : 0 6 | content = jsonencode(data.oci_identity_tenancy.tenant_details) 7 | filename = "${path.module}/tf-debug/tenant_details.json" 8 | } 9 | 10 | resource "local_file" "region_map" { 11 | count = var.debug ? 1 : 0 12 | content = jsonencode(data.oci_identity_regions.region_map) 13 | filename = "${path.module}/tf-debug/region_map.json" 14 | } 15 | 16 | resource "local_file" "kube_config" { 17 | count = var.debug ? 1 : 0 18 | content = yamlencode(yamldecode(data.oci_containerengine_cluster_kube_config.oke.content)) 19 | filename = "${path.module}/tf-debug/kube_config.yaml" 20 | } 21 | 22 | resource "local_file" "oci_containerengine_clusters" { 23 | count = var.debug ? 1 : 0 24 | content = jsonencode(data.oci_containerengine_clusters.oke_clusters) 25 | filename = "${path.module}/tf-debug/oci_containerengine_clusters.json" 26 | } -------------------------------------------------------------------------------- /terraform/oke/stack-input-validations.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | oke_cluster_is_public = local.cluster_data.endpoint_config[0].is_public_ip_enabled 6 | oke_cluster_is_private = !local.oke_cluster_is_public 7 | } 8 | 9 | # Case: User Opt to use private endpoint and deployment option is Full i.e to install helm chart 10 | resource "null_resource" "private_oke_check" { 11 | count = var.connect_via_private_endpoint && local.deploy_helm ? 1 : 0 12 | lifecycle { 13 | # Check: Target OKE cluster should be private 14 | # User Facing Error 15 | precondition { 16 | condition = local.oke_cluster_is_private 17 | error_message = "Invalid input. Using Private Endpoint with public OKE cluster is not allowed." 18 | } 19 | } 20 | } 21 | 22 | # Case: User Opt to NOT use private endpoint OR deployment option is "OCI Resource Only" i.e to not install helm chart 23 | resource "null_resource" "public_oke_check" { 24 | count = !var.connect_via_private_endpoint && local.deploy_helm ? 1 : 0 25 | lifecycle { 26 | # Check: Target OKE cluster is public 27 | # User Facing Error 28 | precondition { 29 | condition = local.oke_cluster_is_public 30 | error_message = "Missing Input. \"OKE cluster is private\" checkbox must be selected to monitor a private OKE cluster." 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /terraform/oke/stack-inputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # When defined in the Terraform configuration, the following variables automatically prepopulate with values on the Console pages used to create and edit the stack. 5 | # The stack's values are used when you select the Terraform actions Plan, Apply, and Destroy. 6 | # - tenancy_ocid (tenancy OCID) 7 | # - region (region) 8 | # 9 | # Ref - https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/terraformconfigresourcemanager_topic-schema.htm#console-howto__prepop 10 | 11 | #### 12 | ## Provider Variables 13 | #### 14 | 15 | variable "tenancy_ocid" { 16 | type = string 17 | } 18 | 19 | variable "region" { 20 | type = string 21 | } 22 | 23 | variable "user_ocid" { 24 | type = string 25 | default = "" 26 | } 27 | 28 | variable "private_key_path" { 29 | type = string 30 | default = "" 31 | } 32 | 33 | variable "fingerprint" { 34 | type = string 35 | default = "" 36 | } 37 | 38 | #### 39 | ## Boat configuration - Used for internal development purpose only. 40 | #### 41 | 42 | # Option to enable BOAT authentication. 43 | variable "boat_auth" { 44 | type = bool 45 | default = false 46 | } 47 | 48 | # OCID of BOAT tenancy. 49 | variable "boat_tenancy_ocid" { 50 | type = string 51 | default = "" 52 | } 53 | 54 | #### 55 | ## Stack Variable - Auto-populated while running RM Stack 56 | #### 57 | 58 | # Stack compartment - where marketplace app / Resource Manager stack is executed 59 | variable "compartment_ocid" { 60 | type = string 61 | default = "" 62 | } 63 | 64 | # OCID of user running the marketplace app / Resource Manager stack 65 | variable "current_user_ocid" { 66 | type = string 67 | default = "" 68 | } 69 | 70 | #### 71 | ## Hidden Inputs 72 | #### 73 | 74 | # [Hidden input] 75 | # OKE Cluster Name 76 | variable "oke_cluster_name" { 77 | type = string 78 | default = null 79 | # User Facing Error 80 | validation { 81 | condition = var.oke_cluster_name == null ? true : length(regexall("(^\\S.*$|^$)", var.oke_cluster_name)) > 0 82 | error_message = "Invalid oke_cluster_name" 83 | } 84 | } 85 | 86 | #### [Section] 87 | ## Select an OKE cluster deployed in this region to start monitoring 88 | #### 89 | 90 | # OKE Cluster Compartment 91 | variable "oke_compartment_ocid" { 92 | type = string 93 | } 94 | 95 | # OKE Cluster OCID 96 | variable "oke_cluster_ocid" { 97 | type = string 98 | } 99 | 100 | # OKE Cluster OCID 101 | variable "connect_via_private_endpoint" { 102 | type = bool 103 | default = false 104 | } 105 | 106 | # OKE Cluster OCID 107 | variable "oke_subnet_or_pe_ocid" { 108 | type = string 109 | default = null 110 | 111 | # User Facing Error 112 | validation { 113 | condition = var.oke_subnet_or_pe_ocid == null ? true : length(regexall("^ocid1\\.(subnet|ormprivateendpoint)\\.[a-z,0-9]+\\.[-a-z0-9]+\\.[.a-z0-9]+$", var.oke_subnet_or_pe_ocid)) > 0 114 | error_message = "Invalid subnet ocid or private endpoint ocid." 115 | } 116 | } 117 | 118 | #### [Section] 119 | ## Create Dynamic Group and Policy (tenancy level admin access required) 120 | #### 121 | 122 | # New Dropdown option for Dynamic Group and Policies 123 | variable "dropdown_create_dynamic_group_and_policies" { 124 | type = string 125 | } 126 | 127 | #### [Section] 128 | ## OCI Observability and Management Services Configuration 129 | #### 130 | 131 | # Compartment for creating OCI Observability and Management resources 132 | variable "oci_onm_compartment_ocid" { 133 | type = string 134 | } 135 | 136 | # Option to create Logging Analytics 137 | variable "opt_create_new_la_log_group" { 138 | type = bool 139 | default = false 140 | } 141 | 142 | # OCI Logging Analytics LogGroup OCID 143 | variable "oci_la_log_group_ocid" { 144 | type = string 145 | default = null 146 | } 147 | 148 | # New Log Group to collect Kubernetes data 149 | variable "oci_la_log_group_name" { 150 | type = string 151 | default = null 152 | 153 | # User Facing Error 154 | validation { 155 | condition = var.oci_la_log_group_name == null ? true : var.oci_la_log_group_name == "" || ( 156 | length(regexall("^\\S.*\\S$", var.oci_la_log_group_name)) > 0) 157 | error_message = "Invalid log group name." 158 | } 159 | } 160 | 161 | # Option to create Logging Analytics 162 | variable "opt_create_oci_la_entity" { 163 | type = bool 164 | default = true 165 | } 166 | 167 | # OKE Cluster Entity OCID 168 | variable "oke_cluster_entity_ocid" { 169 | type = string 170 | default = null 171 | 172 | # User Facing Error 173 | validation { 174 | condition = var.oke_cluster_entity_ocid == null ? true : length(regexall("^(ocid1\\.loganalyticsentity\\.\\S+)$", var.oke_cluster_entity_ocid)) > 0 ? true : false 175 | error_message = "Invalid OCI Logging Analytics entity OCID" 176 | } 177 | } 178 | 179 | # Option to import dashboards 180 | variable "opt_import_dashboards" { 181 | type = bool 182 | default = true 183 | } 184 | 185 | #### [Section] 186 | ## Advanced Configuration 187 | #### 188 | 189 | # Stack Deployment Options 190 | variable "stack_deployment_option" { 191 | type = string 192 | default = "Full" 193 | } 194 | 195 | # Enable service logs collection for OKE infra components 196 | variable "enable_service_log" { 197 | type = bool 198 | default = false 199 | } 200 | 201 | # Helm Chart version to deploy 202 | variable "helm_chart_version" { 203 | type = string 204 | default = null 205 | } 206 | 207 | # Option to deploy metric server 208 | variable "opt_deploy_metric_server" { 209 | type = bool 210 | default = true 211 | } 212 | 213 | # Fluentd Base Directory 214 | variable "fluentd_base_dir_path" { 215 | type = string 216 | default = "/var/log" 217 | } 218 | 219 | # tags 220 | variable "tags" { 221 | type = object({ freeformTags = map(string), definedTags = map(string) }) 222 | default = { "freeformTags" = {}, "definedTags" = {} } 223 | } 224 | 225 | # delay - adds wait (seconds) before creating resources 226 | variable "delay_in_seconds" { 227 | type = number 228 | default = 0 229 | } 230 | 231 | # This var is not used in stack 232 | # Purpose: to display stack version on UI without being able to execute it 233 | variable "template_id" { 234 | type = string 235 | default = null 236 | } 237 | 238 | #### [Section] 239 | ## Development Options 240 | #### 241 | 242 | variable "toggle_use_local_helm_chart" { 243 | type = string 244 | default = false 245 | } 246 | 247 | # Ref - https://confluence.oci.oraclecorp.com/display/TERSI/FAQs#FAQs-Q.HowdoItestonPre-ProdenvironmentORHowdoImakeTerraformproviderpointtocustomControlPlane(CP)endpoint 248 | 249 | variable "CLIENT_HOST_OVERRIDES" { 250 | description = "The client host overrides for the terraform provider." 251 | type = string 252 | default = null 253 | } 254 | 255 | variable "LOGAN_ENDPOINT" { 256 | description = "Logging Analytics Endpoint." 257 | type = string 258 | default = null 259 | } 260 | 261 | variable "debug" { 262 | description = "Generate Debug Resources." 263 | type = bool 264 | default = false 265 | } -------------------------------------------------------------------------------- /terraform/oke/stack-outputs.tf: -------------------------------------------------------------------------------- 1 | # # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #### 5 | ## Stack outputs 6 | #### 7 | 8 | output "cmd_1_helm_repo_add" { 9 | value = module.main.cmd_1_helm_repo_add 10 | } 11 | 12 | output "cmd_2_helm_repo_update" { 13 | value = module.main.cmd_2_helm_repo_update 14 | } 15 | 16 | output "cmd_3_helm_install" { 17 | value = module.main.cmd_3_helm_install 18 | } 19 | 20 | output "oke_cluster_entity_ocid" { 21 | value = module.main.oke_cluster_entity_ocid 22 | } 23 | 24 | output "oke_dynamic_group_ocid" { 25 | value = module.main.oke_dynamic_group_ocid 26 | } 27 | 28 | output "oke_monitoring_policy_ocid" { 29 | value = module.main.oke_monitoring_policy_ocid 30 | } 31 | 32 | output "oci_la_namespace" { 33 | value = module.main.oci_la_namespace 34 | } 35 | 36 | output "oci_la_log_group_ocid" { 37 | value = module.main.oci_la_log_group_ocid 38 | } 39 | 40 | output "mgmt_agent_install_key" { 41 | value = module.main.mgmt_agent_install_key 42 | } -------------------------------------------------------------------------------- /terraform/oke/stack-required-providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.2.0, < 1.3.0" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | version = "~> 5.46" 10 | } 11 | helm = { 12 | source = "hashicorp/helm" 13 | version = "~> 2.7" 14 | } 15 | local = { 16 | source = "hashicorp/local" 17 | version = "~> 2.5.1" 18 | } 19 | time = { 20 | source = "hashicorp/time" 21 | version = "0.12.0" 22 | } 23 | external = { 24 | source = "hashicorp/external" 25 | version = "2.3.4" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /terraform/oke/stack.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | locals { 5 | # OKE Status Check Script Params 6 | oke_status_check = true 7 | timeout = 600 8 | interval = 60 9 | 10 | # Resolve Null string --> "" inputs 11 | oke_cluster_entity_ocid = var.oke_cluster_entity_ocid == "" ? null : var.oke_cluster_entity_ocid 12 | helm_chart_version = var.helm_chart_version == "" ? null : var.helm_chart_version 13 | oci_la_log_group_name = var.oci_la_log_group_name == "" ? null : var.oci_la_log_group_name 14 | oke_cluster_name = var.oke_cluster_name == "" ? null : var.oke_cluster_name 15 | 16 | # Following regex checks identifies the type of resource ocid entered by stack user 17 | user_entered_subnet_ocid = var.oke_subnet_or_pe_ocid == null ? false : length( 18 | regexall("^ocid1\\.subnet\\.\\S+$", var.oke_subnet_or_pe_ocid)) > 0 19 | 20 | user_entered_pe_ocid = var.oke_subnet_or_pe_ocid == null ? false : length( 21 | regexall("^ocid1\\.ormprivateendpoint\\.\\S+$", var.oke_subnet_or_pe_ocid)) > 0 22 | 23 | # One of the following locals is expected to be null because of different regex checks 24 | oke_subnet_ocid = local.user_entered_subnet_ocid ? var.oke_subnet_or_pe_ocid : null 25 | oke_pe_ocid = local.user_entered_pe_ocid ? var.oke_subnet_or_pe_ocid : null 26 | 27 | # IAM Controls 28 | create_dg_and_policy = var.dropdown_create_dynamic_group_and_policies == "Create required IAM resources as part of the stack" 29 | 30 | # Helm controls 31 | deploy_helm = var.stack_deployment_option == "Full" ? true : false 32 | 33 | # RMS Private Endpoint 34 | use_rms_private_endpoint = var.connect_via_private_endpoint && local.deploy_helm 35 | 36 | all_clusters_in_compartment = data.oci_containerengine_clusters.oke_clusters.clusters 37 | cluster_data = [for c in local.all_clusters_in_compartment : c if c.id == var.oke_cluster_ocid][0] 38 | 39 | # Dev Only Input; Keep it - false in production 40 | ruby_sdk_not_available_test = false 41 | 42 | is_ruby_sdk_supported = local.ruby_sdk_not_available_test ? false : contains(local.ruby_sdk_supported_regions, var.region) 43 | 44 | domain = local.is_ruby_sdk_supported ? null : data.external.metadata[0].result.realmDomainComponent 45 | oci_domain = local.is_ruby_sdk_supported ? null : "${var.region}.oci.${local.domain}" 46 | } 47 | 48 | data "oci_containerengine_clusters" "oke_clusters" { 49 | compartment_id = var.oke_compartment_ocid 50 | } 51 | 52 | data "external" "metadata" { 53 | count = local.is_ruby_sdk_supported ? 0 : 1 54 | program = ["bash", "${path.module}/resources/metadata.sh"] 55 | } 56 | 57 | resource "null_resource" "wait-for-oke-active-status" { 58 | count = local.oke_status_check ? 1 : 0 59 | provisioner "local-exec" { 60 | command = "bash ${path.module}/resources/oke-status-check.sh" 61 | environment = { 62 | WAIT_TIME = local.timeout 63 | CHECK_INTERVAL = local.interval 64 | OKE_OCID = var.oke_cluster_ocid 65 | } 66 | working_dir = path.module 67 | } 68 | } 69 | 70 | resource "time_sleep" "wait" { 71 | depends_on = [null_resource.wait-for-oke-active-status] 72 | create_duration = "${floor(var.delay_in_seconds)}s" 73 | } 74 | 75 | # Create a new private endpoint or uses an existing one 76 | # Returns a reachable ip address to access private OKE cluster 77 | module "rms_private_endpoint" { 78 | count = local.use_rms_private_endpoint ? 1 : 0 79 | source = "./modules/rms_pe" 80 | 81 | oke_subnet_ocid = local.oke_subnet_ocid 82 | private_endpoint_ocid = local.oke_pe_ocid 83 | private_ip_address = local.cluster_private_ip 84 | pe_compartment_ocid = var.oci_onm_compartment_ocid 85 | oke_vcn_ocid = local.cluster_data.vcn_id 86 | 87 | tags = var.tags 88 | debug = false 89 | 90 | depends_on = [time_sleep.wait] 91 | } 92 | 93 | # Create OCI resources for the helm chart 94 | # Deploys oci-onm helm chart in target cluster 95 | module "main" { 96 | source = "./modules/main" 97 | 98 | tenancy_ocid = var.tenancy_ocid 99 | region = var.region 100 | 101 | # shared inputs 102 | debug = var.debug 103 | oci_onm_compartment_ocid = var.oci_onm_compartment_ocid 104 | oke_compartment_ocid = var.oke_compartment_ocid 105 | oke_cluster_ocid = var.oke_cluster_ocid 106 | 107 | # tags 108 | tags = var.tags 109 | 110 | # IAM 111 | opt_create_dynamicGroup_and_policies = local.create_dg_and_policy 112 | 113 | # Dashboards 114 | opt_import_dashboards = var.opt_import_dashboards 115 | 116 | # Logan 117 | opt_create_new_la_log_group = var.opt_create_new_la_log_group 118 | log_group_name = local.oci_la_log_group_name 119 | log_group_ocid = var.oci_la_log_group_ocid 120 | 121 | oke_cluster_entity_ocid = var.opt_create_oci_la_entity ? null : local.oke_cluster_entity_ocid 122 | 123 | # Helm 124 | # kubernetes_namespace = "oci-onm" 125 | install_helm_chart = local.deploy_helm 126 | helm_chart_version = local.helm_chart_version 127 | opt_deploy_metric_server = var.opt_deploy_metric_server 128 | fluentd_base_dir_path = var.fluentd_base_dir_path 129 | kubernetes_cluster_id = var.oke_cluster_ocid 130 | kubernetes_cluster_name = local.oke_cluster_name 131 | path_to_local_onm_helm_chart = "${path.module}/charts/oci-onm/" 132 | oci_domain = local.oci_domain 133 | toggle_use_local_helm_chart = var.toggle_use_local_helm_chart 134 | enable_service_log = var.enable_service_log 135 | LOGAN_ENDPOINT = var.LOGAN_ENDPOINT 136 | 137 | # As two sets of OCI providers are required in child module (main), we must pass all providers explicitly 138 | # Ref - https://developer.hashicorp.com/terraform/language/modules/develop/providers#passing-providers-explicitly 139 | providers = { 140 | oci.home_region = oci.home_region 141 | oci = oci 142 | local = local 143 | helm = helm 144 | } 145 | 146 | depends_on = [time_sleep.wait] 147 | } -------------------------------------------------------------------------------- /terraform/oke/terraform-sample.tfvars: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | ################################################################################ 5 | # About Comments: 6 | # Comments that starts with "//" are instruction 7 | # Comments that start with "#" are alternate input options 8 | # 9 | ################################################################################ 10 | 11 | // Mandatory OCI provider inputs 12 | tenancy_ocid = "" 13 | region = "" 14 | 15 | // Set following inputs when not using instance principal authentication 16 | # user_ocid = 17 | # private_key_path = 18 | # fingerprint = 19 | 20 | oke_compartment_ocid = "" 21 | oke_cluster_ocid = "" 22 | 23 | dropdown_create_dynamic_group_and_policies = "Create required IAM resources as part of the stack" 24 | # dropdown_create_dynamic_group_and_policies = "I have already created the required IAM resources" 25 | 26 | // This is the compartment in which dashboards, log group, entity, Management Agent key, metric namespace, and other related OCI resources are created. 27 | // For the full list of resources, see https://github.com/oracle-quickstart/oci-kubernetes-monitoring 28 | oci_onm_compartment_ocid = "" 29 | 30 | opt_create_new_la_log_group = true 31 | oci_la_log_group_name = "" # Optional: A LogGroup with ClusterName_ClusterCreationTimeStamp is auto created when empty sting is passed 32 | // Alternative option for LogGroup: 33 | # opt_create_new_la_log_group = false 34 | # oci_la_log_group_ocid = "" 35 | 36 | opt_create_oci_la_entity = true 37 | // Alternative option for Entity: 38 | # opt_create_oci_la_entity = false 39 | # oke_cluster_entity_ocid = "" 40 | 41 | // If you opt to import dashboards: 42 | // Ensure to manually delete the dashboards when you destroy the resources since the dashboards are not deleted automatically. 43 | 44 | opt_import_dashboards = false 45 | # opt_import_dashboards = true 46 | 47 | // Select "Only OCI Resources" to skip helm chart installation on to your OKE cluster. 48 | // Manually install the helm chart using the helm commands provided in the stack output. 49 | 50 | stack_deployment_option = "Full" 51 | # stack_deployment_option = "Only OCI Resources" 52 | 53 | // Example, 3.3.0. For the list of releases, see https://github.com/oracle-quickstart/oci-kubernetes-monitoring/releases 54 | // If not provided, then the latest oci-onm helm chart version is deployed. 55 | // However, if you need to upgrade to a newer version, then you must provide a version number here. 56 | 57 | helm_chart_version = "" 58 | 59 | opt_deploy_metric_server = true 60 | # opt_deploy_metric_server = false 61 | 62 | fluentd_base_dir_path = "/var/log" 63 | 64 | // Optional tags input example 65 | # tags = { 66 | # "freeformTags" = { "service" = "logan" }, 67 | # "definedTags" = { 68 | # "Oracle-Recommended-Tags.ResourceOwner" = "John Doe", 69 | # "Oracle-Recommended-Tags.ResourceType" = "O&M" 70 | # } 71 | # } -------------------------------------------------------------------------------- /terraform/oke/version.auto.tfvars: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # The "template_id" is only to identity the version of template in a particular production region. 5 | # This version does not control the version of the template to be used by the stack. 6 | # This is auto managed by build script 7 | template_id = "COMMIT_ID_PLACEHOLDER" -------------------------------------------------------------------------------- /util/build_oke_infra_logs_collection_stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Fail at first error 4 | set -e 5 | 6 | # Helper Functions 7 | 8 | function log { 9 | echo -e "$(date) $1" 10 | } 11 | 12 | function error_and_exit { 13 | log "$1" 14 | exit 1 15 | } 16 | 17 | function abspath { 18 | relative_path=$1 19 | cd "$relative_path" || error_and_exit "Absolute path conversion failed: $relative_path" 20 | pwd 21 | } 22 | 23 | UTIL_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) 24 | ROOT_DIR="$UTIL_DIR/.." 25 | ROOT_DIR=$(abspath "$ROOT_DIR") # Convert to absolute path 26 | STACK_DIR=$ROOT_DIR/oke-infra-logs-collection 27 | 28 | BUILD_DIR="$ROOT_DIR/releases" 29 | STACK_ZIP="$BUILD_DIR/service-connector.zip" 30 | STACK_B64="$BUILD_DIR/service-connector.base64" 31 | 32 | if [[ ! -d $BUILD_DIR ]]; then mkdir $BUILD_DIR && log "Created: $BUILD_DIR"; fi 33 | if [[ -f $STACK_ZIP ]]; then rm $STACK_ZIP && log "Deleted Old: $STACK_ZIP"; fi 34 | if [[ -f $STACK_B64 ]]; then rm $STACK_B64 && log "Deleted Old: $STACK_B64"; fi 35 | 36 | cd $STACK_DIR 37 | 38 | zip $STACK_ZIP \ 39 | filter-logs.py \ 40 | main.tf \ 41 | provider.tf \ 42 | outputs.tf \ 43 | inputs.tf \ 44 | debug.tf #>> /dev/null 45 | 46 | # echo $? 47 | 48 | if [ $? -eq 0 ]; then 49 | log "Created New: $STACK_ZIP" 50 | fi 51 | 52 | base64 -i $STACK_ZIP -o "$STACK_B64" && log "Created New: $STACK_B64" 53 | 54 | log "Build Success.\n" 55 | # cat "$STACK_B64" -------------------------------------------------------------------------------- /util/build_stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) 2023, 2024, Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | # Bash script to build OCI Resource Manager Stack or Marketplace app for OKE monitoring 6 | 7 | # Fail at first error 8 | set -e 9 | 10 | SILENT_MODE=false 11 | GENERATE_BASE64_ARTIFACT=false 12 | 13 | function log { 14 | if [ "$SILENT_MODE" = false ]; then 15 | echo -e "$1" 16 | fi 17 | } 18 | 19 | # Helper Functions 20 | function error_and_exit { 21 | log "$1" 22 | exit 1 23 | } 24 | 25 | function abspath { 26 | relative_path=$1 27 | cd "$relative_path" || error_and_exit "Absolute path conversion failed: $relative_path" 28 | pwd 29 | } 30 | 31 | # define dir 32 | UTIL_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) 33 | ROOT_DIR="$UTIL_DIR/.." 34 | ROOT_DIR=$(abspath "$ROOT_DIR") # Convert to absolute path 35 | 36 | RELEASE_PATH="$ROOT_DIR/releases" 37 | UTIL_PATH="$ROOT_DIR/util" 38 | BUILD_ZIP="${UTIL_PATH}/temp.zip" 39 | BUILD_DIR="${UTIL_PATH}/temp" 40 | 41 | HELM_SOURCE="$BUILD_DIR/charts" 42 | MODULES_SOURCE="$BUILD_DIR/terraform/modules" 43 | 44 | STACK_BUILD_PATH="$BUILD_DIR/terraform/oke" 45 | HELM_SYMLINK="$STACK_BUILD_PATH/charts" 46 | TEMPLATE_ID_FILE="$STACK_BUILD_PATH/version.auto.tfvars" 47 | MODULES_SYMLINK="$STACK_BUILD_PATH/modules" 48 | 49 | # Usage Instructions 50 | usage=" 51 | $(basename "$0") [-h][-n name][-d][-s][-b] -- program to build OCI RMS stack zip file using oracle-quickstart/oci-kubernetes-monitoring repo. 52 | 53 | where: 54 | -h show this help text 55 | -n name of output zip file without extention (Optional) 56 | -d flag to generate dev build; contains local helm chart 57 | -s flag to turn-off output; only final build file path is printed to stdout 58 | -b flag to generate additional base64 string of stack 59 | 60 | The zip artifacts shall be stored at - 61 | $RELEASE_PATH" 62 | 63 | # Parse inputs 64 | while getopts "hn:dsb" option; do 65 | case $option in 66 | h) # display Help 67 | echo "$usage" 68 | exit 69 | ;; 70 | n) 71 | release_name=$OPTARG 72 | ;; 73 | d) 74 | INCLUDE_LOCAL_HELM=true 75 | ;; 76 | s) # Run SILENT_MODE 77 | SILENT_MODE=true 78 | ;; 79 | b) # Run SILENT_MODE 80 | GENERATE_BASE64_ARTIFACT=true 81 | ;; 82 | :) printf "missing argument for -%s\n" "$OPTARG" >&2 83 | echo "$usage" >&2 84 | exit 1 85 | ;; 86 | \?) printf "illegal option: -%s\n" "$OPTARG" >&2 87 | echo "$usage" >&2 88 | exit 1 89 | ;; 90 | esac 91 | done 92 | 93 | # Decide on final zip name 94 | if test -z "${release_name}"; then 95 | PREFIX="oke"; 96 | 97 | if [ -n "$INCLUDE_LOCAL_HELM" ]; then 98 | HELM_MODE="local-helm" 99 | else 100 | HELM_MODE="remote-helm" 101 | fi 102 | 103 | BRANCH=$(git symbolic-ref --short HEAD) 104 | # replace / in branch names; required for zip step further 105 | BRANCH=$(echo "$BRANCH" | sed 's/\//_/g') 106 | COMMIT_HASH_SHORT=$(git rev-parse --short HEAD) 107 | COMMIT_COUNT=$(git rev-list --count HEAD) 108 | 109 | release_name="${PREFIX}-${HELM_MODE}-${BRANCH}-${COMMIT_HASH_SHORT}-${COMMIT_COUNT}" 110 | fi 111 | 112 | RELEASE_ZIP="${RELEASE_PATH}/${release_name}.zip" 113 | BASE64_ARTIFACT="${RELEASE_PATH}/${release_name}.base64" 114 | 115 | # Disclaimer 116 | log "\nDisclaimers - \n" 117 | if [ -n "$INCLUDE_LOCAL_HELM" ]; then 118 | log "\t-d option passed - local helm-chart files will be part of stack zip" 119 | else 120 | log "\t-d option NOT passed - local helm-chart files will NOT be part of stack zip" 121 | fi 122 | 123 | # Start 124 | log "\nBuilding -\n" 125 | 126 | # Clean up stale temp build dirs and zip file 127 | rm "$BUILD_ZIP" 2>/dev/null || : 128 | rm -rf "$BUILD_DIR" 2>/dev/null || : 129 | 130 | # Create a release DIR if it does not exist already. 131 | if test ! -d "$RELEASE_PATH"; then 132 | mkdir "${RELEASE_PATH}" || error_and_exit "ERROR: mkdir ${RELEASE_PATH}" 133 | log "Created release direcotory - \$PROJECT_HOME/releases" 134 | fi 135 | 136 | # Clean up old artifacts 137 | rm "${RELEASE_ZIP}" 2>/dev/null && log "Removed old zip artifact - ${RELEASE_ZIP}" 138 | rm "${BASE64_ARTIFACT}" 2>/dev/null && log "Removed old base64 artifact - ${BASE64_ARTIFACT}" 139 | 140 | # Switch to project's root for git archive 141 | cd "$ROOT_DIR" || error_and_exit "ERROR: cd $ROOT_DIR" 142 | 143 | # Create git archive as temp.zip 144 | git archive HEAD -o "$BUILD_ZIP" --format=zip >/dev/null || error_and_exit "ERROR: git archive HEAD -o $BUILD_ZIP --format=zip" 145 | log "Created git archive - $BUILD_ZIP" 146 | 147 | # Unzip the temp.zip file 148 | unzip -d "$BUILD_DIR" "$BUILD_ZIP" >/dev/null || error_and_exit "ERROR: unzip -d $BUILD_DIR $BUILD_ZIP" 149 | log "Unzipped git archive - $BUILD_DIR" 150 | 151 | # Remove the helm-chart symlink 152 | rm "$HELM_SYMLINK" || error_and_exit "ERROR: rm $HELM_SYMLINK" 153 | log "Removed helm-chart symlink - $HELM_SYMLINK" 154 | 155 | if [ -n "$INCLUDE_LOCAL_HELM" ]; then 156 | # copy the helm-chart 157 | cp -R "$HELM_SOURCE" "$STACK_BUILD_PATH" || error_and_exit "ERROR: cp -R $HELM_SOURCE $STACK_BUILD_PATH" 158 | log "Copied helm-chart at - $STACK_BUILD_PATH" 159 | fi 160 | 161 | # Remove the terraform modules symlink 162 | rm "$MODULES_SYMLINK" || error_and_exit "ERROR: rm $MODULES_SYMLINK" 163 | log "Removed terraform modules symlink - $MODULES_SYMLINK" 164 | 165 | # Copy the modules 166 | cp -R "$MODULES_SOURCE" "$STACK_BUILD_PATH" || error_and_exit "ERROR: cp -R $MODULES_SOURCE $STACK_BUILD_PATH" 167 | log "Copied terraform modules at - $STACK_BUILD_PATH" 168 | 169 | # Update the version 170 | COMMIT_HASH=$(git rev-parse HEAD) 171 | 172 | # Detect OS 173 | if sed --version >/dev/null 2>&1; then 174 | # Linux (GNU sed) 175 | sed -i "s/COMMIT_ID_PLACEHOLDER/$COMMIT_HASH/g" "$TEMPLATE_ID_FILE" || error_and_exit "ERROR: sed -i \"s/COMMIT_ID_PLACEHOLDER/$COMMIT_HASH/g\" \"$TEMPLATE_ID_FILE\"" 176 | else 177 | # macOS (BSD sed) 178 | sed -i "" "s/COMMIT_ID_PLACEHOLDER/$COMMIT_HASH/g" "$TEMPLATE_ID_FILE" || error_and_exit "ERROR: sed -i \"\" \"s/COMMIT_ID_PLACEHOLDER/$COMMIT_HASH/g\" \"$TEMPLATE_ID_FILE\"" 179 | fi 180 | log "Updated template id - $COMMIT_HASH" 181 | 182 | # Switch back to stack dir 183 | cd "$STACK_BUILD_PATH" || error_and_exit "ERROR: cd $STACK_BUILD_PATH" 184 | 185 | # Create final stack zip 186 | zip -r "${RELEASE_ZIP}" . >/dev/null || error_and_exit "ERROR: zip -r ${RELEASE_ZIP} ." 187 | 188 | # Display Output 189 | log "\nOutput -\n" 190 | log "Stack Created - ${RELEASE_ZIP}" 191 | 192 | # Switch back to util dir 193 | cd "$RELEASE_PATH" || error_and_exit "ERROR: cd $RELEASE_PATH" 194 | 195 | # Clean up stale dirs and files 196 | rm "$BUILD_ZIP" 2>/dev/null || error_and_exit "ERROR: rm $BUILD_ZIP" 197 | rm -rf "$BUILD_DIR" 2>/dev/null || error_and_exit "ERROR: rm -rf $BUILD_DIR" 198 | 199 | if [[ $GENERATE_BASE64_ARTIFACT = true ]]; then 200 | base64 -i "$RELEASE_ZIP" > "$BASE64_ARTIFACT" 201 | log "Base64 Artifact - $BASE64_ARTIFACT" # stdout 202 | fi 203 | 204 | if [[ $SILENT_MODE = true ]]; then 205 | echo "$RELEASE_ZIP" # stdout 206 | fi 207 | 208 | exit 0 --------------------------------------------------------------------------------