From 878ecba7179731a4b87711b16267ba26c32d8680 Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Tue, 24 Jun 2025 15:04:05 +0200 Subject: [PATCH] - Adjusted Observability module to work with external secret maanger module - disabled alerts and dashboards for now --- observability/{alerts.tf => alerts.tf.off} | 6 +- .../{dashboards.tf => dashboards.tf.off} | 0 observability/observability.tf | 56 +++++++++---------- observability/outputs.tf | 28 ++++++++-- observability/providers.tf | 2 +- observability/variables.tf | 32 +++-------- 6 files changed, 61 insertions(+), 63 deletions(-) rename observability/{alerts.tf => alerts.tf.off} (83%) rename observability/{dashboards.tf => dashboards.tf.off} (100%) diff --git a/observability/alerts.tf b/observability/alerts.tf.off similarity index 83% rename from observability/alerts.tf rename to observability/alerts.tf.off index d147825..f4a8564 100644 --- a/observability/alerts.tf +++ b/observability/alerts.tf.off @@ -1,9 +1,9 @@ locals { - basic_auth = base64encode("${stackit_observability_credential.observability_credentials.username}:${stackit_observability_credential.observability_credentials.password}") + basic_auth = base64encode("${stackit_observability_credential.this.username}:${stackit_observability_credential.this.password}") } resource "local_sensitive_file" "alert_configs" { - content = templatefile("../../monitoring/alerts/dev/alertconfigs.json", { + content = templatefile("../../../../monitoring/alerts/dev/alertconfigs.json", { msTeamWebhook = var.msTeamWebhook }) filename = ".temp/alertconfigs.json" @@ -26,7 +26,7 @@ resource "null_resource" "alert_configs" { } resource "local_file" "alert_groups" { - content = templatefile("../../monitoring/alerts/dev/alertgroups.json", { + content = templatefile("../../../../monitoring/alerts/dev/alertgroups.json", { }) filename = ".temp/alertgroups.json" diff --git a/observability/dashboards.tf b/observability/dashboards.tf.off similarity index 100% rename from observability/dashboards.tf rename to observability/dashboards.tf.off diff --git a/observability/observability.tf b/observability/observability.tf index ec67625..db0658d 100644 --- a/observability/observability.tf +++ b/observability/observability.tf @@ -1,36 +1,36 @@ // Observability Instance -resource "stackit_observability_instance" "observability" { +resource "stackit_observability_instance" "this" { project_id = var.stackit_project_id - name = var.instance_name - plan_name = var.service_plan + name = var.obs_instance_name + plan_name = var.obs_service_plan } // Observability Credentials -resource "stackit_observability_credential" "observability_credentials" { +resource "stackit_observability_credential" "this" { project_id = var.stackit_project_id - instance_id = stackit_observability_instance.observability.instance_id + instance_id = stackit_observability_instance.this.instance_id } -// Configure Secret Manager Provider -provider "vault" { - address = "https://prod.sm.eu01.stackit.cloud" - skip_child_token = true - auth_login_userpass { - username = var.secret_manager_username - password = var.secret_manager_password - } -} - -// Store Observability Credentials in Secret Manager -resource "vault_kv_secret_v2" "secret_manager_cred_save" { - mount = var.secret_manager_instance_id - name = "observability" - cas = 1 - delete_all_versions = true - data_json = jsonencode( - { - username = stackit_observability_credential.observability_credentials.username, - password = stackit_observability_credential.observability_credentials.password - } - ) -} \ No newline at end of file +#// Configure Secret Manager Provider +#provider "vault" { +# address = "https://prod.sm.eu01.stackit.cloud" +# skip_child_token = true +# auth_login_userpass { +# username = var.secret_manager_username +# password = var.secret_manager_password +# } +#} +# +#// Store Observability Credentials in Secret Manager +#resource "vault_kv_secret_v2" "secret_manager_cred_save" { +# mount = var.secret_manager_instance_id +# name = "observability" +# cas = 1 +# delete_all_versions = true +# data_json = jsonencode( +# { +# username = stackit_observability_credential.observability_credentials.username, +# password = stackit_observability_credential.observability_credentials.password +# } +# ) +#} \ No newline at end of file diff --git a/observability/outputs.tf b/observability/outputs.tf index 89a8c49..69df8f9 100644 --- a/observability/outputs.tf +++ b/observability/outputs.tf @@ -1,27 +1,43 @@ output "obervability-username" { - value = stackit_observability_credential.observability_credentials.username + value = stackit_observability_credential.this.username sensitive = true } output "obervability-password" { - value = stackit_observability_credential.observability_credentials.password + value = stackit_observability_credential.this.password sensitive = true } output "observability-instance-id" { - value = stackit_observability_instance.observability.instance_id + value = stackit_observability_instance.this.instance_id +} + +output "observability-logs-push-url" { + value = stackit_observability_instance.this.logs_push_url +} + +output "observability-metrics-push-url" { + value = stackit_observability_instance.this.metrics_push_url +} + +output "observability-otlp-traces-url" { + value = stackit_observability_instance.this.otlp_traces_url +} + +output "observability-dashboard-url" { + value = stackit_observability_instance.this.dashboard_url } output "grafana-password" { - value = stackit_observability_instance.observability.grafana_initial_admin_password + value = stackit_observability_instance.this.grafana_initial_admin_password sensitive = true } output "grafana-username" { - value = stackit_observability_instance.observability.grafana_initial_admin_user + value = stackit_observability_instance.this.grafana_initial_admin_user sensitive = true } output "grafana-url" { - value = stackit_observability_instance.observability.grafana_url + value = stackit_observability_instance.this.grafana_url } \ No newline at end of file diff --git a/observability/providers.tf b/observability/providers.tf index b99a271..b96dabd 100644 --- a/observability/providers.tf +++ b/observability/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.43.3" + version = "~> 0.50.0" } grafana = { source = "grafana/grafana" diff --git a/observability/variables.tf b/observability/variables.tf index 6e030db..3275232 100644 --- a/observability/variables.tf +++ b/observability/variables.tf @@ -3,39 +3,21 @@ variable "stackit_project_id" { type = string } -variable "instance_name" { +variable "obs_instance_name" { description = "name of the observability instance" type = string } -variable "service_plan" { +variable "obs_service_plan" { description = "serviceplan of the observability instance" type = string } -variable "secret_manager_instance_id" { - description = "instance id of the secret mangert to store credentials" - type = string -} - -variable "secret_manager_username" { - description = "username of the secret mangert to store credentials" - type = string - sensitive = true -} - -variable "secret_manager_password" { - description = "password of the secret mangert to store credentials" - type = string - sensitive = true -} - - -variable "msTeamWebhook" { - description = "webhook for msTeams alert channel" - type = string - sensitive = true -} +#variable "msTeamWebhook" { +# description = "webhook for msTeams alert channel" +# type = string +# sensitive = true +#} variable "observability_url" { description = "observability api url to push configs"