Init

2025-05-06 09:30:27 +02:00 · 2025-05-06 09:30:27 +02:00 · c3bc6ab806
commit c3bc6ab806
40 changed files with 1069 additions and 0 deletions
--- a/observability/alerts.tf
+++ b/observability/alerts.tf
@ -0,0 +1,49 @@
+locals {
+  basic_auth = base64encode("${stackit_observability_credential.observability_credentials.username}:${stackit_observability_credential.observability_credentials.password}")
+}
+
+resource "local_sensitive_file" "alert_configs" {
+  content = templatefile("../../monitoring/alerts/dev/alertconfigs.json", {
+    msTeamWebhook = var.msTeamWebhook
+  })
+  filename = ".temp/alertconfigs.json"
+}
+
+resource "null_resource" "alert_configs" {
+  triggers = {
+    config = local_sensitive_file.alert_configs.content_sha1
+    url    = var.observability_url
+  }
+  provisioner "local-exec" {
+    command = <<EOT
+    curl -X PUT "${var.observability_url}/${stackit_observability_instance.observability.instance_id}/alertconfigs" \
+    -d @${local_sensitive_file.alert_configs.filename} \
+    -H "Authorization: Basic ${local.basic_auth}" \
+    -H "Content-Type: application/json" \
+    --fail
+    EOT
+  }
+}
+
+resource "local_file" "alert_groups" {
+  content = templatefile("../../monitoring/alerts/dev/alertgroups.json", {
+
+  })
+  filename = ".temp/alertgroups.json"
+}
+
+resource "null_resource" "alert_groups" {
+  triggers = {
+    config = local_file.alert_groups.content_sha1
+    url    = var.observability_url
+  }
+  provisioner "local-exec" {
+    command = <<EOT
+    curl -X PUT "${var.observability_url}/${stackit_observability_instance.observability.instance_id}/alertgroups" \
+    -d @${local_file.alert_groups.filename} \
+    -H "Authorization: Basic ${local.basic_auth}" \
+    -H "Content-Type: application/json" \
+    --fail
+    EOT
+  }
+}
--- a/observability/dashboards.tf
+++ b/observability/dashboards.tf
@ -0,0 +1,17 @@
+// Grafan Dashboards
+resource "grafana_folder" "gitops-poc" {
+  title = "gitOps-PoC"
+  uid   = "gitops-poc-uid"
+}
+
+// ToDo: Create a Dashboard ForEach File
+
+resource "grafana_dashboard" "argocd" {
+  folder = grafana_folder.gitops-poc.uid
+  config_json = file("../../monitoring/dashboards/dev/argocd-dashbaord.json")
+}
+
+resource "grafana_dashboard" "k8s" {
+  folder = grafana_folder.gitops-poc.uid
+  config_json = file("../../monitoring/dashboards/dev/k8s-dashboard.json")
+}
--- a/observability/observability.tf
+++ b/observability/observability.tf
@ -0,0 +1,36 @@
+// Observability Instance
+resource "stackit_observability_instance" "observability" {
+  project_id                             = var.stackit_project_id
+  name                                   = var.instance_name
+  plan_name                              = var.service_plan
+}
+
+// Observability Credentials
+resource "stackit_observability_credential" "observability_credentials" {
+  project_id  = var.stackit_project_id
+  instance_id = stackit_observability_instance.observability.instance_id
+}
+
+// Configure Secret Manager Provider
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+  auth_login_userpass {
+    username = var.secret_manager_username 
+    password = var.secret_manager_password
+  }
+}
+
+// Store Observability Credentials in Secret Manager
+resource "vault_kv_secret_v2" "secret_manager_cred_save" {
+  mount               = var.secret_manager_instance_id 
+  name                = "observability"
+  cas                 = 1
+  delete_all_versions = true
+  data_json = jsonencode(
+    {
+     username = stackit_observability_credential.observability_credentials.username,
+     password = stackit_observability_credential.observability_credentials.password
+    }
+  )
+}
--- a/observability/outputs.tf
+++ b/observability/outputs.tf
@ -0,0 +1,27 @@
+output "obervability-username" {
+  value     = stackit_observability_credential.observability_credentials.username
+  sensitive = true
+}
+
+output "obervability-password" {
+  value     = stackit_observability_credential.observability_credentials.password
+  sensitive = true
+}
+
+output "observability-instance-id" {
+  value     = stackit_observability_instance.observability.instance_id
+}
+
+output "grafana-password" {
+  value     = stackit_observability_instance.observability.grafana_initial_admin_password
+  sensitive = true
+}
+
+output "grafana-username" {
+  value     = stackit_observability_instance.observability.grafana_initial_admin_user
+  sensitive = true
+}
+
+output "grafana-url" {
+  value     = stackit_observability_instance.observability.grafana_url
+}
--- a/observability/providers.tf
+++ b/observability/providers.tf
@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.43.3"
+    }
+    grafana = {
+      source = "grafana/grafana"
+      version = "3.22.0"
+    }
+  }
+}
--- a/observability/variables.tf
+++ b/observability/variables.tf
@ -0,0 +1,43 @@
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "instance_name" {
+  description = "name of the observability instance"
+  type        = string
+}
+
+variable "service_plan" {
+  description = "serviceplan of the observability instance"
+  type        = string
+}
+
+variable "secret_manager_instance_id" {
+  description = "instance id of the secret mangert to store credentials"
+  type        = string
+}
+
+variable "secret_manager_username" {
+  description = "username of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secret_manager_password" {
+  description = "password of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+
+variable "msTeamWebhook" {
+  description = "webhook for msTeams alert channel"
+  type        = string
+  sensitive   = true
+}
+
+variable "observability_url" {
+  description = "observability api url to push configs"
+  type        = string
+}