feat: Elk-test-migration to 1.27 (#80)

src/aks-platform/02_aks.tf

@@ -5,7 +5,7 @@ resource "azurerm_resource_group" "rg_aks" {
 }
 
 module "aks" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v6.20.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v7.2.0"
 
   count = var.aks_enabled ? 1 : 0
 
@@ -110,6 +110,8 @@ resource "azurerm_role_assignment" "aks_to_acr" {
   scope                = data.azurerm_container_registry.acr.id
   role_definition_name = "AcrPull"
   principal_id         = module.aks[0].kubelet_identity_id
+
+  depends_on = [module.aks]
 }
 
 #

src/aks-platform/03_monitoring.tf

@@ -2,6 +2,7 @@ resource "kubernetes_namespace" "monitoring" {
   metadata {
     name = "monitoring"
   }
+  depends_on = [module.aks]
 }
 
 resource "helm_release" "prometheus" {
@@ -72,42 +73,3 @@ resource "helm_release" "prometheus" {
     value = var.prometheus_helm.pushgateway.image_tag
   }
 }
-
-# resource "helm_release" "grafana" {
-#   name       = "grafana"
-#   repository = "https://grafana.github.io/helm-charts"
-#   chart      = "grafana"
-#   version    = var.grafana_helm_version
-#   namespace  = kubernetes_namespace.monitoring.metadata[0].name
-
-#   set {
-#     name  = "adminUser"
-#     value = data.azurerm_key_vault_secret.grafana_admin_username.value
-#   }
-
-#   set {
-#     name  = "adminPassword"
-#     value = data.azurerm_key_vault_secret.grafana_admin_password.value
-#   }
-# }
-
-resource "helm_release" "monitoring_reloader" {
-  name       = "reloader"
-  repository = "https://stakater.github.io/stakater-charts"
-  chart      = "reloader"
-  version    = var.reloader_helm.chart_version
-  namespace  = kubernetes_namespace.monitoring.metadata[0].name
-
-  set {
-    name  = "reloader.watchGlobally"
-    value = "false"
-  }
-  set {
-    name  = "reloader.deployment.image.name"
-    value = var.reloader_helm.image_name
-  }
-  set {
-    name  = "reloader.deployment.image.tag"
-    value = var.reloader_helm.image_tag
-  }
-}

src/aks-platform/README.md

@@ -36,7 +36,7 @@ Re-enable all the resource, commented before to complete the procedure
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v6.20.1 |
+| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v7.2.0 |
 | <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v6.20.1 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
 | <a name="module_snet_aks"></a> [snet\_aks](#module\_snet\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.20.1 |
@@ -50,7 +50,6 @@ Re-enable all the resource, commented before to complete the procedure
 | [azurerm_role_assignment.keda_monitoring_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.managed_identity_operator_vs_aks_managed_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.monitoring_reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_cluster_role.cluster_deployer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
 | [kubernetes_cluster_role.edit_extra](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |

src/aks-platform/env/dev01/terraform.tfvars

@@ -65,7 +65,7 @@ aks_user_node_pool = {
   os_disk_type    = "Managed",
   os_disk_size_gb = 75,
   node_count_min  = 1,
-  node_count_max  = 5,
+  node_count_max  = 3,
   node_labels     = { node_name : "aks-dev01-user", node_type : "user" },
   node_taints     = [],
   node_tags       = { node_tag_2 : "2" },
@@ -93,6 +93,7 @@ aks_user_node_pool = {
 #   node_taints     = [],
 #   node_tags       = { node_tag_2 : "2" },
 # }
+
 aks_addons = {
   azure_policy                     = true,
   azure_key_vault_secrets_provider = true,

src/elk-monitoring/01_kv.tf

@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" {
 }
 
 module "key_vault" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v6.20.2"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v7.2.0"
 
   name                       = "${local.product}-${var.domain}-kv"
   location                   = azurerm_resource_group.sec_rg.location

src/elk-monitoring/02_aks.tf

@@ -46,7 +46,5 @@ resource "azurerm_kubernetes_cluster_node_pool" "elastic" {
   vnet_subnet_id        = data.azurerm_subnet.aks_snet.id
   enable_node_public_ip = false
 
-
   tags = merge(var.tags, var.elastic_node_pool.node_tags)
-
 }

src/elk-monitoring/02_namespace.tf

@@ -1,35 +1,49 @@
-data "kubernetes_namespace" "namespace" {
+resource "kubernetes_namespace" "elastic_system" {
   metadata {
     name = local.elk_namespace
   }
+  depends_on = [data.azurerm_kubernetes_cluster.aks]
 }
 
 module "pod_identity" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v6.20.2"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v7.2.0"
 
   resource_group_name = local.aks_resource_group_name
   location            = var.location
   tenant_id           = data.azurerm_subscription.current.tenant_id
   cluster_name        = local.aks_name
 
-  identity_name = "${data.kubernetes_namespace.namespace.metadata[0].name}-pod-identity" // TODO add env in name
-  namespace     = data.kubernetes_namespace.namespace.metadata[0].name
+  identity_name = "${kubernetes_namespace.elastic_system.metadata[0].name}-pod-identity" // TODO add env in name
+  namespace     = kubernetes_namespace.elastic_system.metadata[0].name
   key_vault_id  = module.key_vault.id
 
   secret_permissions      = ["Get"]
   certificate_permissions = ["Get"]
 
+  depends_on = [kubernetes_namespace.elastic_system]
 }
 
 resource "helm_release" "reloader" {
   name       = "reloader"
   repository = "https://stakater.github.io/stakater-charts"
   chart      = "reloader"
   version    = "v1.0.30"
-  namespace  = data.kubernetes_namespace.namespace.metadata[0].name
+  namespace  = kubernetes_namespace.elastic_system.metadata[0].name
 
   set {
     name  = "reloader.watchGlobally"
     value = "false"
   }
+
+  depends_on = [kubernetes_namespace.elastic_system]
+
+}
+
+resource "helm_release" "kube_state_metrics" {
+  name       = "kube-state-metrics"
+  repository = "https://prometheus-community.github.io/helm-charts"
+  chart      = "kube-state-metrics"
+  version    = "5.10.1"
+  namespace  = kubernetes_namespace.elastic_system.metadata[0].name
+
 }

src/elk-monitoring/04_aks_middleware_tools.tf

@@ -6,7 +6,7 @@
 #   alert_enabled                              = true
 #   helm_chart_present                         = true
 #   helm_chart_version                         = var.tls_cert_check_helm.chart_version
-#   namespace                                  = data.kubernetes_namespace.namespace.metadata[0].name
+#   namespace                                  = kubernetes_namespace.elastic_system.metadata[0].name
 #   helm_chart_image_name                      = var.tls_cert_check_helm.image_name
 #   helm_chart_image_tag                       = var.tls_cert_check_helm.image_tag
 #   location_string                            = var.location_string
@@ -32,4 +32,10 @@ module "cert_mounter" {
   certificate_name = replace(local.kibana_hostname, ".", "-")
   kv_name          = module.key_vault.name
   tenant_id        = data.azurerm_subscription.current.tenant_id
+
+  depends_on = [
+    kubernetes_namespace.elastic_system,
+    module.pod_identity
+  ]
+
 }

src/elk-monitoring/05_elastic_stack.tf

@@ -71,7 +71,8 @@ module "elastic_stack" {
     azurerm_kubernetes_cluster_node_pool.elastic,
     module.nginx_ingress,
     module.pod_identity,
-    kubernetes_secret.snapshot_secret
+    kubernetes_secret.snapshot_secret,
+    kubernetes_namespace.elastic_system,
   ]
 }
 

src/elk-monitoring/README.md

@@ -19,10 +19,10 @@
 |------|--------|---------|
 | <a name="module_cert_mounter"></a> [cert\_mounter](#module\_cert\_mounter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v6.20.1 |
 | <a name="module_elastic_stack"></a> [elastic\_stack](#module\_elastic\_stack) | git::https://github.com/pagopa/terraform-azurerm-v3.git//elastic_stack | v7.2.0 |
-| <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v6.20.2 |
+| <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v7.2.0 |
 | <a name="module_letsencrypt_dev_elk"></a> [letsencrypt\_dev\_elk](#module\_letsencrypt\_dev\_elk) | git::https://github.com/pagopa/azurerm.git//letsencrypt_credential | v3.8.1 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.8.0 |
-| <a name="module_pod_identity"></a> [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v6.20.2 |
+| <a name="module_pod_identity"></a> [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v7.2.0 |
 
 ## Resources
 
@@ -39,9 +39,11 @@
 | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_storage_account.elk_snapshot_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
 | [azurerm_storage_container.snapshot_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [helm_release.kube_state_metrics](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
 | [helm_release.opentelemetry_operator_helm](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
 | [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
 | [kubectl_manifest.otel_collector](https://registry.terraform.io/providers/gavinbunney/kubectl/1.14.0/docs/resources/manifest) | resource |
+| [kubernetes_namespace.elastic_system](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource |
 | [kubernetes_namespace.ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource |
 | [kubernetes_secret.snapshot_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/secret) | resource |
 | [kubernetes_storage_class.kubernetes_storage_class_cold](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/storage_class) | resource |
@@ -69,7 +71,6 @@
 | [azurerm_subnet.aks_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 | [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
-| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/namespace) | data source |
 | [kubernetes_secret.get_apm_token](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source |
 | [kubernetes_secret.get_elastic_credential](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source |
 

src/elk-monitoring/env/dev01/terraform.tfvars

@@ -50,19 +50,19 @@ elastic_node_pool = {
 }
 
 elastic_hot_storage = {
-  storage_type           = "StandardSSD_LRS"
+  storage_type           = "StandardSSD_ZRS"
   allow_volume_expansion = true
-  initialStorageSize     = "20Gi"
+  initialStorageSize     = "16Gi"
 }
 elastic_warm_storage = {
-  storage_type           = "StandardSSD_LRS"
+  storage_type           = "StandardSSD_ZRS"
   allow_volume_expansion = true
-  initialStorageSize     = "20Gi"
+  initialStorageSize     = "16Gi"
 }
 elastic_cold_storage = {
   storage_type           = "Standard_LRS"
   allow_volume_expansion = true
-  initialStorageSize     = "20Gi"
+  initialStorageSize     = "16Gi"
 }
 
 enable_iac_pipeline = true