diff --git a/src/aks-platform/.terraform.lock.hcl b/src/aks-platform/.terraform.lock.hcl
index 877431e4..22e7e88a 100644
--- a/src/aks-platform/.terraform.lock.hcl
+++ b/src/aks-platform/.terraform.lock.hcl
@@ -5,10 +5,6 @@ provider "registry.terraform.io/hashicorp/azuread" {
version = "2.40.0"
constraints = "> 2.10.0"
hashes = [
- "h1:dCp1/MhTXZBOhTMT40casPdBVM4J1V6sRtRPJwv8r7E=",
- "h1:fH+wk3nY1D09xgcUHE66ox7JF5OEbwQbQbaxomt5GVQ=",
- "h1:jtdDK7uhdbYc39Fm3nzrNCoQ/zp0boDNczn2cv9WHHQ=",
- "h1:ym1nSH/bHzANaUBETxViclMpHL/28PzMXGYEg+HItNs=",
"h1:dCp1/MhTXZBOhTMT40casPdBVM4J1V6sRtRPJwv8r7E=",
"h1:fH+wk3nY1D09xgcUHE66ox7JF5OEbwQbQbaxomt5GVQ=",
"h1:jtdDK7uhdbYc39Fm3nzrNCoQ/zp0boDNczn2cv9WHHQ=",
@@ -25,17 +21,6 @@ provider "registry.terraform.io/hashicorp/azuread" {
"zh:c73b64a52d6c8ec816c073d8113cb9eb9ba99bb78af5d67423a70a127ac92e48",
"zh:e8687d575e9bb6a94bc593dd1a9b8e0529c391e398d877dff1a8f330f2862551",
"zh:ff6e70ad6146c5e3ff1aa90471d48eba67892ced5a5bde0946d1bd16b262c78c",
- "zh:2bfa5dfa9b7d1fd58c3cc92251b3d140e17bca8da4cd44f6b02da51709ceeb34",
- "zh:5327aa0643dbb3e4387f1a41b25211ac562be908b95631ca81917cc90530ed9a",
- "zh:6365ee93a131c3f1122155890121778198ba26cf01286aa568d7343ce746f1e8",
- "zh:75c01bbb0a337f0a32ae11fb9b74440b12230027d184244d417c852ee0fe56cd",
- "zh:894907e8b3d31efea4597ddea7217660259950eefba1b1a47dbde1b024577e08",
- "zh:a29f2d8b112803ce30ca75f390a9c05b87846d17b8ac32730fa44ed00d8fbeca",
- "zh:a35f40210d810e65e20c8a16d1cba10867225e1f45826c29eb03860aa7d5fabd",
- "zh:b8dfb7a03547cae504fb060ca794b5b7ac139e03a098e8a9612488aa4023edc1",
- "zh:c73b64a52d6c8ec816c073d8113cb9eb9ba99bb78af5d67423a70a127ac92e48",
- "zh:e8687d575e9bb6a94bc593dd1a9b8e0529c391e398d877dff1a8f330f2862551",
- "zh:ff6e70ad6146c5e3ff1aa90471d48eba67892ced5a5bde0946d1bd16b262c78c",
]
}
diff --git a/src/aks-platform/02_aks.tf b/src/aks-platform/02_aks.tf
index b804a254..b3a652b5 100644
--- a/src/aks-platform/02_aks.tf
+++ b/src/aks-platform/02_aks.tf
@@ -5,7 +5,7 @@ resource "azurerm_resource_group" "rg_aks" {
}
module "aks" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v6.20.1"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v7.2.0"
count = var.aks_enabled ? 1 : 0
@@ -110,6 +110,8 @@ resource "azurerm_role_assignment" "aks_to_acr" {
scope = data.azurerm_container_registry.acr.id
role_definition_name = "AcrPull"
principal_id = module.aks[0].kubelet_identity_id
+
+ depends_on = [module.aks]
}
#
diff --git a/src/aks-platform/03_monitoring.tf b/src/aks-platform/03_monitoring.tf
index 1e24ef92..1f4881cb 100644
--- a/src/aks-platform/03_monitoring.tf
+++ b/src/aks-platform/03_monitoring.tf
@@ -2,6 +2,7 @@ resource "kubernetes_namespace" "monitoring" {
metadata {
name = "monitoring"
}
+ depends_on = [module.aks]
}
resource "helm_release" "prometheus" {
@@ -72,42 +73,3 @@ resource "helm_release" "prometheus" {
value = var.prometheus_helm.pushgateway.image_tag
}
}
-
-# resource "helm_release" "grafana" {
-# name = "grafana"
-# repository = "https://grafana.github.io/helm-charts"
-# chart = "grafana"
-# version = var.grafana_helm_version
-# namespace = kubernetes_namespace.monitoring.metadata[0].name
-
-# set {
-# name = "adminUser"
-# value = data.azurerm_key_vault_secret.grafana_admin_username.value
-# }
-
-# set {
-# name = "adminPassword"
-# value = data.azurerm_key_vault_secret.grafana_admin_password.value
-# }
-# }
-
-resource "helm_release" "monitoring_reloader" {
- name = "reloader"
- repository = "https://stakater.github.io/stakater-charts"
- chart = "reloader"
- version = var.reloader_helm.chart_version
- namespace = kubernetes_namespace.monitoring.metadata[0].name
-
- set {
- name = "reloader.watchGlobally"
- value = "false"
- }
- set {
- name = "reloader.deployment.image.name"
- value = var.reloader_helm.image_name
- }
- set {
- name = "reloader.deployment.image.tag"
- value = var.reloader_helm.image_tag
- }
-}
diff --git a/src/aks-platform/README.md b/src/aks-platform/README.md
index 12cbb544..075c6530 100644
--- a/src/aks-platform/README.md
+++ b/src/aks-platform/README.md
@@ -36,7 +36,7 @@ Re-enable all the resource, commented before to complete the procedure
| Name | Source | Version |
|------|--------|---------|
-| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v6.20.1 |
+| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v7.2.0 |
| [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v6.20.1 |
| [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
| [snet\_aks](#module\_snet\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.20.1 |
@@ -50,7 +50,6 @@ Re-enable all the resource, commented before to complete the procedure
| [azurerm_role_assignment.keda_monitoring_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.managed_identity_operator_vs_aks_managed_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.monitoring_reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_cluster_role.cluster_deployer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
| [kubernetes_cluster_role.edit_extra](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
diff --git a/src/aks-platform/env/dev01/terraform.tfvars b/src/aks-platform/env/dev01/terraform.tfvars
index fce70726..beb7ab30 100644
--- a/src/aks-platform/env/dev01/terraform.tfvars
+++ b/src/aks-platform/env/dev01/terraform.tfvars
@@ -65,7 +65,7 @@ aks_user_node_pool = {
os_disk_type = "Managed",
os_disk_size_gb = 75,
node_count_min = 1,
- node_count_max = 5,
+ node_count_max = 3,
node_labels = { node_name : "aks-dev01-user", node_type : "user" },
node_taints = [],
node_tags = { node_tag_2 : "2" },
@@ -93,6 +93,7 @@ aks_user_node_pool = {
# node_taints = [],
# node_tags = { node_tag_2 : "2" },
# }
+
aks_addons = {
azure_policy = true,
azure_key_vault_secrets_provider = true,
diff --git a/src/elk-monitoring/01_kv.tf b/src/elk-monitoring/01_kv.tf
index b91a9efc..e4d92001 100644
--- a/src/elk-monitoring/01_kv.tf
+++ b/src/elk-monitoring/01_kv.tf
@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" {
}
module "key_vault" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v6.20.2"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v7.2.0"
name = "${local.product}-${var.domain}-kv"
location = azurerm_resource_group.sec_rg.location
diff --git a/src/elk-monitoring/02_aks.tf b/src/elk-monitoring/02_aks.tf
index 2ae4f6a0..eba2d342 100644
--- a/src/elk-monitoring/02_aks.tf
+++ b/src/elk-monitoring/02_aks.tf
@@ -46,7 +46,5 @@ resource "azurerm_kubernetes_cluster_node_pool" "elastic" {
vnet_subnet_id = data.azurerm_subnet.aks_snet.id
enable_node_public_ip = false
-
tags = merge(var.tags, var.elastic_node_pool.node_tags)
-
}
diff --git a/src/elk-monitoring/02_namespace.tf b/src/elk-monitoring/02_namespace.tf
index d0a0bdc2..ed8ef419 100644
--- a/src/elk-monitoring/02_namespace.tf
+++ b/src/elk-monitoring/02_namespace.tf
@@ -1,24 +1,26 @@
-data "kubernetes_namespace" "namespace" {
+resource "kubernetes_namespace" "elastic_system" {
metadata {
name = local.elk_namespace
}
+ depends_on = [data.azurerm_kubernetes_cluster.aks]
}
module "pod_identity" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v6.20.2"
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v7.2.0"
resource_group_name = local.aks_resource_group_name
location = var.location
tenant_id = data.azurerm_subscription.current.tenant_id
cluster_name = local.aks_name
- identity_name = "${data.kubernetes_namespace.namespace.metadata[0].name}-pod-identity" // TODO add env in name
- namespace = data.kubernetes_namespace.namespace.metadata[0].name
+ identity_name = "${kubernetes_namespace.elastic_system.metadata[0].name}-pod-identity" // TODO add env in name
+ namespace = kubernetes_namespace.elastic_system.metadata[0].name
key_vault_id = module.key_vault.id
secret_permissions = ["Get"]
certificate_permissions = ["Get"]
+ depends_on = [kubernetes_namespace.elastic_system]
}
resource "helm_release" "reloader" {
@@ -26,10 +28,22 @@ resource "helm_release" "reloader" {
repository = "https://stakater.github.io/stakater-charts"
chart = "reloader"
version = "v1.0.30"
- namespace = data.kubernetes_namespace.namespace.metadata[0].name
+ namespace = kubernetes_namespace.elastic_system.metadata[0].name
set {
name = "reloader.watchGlobally"
value = "false"
}
+
+ depends_on = [kubernetes_namespace.elastic_system]
+
+}
+
+resource "helm_release" "kube_state_metrics" {
+ name = "kube-state-metrics"
+ repository = "https://prometheus-community.github.io/helm-charts"
+ chart = "kube-state-metrics"
+ version = "5.10.1"
+ namespace = kubernetes_namespace.elastic_system.metadata[0].name
+
}
diff --git a/src/elk-monitoring/04_aks_middleware_tools.tf b/src/elk-monitoring/04_aks_middleware_tools.tf
index 53e07fdc..a5ace3f0 100644
--- a/src/elk-monitoring/04_aks_middleware_tools.tf
+++ b/src/elk-monitoring/04_aks_middleware_tools.tf
@@ -6,7 +6,7 @@
# alert_enabled = true
# helm_chart_present = true
# helm_chart_version = var.tls_cert_check_helm.chart_version
-# namespace = data.kubernetes_namespace.namespace.metadata[0].name
+# namespace = kubernetes_namespace.elastic_system.metadata[0].name
# helm_chart_image_name = var.tls_cert_check_helm.image_name
# helm_chart_image_tag = var.tls_cert_check_helm.image_tag
# location_string = var.location_string
@@ -32,4 +32,10 @@ module "cert_mounter" {
certificate_name = replace(local.kibana_hostname, ".", "-")
kv_name = module.key_vault.name
tenant_id = data.azurerm_subscription.current.tenant_id
+
+ depends_on = [
+ kubernetes_namespace.elastic_system,
+ module.pod_identity
+ ]
+
}
diff --git a/src/elk-monitoring/05_elastic_stack.tf b/src/elk-monitoring/05_elastic_stack.tf
index 37c22d8c..d1e8de75 100644
--- a/src/elk-monitoring/05_elastic_stack.tf
+++ b/src/elk-monitoring/05_elastic_stack.tf
@@ -71,7 +71,8 @@ module "elastic_stack" {
azurerm_kubernetes_cluster_node_pool.elastic,
module.nginx_ingress,
module.pod_identity,
- kubernetes_secret.snapshot_secret
+ kubernetes_secret.snapshot_secret,
+ kubernetes_namespace.elastic_system,
]
}
diff --git a/src/elk-monitoring/README.md b/src/elk-monitoring/README.md
index 87825736..38b888bf 100644
--- a/src/elk-monitoring/README.md
+++ b/src/elk-monitoring/README.md
@@ -19,10 +19,10 @@
|------|--------|---------|
| [cert\_mounter](#module\_cert\_mounter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter | v6.20.1 |
| [elastic\_stack](#module\_elastic\_stack) | git::https://github.com/pagopa/terraform-azurerm-v3.git//elastic_stack | v7.2.0 |
-| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v6.20.2 |
+| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v7.2.0 |
| [letsencrypt\_dev\_elk](#module\_letsencrypt\_dev\_elk) | git::https://github.com/pagopa/azurerm.git//letsencrypt_credential | v3.8.1 |
| [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.8.0 |
-| [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v6.20.2 |
+| [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v7.2.0 |
## Resources
@@ -39,9 +39,11 @@
| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_storage_account.elk_snapshot_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_container.snapshot_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [helm_release.kube_state_metrics](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
| [helm_release.opentelemetry_operator_helm](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/2.7.1/docs/resources/release) | resource |
| [kubectl_manifest.otel_collector](https://registry.terraform.io/providers/gavinbunney/kubectl/1.14.0/docs/resources/manifest) | resource |
+| [kubernetes_namespace.elastic_system](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource |
| [kubernetes_namespace.ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource |
| [kubernetes_secret.snapshot_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/secret) | resource |
| [kubernetes_storage_class.kubernetes_storage_class_cold](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/storage_class) | resource |
@@ -69,7 +71,6 @@
| [azurerm_subnet.aks_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
-| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/namespace) | data source |
| [kubernetes_secret.get_apm_token](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source |
| [kubernetes_secret.get_elastic_credential](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source |
diff --git a/src/elk-monitoring/env/dev01/terraform.tfvars b/src/elk-monitoring/env/dev01/terraform.tfvars
index c3c5eac0..5d11b48c 100644
--- a/src/elk-monitoring/env/dev01/terraform.tfvars
+++ b/src/elk-monitoring/env/dev01/terraform.tfvars
@@ -50,19 +50,19 @@ elastic_node_pool = {
}
elastic_hot_storage = {
- storage_type = "StandardSSD_LRS"
+ storage_type = "StandardSSD_ZRS"
allow_volume_expansion = true
- initialStorageSize = "20Gi"
+ initialStorageSize = "16Gi"
}
elastic_warm_storage = {
- storage_type = "StandardSSD_LRS"
+ storage_type = "StandardSSD_ZRS"
allow_volume_expansion = true
- initialStorageSize = "20Gi"
+ initialStorageSize = "16Gi"
}
elastic_cold_storage = {
storage_type = "Standard_LRS"
allow_volume_expansion = true
- initialStorageSize = "20Gi"
+ initialStorageSize = "16Gi"
}
enable_iac_pipeline = true