From 123a9e79ade9dcc08b3f63354eff8fe036e86f23 Mon Sep 17 00:00:00 2001 From: ermisw Date: Wed, 22 Nov 2023 09:18:34 +0100 Subject: [PATCH] first commit --- .gitignore | 33 ++++ .terraform.lock.hcl | 83 +++++++++ INPUT.TXT | 1 + dynatrace-service.tf | 91 ++++++++++ dynatrace-service/.helmignore | 23 +++ dynatrace-service/Chart.yaml | 6 + dynatrace-service/README.md | 46 +++++ dynatrace-service/templates/_helpers.tpl | 52 ++++++ dynatrace-service/templates/deployment.yaml | 160 ++++++++++++++++++ dynatrace-service/templates/service.yaml | 15 ++ .../templates/serviceaccount.yaml | 10 ++ dynatrace-service/values.schema.json | 82 +++++++++ dynatrace-service/values.yaml | 68 ++++++++ jenkinsfile | 48 ++++++ job-executer-service.tf | 51 ++++++ keptn.tf | 114 +++++++++++++ ouput.tf | 11 ++ readme | 1 + terraform.tf | 80 +++++++++ trace.log | 14 ++ variables.tf | 41 +++++ 21 files changed, 1030 insertions(+) create mode 100644 .gitignore create mode 100644 .terraform.lock.hcl create mode 100644 INPUT.TXT create mode 100644 dynatrace-service.tf create mode 100644 dynatrace-service/.helmignore create mode 100644 dynatrace-service/Chart.yaml create mode 100644 dynatrace-service/README.md create mode 100644 dynatrace-service/templates/_helpers.tpl create mode 100644 dynatrace-service/templates/deployment.yaml create mode 100644 dynatrace-service/templates/service.yaml create mode 100644 dynatrace-service/templates/serviceaccount.yaml create mode 100644 dynatrace-service/values.schema.json create mode 100644 dynatrace-service/values.yaml create mode 100644 jenkinsfile create mode 100644 job-executer-service.tf create mode 100644 keptn.tf create mode 100644 ouput.tf create mode 100644 readme create mode 100644 terraform.tf create mode 100644 trace.log create mode 100644 variables.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fb93cb8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* +*.tfplan + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +.env + +venv + +.helm \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..5a6ba8f --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,83 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.7.0" + constraints = "~> 5.7.0" + hashes = [ + "h1:SReCEKB29vK0duwz7Pk2bSCa2M2BqvtlFwS9Bqs3ADw=", + "zh:03240d7fc041d5331db7fd5f2ca4fe031321d07d2a6ca27085c5020dae13f211", + "zh:0b5252b14c354636fe0348823195dd901b457de1a033015f4a7d11cfe998c766", + "zh:2bfb62325b0487be8d1850a964f09cca0d45148faec577459c2a24334ec9977b", + "zh:2f9e317ffc57d2b5117cfe8dc266f88aa139b760bc93d8adeed7ad533a78b5a3", + "zh:36512725c9d7c559927b98fead04be58494a3a997e5270b905a75a468e307427", + "zh:5483e696d3ea764f746d3fe439f7dcc49001c3c774122d7baa51ce01011f0075", + "zh:5967635cc14f969ea26622863a2e3f9d6a7ddd3e7d35a29a7275c5e10579ac8c", + "zh:7e63c94a64af5b7aeb36ea6e3719962f65a7c28074532c02549a67212d410bb8", + "zh:8a7d5f33b11a3f5c7281413b431fa85de149ed8493ec1eea73d50d2d80a475e6", + "zh:8e2ed2d986aaf590975a79a2f6b5e60e0dc7d804ab01a8c03ab181e41cfe9b0f", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9c7b8ca1b17489f16a6d0f1fc2aa9c130978ea74c9c861d8435410567a0a888f", + "zh:a54385896a70524063f0c5420be26ff6f88909bd8e6902dd3e922577b21fd546", + "zh:aecd3a8fb70b938b58d93459bfb311540fd6aaf981924bf34abd48f953b4be0d", + "zh:f3de076fa3402768d27af0187c6a677777b47691d1f0f84c9b259ff66e65953e", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.3.1" + hashes = [ + "h1:0/VG+zmBcGhAof8g5k9R7HYyotYs6KPqnQKnz6XBiAg=", + "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54", + "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee", + "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd", + "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2", + "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df", + "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e", + "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326", + "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05", + "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8", + "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.11.0" + constraints = "2.11.0" + hashes = [ + "h1:l+2Ni3UyoFRxyvxRblPQQYck1/iFmZKFy/UcI3ZRtjg=", + "zh:013857c88f3e19a4b162344e21dc51891c4ac8b600da8391f7fb2b6d234961e1", + "zh:044fffa233a93cdcf8384afbe9e1ab6c9d0b5b176cbae56ff465eb9611302975", + "zh:208b7cdd4fa3a1b25ae817dc00a9198ef98be0ddc3a577b5b72bc0f006afb997", + "zh:3e8b33f56cfe387277572a92037a1ca1cbe4e3aa6b5c19a8c2431193b07f7865", + "zh:7dd663d5619bd71676899b05b19d36f585189fdabc6b0b03c23579524a8fd9bf", + "zh:ae5329cb3e5bf0b86b02e823aac3ef3bd0d4b1618ff013cd0076dca0be8322e4", + "zh:ba6201695b55d51bedacdb017cb8d03d7a8ada51d0168ac44fef3fa791a85ab4", + "zh:c61285c8b1ba10f50cf94c9dcf98f2f3b720f14906a18be71b9b422279b5d806", + "zh:d522d388246f38b9f329c511ec579b516d212670b954f9dab64efb27e51862af", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f92546e26b670da61437ae2cbd038427c9374ce5f7a78df52193397da90bd997", + "zh:f9ad1407e5c0d5e3474094491025bf100828e8c1a01acdf9591d7dd1eb59f961", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.23.0" + hashes = [ + "h1:S0dS3oy5c6ma2JUzpbtO45wb5iSCJdFFiUDf/t99tws=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/INPUT.TXT b/INPUT.TXT new file mode 100644 index 0000000..e69bbc6 --- /dev/null +++ b/INPUT.TXT @@ -0,0 +1 @@ +{"namespace":"keptn","name":"bridge-credentials","key":"BASIC_AUTH_USERNAME","context":"arn:aws:eks:us-west-2:277980527364:cluster/xOps"} \ No newline at end of file diff --git a/dynatrace-service.tf b/dynatrace-service.tf new file mode 100644 index 0000000..7b18052 --- /dev/null +++ b/dynatrace-service.tf @@ -0,0 +1,91 @@ +resource "helm_release" "dynatrace-service" { + name = "dynatrace-service" + chart = "./dynatrace-service" + namespace = var.KEPTN_NAMESPACE + timeout = 500 + + set { + name = "tolerations[0].key" + value = "dedicated" + } + + set { + name = "tolerations[0].value" + value = "group2" + } + + set { + name = "tolerations[0].operator" + value = "Equal" + } + + set { + name = "tolerations[0].effect" + value = "NoSchedule" + } + + set { + name = "nodeSelector.role" + value = "group2" + } + + set { + name = "dynatraceService.config.keptnApiUrl" + value = "https://keptn.nttdata-xlabs.com/api" + } + + set { + name = "dynatraceService.config.keptnBridgeUrl" + value = "https://keptn.nttdata-xlabs.com/bridge" + } + + set { + name = "dynatraceService.config.logLevel" + value = "debug" + } + + depends_on = [ + helm_release.keptn + ] +} + + + +# resource "null_resource" "kubectl" { +# provisioner "local-exec" { +# command = "kubectl -n keptn get secret bridge-credentials -o jsonpath={.data.BASIC_AUTH_USERNAME}" +# # interpreter = ["/bin/bash", "-c"]environment = { +# # KUBECONFIG = base64encode(var.kubeconfig) +# } +# } + +# resource "kubernetes_secret" "bridge" { +# metadata { +# name = "bridge-credentials" +# namespace = "keptn" +# } +# } + +# output "bridge" { +# value = kubernetes_secret.bridge.data.BASIC_AUTH_USERNAME +# } + +resource "kubernetes_secret" "dynatrace-service" { + metadata { + name = "dynatrace-service" + namespace=var.KEPTN_NAMESPACE + labels = { + "app.kubernetes.io/scope"="dynatrace-service" + } + #scope="dynatrace-service" + } + + data = { + DT_API_TOKEN = var.DT_API_TOKEN + DT_TENANT = var.DT_TENANT + } + + depends_on = [ + helm_release.keptn + ] +} \ No newline at end of file diff --git a/dynatrace-service/.helmignore b/dynatrace-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/dynatrace-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/dynatrace-service/Chart.yaml b/dynatrace-service/Chart.yaml new file mode 100644 index 0000000..852dc80 --- /dev/null +++ b/dynatrace-service/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.27.1 +description: Helm Chart for the keptn-contrib dynatrace-service +name: dynatrace-service +type: application +version: 0.27.1 diff --git a/dynatrace-service/README.md b/dynatrace-service/README.md new file mode 100644 index 0000000..36a42a7 --- /dev/null +++ b/dynatrace-service/README.md @@ -0,0 +1,46 @@ + +Dynatrace-service +=========== + +Helm Chart for the *keptn-contrib* *dynatrace-service* + + +## Configuration + +The following table lists the configurable parameters of the *dynatrace-service* chart and their default values. + +| Parameter | Description | Default | +| ------------------------ | ----------------------- | -------------- | +| `dynatraceService.image.repository` | Container image name | `"docker.io/keptncontrib/dynatrace-service"` | +| `dynatraceService.image.pullPolicy` | Kubernetes image pull policy | `"IfNotPresent"` | +| `dynatraceService.image.tag` | Container tag | `""` | +| `dynatraceService.service.enabled` | Creates a kubernetes service for the *dynatrace-service* | `true` | +| `dynatraceService.config.generateTaggingRules` | Generate Tagging Rules in Dynatrace Tenant | `false` | +| `dynatraceService.config.generateProblemNotifications` | Generate Problem Notifications in Dynatrace Tenant | `false` | +| `dynatraceService.config.generateManagementZones` | Generate Management Zones in Dynatrace Tenant | `false` | +| `dynatraceService.config.generateDashboards` | Generate Dashboards in Dynatrace Tenant | `false` | +| `dynatraceService.config.generateMetricEvents` | Generate Metric Events in Dynatrace Tenant | `false` | +| `dynatraceService.config.synchronizeDynatraceServices` | Synchronize Service Entities between Dynatrace and Keptn | `true` | +| `dynatraceService.config.synchronizeDynatraceServicesIntervalSeconds` | Synchronization Interval | `300` | +| `dynatraceService.config.httpSSLVerify` | Verify HTTPS SSL certificates | `true` | +| `dynatraceService.config.httpProxy` | Proxy for HTTP requests | `""` | +| `dynatraceService.config.httpsProxy` | Proxy for HTTPS requests | `""` | +| `dynatraceService.config.noProxy` | Proxy exceptions for HTTP and HTTPS requests | `""` | +| `dynatraceService.config.logLevel`| Minimum log level to log | `info` | +| `imagePullSecrets` | Secrets to use for container registry credentials | `[]` | +| `serviceAccount.create` | Enables the service account creation | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `podAnnotations` | Annotations to add to the created pods | `{}` | +| `podSecurityContext` | Set the pod security context (e.g. `fsgroups`) | `{}` | +| `securityContext` | Set the security context (e.g. `runasuser`) | `{}` | +| `resources` | Resource limits and requests | `{}` | +| `nodeSelector` | Node selector configuration | `{}` | +| `tolerations` | Tolerations for the pods | `[]` | +| `affinity` | Affinity rules | `{}` | +| `terminationGracePeriodSeconds` | Termination grace period (in seconds) | `30` | +| `workGracePeriodSeconds` | Seconds allocated to completing work in the event of a graceful shutdown | `20` | +| `replyGracePeriodSeconds` | Seconds allocated to replying in the event of a graceful shutdown | `5` | + + + + diff --git a/dynatrace-service/templates/_helpers.tpl b/dynatrace-service/templates/_helpers.tpl new file mode 100644 index 0000000..6549abe --- /dev/null +++ b/dynatrace-service/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "dynatrace-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dynatrace-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dynatrace-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dynatrace-service.labels" -}} +dynatrace-sli.sh/chart: {{ include "dynatrace-service.chart" . }} +{{ include "dynatrace-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{/* +Selector labels +*/}} +{{- define "dynatrace-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dynatrace-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/dynatrace-service/templates/deployment.yaml b/dynatrace-service/templates/deployment.yaml new file mode 100644 index 0000000..32c225d --- /dev/null +++ b/dynatrace-service/templates/deployment.yaml @@ -0,0 +1,160 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dynatrace-service.fullname" . }} + labels: + {{- include "dynatrace-service.labels" . | nindent 4 }} + +spec: + replicas: 1 + selector: + matchLabels: + {{- include "dynatrace-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dynatrace-service.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: dynatrace-service + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: dynatrace-service + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.image }} + image: {{ .Values.image }} # use image from .Values.image (e.g., when starting via skaffold) + {{- else }} + image: "{{ .Values.dynatraceService.image.repository }}:{{ .Values.dynatraceService.image.tag | default .Chart.AppVersion }}" + {{ end }} + imagePullPolicy: {{ .Values.dynatraceService.image.pullPolicy }} + ports: + - containerPort: 80 + env: + - name: DATASTORE + value: '' + - name: RESOURCE_SERVICE + value: '' + - name: SHIPYARD_CONTROLLER + value: '' + - name: K8S_DEPLOYMENT_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: 'metadata.labels[''app.kubernetes.io/name'']' + - name: K8S_DEPLOYMENT_VERSION + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: 'metadata.labels[''app.kubernetes.io/version'']' + - name: K8S_DEPLOYMENT_COMPONENT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: 'metadata.labels[''app.kubernetes.io/component'']' + - name: K8S_NAMESPACE + {{- if .Values.distributor.metadata.namespace }} + value: {{ .Values.distributor.metadata.namespace }} + {{- else }} + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} + - name: K8S_NODE_NAME + {{- if .Values.distributor.metadata.hostname }} + value: {{ .Values.distributor.metadata.hostname }} + {{- else }} + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- end }} + - name: K8S_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: GENERATE_TAGGING_RULES + value: '{{ .Values.dynatraceService.config.generateTaggingRules }}' + - name: GENERATE_PROBLEM_NOTIFICATIONS + value: '{{ .Values.dynatraceService.config.generateProblemNotifications }}' + - name: GENERATE_MANAGEMENT_ZONES + value: '{{ .Values.dynatraceService.config.generateManagementZones }}' + - name: GENERATE_DASHBOARDS + value: '{{ .Values.dynatraceService.config.generateDashboards }}' + - name: GENERATE_METRIC_EVENTS + value: '{{ .Values.dynatraceService.config.generateMetricEvents }}' + - name: SYNCHRONIZE_DYNATRACE_SERVICES + value: '{{ .Values.dynatraceService.config.synchronizeDynatraceServices }}' + - name: SYNCHRONIZE_DYNATRACE_SERVICES_INTERVAL_SECONDS + value: '{{ .Values.dynatraceService.config.synchronizeDynatraceServicesIntervalSeconds }}' + - name: HTTP_SSL_VERIFY + value: '{{ .Values.dynatraceService.config.httpSSLVerify }}' + - name: HTTP_PROXY + value: '{{ .Values.dynatraceService.config.httpProxy }}' + - name: HTTPS_PROXY + value: '{{ .Values.dynatraceService.config.httpsProxy }}' + - name: NO_PROXY + value: '{{ .Values.dynatraceService.config.noProxy }}' + - name: LOG_LEVEL_DYNATRACE_SERVICE + value: '{{ .Values.dynatraceService.config.logLevel }}' + - name: KEPTN_API_URL + value: '{{ .Values.dynatraceService.config.keptnApiUrl }}' + - name: KEPTN_BRIDGE_URL + value: '{{ .Values.dynatraceService.config.keptnBridgeUrl }}' + - name: KEPTN_API_TOKEN + valueFrom: + secretKeyRef: + name: keptn-api-token + key: keptn-api-token + - name: WORK_GRACE_PERIOD_SECONDS + value: '{{ .Values.workGracePeriodSeconds }}' + - name: REPLY_GRACE_PERIOD_SECONDS + value: '{{ .Values.replyGracePeriodSeconds }}' + - name: SKIP_LOWERCASE_SLI_NAMES + value: '{{ .Values.dynatraceService.config.skipLowercaseSLINames | default false }}' + - name: SKIP_INCLUDE_SLO_DISPLAY_NAMES + value: '{{ .Values.dynatraceService.config.skipIncludeSLODisplayNames | default false }}' + - name: SKIP_CHECK_DUPLICATE_SLI_AND_DISPLAY_NAMES + value: '{{ .Values.dynatraceService.config.skipCheckDuplicateSLIAndDisplayNames | default false }}' + livenessProbe: + httpGet: + path: /health + port: 8070 + initialDelaySeconds: 0 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/dynatrace-service/templates/service.yaml b/dynatrace-service/templates/service.yaml new file mode 100644 index 0000000..6ecaf92 --- /dev/null +++ b/dynatrace-service/templates/service.yaml @@ -0,0 +1,15 @@ +{{- if .Values.dynatraceService.service.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dynatrace-service.fullname" . }} + labels: + {{- include "dynatrace-service.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 8080 + protocol: TCP + selector: + {{- include "dynatrace-service.selectorLabels" . | nindent 4 }} + {{- end }} diff --git a/dynatrace-service/templates/serviceaccount.yaml b/dynatrace-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..3878c78 --- /dev/null +++ b/dynatrace-service/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-service + labels: + {{- include "dynatrace-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/dynatrace-service/values.schema.json b/dynatrace-service/values.schema.json new file mode 100644 index 0000000..d6fe9d6 --- /dev/null +++ b/dynatrace-service/values.schema.json @@ -0,0 +1,82 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "properties": { + "dynatraceService": { + "type": "object", + "required": [ + "image" + ], + "properties": { + "image": { + "properties": { + "repository": { + "pattern": "^[a-z0-9][a-z0-9-./]{0,511}$" + }, + "pullPolicy": { + "enum": [ + "IfNotPresent", + "Always" + ] + } + } + }, + "service": { + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "config": { + "properties": { + "generateTaggingRules": { + "type": "boolean" + }, + "generateProblemNotifications": { + "type": "boolean" + }, + "generateManagementZones": { + "type": "boolean" + }, + "generateDashboards": { + "type": "boolean" + }, + "generateMetricEvents": { + "type": "boolean" + }, + "synchronizeDynatraceServices": { + "type": "boolean" + }, + "synchronizeDynatraceServicesIntervalSeconds": { + "type": "integer" + }, + "httpSSLVerify": { + "type": "boolean" + }, + "httpProxy": { + "type": "string" + }, + "httpsProxy": { + "type": "string" + }, + "noProxy": { + "type": "string" + }, + "logLevel": { + "type": "string" + } + } + } + } + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "workGracePeriodSeconds": { + "type": "integer" + }, + "replyGracePeriodSeconds": { + "type": "integer" + } + } +} diff --git a/dynatrace-service/values.yaml b/dynatrace-service/values.yaml new file mode 100644 index 0000000..fe523d9 --- /dev/null +++ b/dynatrace-service/values.yaml @@ -0,0 +1,68 @@ +dynatraceService: + image: + repository: docker.io/keptncontrib/dynatrace-service # Container Image Name + pullPolicy: IfNotPresent # Kubernetes Image Pull Policy + tag: "" # Container Tag + service: + enabled: true # Creates a Kubernetes Service for the dynatrace-service + config: + generateTaggingRules: true # Generate Tagging Rules in Dynatrace Tenant + generateProblemNotifications: true # Generate Problem Notifications in Dynatrace Tenant + generateManagementZones: true # Generate Management Zones in Dynatrace Tenant + generateDashboards: true # Generate Dashboards in Dynatrace Tenant + generateMetricEvents: true # Generate Metric Events in Dynatrace Tenant + synchronizeDynatraceServices: true # Synchronize Service Entities between Dynatrace and Keptn + synchronizeDynatraceServicesIntervalSeconds: 60 # Synchronization Interval + httpSSLVerify: true # Verify HTTPS SSL certificates + httpProxy: "" # Proxy for HTTP requests + httpsProxy: "" # Proxy for HTTPS requests + noProxy: "" # Proxy exceptions for HTTP and HTTPS requests + logLevel: "info" # Minimum log level to log + keptnApiUrl: "" # URL of keptn API + keptnBridgeUrl: "" # URL of keptn bridge + skipLowercaseSLINames: false # Skip to apply a lower-case operation on SLI names + skipIncludeSLODisplayNames: false # Skip to include display names for SLO files produced by dynatrace-service + skipCheckDuplicateSLIAndDisplayNames: false # Skip check for duplicate SLI and display names in dashboard use-case + +imagePullSecrets: [ ] # Secrets to use for container registry credentials + +serviceAccount: + create: true # Enables the service account creation + annotations: { } # Annotations to add to the service account + +podAnnotations: { } # Annotations to add to the created pods + +podSecurityContext: # Set the pod security context (e.g. fsGroups) + fsGroup: 65532 + +securityContext: # Set the security context (e.g. runAsUser) + runAsNonRoot: true + runAsUser: 65532 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + +distributor: + metadata: + hostname: "" # Sets the hostname sent by the distributor to the control-plane + namespace: "" # Sets the namespace sent by the distributor to the control-plane + +resources: # Set resources limits and requests + limits: + cpu: 128m + memory: 200Mi + requests: + cpu: 32m + memory: 50Mi + +nodeSelector: { } # Node selector configuration + +tolerations: [ ] # Tolerations for the pods + +affinity: { } # Affinity rules + +terminationGracePeriodSeconds: 30 # Pod termination grace period in seconds +workGracePeriodSeconds: 20 # Seconds allocated to completing work in the event of a graceful shutdown +replyGracePeriodSeconds: 5 # Seconds allocated to replying in the event of a graceful shutdown diff --git a/jenkinsfile b/jenkinsfile new file mode 100644 index 0000000..ed11d3b --- /dev/null +++ b/jenkinsfile @@ -0,0 +1,48 @@ +pipeline { + agent { + label 'terraform-slave' + } + + environment { + TF_VAR_KEPTN_NAMESPACE="keptn" + TF_VAR_KEPTN_VERSION="1.4.0" + TF_VAR_KEPTN_DOMAIN="keptn.nttdata-xlabs.com" + TF_VAR_DT_TENANT="https://elw69065.live.dynatrace.com" + TF_VAR_DT_API_TOKEN="dt0c01.N2PBLK767N76X77W4DKPZBW3.RPIRL6HTSX6OOPFB4REGWBQEN62LYYVYYR3O5VAWGFW37OVXKB4G6ZQUHPL33LMP" + } + + // parameters { + // booleanParam(name: 'refresh', defaultValue: false, description: 'Refresh pipeline properties') + // } + + stages { + // stage('Refresh properties') { + // steps { + // script { + // if (Refresh) { + // currentBuild.result = 'ABORTED' + // error('Stopping early…') + // } + // } + // } + // } + stage('TF Plan') { + steps { + container('terraform') { + withCredentials([[ + $class: 'AmazonWebServicesCredentialsBinding', + credentialsId: "f89b3f7d-23ec-42b9-9687-e4acf01d7507", + accessKeyVariable: 'AWS_ACCESS_KEY_ID', + secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) { + sh 'terraform version' + sh 'terraform init -backend-config="key=keptn-demo"' + sh 'terraform get' + sh 'terraform apply -auto-approve' + } + + } + } + } + + } +} \ No newline at end of file diff --git a/job-executer-service.tf b/job-executer-service.tf new file mode 100644 index 0000000..1cd559c --- /dev/null +++ b/job-executer-service.tf @@ -0,0 +1,51 @@ +resource "helm_release" "job-executer-service" { + name = "job-executer-service" + chart = "https://github.com/keptn-contrib/job-executor-service/releases/download/0.3.0/job-executor-service-0.3.0.tgz" + namespace = var.KEPTN_NAMESPACE + timeout = 500 + +set { + name = "tolerations[0].key" + value = "dedicated" + } + + set { + name = "tolerations[0].value" + value = "group2" + } + + set { + name = "tolerations[0].operator" + value = "Equal" + } + + set { + name = "tolerations[0].effect" + value = "NoSchedule" + } + + set { + name = "nodeSelector.role" + value = "group2" + } + + set { + name = "remoteControlPlane.api.hostname" + value = "api-gateway-nginx.keptn" + } + + set { + name = "remoteControlPlane.api.token" + value = module.keptn-api-token.result + } + + set { + name = "remoteControlPlane.topicSubscription" + value = "sh.keptn.event.deployment.triggered\\,sh.keptn.event.test.triggered\\,sh.keptn.event.action.triggered" + } + + depends_on = [ + helm_release.keptn, + module.keptn-api-token + ] +} \ No newline at end of file diff --git a/keptn.tf b/keptn.tf new file mode 100644 index 0000000..2e47857 --- /dev/null +++ b/keptn.tf @@ -0,0 +1,114 @@ +resource "helm_release" "keptn" { + name = "keptn" + repository = "https://charts.keptn.sh" + chart = "keptn" + namespace = var.KEPTN_NAMESPACE + timeout = 500 + version = var.KEPTN_VERSION + create_namespace = true + + set { + name = "tolerations[0].key" + value = "dedicated" + } + + set { + name = "tolerations[0].value" + value = "group2" + } + + set { + name = "tolerations[0].operator" + value = "Equal" + } + + set { + name = "tolerations[0].effect" + value = "NoSchedule" + } + + set { + name = "nodeSelector.role" + value = "group2" + } + + + + + set { + name ="ingress.enabled" + value = "true" + } + + set { + name ="ingress.className" + value = "nginx" + } + + set { + name ="ingress.path" + value = "/" + } + + set { + name ="ingress.host" + value = var.KEPTN_DOMAIN + } + + set { + name ="ingress.annotations.cert-manager\\.io/cluster-issuer" + value ="letsencrypt-prod" + } + + + set { + name = "ingress.tls[0].hosts[0]" + value = var.KEPTN_DOMAIN + } + + set { + name = "ingress.tls[0].secretName" + value = "letsencrypt-prod" + } +} + +module "keptn-bridge-userneame" { + source = "./terraform-kubernetes-get-secret" + namespace = "keptn" + name = "bridge-credentials" + key = "BASIC_AUTH_USERNAME" + context = var.k8S_CONTEXT + #context = "arn:aws:eks:us-west-2:277980527364:cluster/xOps" + + depends_on = [ + helm_release.keptn + ] + +} + +module "keptn-bridge-pwd" { + source = "./terraform-kubernetes-get-secret" + namespace = "keptn" + name = "bridge-credentials" + key = "BASIC_AUTH_PASSWORD" + context = var.k8S_CONTEXT + #context = "arn:aws:eks:us-west-2:277980527364:cluster/xOps" + + depends_on = [ + helm_release.keptn + ] + +} + +module "keptn-api-token" { + source = "./terraform-kubernetes-get-secret" + namespace = "keptn" + name = "keptn-api-token" + key = "keptn-api-token" + context = var.k8S_CONTEXT + #context = "arn:aws:eks:us-west-2:277980527364:cluster/xOps" + + depends_on = [ + helm_release.keptn + ] +} \ No newline at end of file diff --git a/ouput.tf b/ouput.tf new file mode 100644 index 0000000..1659d7a --- /dev/null +++ b/ouput.tf @@ -0,0 +1,11 @@ +output "Keptn_Bridge_Url" { + value = format("https://%s",var.KEPTN_DOMAIN) +} + +output "Keptn_Bridge_USER" { + value = module.keptn-bridge-userneame.result +} + +output "Keptn_Bridge_PWD" { + value = module.keptn-bridge-pwd.result +} \ No newline at end of file diff --git a/readme b/readme new file mode 100644 index 0000000..e7e181e --- /dev/null +++ b/readme @@ -0,0 +1 @@ +terraform init -backend-config="key=keptn-sockshop" \ No newline at end of file diff --git a/terraform.tf b/terraform.tf new file mode 100644 index 0000000..f12010c --- /dev/null +++ b/terraform.tf @@ -0,0 +1,80 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +data "aws_eks_cluster" "xOps" { + name = var.CLUSTER_NAME +} + +data "aws_eks_cluster_auth" "example" { + name = var.CLUSTER_NAME +} + +terraform { + + backend "s3" { + bucket = "terraform-xops-demos" + #key = var.DEMO_NAME + region = "us-west-2" + dynamodb_table = "terraform-xops-lock-state" + encrypt = true + } + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.7.0" + } + + + helm = { + version = "2.11.0" + } + + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.0.0" + } + + # kubectl = { + # source = "gavinbunney/kubectl" + # version = ">= 1.7.0" + # } + + } + + required_version = "~> 1.3" +} + + + +provider "aws" { + region = "us-west-2" +} + + + +provider "helm" { + repository_config_path = "${path.module}/.helm/repositories.yaml" + repository_cache = "${path.module}/.helm" + kubernetes { + host = data.aws_eks_cluster.xOps.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.xOps.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.example.token + } +} + +provider "kubernetes" { +# kubernetes { + host = data.aws_eks_cluster.xOps.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.xOps.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.example.token + # } +} + +# provider "kubectl" { +# kubernetes { +# host = data.aws_eks_cluster.xOps.endpoint +# cluster_ca_certificate = base64decode(data.aws_eks_cluster.xOps.certificate_authority[0].data) +# token = data.aws_eks_cluster_auth.example.token +# } +# } diff --git a/trace.log b/trace.log new file mode 100644 index 0000000..26bf97b --- /dev/null +++ b/trace.log @@ -0,0 +1,14 @@ +Acquiring state lock. This may take a few moments... +module.keptn-bridge-userneame.data.external.secret-win[0]: Reading... +data.aws_eks_cluster_auth.example: Reading... +data.aws_eks_cluster_auth.example: Read complete after 0s [id=xOps] +data.aws_eks_cluster.xOps: Reading... +module.keptn-bridge-userneame.data.external.secret-win[0]: Still reading... [10s elapsed] +data.aws_eks_cluster.xOps: Read complete after 1s [id=xOps] +helm_release.keptn: Refreshing state... [id=keptn] +kubernetes_secret.dynatrace-service: Refreshing state... [id=keptn/dynatrace-service] +helm_release.dynatrace-service: Refreshing state... [id=dynatrace-service] + +Planning failed. Terraform encountered an error while generating this plan. + +Releasing state lock. This may take a few moments... diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..c844e5b --- /dev/null +++ b/variables.tf @@ -0,0 +1,41 @@ +variable "KEPTN_VERSION" { + type = string + description = "Version Keptn" + default = "1.4.0" +} + +variable "KEPTN_NAMESPACE" { + type = string + description = "" + default = "keptn" + } + + variable "KEPTN_DOMAIN" { + type = string + description = "Version Keptn" +} + + +variable "CLUSTER_NAME" { + type = string + description = "" + default = "xOps" +} + +variable "DT_TENANT" { + type = string + description = "" + default = "https://elw69065.live.dynatrace.com" +} + +variable "DT_API_TOKEN" { + type = string + description = "" +} + +variable "k8S_CONTEXT" { + type = string + description = "" + default=null +} +