Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds yet-another-cloudwatch-exporter helm chart #1766

Merged
merged 3 commits into from
Feb 3, 2023
Merged

feat: adds yet-another-cloudwatch-exporter helm chart #1766

merged 3 commits into from
Feb 3, 2023

Conversation

cebidhem
Copy link
Contributor

@cebidhem cebidhem commented Feb 2, 2023
edited
Loading

Signed-off-by: cebidhem [email protected]

Add yet-another-cloudwatch-exporter

Description

In this collection the official Prometheus Cloudwatch Exporter is proposed, however there are some issues with this exporters that have been described extensively by users.
There is another expoter for cloudwatch - yet-another-cloudwatch-exporter - that addresses those issues. Whether it's better or worse is not relevant imho, but this PR will allow users of this project decide if they want to use it or not.

Doc generation: Docs have been generated in modules/aws/ but not in the root README.md. I assume it is on purpose since this is AWS related.

Plan when passing the following variables:

enabled = true
namespace = "telemetry"
extra_values = <<-EXTRA_VALUES
     some_values:
EXTRA_VALUES

Terraform will perform the following actions:

  # aws_iam_policy.yet-another-cloudwatch-exporter[0] will be created
  + resource "aws_iam_policy" "yet-another-cloudwatch-exporter" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "cluster_name-yace"
      + path      = "/"
      + policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "tag:GetResources",
                          + "ec2:DescribeTransitGateway*",
                          + "ec2:DescribeTags",
                          + "ec2:DescribeRegions",
                          + "ec2:DescribeInstances",
                          + "dms:DescribeReplicationTasks",
                          + "dms:DescribeReplicationInstances",
                          + "cloudwatch:ListMetrics",
                          + "cloudwatch:GetMetricStatistics",
                          + "cloudwatch:GetMetricData",
                          + "apigateway:GET",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id = (known after apply)
      + tags      = {
          + "Env"   = "dev"
          + "Owner" = "REDACTED"
        }
      + tags_all  = {
          + "Env"   = "dev"
          + "Owner" = "REDACTED"
        }
    }

  # helm_release.yet-another-cloudwatch-exporter[0] will be created
  + resource "helm_release" "yet-another-cloudwatch-exporter" {
      + atomic                     = false
      + chart                      = "yet-another-cloudwatch-exporter"
      + cleanup_on_fail            = false
      + create_namespace           = false
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "yet-another-cloudwatch-exporter"
      + namespace                  = "telemetry"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://nerdswords.github.io/yet-another-cloudwatch-exporter"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 3600
      + values                     = (known after apply)
      + verify                     = false
      + version                    = "0.12.0"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role.this[0] will be created
  + resource "aws_iam_role" "this" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRoleWithWebIdentity"
                      + Condition = {
                          + StringEquals = {
                              + "oidc.eks.us-east-1.amazonaws.com/id/REDACTED:sub" = "system:serviceaccount:telemetry:yace"
                            }
                        }
                      + Effect    = "Allow"
                      + Principal = {
                          + Federated = "arn:aws:iam::REDACTED:oidc-provider/oidc.eks.REDACTED.amazonaws.com/id/REDACTED"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cluster_name-yace"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Env"   = "dev"
          + "Owner" = "REDACTED"
        }
      + tags_all              = {
          + "Env"   = "dev"
          + "Owner" = "REDACTED"
        }
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role_policy_attachment.custom[0] will be created
  + resource "aws_iam_role_policy_attachment" "custom" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cluster_name-yace"
    }

Plan: 4 to add, 0 to change, 0 to destroy.

Apply:

aws_iam_policy.yet-another-cloudwatch-exporter[0]: Creating...
module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role.this[0]: Creating...
aws_iam_policy.yet-another-cloudwatch-exporter[0]: Creation complete after 1s [id=arn:aws:iam::REDACTED:policy/cluster_name-yace]
module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role.this[0]: Creation complete after 1s [id=cluster_name-yace]
module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role_policy_attachment.custom[0]: Creating...
module.iam_assumable_role_yet-another-cloudwatch-exporter.aws_iam_role_policy_attachment.custom[0]: Creation complete after 1s [id=cluster_name-yace-20230203150359638500000001]
helm_release.yet-another-cloudwatch-exporter[0]: Creating...
helm_release.yet-another-cloudwatch-exporter[0]: Still creating... [10s elapsed]
helm_release.yet-another-cloudwatch-exporter[0]: Creation complete after 12s [id=yet-another-cloudwatch-exporter]
Releasing state lock. This may take a few moments...

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

After apply:
- Helm release

yet-another-cloudwatch-exporter telemetry       1               2023-02-03 16:04:01.72511 +0100 CET     deployed        yet-another-cloudwatch-exporter-0.12.0  v0.46.0-alpha

- pod status

yet-another-cloudwatch-exporter-76d6c65964-5tczc            1/1     Running   0              2m19s

- serviceAccount annotations

k get sa yace -o jsonpath='{.metadata.annotations}'    
{"eks.amazonaws.com/role-arn":"arn:aws:iam::REDACTED:role/cluster_name-yace","meta.helm.sh/release-name":"yet-another-cloudwatch-exporter","meta.helm.sh/release-namespace":"telemetry"}

- pod logs

{"level":"info","msg":"Parsing config","time":"2023-02-03T15:04:10Z"}
{"level":"info","msg":"Startup completed","time":"2023-02-03T15:04:10Z"}

Checklist

@cebidhem cebidhem changed the title adds yet-another-cloudwatch-exporter feat: adds yet-another-cloudwatch-exporter helm chart Feb 2, 2023
@cebidhem cebidhem marked this pull request as ready for review February 3, 2023 15:22
@cebidhem cebidhem requested a review from a team as a code owner February 3, 2023 15:22
@cebidhem cebidhem requested review from ArchiFleKs and rguichard and removed request for a team February 3, 2023 15:22
@mergify mergify bot merged commit c1dfcfa into particuleio:main Feb 3, 2023
@github-actions
Copy link

github-actions bot commented Feb 6, 2023

🎉 This PR is included in version 12.1.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@cebidhem cebidhem deleted the feat/yace branch April 4, 2023 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArchiFleKs ArchiFleKs ArchiFleKs approved these changes

@rguichard rguichard Awaiting requested review from rguichard rguichard is a code owner automatically assigned from particuleio/team

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cebidhem @ArchiFleKs