clouddrove · nileshgadgi · Dec 12, 2023 · Dec 28, 2023 · Dec 28, 2023 · Dec 28, 2023
@@ -5,8 +5,6 @@ on:
   push:
     branches:
       - master
-    paths:
-      - '_examples/**' 
   workflow_dispatch:
 
 jobs:
@@ -90,7 +88,7 @@ jobs:
       - name: Generate TF Docs
         uses: terraform-docs/[email protected]
         with:
-          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis,addons/actions-runner-controller
+          working-dir: addons/aws-ebs-csi-driver,addons/aws-efs-csi-driver,addons/aws-load-balancer-controller,addons/aws-node-termination-handler,addons/calico-tigera,addons/cluster-autoscaler,addons/external-secrets,addons/fluent-bit,addons/helm,addons/ingress-nginx,addons/istio-ingress,addons/karpenter,addons/kiali-server,addons/kubeclarity,addons/metrics-server,addons/nri-bundle,addons/velero,addons/kube-state-metrics,addons/keda,addons/cert-manager,addons/filebeat,addons/reloader,addons/external-dns,addons/redis,addons/actions-runner-controller,addons/prometheus-cloudwatch-exporter
           git-push: true
           template: |-
             <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

@@ -0,0 +1,101 @@
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "eks.amazonaws.com/nodegroup"
+          operator: In
+          values:
+          - "critical"
+
+## Using limits and requests
+resources:
+  limits:
+    cpu: 300m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi
+
+# Configuration is rendered with `tpl` function, therefore you can use any Helm variables and/or templates here
+config: |-
+  # This is the default configuration for prometheus-cloudwatch-exporter
+  region: us-east-1
+  metrics:
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: CPUUtilization
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+    aws_tag_select:
+      resource_type_selection: ec2:instance
+      resource_id_dimension: InstanceId
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: NetworkIn
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: NetworkOut
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: NetworkPacketsIn
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: NetworkPacketsOut
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: DiskWriteBytes
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: DiskReadBytes
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: CPUCreditBalance
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: CPUCreditUsage
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Average
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: StatusCheckFailed
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Sum
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: StatusCheckFailed_Instance
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Sum
+  - aws_dimensions:
+    - InstanceId
+    aws_metric_name: StatusCheckFailed_System
+    aws_namespace: AWS/EC2
+    aws_statistics:
+    - Sum
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+  namespace: monitoring     # Namespace of Prometheus Cloudwatch Exporter addon destination
+type: Opaque
+data:
+  access_key: QUtJQVdGV0VLSlBTQU9INVlIRlQK                               # Encoded AWS Access key  -  Enter Correct AWS Access Key Encoded with base64
+  secret_key: SjZLVDRTSkZIVG9leTQ1M2hadllmMWZpR2pYa0l1UkFmYkhLRHpUdAo=   # Encoded AWS Secret Access key  - Enter Correct AWS Secret Access Key Encoded with base64
+  # Refer https://www.baeldung.com/linux/cli-base64-encode-decode this URL to Encode and Decode of String in Base64
@@ -76,8 +76,10 @@ module "eks" {
       policy_arn = aws_iam_policy.node_additional.arn
     }
     tags = {
-      "kubernetes.io/cluster/${module.eks.cluster_name}"  = "shared"
-      "karpenter.sh/discovery/${module.eks.cluster_name}" = module.eks.cluster_name
+      "kubernetes.io/cluster/${module.eks.cluster_name}"     = "shared"
+      "k8s.io/cluster-autoscaler/enabled"                    = module.eks.cluster_name
+      "k8s.io/cluster-autoscaler/${module.eks.cluster_name}" = module.eks.cluster_name
+      "karpenter.sh/discovery/${module.eks.cluster_name}"    = module.eks.cluster_name
     }
   }
 
@@ -152,29 +154,28 @@ module "addons" {
   eks_cluster_name = module.eks.cluster_name
 
   # -- Enable Addons
-  metrics_server               = true
-  cluster_autoscaler           = true
-  aws_load_balancer_controller = true
-  aws_node_termination_handler = true
-  aws_efs_csi_driver           = true
-  aws_ebs_csi_driver           = true
-  kube_state_metrics           = true
-  karpenter                    = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform.
-  calico_tigera                = true
-  new_relic                    = true
-  kubeclarity                  = true
-  ingress_nginx                = true
-  fluent_bit                   = true
-  velero                       = true
-  keda                         = true
-  certification_manager        = true
-  filebeat                     = true
-  reloader                     = true
-  external_dns                 = true
-  redis                        = true
-  actions_runner_controller    = true
-
-
+  metrics_server                 = true
+  cluster_autoscaler             = true # Read Prerequisites in [this](https://github.com/clouddrove/terraform-aws-eks-addons/blob/master/addons/cluster-autoscaler/README.md) before creating cluster autoscaler.
+  aws_load_balancer_controller   = true
+  aws_node_termination_handler   = true
+  aws_efs_csi_driver             = true
+  aws_ebs_csi_driver             = true
+  kube_state_metrics             = true
+  karpenter                      = false # -- Set to `false` or comment line to Uninstall Karpenter if installed using terraform.
+  calico_tigera                  = true
+  new_relic                      = true
+  kubeclarity                    = true
+  ingress_nginx                  = true
+  fluent_bit                     = true
+  velero                         = true
+  keda                           = true
+  certification_manager          = true
+  filebeat                       = true
+  reloader                       = true
+  external_dns                   = true
+  redis                          = true
+  actions_runner_controller      = true
+  prometheus_cloudwatch_exporter = true
 
   # -- Addons with mandatory variable
   istio_ingress    = true
@@ -184,56 +185,59 @@ module "addons" {
   external_secrets = true
 
   # -- Path of override-values.yaml file
-  metrics_server_helm_config               = { values = [file("./config/override-metrics-server.yaml")] }
-  cluster_autoscaler_helm_config           = { values = [file("./config/override-cluster-autoscaler.yaml")] }
-  karpenter_helm_config                    = { values = [file("./config/override-karpenter.yaml")] }
-  aws_load_balancer_controller_helm_config = { values = [file("./config/override-aws-load-balancer-controller.yaml")] }
-  aws_node_termination_handler_helm_config = { values = [file("./config/override-aws-node-termination-handler.yaml")] }
-  aws_efs_csi_driver_helm_config           = { values = [file("./config/override-aws-efs-csi-driver.yaml")] }
-  aws_ebs_csi_driver_helm_config           = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] }
-  calico_tigera_helm_config                = { values = [file("./config/calico-tigera-values.yaml")] }
-  istio_ingress_helm_config                = { values = [file("./config/istio/override-values.yaml")] }
-  kiali_server_helm_config                 = { values = [file("./config/kiali/override-values.yaml")] }
-  external_secrets_helm_config             = { values = [file("./config/external-secret/override-values.yaml")] }
-  ingress_nginx_helm_config                = { values = [file("./config/override-ingress-nginx.yaml")] }
-  kubeclarity_helm_config                  = { values = [file("./config/override-kubeclarity.yaml")] }
-  fluent_bit_helm_config                   = { values = [file("./config/override-fluent-bit.yaml")] }
-  velero_helm_config                       = { values = [file("./config/override-velero.yaml")] }
-  new_relic_helm_config                    = { values = [file("./config/override-new-relic.yaml")] }
-  kube_state_metrics_helm_config           = { values = [file("./config/override-kube-state-matrics.yaml")] }
-  keda_helm_config                         = { values = [file("./config/keda/override-keda.yaml")] }
-  certification_manager_helm_config        = { values = [file("./config/override-certification-manager.yaml")] }
-  filebeat_helm_config                     = { values = [file("./config/override-filebeat.yaml")] }
-  reloader_helm_config                     = { values = [file("./config/reloader/override-reloader.yaml")] }
-  external_dns_helm_config                 = { values = [file("./config/override-external-dns.yaml")] }
-  redis_helm_config                        = { values = [file("./config/override-redis.yaml")] }
-  actions_runner_controller_helm_config    = { values = [file("./config/override-actions-runner-controller.yaml")] }
+  metrics_server_helm_config                     = { values = [file("./config/override-metrics-server.yaml")] }
+  cluster_autoscaler_helm_config                 = { values = [file("./config/override-cluster-autoscaler.yaml")] }
+  karpenter_helm_config                          = { values = [file("./config/override-karpenter.yaml")] }
+  aws_load_balancer_controller_helm_config       = { values = [file("./config/override-aws-load-balancer-controller.yaml")] }
+  aws_node_termination_handler_helm_config       = { values = [file("./config/override-aws-node-termination-handler.yaml")] }
+  aws_efs_csi_driver_helm_config                 = { values = [file("./config/override-aws-efs-csi-driver.yaml")] }
+  aws_ebs_csi_driver_helm_config                 = { values = [file("./config/override-aws-ebs-csi-driver.yaml")] }
+  calico_tigera_helm_config                      = { values = [file("./config/calico-tigera-values.yaml")] }
+  istio_ingress_helm_config                      = { values = [file("./config/istio/override-values.yaml")] }
+  kiali_server_helm_config                       = { values = [file("./config/kiali/override-values.yaml")] }
+  external_secrets_helm_config                   = { values = [file("./config/external-secret/override-values.yaml")] }
+  ingress_nginx_helm_config                      = { values = [file("./config/override-ingress-nginx.yaml")] }
+  kubeclarity_helm_config                        = { values = [file("./config/override-kubeclarity.yaml")] }
+  fluent_bit_helm_config                         = { values = [file("./config/override-fluent-bit.yaml")] }
+  velero_helm_config                             = { values = [file("./config/override-velero.yaml")] }
+  new_relic_helm_config                          = { values = [file("./config/override-new-relic.yaml")] }
+  kube_state_metrics_helm_config                 = { values = [file("./config/override-kube-state-matrics.yaml")] }
+  keda_helm_config                               = { values = [file("./config/keda/override-keda.yaml")] }
+  certification_manager_helm_config              = { values = [file("./config/override-certification-manager.yaml")] }
+  filebeat_helm_config                           = { values = [file("./config/override-filebeat.yaml")] }
+  reloader_helm_config                           = { values = [file("./config/reloader/override-reloader.yaml")] }
+  external_dns_helm_config                       = { values = [file("./config/override-external-dns.yaml")] }
+  redis_helm_config                              = { values = [file("./config/override-redis.yaml")] }
+  actions_runner_controller_helm_config          = { values = [file("./config/override-actions-runner-controller.yaml")] }
+  prometheus_cloudwatch_exporter_helm_config     = { values = [file("./config/prometheus-cloudwatch-exporter/override-prometheus-cloudwatch-exporter-controller.yaml")] }
+  prometheus_cloudwatch_exporter_secret_manifest = ["./config/prometheus-cloudwatch-exporter/secret.yaml"]
 
   # -- Override Helm Release attributes
-  metrics_server_extra_configs               = var.metrics_server_extra_configs
-  cluster_autoscaler_extra_configs           = var.cluster_autoscaler_extra_configs
-  karpenter_extra_configs                    = var.karpenter_extra_configs
-  aws_load_balancer_controller_extra_configs = var.aws_load_balancer_controller_extra_configs
-  aws_node_termination_handler_extra_configs = var.aws_node_termination_handler_extra_configs
-  aws_efs_csi_driver_extra_configs           = var.aws_efs_csi_driver_extra_configs
-  aws_ebs_csi_driver_extra_configs           = var.aws_ebs_csi_driver_extra_configs
-  calico_tigera_extra_configs                = var.calico_tigera_extra_configs
-  istio_ingress_extra_configs                = var.istio_ingress_extra_configs
-  kiali_server_extra_configs                 = var.kiali_server_extra_configs
-  ingress_nginx_extra_configs                = var.ingress_nginx_extra_configs
-  kubeclarity_extra_configs                  = var.kubeclarity_extra_configs
-  fluent_bit_extra_configs                   = var.fluent_bit_extra_configs
-  velero_extra_configs                       = var.velero_extra_configs
-  new_relic_extra_configs                    = var.new_relic_extra_configs
-  kube_state_metrics_extra_configs           = var.kube_state_metrics_extra_configs
-  keda_extra_configs                         = var.keda_extra_configs
-  certification_manager_extra_configs        = var.certification_manager_extra_configs
-  external_secrets_extra_configs             = var.external_secrets_extra_configs
-  filebeat_extra_configs                     = var.filebeat_extra_configs
-  reloader_extra_configs                     = var.reloader_extra_configs
-  external_dns_extra_configs                 = var.external_dns_extra_configs
-  redis_extra_configs                        = var.redis_extra_configs
-  actions_runner_controller_extra_configs    = var.actions_runner_controller_extra_configs
+  metrics_server_extra_configs                 = var.metrics_server_extra_configs
+  cluster_autoscaler_extra_configs             = var.cluster_autoscaler_extra_configs
+  karpenter_extra_configs                      = var.karpenter_extra_configs
+  aws_load_balancer_controller_extra_configs   = var.aws_load_balancer_controller_extra_configs
+  aws_node_termination_handler_extra_configs   = var.aws_node_termination_handler_extra_configs
+  aws_efs_csi_driver_extra_configs             = var.aws_efs_csi_driver_extra_configs
+  aws_ebs_csi_driver_extra_configs             = var.aws_ebs_csi_driver_extra_configs
+  calico_tigera_extra_configs                  = var.calico_tigera_extra_configs
+  istio_ingress_extra_configs                  = var.istio_ingress_extra_configs
+  kiali_server_extra_configs                   = var.kiali_server_extra_configs
+  ingress_nginx_extra_configs                  = var.ingress_nginx_extra_configs
+  kubeclarity_extra_configs                    = var.kubeclarity_extra_configs
+  fluent_bit_extra_configs                     = var.fluent_bit_extra_configs
+  velero_extra_configs                         = var.velero_extra_configs
+  new_relic_extra_configs                      = var.new_relic_extra_configs
+  kube_state_metrics_extra_configs             = var.kube_state_metrics_extra_configs
+  keda_extra_configs                           = var.keda_extra_configs
+  certification_manager_extra_configs          = var.certification_manager_extra_configs
+  external_secrets_extra_configs               = var.external_secrets_extra_configs
+  filebeat_extra_configs                       = var.filebeat_extra_configs
+  reloader_extra_configs                       = var.reloader_extra_configs
+  external_dns_extra_configs                   = var.external_dns_extra_configs
+  redis_extra_configs                          = var.redis_extra_configs
+  actions_runner_controller_extra_configs      = var.actions_runner_controller_extra_configs
+  prometheus_cloudwatch_exporter_extra_configs = var.prometheus_cloudwatch_exporter_extra_configs
 
   # -- Custom IAM Policy Json for Addon's ServiceAccount
   cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json")
@@ -246,7 +250,7 @@ module "addons-internal" {
   depends_on       = [module.eks]
   eks_cluster_name = module.eks.cluster_name
 
-  istio_ingress               = true
+  istio_ingress               = false
   istio_manifests             = var.istio_manifests_internal
   istio_ingress_extra_configs = var.istio_ingress_extra_configs_internal
 }
@@ -208,3 +208,11 @@ variable "actions_runner_controller_extra_configs" {
   type    = any
   default = {}
 }
+
+# ---------------------- PROMETHEUS-CLOUDWATCH-EXPORTER ------------------------------------------------
+variable "prometheus_cloudwatch_exporter_extra_configs" {
+  type = any
+  default = {
+    role_name = ""
+  }
+}
@@ -0,0 +1,51 @@
+## Node affinity for particular node in which labels key is "Infra-Services" and value is "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "eks.amazonaws.com/nodegroup"
+          operator: In
+          values:
+          - "critical"
+
+## Using limits and requests
+resources:
+  limits:
+    cpu: 300m
+    memory: 250Mi
+  requests:
+    cpu: 50m
+    memory: 150Mi
+
+# Configuration is rendered with `tpl` function, therefore you can use any Helm variables and/or templates here
+config: |-
+  # This is the default configuration for prometheus-cloudwatch-exporter
+  region: eu-west-1
+  period_seconds: 240
+  metrics:
+  - aws_namespace: AWS/ELB
+    aws_metric_name: HealthyHostCount
+    aws_dimensions: [AvailabilityZone, LoadBalancerName]
+    aws_statistics: [Average]
+
+  - aws_namespace: AWS/ELB
+    aws_metric_name: UnHealthyHostCount
+    aws_dimensions: [AvailabilityZone, LoadBalancerName]
+    aws_statistics: [Average]
+
+  - aws_namespace: AWS/ELB
+    aws_metric_name: RequestCount
+    aws_dimensions: [AvailabilityZone, LoadBalancerName]
+    aws_statistics: [Sum]
+
+  - aws_namespace: AWS/ELB
+    aws_metric_name: Latency
+    aws_dimensions: [AvailabilityZone, LoadBalancerName]
+    aws_statistics: [Average]
+
+  - aws_namespace: AWS/ELB
+    aws_metric_name: SurgeQueueLength
+    aws_dimensions: [AvailabilityZone, LoadBalancerName]
+    aws_statistics: [Maximum, Sum]
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+  namespace: monitoring     # Namespace of Prometheus Cloudwatch Exporter addon destination
+type: Opaque
+data:
+  access_key: QUtJQVdGV0VLSlBTQU9INVlIRlQK                               # Encoded AWS Access key  -  Enter Correct AWS Access Key Encoded with base64
+  secret_key: SjZLVDRTSkZIVG9leTQ1M2hadllmMWZpR2pYa0l1UkFmYkhLRHpUdAo=   # Encoded AWS Secret Access key  - Enter Correct AWS Secret Access Key Encoded with base64
+  # Refer https://www.baeldung.com/linux/cli-base64-encode-decode this URL to Encode and Decode of String in Base64