Prometheus Adapter Module (#716)

* first commit

* remove terraform.tfvar

* refactoring

* remove hardcoding

* remove bash_equivalent

modules/prometheus-adapter/README.md

@@ -0,0 +1,20 @@
+This module deploys a [prometheus-adapter](https://github.com/kubernetes-sigs/prometheus-adapter) and a [Prometheus frontend](https://github.com/GoogleCloudPlatform/prometheus-engine/blob/main/examples/frontend.yaml) to a cluster. See [prometheus-adapter](https://github.com/kubernetes-sigs/prometheus-adapter) repo for more details.
+
+## Bash equivalent of this module
+
+Assure the following are set before running:
+   - PROJECT_ID: GKE Project ID
+   - (optional) PROMETHEUS_HELM_VALUES_FILE: Values file to pass when deploying `prometheus-community/prometheus-adapter` chart
+
+```
+curl https://raw.githubusercontent.com/GoogleCloudPlatform/prometheus-engine/v0.10.0/examples/frontend.yaml | envsubst
+
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo update
+
+if [ -z "$PROMETHEUS_HELM_VALUES_FILE" ]
+    helm install example-release prometheus-community/prometheus-adapter
+else
+    helm install example-release prometheus-community/prometheus-adapter -f "$PROMETHEUS_HELM_VALUES_FILE"
+fi
+```

modules/prometheus-adapter/main.tf

@@ -0,0 +1,121 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "helm_release" "prometheus_adapter" {
+  name       = "my-release"
+  chart      = "prometheus-adapter"
+  repository = "https://prometheus-community.github.io/helm-charts"
+  values     = var.config_file != "" ? [file(var.config_file)] : []
+}
+
+resource "kubernetes_deployment_v1" "frontend" {
+  metadata {
+    name = "frontend"
+    labels = {
+      "app" : "frontend"
+    }
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        "app" : "frontend"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app" : "frontend"
+        }
+      }
+      spec {
+        automount_service_account_token = true
+        affinity {
+          node_affinity {
+            required_during_scheduling_ignored_during_execution {
+              node_selector_term {
+                match_expressions {
+                  key      = "kubernetes.io/arch"
+                  operator = "In"
+                  values = [
+                    "arm64",
+                    "amd64"
+                  ]
+                }
+                match_expressions {
+                  key      = "kubernetes.io/os"
+                  operator = "In"
+                  values = [
+                    "linux"
+                  ]
+                }
+              }
+            }
+          }
+        }
+        container {
+          name  = "frontend"
+          image = "gke.gcr.io/prometheus-engine/frontend:v0.8.0-gke.4"
+          args = [
+            "--web.listen-address=:9090",
+            format("--query.project-id=%s", var.project_id)
+          ]
+          port {
+            name           = "web"
+            container_port = 9090
+          }
+          readiness_probe {
+            http_get {
+              path = "/-/ready"
+              port = "web"
+            }
+          }
+          security_context {
+            allow_privilege_escalation = false
+            capabilities {
+              drop = ["all"]
+            }
+            privileged      = false
+            run_as_group    = 1000
+            run_as_non_root = true
+            run_as_user     = 1000
+          }
+          liveness_probe {
+            http_get {
+              path = "/-/healthy"
+              port = "web"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service_v1" "frontend-service" {
+  metadata {
+    name = "prometheus"
+  }
+  spec {
+    cluster_ip = "None"
+    selector = {
+      "app" : "frontend"
+    }
+    port {
+      name = "web"
+      port = 9090
+    }
+
+  }
+}

modules/prometheus-adapter/providers.tf

@@ -0,0 +1,69 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+data "google_client_config" "identity" {
+  count = var.credentials_config.fleet_host != null ? 1 : 0
+}
+
+provider "kubernetes" {
+  config_path = (
+    var.credentials_config.kubeconfig == null
+    ? null
+    : pathexpand(var.credentials_config.kubeconfig.path)
+  )
+  config_context = try(
+    var.credentials_config.kubeconfig.context, null
+  )
+  host = (
+    var.credentials_config.fleet_host == null
+    ? null
+    : var.credentials_config.fleet_host
+  )
+  token = try(data.google_client_config.identity.0.access_token, null)
+}
+
+provider "kubectl" {
+  host = (
+    var.credentials_config.fleet_host == null
+    ? null
+    : var.credentials_config.fleet_host
+  )
+  config_path = (
+    var.credentials_config.kubeconfig == null
+    ? null
+    : pathexpand(var.credentials_config.kubeconfig.path)
+  )
+  token = try(data.google_client_config.identity.0.access_token, null)
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = (
+      var.credentials_config.kubeconfig == null
+      ? null
+      : pathexpand(var.credentials_config.kubeconfig.path)
+    )
+    config_context = try(
+      var.credentials_config.kubeconfig.context, null
+    )
+    host = (
+      var.credentials_config.fleet_host == null
+      ? null
+      : var.credentials_config.fleet_host
+    )
+    token = try(data.google_client_config.identity.0.access_token, null)
+  }
+}

modules/prometheus-adapter/variables.tf

@@ -0,0 +1,45 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "credentials_config" {
+  description = "Configure how Terraform authenticates to the cluster."
+  type = object({
+    fleet_host = optional(string)
+    kubeconfig = optional(object({
+      context = optional(string)
+      path    = optional(string, "~/.kube/config")
+    }))
+  })
+  nullable = false
+  validation {
+    condition = (
+      (var.credentials_config.fleet_host != null) !=
+      (var.credentials_config.kubeconfig != null)
+    )
+    error_message = "Exactly one of fleet host or kubeconfig must be set."
+  }
+}
+
+variable "project_id" {
+  type        = string
+  description = "GCP project id"
+  nullable    = false
+}
+
+variable "config_file" {
+  type        = string
+  description = "Values file for prometheus-config Helm chart"
+  nullable    = false
+  default     = ""
+}

modules/prometheus-adapter/versions.tf

@@ -0,0 +1,30 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+    kubectl = {
+      source = "hashicorp/kubectl"
+    }
+    helm = {
+      source = "hashicorp/helm"
+    }
+  }
+}

modules/prometheus-adapter/versions_override.tf

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    kubectl = {
+      source = "gavinbunney/kubectl"
+    }
+  }
+}