refactor: Refactor fargate-fluentbit addon module. (#142)

aws-ia · Apr 21, 2023 · 8cfa9c5 · 8cfa9c5
1 parent 4af7575
commit 8cfa9c5
Show file tree

Hide file tree

Showing 12 changed files with 106 additions and 219 deletions.
diff --git a/README.md b/README.md
@@ -13,12 +13,14 @@ Please note: not all addons will be supported as they are today in the main EKS
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.10 |
 
 ## Modules
 
@@ -40,7 +42,6 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="module_efs_csi_driver"></a> [efs\_csi\_driver](#module\_efs\_csi\_driver) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./modules/eks-blueprints-addon | n/a |
-| <a name="module_fargate_fluentbit"></a> [fargate\_fluentbit](#module\_fargate\_fluentbit) | ./modules/fargate-fluentbit | n/a |
 | <a name="module_fsx_csi_driver"></a> [fsx\_csi\_driver](#module\_fsx\_csi\_driver) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_gatekeeper"></a> [gatekeeper](#module\_gatekeeper) | ./modules/eks-blueprints-addon | n/a |
 | <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | ./modules/eks-blueprints-addon | n/a |
@@ -63,8 +64,11 @@ Please note: not all addons will be supported as they are today in the main EKS
 | [aws_cloudwatch_event_target.aws_node_termination_handler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_event_target.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.aws_for_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.fargate_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_eks_addon.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_iam_instance_profile.karpenter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
+| [kubernetes_config_map_v1.aws_logging](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1) | resource |
+| [kubernetes_namespace_v1.aws_observability](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_addon_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_addon_version) | data source |
 | [aws_iam_policy_document.aws_for_fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -139,7 +143,8 @@ Please note: not all addons will be supported as they are today in the main EKS
 | <a name="input_external_secrets_kms_key_arns"></a> [external\_secrets\_kms\_key\_arns](#input\_external\_secrets\_kms\_key\_arns) | List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets | `list(string)` | <pre>[<br>  "arn:aws:kms:*:*:key/*"<br>]</pre> | no |
 | <a name="input_external_secrets_secrets_manager_arns"></a> [external\_secrets\_secrets\_manager\_arns](#input\_external\_secrets\_secrets\_manager\_arns) | List of Secrets Manager ARNs that contain secrets to mount using External Secrets | `list(string)` | <pre>[<br>  "arn:aws:secretsmanager:*:*:secret:*"<br>]</pre> | no |
 | <a name="input_external_secrets_ssm_parameter_arns"></a> [external\_secrets\_ssm\_parameter\_arns](#input\_external\_secrets\_ssm\_parameter\_arns) | List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets | `list(string)` | <pre>[<br>  "arn:aws:ssm:*:*:parameter/*"<br>]</pre> | no |
-| <a name="input_fargate_fluentbit_addon_config"></a> [fargate\_fluentbit\_addon\_config](#input\_fargate\_fluentbit\_addon\_config) | Fargate fluentbit add-on config | `any` | `{}` | no |
+| <a name="input_fargate_fluentbit"></a> [fargate\_fluentbit](#input\_fargate\_fluentbit) | Fargate fluentbit add-on config | `any` | `{}` | no |
+| <a name="input_fargate_fluentbit_cw_log_group"></a> [fargate\_fluentbit\_cw\_log\_group](#input\_fargate\_fluentbit\_cw\_log\_group) | AWS Fargate Fluentbit CloudWatch Log Group configurations | `any` | `{}` | no |
 | <a name="input_fsx_csi_driver"></a> [fsx\_csi\_driver](#input\_fsx\_csi\_driver) | FSX CSI Driver addon configuration values | `any` | `{}` | no |
 | <a name="input_gatekeeper"></a> [gatekeeper](#input\_gatekeeper) | Gatekeeper add-on configuration | `bool` | `false` | no |
 | <a name="input_ingress_nginx"></a> [ingress\_nginx](#input\_ingress\_nginx) | Ingress Nginx add-on configurations | `any` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -2709,15 +2709,80 @@ module "vpa" {
   tags = var.tags
 }
 
-#-----------------Kubernetes Add-ons----------------------
 
-module "fargate_fluentbit" {
-  count         = var.enable_fargate_fluentbit ? 1 : 0
-  source        = "./modules/fargate-fluentbit"
-  addon_config  = var.fargate_fluentbit_addon_config
-  addon_context = local.addon_context
+################################################################################
+# Fargate Fluentbit
+################################################################################
+resource "aws_cloudwatch_log_group" "fargate_fluentbit" {
+  count = try(var.fargate_fluentbit_cw_log_group.create, true) && var.enable_fargate_fluentbit ? 1 : 0
+
+  name              = try(var.fargate_fluentbit_cw_log_group.name, null)
+  name_prefix       = try(var.fargate_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/fargate-fluentbit-logs")
+  retention_in_days = try(var.fargate_fluentbit_cw_log_group.retention, 90)
+  kms_key_id        = try(var.fargate_fluentbit_cw_log_group.kms_key_arn, null)
+  skip_destroy      = try(var.fargate_fluentbit_cw_log_group.skip_destroy, false)
+  tags              = merge(var.tags, try(var.fargate_fluentbit_cw_log_group.tags, {}))
+}
+
+# Help on Fargate Logging with Fluentbit and CloudWatch
+# https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
+resource "kubernetes_namespace_v1" "aws_observability" {
+  count = var.enable_fargate_fluentbit ? 1 : 0
+  metadata {
+    name = "aws-observability"
+
+    labels = {
+      aws-observability = "enabled"
+    }
+  }
 }
 
+# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
+resource "kubernetes_config_map_v1" "aws_logging" {
+  count = var.enable_fargate_fluentbit ? 1 : 0
+  metadata {
+    name      = "aws-logging"
+    namespace = kubernetes_namespace_v1.aws_observability[0].id
+  }
+
+  data = {
+    "parsers.conf" = try(var.fargate_fluentbit.parsers_conf, <<-EOT
+    [PARSER]
+      Name regex
+      Format regex
+      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+      Time_Key time
+      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+      Time_Keep On
+      Decode_Field_As json message
+    EOT
+    )
+    "filters.conf" = try(var.fargate_fluentbit.filters_conf, <<-EOT
+      [FILTER]
+      Name parser
+      Match *
+      Key_Name log
+      Parser regex
+      Preserve_Key True
+      Reserve_Data True
+    EOT
+    )
+    "output.conf" = try(var.fargate_fluentbit.output_conf, <<-EOT
+    [OUTPUT]
+      Name cloudwatch_logs
+      Match *
+      region ${local.region}
+      log_group_name ${try(var.fargate_fluentbit.cwlog_group, aws_cloudwatch_log_group.fargate_fluentbit[0].name)}
+      log_stream_prefix ${try(var.fargate_fluentbit.cwlog_stream_prefix, "fargate-logs-")}
+      auto_create_group true
+    EOT
+    )
+    "flb_log_cw" = try(var.fargate_fluentbit.flb_log_cw, false)
+  }
+}
+
+#-----------------Kubernetes Add-ons----------------------
+
 module "csi_secrets_store_provider_aws" {
   count         = var.enable_secrets_store_csi_driver_provider_aws ? 1 : 0
   source        = "./modules/csi-secrets-store-provider-aws"

diff --git a/modules/fargate-fluentbit/README.md b/modules/fargate-fluentbit/README.md
diff --git a/modules/fargate-fluentbit/locals.tf b/modules/fargate-fluentbit/locals.tf
diff --git a/modules/fargate-fluentbit/main.tf b/modules/fargate-fluentbit/main.tf
diff --git a/modules/fargate-fluentbit/outputs.tf b/modules/fargate-fluentbit/outputs.tf
diff --git a/modules/fargate-fluentbit/variables.tf b/modules/fargate-fluentbit/variables.tf
diff --git a/modules/fargate-fluentbit/versions.tf b/modules/fargate-fluentbit/versions.tf
diff --git a/outputs.tf b/outputs.tf
@@ -95,7 +95,7 @@ output "cluster_proportional_autoscaler" {
 
 output "fargate_fluentbit" {
   description = "Map of attributes of the Helm release and IRSA created"
-  value       = try(module.fargate_fluentbit[0], null)
+  value       = kubernetes_config_map_v1.aws_logging
 }
 
 output "gatekeeper" {

diff --git a/tests/complete/main.tf b/tests/complete/main.tf
@@ -150,6 +150,7 @@ module "eks_blueprints_addons" {
   enable_metrics_server                        = true
   enable_vpa                                   = true
   enable_aws_for_fluentbit                     = true
+  enable_fargate_fluentbit                     = true
 
   enable_aws_node_termination_handler   = true
   aws_node_termination_handler_asg_arns = [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn]

diff --git a/variables.tf b/variables.tf
@@ -460,6 +460,28 @@ variable "vpa" {
   default     = {}
 }
 
+################################################################################
+# Fargate Fluentbit
+################################################################################
+
+variable "enable_fargate_fluentbit" {
+  description = "Enable Fargate FluentBit add-on"
+  type        = bool
+  default     = false
+}
+
+variable "fargate_fluentbit_cw_log_group" {
+  description = "AWS Fargate Fluentbit CloudWatch Log Group configurations"
+  type        = any
+  default     = {}
+}
+
+variable "fargate_fluentbit" {
+  description = "Fargate fluentbit add-on config"
+  type        = any
+  default     = {}
+}
+
 #-------------------------------------------------------------------------------
 variable "irsa_iam_role_path" {
   description = "IAM role path for IRSA roles"
@@ -473,19 +495,6 @@ variable "irsa_iam_permissions_boundary" {
   default     = ""
 }
 
-#-----------FARGATE FLUENT BIT-------------
-variable "enable_fargate_fluentbit" {
-  description = "Enable Fargate FluentBit add-on"
-  type        = bool
-  default     = false
-}
-
-variable "fargate_fluentbit_addon_config" {
-  description = "Fargate fluentbit add-on config"
-  type        = any
-  default     = {}
-}
-
 #-----------Kubernetes Velero ADDON-------------
 variable "enable_velero" {
   description = "Enable Kubernetes Dashboard add-on"