add kubecost addon (#6)

Changes for adding Kubecost addon in Bootstrap
squareops · May 31, 2023 · 85293a4 · 85293a4
1 parent 546c5fe
commit 85293a4
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 0 deletions.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -25,8 +25,11 @@ module "eks_bootstrap" {
   single_az_sc_config           = [{ name = "infra-service-sc", zone = "us-east-2a" }]
   kubeclarity_enabled           = false
   kubeclarity_hostname          = ""
+  enable_kubecost               = false
+  kubecost_hostname             = ""
   cert_manager_enabled          = true
   worker_iam_role_name          = ""
+  worker_iam_role_arn           = ""
   ingress_nginx_enabled         = true
   metrics_server_enabled        = false
   external_secrets_enabled      = true

diff --git a/main.tf b/main.tf
@@ -260,3 +260,59 @@ resource "helm_release" "kubeclarity" {
     })
   ]
 }
+
+#Kubecost
+
+data "aws_eks_addon_version" "kubecost" {
+  addon_name         = "kubecost_kubecost"
+  # eks_cluster_version  = var.eks_cluster_version != null ? var.eks_cluster_version : 
+  kubernetes_version = data.aws_eks_cluster.eks.version
+  most_recent        = true
+}
+
+resource "aws_eks_addon" "kubecost" {
+  count                    = var.enable_kubecost ? 1 : 0
+  cluster_name             = var.eks_cluster_name
+  addon_name               = "kubecost_kubecost"
+  addon_version            = data.aws_eks_addon_version.kubecost.version
+  resolve_conflicts        = "OVERWRITE"
+  service_account_role_arn = var.worker_iam_role_arn
+  preserve                 = true
+
+}
+
+
+resource "kubernetes_ingress_v1" "kubecost" {
+  count      = var.enable_kubecost ? 1 : 0
+  wait_for_load_balancer = true
+  metadata {
+    name = "kubecost"
+    namespace = "kubecost"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+      "cert-manager.io/cluster-issuer"= var.cluster_issuer
+    }
+  }
+  spec {
+    rule {
+      host = var.kubecost_hostname
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+              name = "cost-analyzer-cost-analyzer"
+              port {
+                number = 9090
+              }
+          }
+        }
+      }
+    }
+  }
+  tls {
+    secret_name = "tls-kubecost"
+    hosts = [var.kubecost_hostname]
+  }
+}
+}
diff --git a/outputs.tf b/outputs.tf
@@ -27,3 +27,8 @@ output "kubeclarity_hostname" {
   value       = var.kubeclarity_hostname
   description = "Hostname for the kubeclarity."
 }
+
+output "kubecost_hostname" {
+  value       = var.kubecost_hostname
+  description = "Hostname for the kubecost."
+}
diff --git a/variables.tf b/variables.tf
@@ -173,6 +173,12 @@ variable "worker_iam_role_name" {
   type        = string
 }
 
+variable "worker_iam_role_arn" {
+  description = "Specify the IAM role Arn for the nodes"
+  default     = ""
+  type        = string
+}
+
 variable "aws_node_termination_handler_enabled" {
   description = "Enable or disable node termination handler"
   default     = false
@@ -260,3 +266,21 @@ variable "kubeclarity_namespace" {
   default     = "kubeclarity"
   type        = string
 }
+#-----------Kubecost ADDON-------------
+variable "enable_kubecost" {
+  description = "Enable Kubecost add-on"
+  type        = bool
+  default     = true
+}
+
+variable "kubecost_hostname" {
+  description = "Specify the hostname for the kubecsot. "
+  default     = ""
+  type        = string
+}
+
+variable "cluster_issuer" {
+  description = "Specify the letsecrypt cluster-issuer for ingress tls. "
+  default     = "letsencrypt-prod"
+  type        = string
+}