Refactoring terraform provisioning infra

Author: zeroc0d3

terraform/environment/providers/aws/infra/resources/ec2/jumphost/ec2-jumphost.tf

@@ -83,7 +83,7 @@ resource "aws_instance" "jumphost" {
 
   root_block_device {
     volume_size           = "30"
-    volume_type           = "gp2"
+    volume_type           = "gp3"
     delete_on_termination = true
     encrypted             = true
     kms_key_id            = data.aws_kms_key.cmk_key.arn

terraform/environment/providers/aws/infra/resources/ec2/psql/ec2-psql.tf

@@ -75,7 +75,7 @@ resource "aws_instance" "psql" {
 
   root_block_device {
     volume_size           = "30"
-    volume_type           = "gp2"
+    volume_type           = "gp3"
     delete_on_termination = true
     encrypted             = true
     kms_key_id            = data.aws_kms_key.cmk_key.arn

terraform/environment/providers/aws/infra/resources/ec2/psql/userdata/amazon-linux.sh

@@ -56,7 +56,7 @@ wget -O terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
     rm -f packer_${PACKER_VERSION}_linux_amd64.zip
 
 python3 -m pip install pip==21.3.1 &&
-    pip3 install --upgrade pip cffi awscli &&
+    pip3 install --upgrade pip cffi &&
     # install ansible
     pip3 install --no-cache-dir ansible-core==${ANSIBLE_VERSION} \
         ansible-tower-cli==3.3.4 \
@@ -65,22 +65,22 @@ python3 -m pip install pip==21.3.1 &&
         httplib2 \
         six \
         requests \
-        boto3 \
-        awscli
+        boto3
 
 ## install tfenv
-git clone https://github.com/tfutils/tfenv.git ~/.tfenv
-echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >>~/.bash_profile
-ln -sf ~/.tfenv/bin/* /usr/local/bin
-mkdir -p ~/.local/bin/
-. ~/.profile
-ln -sf ~/.tfenv/bin/* ~/.local/bin
+git clone https://github.com/tfutils/tfenv.git $HOME/.tfenv
+echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> $HOME/.bash_profile
+sudo ln -sf $HOME/.tfenv/bin/* /usr/local/bin
+sudo mkdir -p $HOME/.local/bin/
+. $HOME/.profile
+ln -sf $HOME/.tfenv/bin/* $HOME/.local/bin
 
-##### CUSTOMIZE ~/.profile #####
-echo '' >>~/.profile
+##### CUSTOMIZE $HOME/.profile #####
+touch $HOME/.profile
+echo '' >> $HOME/.profile
 echo '### Docker ###
 export DOCKER_CLIENT_TIMEOUT=300
-export COMPOSE_HTTP_TIMEOUT=300' >>~/.profile
+export COMPOSE_HTTP_TIMEOUT=300' >> $HOME/.profile
 
 ##### CONFIGURE DOCKER #####
 sudo usermod -a -G docker ec2-user
@@ -94,9 +94,10 @@ chmod +x ./install
 ./install auto
 
 ## Set Locale
-sudo echo 'LANG=en_US.utf-8' >>/etc/environment
-sudo echo 'LC_ALL=en_US.utf-8' >>/etc/environment
+sudo touch /etc/environment
+sudo echo 'LANG=en_US.utf-8' >> /etc/environment
+sudo echo 'LC_ALL=en_US.utf-8' >> /etc/environment
 
 ## Adding Custom Sysctl
-sudo echo 'vm.max_map_count=524288' >>/etc/sysctl.conf
-sudo echo 'fs.file-max=131072' >>/etc/sysctl.conf
+sudo echo 'vm.max_map_count=524288' >> /etc/sysctl.conf
+sudo echo 'fs.file-max=131072' >> /etc/sysctl.conf

terraform/environment/providers/aws/infra/resources/ec2/psql/userdata/ubuntu.sh

@@ -81,7 +81,7 @@ sudo apt-get install -y \
     rm -f packer_${PACKER_VERSION}_linux_amd64.zip
 
 python3 -m pip install pip==21.3.1 &&
-    pip3 install --upgrade pip cffi awscli &&
+    pip3 install --upgrade pip cffi &&
     # install ansible
     pip3 install --no-cache-dir ansible-core==${ANSIBLE_VERSION} \
         ansible-tower-cli==3.3.4 \
@@ -95,22 +95,23 @@ python3 -m pip install pip==21.3.1 &&
 sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
 
 ## install tfenv
-git clone https://github.com/tfutils/tfenv.git ~/.tfenv
-echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >>~/.bash_profile
-ln -sf ~/.tfenv/bin/* /usr/local/bin
-mkdir -p ~/.local/bin/
-. ~/.profile
-ln -sf ~/.tfenv/bin/* ~/.local/bin
+git clone https://github.com/tfutils/tfenv.git $HOME/.tfenv
+echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> $HOME/.bash_profile
+ln -sf $HOME/.tfenv/bin/* /usr/local/bin
+sudo mkdir -p $HOME/.local/bin/
+. $HOME/.profile
+ln -sf $HOME/.tfenv/bin/* $HOME/.local/bin
 
 # Cleanup Cache
 sudo apt-get clean &&
     sudo apt-get autoremove -y
 
-##### CUSTOMIZE ~/.profile #####
-echo '' >>~/.profile
+##### CUSTOMIZE $HOME/.profile #####
+touch $HOME/.profile
+echo '' >> $HOME/.profile
 echo '### Docker ###
 export DOCKER_CLIENT_TIMEOUT=300
-export COMPOSE_HTTP_TIMEOUT=300' >>~/.profile
+export COMPOSE_HTTP_TIMEOUT=300' >> $HOME/.profile
 
 ##### CONFIGURE DOCKER #####
 sudo usermod -a -G docker ubuntu
@@ -124,9 +125,10 @@ chmod +x ./install
 ./install auto
 
 ## Set Locale
-sudo echo 'LANG=en_US.utf-8' >>/etc/environment
-sudo echo 'LC_ALL=en_US.utf-8' >>/etc/environment
+sudo touch /etc/environment
+sudo echo 'LANG=en_US.utf-8' >> /etc/environment
+sudo echo 'LC_ALL=en_US.utf-8' >> /etc/environment
 
 ## Adding Custom Sysctl
-sudo echo 'vm.max_map_count=524288' >>/etc/sysctl.conf
-sudo echo 'fs.file-max=131072' >>/etc/sysctl.conf
+sudo echo 'vm.max_map_count=524288' >> /etc/sysctl.conf
+sudo echo 'fs.file-max=131072' >> /etc/sysctl.conf

terraform/environment/providers/aws/infra/resources/eks-adot-collector/iam.tf

@@ -38,4 +38,9 @@ resource "aws_iam_role_policy_attachment" "adot_collector_xray" {
 resource "aws_iam_role_policy_attachment" "adot_collector_cloudwatch" {
   policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
   role       = aws_iam_role.adot_collector.name
-}
+}
+
+resource "aws_iam_role_policy_attachment" "adot_collector_cloudwatch_logs" {
+  policy_arn = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs"
+  role       = aws_iam_role.adot_collector.name
+}

terraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/addons-otel-permissions.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: adot-collector
+  namespace: observability
+spec:
+  type: NodePort
+  selector:
+    app: adot-collector-daemonset
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888

…-adot-collector/manifest/addons-otel.yml …adot-collector/manifest/addons-otel.yamlterraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/addons-otel.yml renamed to terraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/addons-otel.yaml terraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/addons-otel.yml renamed to terraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/addons-otel.yaml

@@ -20,6 +20,7 @@ eksctl create iamserviceaccount \
     --attach-policy-arn arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess \
     --attach-policy-arn arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess \
     --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \
+    --attach-policy-arn arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs \
     --approve \
     --override-existing-serviceaccounts
 

terraform/environment/providers/aws/infra/resources/eks-adot-collector/manifest/adot-collector-service.yaml

@@ -0,0 +1,61 @@
+#!/bin/sh
+
+export AWS_REGION="us-west-2"
+export ACCOUNT_ID="YOUR_AWS_ACCOUNT"
+export EKS_CLUSTER="devopscorner-prod"
+export EKS_VPC_ID="vpc-0987612345"
+
+cat <<EOF > adot-collector-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: adot-collector
+  namespace: observability
+spec:
+  type: NodePort
+  selector:
+    app: adot-collector-daemonset
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+EOF
+
+cat <<EOF > ingress-nginx-adot-collector.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: adot-collector
+  namespace: observability
+  annotations:
+    ingress.kubernetes.io/whitelist-source-range: 32.0.0.0/32
+    meta.helm.sh/release-name: adot-collector
+    meta.helm.sh/release-namespace: observability
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/affinity: cookie
+    nginx.ingress.kubernetes.io/cors-allow-headers: '*'
+    nginx.ingress.kubernetes.io/cors-allow-methods: '*'
+    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
+    nginx.ingress.kubernetes.io/enable-cors: 'true'
+    nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
+spec:
+  rules:
+    - host: adot-collector.observability.svc.cluster.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix   # Prefix -or - ImplementationSpecific
+            backend:
+              service:
+                name: adot-collector
+                port:
+                  number: 8888
+
+  tls:
+    - hosts:
+      - adot-collector.observability.svc.cluster.local
+EOF
+
+kubectl config use-context arn:aws:eks:${AWS_REGION}:${ACCOUNT_ID}:cluster/${EKS_CLUSTER}
+kubectl -f adot-collector-service.yaml apply
+kubectl -f ingress-nginx-adot-collector.yaml apply