From e53e4c789cf0f47289ff5f5369b3bd446cea239a Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 13 Dec 2024 17:10:31 +0100 Subject: [PATCH 01/37] add terraform folder, edit k8s-apply workflow, add tf-apply workflow --- .github/workflows/k8s-apply.yaml | 7 ++ .github/workflows/tf-apply.yaml | 93 +++++++++++++++ .gitignore | 19 ++- .pre-commit-config.yaml | 11 ++ terraform/.terraform-version | 1 + terraform/k8s-monitoring/.terraform.lock.hcl | 44 +++++++ terraform/k8s-monitoring/00-main.tf | 30 +++++ .../01-k8s-monitoring-deployments.tf | 37 ++++++ terraform/k8s-monitoring/98-variables.tf | 31 +++++ terraform/k8s-monitoring/99-outputs.tf | 0 .../assets/microservices-list.json | 1 + .../k8s-monitoring/env/dev/backend.tfvars | 4 + .../k8s-monitoring/env/dev/terraform.tfvars | 15 +++ terraform/k8s-monitoring/terraform.sh | 1 + terraform/terraform.sh | 111 ++++++++++++++++++ 15 files changed, 404 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/tf-apply.yaml create mode 100644 .pre-commit-config.yaml create mode 100644 terraform/.terraform-version create mode 100644 terraform/k8s-monitoring/.terraform.lock.hcl create mode 100644 terraform/k8s-monitoring/00-main.tf create mode 100644 terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf create mode 100644 terraform/k8s-monitoring/98-variables.tf create mode 100644 terraform/k8s-monitoring/99-outputs.tf create mode 100644 terraform/k8s-monitoring/assets/microservices-list.json create mode 100644 terraform/k8s-monitoring/env/dev/backend.tfvars create mode 100644 terraform/k8s-monitoring/env/dev/terraform.tfvars create mode 100755 terraform/k8s-monitoring/terraform.sh create mode 100755 terraform/terraform.sh diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index ba169a8..cc232f9 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -119,3 +119,10 @@ jobs: ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} pat_token: ${{ secrets.BOT_TOKEN }} environment: ${{ inputs.environment }} + + tf_apply: + secrets: inherit + uses: ./.github/workflows/tf-apply.yaml + with: + environment: ${{ inputs.environment }} + timeout_seconds: 180 \ No newline at end of file diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml new file mode 100644 index 0000000..3bf93a9 --- /dev/null +++ b/.github/workflows/tf-apply.yaml @@ -0,0 +1,93 @@ +name: TF Apply + +on: + workflow_call: + inputs: + environment: + description: 'Environment to run apply against' + required: true + type: string + timeout_seconds: + description: 'Terraform apply wait timeout in seconds' + required: true + type: number + secrets: + AWS_REGION: + required: true + TERRAFORM_IAM_ROLE_ARN: + required: true + +defaults: + run: + shell: bash + +jobs: + workflow_setup: + name: Setup steps + runs-on: [ self-hosted, "run_id:${{ inputs.environment }}-${{ github.run_id }}" ] + environment: ${{ inputs.environment }} + env: + TARGET_ENVIRONMENT: ${{ inputs.environment }} + outputs: + microservices: ${{ steps.set-outputs.outputs.microservices }} + cronjobs: ${{ steps.set-outputs.outputs.cronjobs }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - id: set-outputs + run: | + echo "microservices=$(find microservices -type f -path "*/$TARGET_ENVIRONMENT/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + echo "cronjobs=$(find jobs -type f -path "*/$TARGET_ENVIRONMENT/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + + terraform_apply_monitoring_microservices: + name: Terraform Apply Monitoring Microservices + needs: workflow_setup + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + + steps: + - name: Create microservices JSON + run: | + echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > terraform/k8s-monitoring/assets/microservices-list.json + + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + + - name: Configure AWS Credentials + env: + AWS_REGION: ${{ secrets.AWS_REGION }} + uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 + with: + role-to-assume: ${{ secrets.TERRAFORM_IAM_ROLE_ARN }} + aws-region: ${{ env.AWS_REGION }} + + - name: Read Terraform version + id: read-version + working-directory: terraform/ + run: | + echo "TERRAFORM_VERSION=$(cat ./.terraform-version)" >> $GITHUB_ENV + + - name: Setup Terraform + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 + with: + terraform_version: ${{ env.TERRAFORM_VERSION }} + + - name: Normalize environment + id: norm_env + run: | + GH_ENV="${{ inputs.environment }}" + NORM_ENV="$(echo "$GH_ENV" | sed -e 's/_ro//')" + echo "NORM_ENV=$NORM_ENV" >> $GITHUB_ENV + + - name: Terraform Init + id: terraform_init + working-directory: terraform/k8s-monitoring + run: | + ./terraform.sh init "$NORM_ENV" + + - name: Terraform Apply Monitoring Microservices + id: terraform_apply_monitoring_microservice + working-directory: terraform/k8s-monitoring + run: | + terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve diff --git a/.gitignore b/.gitignore index 5fb72c6..f902ff5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,21 @@ charts/ Chart.lock out* .DS_Store -**/*.compiled.yaml \ No newline at end of file +**/*.compiled.yaml + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..7fa94d6 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,11 @@ +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.96.2 + hooks: + - id: terraform_fmt + # TODO: issue when validating modules + # - id: terraform_validate + # args: + # - --init-args=-lockfile=readonly + # - --args=-json + # - --args=-no-color diff --git a/terraform/.terraform-version b/terraform/.terraform-version new file mode 100644 index 0000000..27f9cd3 --- /dev/null +++ b/terraform/.terraform-version @@ -0,0 +1 @@ +1.8.0 diff --git a/terraform/k8s-monitoring/.terraform.lock.hcl b/terraform/k8s-monitoring/.terraform.lock.hcl new file mode 100644 index 0000000..32961d4 --- /dev/null +++ b/terraform/k8s-monitoring/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.46.0" + constraints = "~> 5.46.0" + hashes = [ + "h1:d0Mf33mbbQujZ/JaYkqmH5gZGvP+iEIWf9yBSiOwimE=", + "zh:05ae6180a7f23071435f6e5e59c19af0b6c5da42ee600c6c1568c8660214d548", + "zh:0d878d1565d5e57ce6b34ec5f04b28662044a50c999ec5770c374aa1f1020de2", + "zh:25ef1467af2514d8011c44759307445f7057836ff87dfe4503c3e1c9776d5c1a", + "zh:26c006df6200f0063b827aab05bec94f9f3f77848e82ed72e48a51d1170d1961", + "zh:37cdf4292649a10f12858622826925e18ad4eca354c31f61d02c66895eb91274", + "zh:4315b0433c2fc512666c74e989e2d95240934ef370bea1c690d36cb02d30c4ce", + "zh:75df0b3f631b78aeff1832cc77d99b527c2a5e79d40f7aac40bdc4a66124dac2", + "zh:90693d936c9a556d2bf945de4920ff82052002eb73139bd7164fafd02920f0ef", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:c9177ad09804c60fd2ed25950570407b6bdcdf0fcc309e1673b584f06a827fae", + "zh:ca8e8db24a4d62d92afd8d3d383b81a08693acac191a2e0a110fb46deeff56a3", + "zh:d5fa3a36e13957d63bfe9bbd6df0426a2422214403aac9f20b60c36f8d9ebec6", + "zh:e4ede44a112296c9cc77b15e439e41ee15c0e8b3a0dec94ae34df5ebba840e8b", + "zh:f2d4de8d8cde69caffede1544ebea74e69fcc4552e1b79ae053519a05c060706", + "zh:fc19e9266b1841d4a3aeefa8a5b5ad6988baed6540f85a373b6c2d0dc1ca5830", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.2" + hashes = [ + "h1:IyFbOIO6mhikFNL/2h1iZJ6kyN3U00jgkpCLUCThAfE=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", + ] +} diff --git a/terraform/k8s-monitoring/00-main.tf b/terraform/k8s-monitoring/00-main.tf new file mode 100644 index 0000000..3d1aa0a --- /dev/null +++ b/terraform/k8s-monitoring/00-main.tf @@ -0,0 +1,30 @@ +terraform { + required_version = "~> 1.8.0" + + backend "s3" {} + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.46.0" + } + } +} + +provider "aws" { + region = var.aws_region + + default_tags { + tags = var.tags + } +} + +locals { #TOREMOVE + project = "tracing" +} + +data "aws_iam_role" "sso_admin" { #TOREMOVE + name = var.sso_admin_role_name +} + +data "aws_caller_identity" "current" {} #TOREMOVE \ No newline at end of file diff --git a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf new file mode 100644 index 0000000..673d7bf --- /dev/null +++ b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf @@ -0,0 +1,37 @@ +data "aws_sns_topic" "platform_alarms" { + name = var.sns_topic_name +} + +data "local_file" "microservices_list" { + filename = "${path.module}/assets/microservices-list.json" +} + +locals { + microservices_names = jsondecode(data.local_file.microservices_list.content) +} + +module "k8s_deployment_monitoring" { + for_each = toset(local.microservices_names) + + source = "git::https://github.com/pagopa/interop-infra-commons//terraform/modules/k8s-deployment-monitoring?ref=v1.3.5" + + env = var.env + eks_cluster_name = var.eks_cluster_name + k8s_namespace = var.env + k8s_deployment_name = each.key + sns_topics_arns = [data.aws_sns_topic.platform_alarms.arn] + + create_pod_availability_alarm = true + create_pod_readiness_alarm = true + create_performance_alarm = true + create_app_logs_errors_alarm = true + + avg_cpu_alarm_threshold = 70 + avg_memory_alarm_threshold = 70 + performance_alarms_period_seconds = 300 # 5 minutes + + create_dashboard = true + + cloudwatch_app_logs_errors_metric_name = contains(local.microservices_names, each.key) ? "ErrorCount" : null #TOCHECK + cloudwatch_app_logs_errors_metric_namespace = contains(local.microservices_names, each.key) ? "EKSApplicationLogsFilters" : null #TOCHECK +} \ No newline at end of file diff --git a/terraform/k8s-monitoring/98-variables.tf b/terraform/k8s-monitoring/98-variables.tf new file mode 100644 index 0000000..afdba9b --- /dev/null +++ b/terraform/k8s-monitoring/98-variables.tf @@ -0,0 +1,31 @@ +variable "aws_region" { + type = string + description = "AWS region" +} + +variable "env" { + type = string + description = "Environment name" +} + +variable "tags" { + type = map(any) + default = { + CreatedBy = "Terraform" + } +} + +variable "sso_admin_role_name" { #TOREMOVE + type = string + description = "Name of the existing SSO admin role" +} + +variable "eks_cluster_name" { + type = string + description = "Name of the tracing EKS cluster" +} + +variable "sns_topic_name" { + description = "Name of the SNS topic for alarms notifications" + type = string +} \ No newline at end of file diff --git a/terraform/k8s-monitoring/99-outputs.tf b/terraform/k8s-monitoring/99-outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/k8s-monitoring/assets/microservices-list.json b/terraform/k8s-monitoring/assets/microservices-list.json new file mode 100644 index 0000000..f0e953f --- /dev/null +++ b/terraform/k8s-monitoring/assets/microservices-list.json @@ -0,0 +1 @@ +["enriched-data-handler"] \ No newline at end of file diff --git a/terraform/k8s-monitoring/env/dev/backend.tfvars b/terraform/k8s-monitoring/env/dev/backend.tfvars new file mode 100644 index 0000000..afbbeeb --- /dev/null +++ b/terraform/k8s-monitoring/env/dev/backend.tfvars @@ -0,0 +1,4 @@ +bucket = "terraform-backend-590183909663" +key = "dev/interop-tracing-deployment/monitoring.tfstate" +region = "eu-south-1" +dynamodb_table = "terraform-lock" diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars new file mode 100644 index 0000000..7541e83 --- /dev/null +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -0,0 +1,15 @@ +aws_region = "eu-south-1" +env = "dev" + +tags = { + CreatedBy = "Terraform" + Environment = "dev" + Owner = "PagoPA" + Source = "https://github.com/pagopa/interop-tracing-deployment" +} + +sso_admin_role_name = "AWSReservedSSO_FullAdmin_083263499c3f66e7" #TOREMOVE + +eks_cluster_name = "tracing-eks-cluster-dev" + +sns_topic_name = "tracing-platform-alarms-dev" \ No newline at end of file diff --git a/terraform/k8s-monitoring/terraform.sh b/terraform/k8s-monitoring/terraform.sh new file mode 100755 index 0000000..2374402 --- /dev/null +++ b/terraform/k8s-monitoring/terraform.sh @@ -0,0 +1 @@ +. ../terraform.sh diff --git a/terraform/terraform.sh b/terraform/terraform.sh new file mode 100755 index 0000000..16ce63b --- /dev/null +++ b/terraform/terraform.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +set -e + +action=$1 +env=$2 +shift 2 +other=$@ + +if [ -z "$action" ]; then + echo "Missed action: init, apply, plan" + exit 0 +fi + +if [ -z "$env" ]; then + echo "env should be: dev, uat or prod." + exit 0 +fi + +function tf_summarize() { + local plan_file="tfplan-$(date +'%Y%m%d-%H%M%S')" + + echo "Running terraform plan and tf-summarize..." + terraform plan -out="${plan_file}" -var-file="./env/$env/terraform.tfvars" > /dev/null + + set +e # don't stop on failure so that we can cleanup plan_file + if [ -n "$(command -v tf-summarize)" ]; then + tf-summarize ${other:+"$other"} "${plan_file}" + else + echo "tf-summarize binary not found" + exit 1 + fi + + rm "$plan_file" + set -e +} + +function target_action() { + local target_files="$@" + local tf_targets=() + + + if [[ -z $target_files ]]; then + echo "Missing target files argument" + exit 1 + fi + + for file in $target_files; do + if [ ! -f "$file" ]; then + echo "File $file not found." + exit 1 + fi + done + + local temp_file=$(mktemp) + for file in $target_files; do + set +e + grep -E '^resource|^module|^data' $file >> $temp_file + set -e + done + + local resource_type + local module_name + local resource_class + local resource_name + + while read -r line ; do + resource_type=$(echo $line | cut -d '"' -f 1 | tr -d ' ') + if [ "$resource_type" == "module" ]; then + module_name=$(echo $line | cut -d '"' -f 2) + tf_targets+=("-target=module.$module_name ") + elif [ "$resource_type" == "data" ]; then + resource_class=$(echo $line | cut -d '"' -f 2) + resource_name=$(echo $line | cut -d '"' -f 4) + tf_targets+=("-target=data.$resource_class.$resource_name ") + else + resource_class=$(echo $line | cut -d '"' -f 2) + resource_name=$(echo $line | cut -d '"' -f 4) + tf_targets+=("-target=$resource_class.$resource_name ") + fi + done < $temp_file + + rm $temp_file + + printf '%s\n' "${tf_targets[@]}" + terraform $action -var-file="./env/$env/terraform.tfvars" "${tf_targets[@]}" +} + +if echo "init plan apply refresh import output state taint destroy summ" | grep -w $action > /dev/null; then + if [ $action = "init" ]; then + terraform $action -backend-config="./env/$env/backend.tfvars" $other + elif [ $action = "output" ] || [ $action = "state" ] || [ $action = "taint" ]; then + # init terraform backend + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + terraform $action $other + elif [ $action = "summ" ]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + tf_summarize + elif [[ $action =~ plan|apply|destroy ]] && [[ $other =~ ^-target-files[[:space:]] ]]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + shift 1 + target_action "$@" + else + # init terraform backend + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + terraform $action -var-file="./env/$env/terraform.tfvars" $other + fi +else + echo "Action not allowed." + exit 1 +fi From 0e83c8eea56215cfe76aa0261926a50be69ef2d2 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 13 Dec 2024 17:17:10 +0100 Subject: [PATCH 02/37] remove microservices-list.json --- .gitignore | 5 ++++- terraform/k8s-monitoring/assets/microservices-list.json | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) delete mode 100644 terraform/k8s-monitoring/assets/microservices-list.json diff --git a/.gitignore b/.gitignore index f902ff5..f526ca1 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,7 @@ crash.log override.tf override.tf.json *_override.tf -*_override.tf.json \ No newline at end of file +*_override.tf.json + +# Ignore JSON microservices list +terraform/k8s-monitoring/assets/microservices-list.json \ No newline at end of file diff --git a/terraform/k8s-monitoring/assets/microservices-list.json b/terraform/k8s-monitoring/assets/microservices-list.json deleted file mode 100644 index f0e953f..0000000 --- a/terraform/k8s-monitoring/assets/microservices-list.json +++ /dev/null @@ -1 +0,0 @@ -["enriched-data-handler"] \ No newline at end of file From aeb4f940534108e4ec2738b36cf06d4105a7b790 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 17 Dec 2024 17:52:54 +0100 Subject: [PATCH 03/37] add script to get cloudwatch log metric filters; add some fix to the tf-apply.tf workflow --- .github/workflows/k8s-apply.yaml | 3 +- .github/workflows/tf-apply.yaml | 8 ++-- terraform/k8s-monitoring/.terraform.lock.hcl | 19 +++++++++ .../01-k8s-monitoring-deployments.tf | 12 +++++- terraform/k8s-monitoring/98-variables.tf | 5 +++ .../get_cloudwatch_log_metric_filters.sh | 40 +++++++++++++++++++ .../k8s-monitoring/env/dev/terraform.tfvars | 4 +- 7 files changed, 82 insertions(+), 9 deletions(-) create mode 100755 terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index cc232f9..9f959f8 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -125,4 +125,5 @@ jobs: uses: ./.github/workflows/tf-apply.yaml with: environment: ${{ inputs.environment }} - timeout_seconds: 180 \ No newline at end of file + timeout_seconds: 300 + \ No newline at end of file diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 3bf93a9..b2cc30d 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -24,7 +24,7 @@ defaults: jobs: workflow_setup: name: Setup steps - runs-on: [ self-hosted, "run_id:${{ inputs.environment }}-${{ github.run_id }}" ] + runs-on: ubuntu-latest environment: ${{ inputs.environment }} env: TARGET_ENVIRONMENT: ${{ inputs.environment }} @@ -55,12 +55,10 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: Configure AWS Credentials - env: - AWS_REGION: ${{ secrets.AWS_REGION }} uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 with: role-to-assume: ${{ secrets.TERRAFORM_IAM_ROLE_ARN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.AWS_REGION }} - name: Read Terraform version id: read-version @@ -90,4 +88,4 @@ jobs: id: terraform_apply_monitoring_microservice working-directory: terraform/k8s-monitoring run: | - terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve + terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve -lock-timeout=120s diff --git a/terraform/k8s-monitoring/.terraform.lock.hcl b/terraform/k8s-monitoring/.terraform.lock.hcl index 32961d4..c8018c9 100644 --- a/terraform/k8s-monitoring/.terraform.lock.hcl +++ b/terraform/k8s-monitoring/.terraform.lock.hcl @@ -24,6 +24,25 @@ provider "registry.terraform.io/hashicorp/aws" { ] } +provider "registry.terraform.io/hashicorp/external" { + version = "2.3.4" + hashes = [ + "h1:cCabxnWQ5fX1lS7ZqgUzsvWmKZw9FA7NRxAZ94vcTcc=", + "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", + "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", + "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", + "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", + "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", + "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", + "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", + "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", + "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", + "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", + ] +} + provider "registry.terraform.io/hashicorp/local" { version = "2.5.2" hashes = [ diff --git a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf index 673d7bf..a418eb1 100644 --- a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf +++ b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf @@ -6,6 +6,14 @@ data "local_file" "microservices_list" { filename = "${path.module}/assets/microservices-list.json" } +data "external" "cloudwatch_log_metric_filters" { + program = ["bash", "${path.module}/assets/scripts/get_cloudwatch_log_metric_filters.sh"] + + query = { + log_group_name = var.cloudwatch_log_group_name + } +} + locals { microservices_names = jsondecode(data.local_file.microservices_list.content) } @@ -32,6 +40,6 @@ module "k8s_deployment_monitoring" { create_dashboard = true - cloudwatch_app_logs_errors_metric_name = contains(local.microservices_names, each.key) ? "ErrorCount" : null #TOCHECK - cloudwatch_app_logs_errors_metric_namespace = contains(local.microservices_names, each.key) ? "EKSApplicationLogsFilters" : null #TOCHECK + cloudwatch_app_logs_errors_metric_name = data.external.cloudwatch_log_metric_filters.result.metricName + cloudwatch_app_logs_errors_metric_namespace = data.external.cloudwatch_log_metric_filters.result.metricNamespace } \ No newline at end of file diff --git a/terraform/k8s-monitoring/98-variables.tf b/terraform/k8s-monitoring/98-variables.tf index afdba9b..59fc7fe 100644 --- a/terraform/k8s-monitoring/98-variables.tf +++ b/terraform/k8s-monitoring/98-variables.tf @@ -28,4 +28,9 @@ variable "eks_cluster_name" { variable "sns_topic_name" { description = "Name of the SNS topic for alarms notifications" type = string +} + +variable "cloudwatch_log_group_name" { + description = "Name of the Cloudwatch log group to get metric filters" + type = string } \ No newline at end of file diff --git a/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh b/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh new file mode 100755 index 0000000..b55975b --- /dev/null +++ b/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# TOCHECK if use this and remove other checks +# set -e + +# Choose one of the following ways to read the input +# 1) +# read input +# log_group_name=$(echo "$input" | jq -r '.log_group_name') + +# 2) +eval "$(jq -r '@sh "log_group_name=\(.log_group_name)"')" + +# Check if the input value is empty +if [[ -z "$log_group_name" ]]; then + echo "Error: log_group_name is empty" >&2 + exit 1 +fi + +# Run the AWS command to get the metric filters as a JSON +response=$(aws logs describe-metric-filters --log-group-name "$log_group_name" --output json) + +# Check the AWS command's exit code +if [[ $? -ne 0 ]]; then + echo "Error: Failed to retrieve metric filters" >&2 + exit 1 +fi + +# Extract the values of metricName and metricNamespace from the JSON +metric_name=$(echo "$response" | jq -r '.metricFilters[0].metricTransformations[0].metricName') +metric_namespace=$(echo "$response" | jq -r '.metricFilters[0].metricTransformations[0].metricNamespace') + +# Check if the extracted values are empty +if [[ -z "$metric_name" || -z "$metric_namespace" ]]; then + echo "Error: No metric filters found for the log group $log_group_name" >&2 + exit 1 +fi + +# Return a JSON containing extracted values +jq -n --arg metricName "$metric_name" --arg metricNamespace "$metric_namespace" '{metricName: $metricName, metricNamespace: $metricNamespace}' diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 7541e83..f5c6404 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -12,4 +12,6 @@ sso_admin_role_name = "AWSReservedSSO_FullAdmin_083263499c3f66e7" #TOREMOVE eks_cluster_name = "tracing-eks-cluster-dev" -sns_topic_name = "tracing-platform-alarms-dev" \ No newline at end of file +sns_topic_name = "tracing-platform-alarms-dev" + +cloudwatch_log_group_name = "/aws/eks/tracing-eks-cluster-dev/application" \ No newline at end of file From f268ccaeb97c88485319abe722ce8f5524243edb Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 11:57:22 +0100 Subject: [PATCH 04/37] edit after review --- .github/workflows/k8s-apply.yaml | 110 +++++++++--------- .github/workflows/tf-apply.yaml | 3 +- terraform/k8s-monitoring/00-main.tf | 4 +- .../01-k8s-monitoring-deployments.tf | 13 +-- terraform/k8s-monitoring/98-variables.tf | 2 +- .../get_cloudwatch_log_metric_filters.sh | 40 ------- .../k8s-monitoring/env/dev/terraform.tfvars | 2 +- 7 files changed, 66 insertions(+), 108 deletions(-) delete mode 100755 terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 9f959f8..02119c6 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -62,63 +62,63 @@ jobs: echo "$USER has the correct permissions to execute the workflow." - create_runner: - name: Create Self-Hosted Runner - runs-on: ubuntu-22.04 - environment: ${{ inputs.environment }} - needs: [ initChecks ] - outputs: - ecs_task_id: ${{ steps.start_runner.outputs.ecs_task_id }} - strategy: - matrix: - index: [1,2,3,4,5,6,7,8,9,10] - fail-fast: false - steps: - - name: Start GitHub Runner - id: start_runner - uses: pagopa/interop-github-runner-aws-create-action@main - with: - aws_region: ${{ secrets.AWS_REGION }} - iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} - ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} - ecs_task_definition: ${{ secrets.ECS_TASK_DEFINITION }} - ecs_task_cpu: ${{ vars.ECS_TASK_CPU }} - ecs_task_memory: ${{ vars.ECS_TASK_MEMORY }} - ecs_container_name: ${{ vars.ECS_TASK_CONTAINER_NAME }} - ecs_task_subnet_id: ${{ secrets.SUBNET_ID }} - ecs_task_sec_group: ${{ secrets.SEC_GROUP_ID }} - ecs_task_max_duration_seconds: ${{ vars.ECS_TASK_MAX_DURATION_SECONDS }} - pat_token: ${{ secrets.BOT_TOKEN }} - environment: ${{ inputs.environment }} + # create_runner: + # name: Create Self-Hosted Runner + # runs-on: ubuntu-22.04 + # environment: ${{ inputs.environment }} + # needs: [ initChecks ] + # outputs: + # ecs_task_id: ${{ steps.start_runner.outputs.ecs_task_id }} + # strategy: + # matrix: + # index: [1,2,3,4,5,6,7,8,9,10] + # fail-fast: false + # steps: + # - name: Start GitHub Runner + # id: start_runner + # uses: pagopa/interop-github-runner-aws-create-action@main + # with: + # aws_region: ${{ secrets.AWS_REGION }} + # iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} + # ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} + # ecs_task_definition: ${{ secrets.ECS_TASK_DEFINITION }} + # ecs_task_cpu: ${{ vars.ECS_TASK_CPU }} + # ecs_task_memory: ${{ vars.ECS_TASK_MEMORY }} + # ecs_container_name: ${{ vars.ECS_TASK_CONTAINER_NAME }} + # ecs_task_subnet_id: ${{ secrets.SUBNET_ID }} + # ecs_task_sec_group: ${{ secrets.SEC_GROUP_ID }} + # ecs_task_max_duration_seconds: ${{ vars.ECS_TASK_MAX_DURATION_SECONDS }} + # pat_token: ${{ secrets.BOT_TOKEN }} + # environment: ${{ inputs.environment }} - deploy: - needs: [ create_runner ] - secrets: inherit - uses: ./.github/workflows/k8s-apply-sub.yaml - with: - environment: ${{ inputs.environment }} - timeout_seconds: 180 + # deploy: + # needs: [ create_runner ] + # secrets: inherit + # uses: ./.github/workflows/k8s-apply-sub.yaml + # with: + # environment: ${{ inputs.environment }} + # timeout_seconds: 180 - delete_runner: - name: Delete Self-Hosted Runner - needs: [create_runner, deploy] - if: ${{ always() }} - runs-on: ubuntu-22.04 - environment: ${{ inputs.environment }} - strategy: - matrix: - index: [1,2,3,4,5,6,7,8,9,10] - fail-fast: false - steps: - - name: Stop Github Runner - id: stop_runner - uses: pagopa/interop-github-runner-aws-cleanup-action@main - with: - aws_region: ${{ secrets.AWS_REGION }} - iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} - ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} - pat_token: ${{ secrets.BOT_TOKEN }} - environment: ${{ inputs.environment }} + # delete_runner: + # name: Delete Self-Hosted Runner + # needs: [create_runner, deploy] + # if: ${{ always() }} + # runs-on: ubuntu-22.04 + # environment: ${{ inputs.environment }} + # strategy: + # matrix: + # index: [1,2,3,4,5,6,7,8,9,10] + # fail-fast: false + # steps: + # - name: Stop Github Runner + # id: stop_runner + # uses: pagopa/interop-github-runner-aws-cleanup-action@main + # with: + # aws_region: ${{ secrets.AWS_REGION }} + # iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} + # ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} + # pat_token: ${{ secrets.BOT_TOKEN }} + # environment: ${{ inputs.environment }} tf_apply: secrets: inherit diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index b2cc30d..cefb140 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -44,6 +44,7 @@ jobs: name: Terraform Apply Monitoring Microservices needs: workflow_setup runs-on: ubuntu-latest + timeout-minutes: 3 environment: ${{ inputs.environment }} steps: @@ -88,4 +89,4 @@ jobs: id: terraform_apply_monitoring_microservice working-directory: terraform/k8s-monitoring run: | - terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve -lock-timeout=120s + terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve diff --git a/terraform/k8s-monitoring/00-main.tf b/terraform/k8s-monitoring/00-main.tf index 3d1aa0a..9629fa0 100644 --- a/terraform/k8s-monitoring/00-main.tf +++ b/terraform/k8s-monitoring/00-main.tf @@ -23,8 +23,8 @@ locals { #TOREMOVE project = "tracing" } -data "aws_iam_role" "sso_admin" { #TOREMOVE +data "aws_iam_role" "sso_admin" { name = var.sso_admin_role_name } -data "aws_caller_identity" "current" {} #TOREMOVE \ No newline at end of file +data "aws_caller_identity" "current" {} \ No newline at end of file diff --git a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf index a418eb1..b6cdfd5 100644 --- a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf +++ b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf @@ -7,11 +7,8 @@ data "local_file" "microservices_list" { } data "external" "cloudwatch_log_metric_filters" { - program = ["bash", "${path.module}/assets/scripts/get_cloudwatch_log_metric_filters.sh"] - - query = { - log_group_name = var.cloudwatch_log_group_name - } + #program = ["aws", "logs", "describe-metric-filters", "--log-group-name", "${var.cloudwatch_log_group_name}", "--output", "json"] + program = ["sh", "-c", "aws logs describe-metric-filters --log-group-name ${var.cloudwatch_log_group_name} --output json | jq '{metricName: .metricFilters[0].metricTransformations[0].metricName, metricNamespace: .metricFilters[0].metricTransformations[0].metricNamespace}'"] } locals { @@ -29,7 +26,7 @@ module "k8s_deployment_monitoring" { k8s_deployment_name = each.key sns_topics_arns = [data.aws_sns_topic.platform_alarms.arn] - create_pod_availability_alarm = true + create_pod_availability_alarm = false create_pod_readiness_alarm = true create_performance_alarm = true create_app_logs_errors_alarm = true @@ -40,6 +37,6 @@ module "k8s_deployment_monitoring" { create_dashboard = true - cloudwatch_app_logs_errors_metric_name = data.external.cloudwatch_log_metric_filters.result.metricName - cloudwatch_app_logs_errors_metric_namespace = data.external.cloudwatch_log_metric_filters.result.metricNamespace + cloudwatch_app_logs_errors_metric_name = try(data.external.cloudwatch_log_metric_filters.result.metricName, null) + cloudwatch_app_logs_errors_metric_namespace = try(data.external.cloudwatch_log_metric_filters.result.metricNamespace, null) } \ No newline at end of file diff --git a/terraform/k8s-monitoring/98-variables.tf b/terraform/k8s-monitoring/98-variables.tf index 59fc7fe..542bab2 100644 --- a/terraform/k8s-monitoring/98-variables.tf +++ b/terraform/k8s-monitoring/98-variables.tf @@ -15,7 +15,7 @@ variable "tags" { } } -variable "sso_admin_role_name" { #TOREMOVE +variable "sso_admin_role_name" { type = string description = "Name of the existing SSO admin role" } diff --git a/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh b/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh deleted file mode 100755 index b55975b..0000000 --- a/terraform/k8s-monitoring/assets/scripts/get_cloudwatch_log_metric_filters.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# TOCHECK if use this and remove other checks -# set -e - -# Choose one of the following ways to read the input -# 1) -# read input -# log_group_name=$(echo "$input" | jq -r '.log_group_name') - -# 2) -eval "$(jq -r '@sh "log_group_name=\(.log_group_name)"')" - -# Check if the input value is empty -if [[ -z "$log_group_name" ]]; then - echo "Error: log_group_name is empty" >&2 - exit 1 -fi - -# Run the AWS command to get the metric filters as a JSON -response=$(aws logs describe-metric-filters --log-group-name "$log_group_name" --output json) - -# Check the AWS command's exit code -if [[ $? -ne 0 ]]; then - echo "Error: Failed to retrieve metric filters" >&2 - exit 1 -fi - -# Extract the values of metricName and metricNamespace from the JSON -metric_name=$(echo "$response" | jq -r '.metricFilters[0].metricTransformations[0].metricName') -metric_namespace=$(echo "$response" | jq -r '.metricFilters[0].metricTransformations[0].metricNamespace') - -# Check if the extracted values are empty -if [[ -z "$metric_name" || -z "$metric_namespace" ]]; then - echo "Error: No metric filters found for the log group $log_group_name" >&2 - exit 1 -fi - -# Return a JSON containing extracted values -jq -n --arg metricName "$metric_name" --arg metricNamespace "$metric_namespace" '{metricName: $metricName, metricNamespace: $metricNamespace}' diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index f5c6404..c8767b8 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -8,7 +8,7 @@ tags = { Source = "https://github.com/pagopa/interop-tracing-deployment" } -sso_admin_role_name = "AWSReservedSSO_FullAdmin_083263499c3f66e7" #TOREMOVE +sso_admin_role_name = "AWSReservedSSO_FullAdmin_083263499c3f66e7" eks_cluster_name = "tracing-eks-cluster-dev" From 124f31c7c4c38ba3f51652834969ae2e96ace17d Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:09:55 +0100 Subject: [PATCH 05/37] comment initChecks job --- .github/workflows/k8s-apply.yaml | 74 ++++++++++++++++---------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 02119c6..6d2f5d9 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -18,49 +18,49 @@ permissions: contents: read jobs: - initChecks: - runs-on: ubuntu-22.04 - environment: ${{ inputs.environment }} - steps: - - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member - id: checkUserPermissions - if: ${{ inputs.environment != 'dev' }} - env: - GITHUB_TOKEN: ${{ secrets.BOT_TEAMS_RO_PAT }} - ORG: ${{ github.repository_owner }} - TEAMS: ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} - USER: ${{ github.triggering_actor }} - run: | - set -euo pipefail - TEAMS_LIST=$(echo $TEAMS | tr "," "\n") + # initChecks: + # runs-on: ubuntu-22.04 + # environment: ${{ inputs.environment }} + # steps: + # - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member + # id: checkUserPermissions + # if: ${{ inputs.environment != 'dev' }} + # env: + # GITHUB_TOKEN: ${{ secrets.BOT_TEAMS_RO_PAT }} + # ORG: ${{ github.repository_owner }} + # TEAMS: ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} + # USER: ${{ github.triggering_actor }} + # run: | + # set -euo pipefail + # TEAMS_LIST=$(echo $TEAMS | tr "," "\n") - CHECK_SUCCESS=0 + # CHECK_SUCCESS=0 - for TEAM in $TEAMS_LIST; do - set +e - # Check current user membership with gh api - echo "Check if user is member of $TEAM" - GH_TEAM_MEMBERSHIP_RESPONSE=$(gh api -i --method GET -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \/orgs/$ORG/teams/$TEAM/memberships/$USER) - set -e + # for TEAM in $TEAMS_LIST; do + # set +e + # # Check current user membership with gh api + # echo "Check if user is member of $TEAM" + # GH_TEAM_MEMBERSHIP_RESPONSE=$(gh api -i --method GET -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \/orgs/$ORG/teams/$TEAM/memberships/$USER) + # set -e - # Extract the HTTP status code - HTTP_CODE=$(echo $GH_TEAM_MEMBERSHIP_RESPONSE | head -n 1 | cut -d' ' -f 2) + # # Extract the HTTP status code + # HTTP_CODE=$(echo $GH_TEAM_MEMBERSHIP_RESPONSE | head -n 1 | cut -d' ' -f 2) - if [[ $HTTP_CODE -eq 200 ]]; then - echo "User is member of $TEAM" - CHECK_SUCCESS=1 - break - else - echo "User is NOT member of $TEAM" - fi - done + # if [[ $HTTP_CODE -eq 200 ]]; then + # echo "User is member of $TEAM" + # CHECK_SUCCESS=1 + # break + # else + # echo "User is NOT member of $TEAM" + # fi + # done - if [[ $CHECK_SUCCESS -eq 0 ]]; then - echo "::error:: Resource not found. Please check the organization ($ORG), team ($TEAMS), and username ($USER). $USER is not memeber of specified teams." - exit 1 - fi + # if [[ $CHECK_SUCCESS -eq 0 ]]; then + # echo "::error:: Resource not found. Please check the organization ($ORG), team ($TEAMS), and username ($USER). $USER is not memeber of specified teams." + # exit 1 + # fi - echo "$USER has the correct permissions to execute the workflow." + # echo "$USER has the correct permissions to execute the workflow." # create_runner: # name: Create Self-Hosted Runner From 241023b6954041bb1b0fff78bf3844a4d5376f65 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:13:57 +0100 Subject: [PATCH 06/37] remove microservices-list.json file from gitignore --- .gitignore | 2 +- terraform/k8s-monitoring/assets/microservices-list.json | 0 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 terraform/k8s-monitoring/assets/microservices-list.json diff --git a/.gitignore b/.gitignore index f526ca1..85483a9 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,4 @@ override.tf.json *_override.tf.json # Ignore JSON microservices list -terraform/k8s-monitoring/assets/microservices-list.json \ No newline at end of file +#terraform/k8s-monitoring/assets/microservices-list.json \ No newline at end of file diff --git a/terraform/k8s-monitoring/assets/microservices-list.json b/terraform/k8s-monitoring/assets/microservices-list.json new file mode 100644 index 0000000..e69de29 From d4171368083c44413c9c42f0e99dbcc8c4b7670c Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:14:08 +0100 Subject: [PATCH 07/37] remove microservices-list.json file from gitignore --- terraform/k8s-monitoring/assets/microservices-list.json | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/k8s-monitoring/assets/microservices-list.json b/terraform/k8s-monitoring/assets/microservices-list.json index e69de29..0637a08 100644 --- a/terraform/k8s-monitoring/assets/microservices-list.json +++ b/terraform/k8s-monitoring/assets/microservices-list.json @@ -0,0 +1 @@ +[] \ No newline at end of file From cab182830a33033fefefb07749b8cab3cec77568 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:16:52 +0100 Subject: [PATCH 08/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index cefb140..0c36de4 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -49,8 +49,9 @@ jobs: steps: - name: Create microservices JSON + working-directory: terraform/ run: | - echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > terraform/k8s-monitoring/assets/microservices-list.json + echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > /k8s-monitoring/assets/microservices-list.json - name: Checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c From 6005a126ca485ead220e3fccd21f5c2d8596d5fa Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:18:59 +0100 Subject: [PATCH 09/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 0c36de4..304fd2b 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -48,14 +48,14 @@ jobs: environment: ${{ inputs.environment }} steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - name: Create microservices JSON working-directory: terraform/ run: | echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > /k8s-monitoring/assets/microservices-list.json - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 with: From 42b7ede7196c8d3fa65fe24c071324202bc59964 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:22:27 +0100 Subject: [PATCH 10/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 304fd2b..f5c8fdb 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -52,9 +52,8 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: Create microservices JSON - working-directory: terraform/ run: | - echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > /k8s-monitoring/assets/microservices-list.json + echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > terraform/k8s-monitoring/assets/microservices-list.json - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 From aee9e4c37f9bdd1aa9f7e7fc0b5e315cfc310c15 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:25:01 +0100 Subject: [PATCH 11/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index f5c8fdb..4aaf51d 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -76,7 +76,7 @@ jobs: id: norm_env run: | GH_ENV="${{ inputs.environment }}" - NORM_ENV="$(echo "$GH_ENV" | sed -e 's/_ro//')" + NORM_ENV="$(echo "$GH_ENV" | sed -e 's/-tf//')" echo "NORM_ENV=$NORM_ENV" >> $GITHUB_ENV - name: Terraform Init From 9eef1ce9d2342a218e659c9a5bae6629f06a286d Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:38:33 +0100 Subject: [PATCH 12/37] remove sso_admin data source --- terraform/k8s-monitoring/00-main.tf | 8 -------- terraform/k8s-monitoring/98-variables.tf | 5 ----- terraform/k8s-monitoring/env/dev/terraform.tfvars | 2 -- 3 files changed, 15 deletions(-) diff --git a/terraform/k8s-monitoring/00-main.tf b/terraform/k8s-monitoring/00-main.tf index 9629fa0..69ce5b4 100644 --- a/terraform/k8s-monitoring/00-main.tf +++ b/terraform/k8s-monitoring/00-main.tf @@ -19,12 +19,4 @@ provider "aws" { } } -locals { #TOREMOVE - project = "tracing" -} - -data "aws_iam_role" "sso_admin" { - name = var.sso_admin_role_name -} - data "aws_caller_identity" "current" {} \ No newline at end of file diff --git a/terraform/k8s-monitoring/98-variables.tf b/terraform/k8s-monitoring/98-variables.tf index 542bab2..04469ac 100644 --- a/terraform/k8s-monitoring/98-variables.tf +++ b/terraform/k8s-monitoring/98-variables.tf @@ -15,11 +15,6 @@ variable "tags" { } } -variable "sso_admin_role_name" { - type = string - description = "Name of the existing SSO admin role" -} - variable "eks_cluster_name" { type = string description = "Name of the tracing EKS cluster" diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index c8767b8..0c121fa 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -8,8 +8,6 @@ tags = { Source = "https://github.com/pagopa/interop-tracing-deployment" } -sso_admin_role_name = "AWSReservedSSO_FullAdmin_083263499c3f66e7" - eks_cluster_name = "tracing-eks-cluster-dev" sns_topic_name = "tracing-platform-alarms-dev" From edf097e6d4ee00ff03ce142309e059efd8cfea80 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:51:03 +0100 Subject: [PATCH 13/37] add norm_env step in workflow_setup job --- .github/workflows/tf-apply.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 4aaf51d..7a8e0aa 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -35,10 +35,16 @@ jobs: - name: Checkout id: checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - name: Normalize environment + id: norm_env + run: | + GH_ENV="${{ inputs.environment }}" + NORM_ENV="$(echo "$GH_ENV" | sed -e 's/-tf//')" + echo "NORM_ENV=$NORM_ENV" >> $GITHUB_ENV - id: set-outputs run: | - echo "microservices=$(find microservices -type f -path "*/$TARGET_ENVIRONMENT/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" - echo "cronjobs=$(find jobs -type f -path "*/$TARGET_ENVIRONMENT/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + echo "cronjobs=$(find jobs -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" terraform_apply_monitoring_microservices: name: Terraform Apply Monitoring Microservices From 3160ceb4e2d2eea541cdafe38a4df992ff4c90d4 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 12:55:00 +0100 Subject: [PATCH 14/37] edit tf-apply workflow --- .github/workflows/tf-apply.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 7a8e0aa..b7285d2 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -26,8 +26,6 @@ jobs: name: Setup steps runs-on: ubuntu-latest environment: ${{ inputs.environment }} - env: - TARGET_ENVIRONMENT: ${{ inputs.environment }} outputs: microservices: ${{ steps.set-outputs.outputs.microservices }} cronjobs: ${{ steps.set-outputs.outputs.cronjobs }} @@ -35,12 +33,14 @@ jobs: - name: Checkout id: checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - name: Normalize environment id: norm_env run: | GH_ENV="${{ inputs.environment }}" NORM_ENV="$(echo "$GH_ENV" | sed -e 's/-tf//')" echo "NORM_ENV=$NORM_ENV" >> $GITHUB_ENV + - id: set-outputs run: | echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" @@ -58,8 +58,9 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: Create microservices JSON + working-directory: terraform/ run: | - echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > terraform/k8s-monitoring/assets/microservices-list.json + echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > k8s-monitoring/assets/microservices-list.json - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 From e7914dad1c7cd8621764c7b3d09eac74ca19d80b Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 14:40:50 +0100 Subject: [PATCH 15/37] add tags to module and update tag --- terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf index b6cdfd5..eba85cd 100644 --- a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf +++ b/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf @@ -18,7 +18,7 @@ locals { module "k8s_deployment_monitoring" { for_each = toset(local.microservices_names) - source = "git::https://github.com/pagopa/interop-infra-commons//terraform/modules/k8s-deployment-monitoring?ref=v1.3.5" + source = "git::https://github.com/pagopa/interop-infra-commons//terraform/modules/k8s-deployment-monitoring?ref=v1.4.5" env = var.env eks_cluster_name = var.eks_cluster_name @@ -39,4 +39,6 @@ module "k8s_deployment_monitoring" { cloudwatch_app_logs_errors_metric_name = try(data.external.cloudwatch_log_metric_filters.result.metricName, null) cloudwatch_app_logs_errors_metric_namespace = try(data.external.cloudwatch_log_metric_filters.result.metricNamespace, null) + + tags = var.tags } \ No newline at end of file From 4e55c96df40f3c2c08cd4c3f5cbc1bb796bec70e Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 15:02:18 +0100 Subject: [PATCH 16/37] test the add of a new deployment --- microservices/test/dev/values.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 microservices/test/dev/values.yaml diff --git a/microservices/test/dev/values.yaml b/microservices/test/dev/values.yaml new file mode 100644 index 0000000..3879f9c --- /dev/null +++ b/microservices/test/dev/values.yaml @@ -0,0 +1 @@ +name: "tracing-test" \ No newline at end of file From b6f22d2b09cca42ce1114a510af598b27986b670 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 15:07:06 +0100 Subject: [PATCH 17/37] remove the test deployment --- microservices/test/dev/values.yaml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 microservices/test/dev/values.yaml diff --git a/microservices/test/dev/values.yaml b/microservices/test/dev/values.yaml deleted file mode 100644 index 3879f9c..0000000 --- a/microservices/test/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -name: "tracing-test" \ No newline at end of file From 9da4af0c1f4d07846b1bc2800525000257777e17 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 16:12:21 +0100 Subject: [PATCH 18/37] add the test deployment --- microservices/test/dev/values.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 microservices/test/dev/values.yaml diff --git a/microservices/test/dev/values.yaml b/microservices/test/dev/values.yaml new file mode 100644 index 0000000..ec40c83 --- /dev/null +++ b/microservices/test/dev/values.yaml @@ -0,0 +1 @@ +name: "tracing-be-test" \ No newline at end of file From 216f49cbb50ecb925227d87a64aa2dacc9019c34 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 16:55:18 +0100 Subject: [PATCH 19/37] remove the test deployment --- microservices/test/dev/values.yaml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 microservices/test/dev/values.yaml diff --git a/microservices/test/dev/values.yaml b/microservices/test/dev/values.yaml deleted file mode 100644 index ec40c83..0000000 --- a/microservices/test/dev/values.yaml +++ /dev/null @@ -1 +0,0 @@ -name: "tracing-be-test" \ No newline at end of file From 225224cc9a98317bfe0b5ff5820184b54b468e00 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 17:01:31 +0100 Subject: [PATCH 20/37] test retagging alarms --- terraform/k8s-monitoring/env/dev/terraform.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 0c121fa..60e3f04 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -5,7 +5,7 @@ tags = { CreatedBy = "Terraform" Environment = "dev" Owner = "PagoPA" - Source = "https://github.com/pagopa/interop-tracing-deployment" + Source = "https://github.com/pagopa/interop-tracing-deploymenta" } eks_cluster_name = "tracing-eks-cluster-dev" From 5412ad6d0db32fefba4b164db537eecb07d0b367 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 17:08:19 +0100 Subject: [PATCH 21/37] test retagging alarms --- terraform/k8s-monitoring/env/dev/terraform.tfvars | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 60e3f04..9aa07ad 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -5,7 +5,8 @@ tags = { CreatedBy = "Terraform" Environment = "dev" Owner = "PagoPA" - Source = "https://github.com/pagopa/interop-tracing-deploymenta" + Source = "https://github.com/pagopa/interop-tracing-deployment" + Test = "retagging" } eks_cluster_name = "tracing-eks-cluster-dev" From dced4ff905ee37427ae4a407cad0111616a6e475 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 17:21:12 +0100 Subject: [PATCH 22/37] test retagging alarms --- terraform/k8s-monitoring/env/dev/terraform.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 9aa07ad..2823876 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -5,7 +5,7 @@ tags = { CreatedBy = "Terraform" Environment = "dev" Owner = "PagoPA" - Source = "https://github.com/pagopa/interop-tracing-deployment" + Source = "https://github.com/pagopa/interop-tracing-deployment-test" Test = "retagging" } From e9be4cd85b713deade530b728c48ec87c3b6855e Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 17:30:38 +0100 Subject: [PATCH 23/37] remove testing tag from alarms --- terraform/k8s-monitoring/env/dev/terraform.tfvars | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 2823876..7a75c44 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -6,7 +6,6 @@ tags = { Environment = "dev" Owner = "PagoPA" Source = "https://github.com/pagopa/interop-tracing-deployment-test" - Test = "retagging" } eks_cluster_name = "tracing-eks-cluster-dev" From 04ab948aff3e6c1ab9270cf18f95c2d5de1e81ba Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Mon, 23 Dec 2024 17:34:32 +0100 Subject: [PATCH 24/37] remove testing tag from alarms --- terraform/k8s-monitoring/env/dev/terraform.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/env/dev/terraform.tfvars b/terraform/k8s-monitoring/env/dev/terraform.tfvars index 7a75c44..0c121fa 100644 --- a/terraform/k8s-monitoring/env/dev/terraform.tfvars +++ b/terraform/k8s-monitoring/env/dev/terraform.tfvars @@ -5,7 +5,7 @@ tags = { CreatedBy = "Terraform" Environment = "dev" Owner = "PagoPA" - Source = "https://github.com/pagopa/interop-tracing-deployment-test" + Source = "https://github.com/pagopa/interop-tracing-deployment" } eks_cluster_name = "tracing-eks-cluster-dev" From ead4e32a5b23fdf310f1411116c865b695815a97 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 14:28:37 +0100 Subject: [PATCH 25/37] add cronjobs monitoring alarms, edit data external --- .github/workflows/tf-apply.yaml | 15 +++++--- .gitignore | 3 +- terraform/k8s-monitoring/10-cloudwatch.tf | 3 ++ terraform/k8s-monitoring/10-sns.tf | 3 ++ .../20-k8s-monitoring-cronjobs.tf | 35 +++++++++++++++++++ ...ts.tf => 20-k8s-monitoring-deployments.tf} | 9 ----- .../assets/microservices-list.json | 1 - 7 files changed, 53 insertions(+), 16 deletions(-) create mode 100644 terraform/k8s-monitoring/10-cloudwatch.tf create mode 100644 terraform/k8s-monitoring/10-sns.tf create mode 100644 terraform/k8s-monitoring/20-k8s-monitoring-cronjobs.tf rename terraform/k8s-monitoring/{01-k8s-monitoring-deployments.tf => 20-k8s-monitoring-deployments.tf} (69%) delete mode 100644 terraform/k8s-monitoring/assets/microservices-list.json diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index b7285d2..0566e26 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -46,8 +46,8 @@ jobs: echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" echo "cronjobs=$(find jobs -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" - terraform_apply_monitoring_microservices: - name: Terraform Apply Monitoring Microservices + terraform_apply_monitoring: + name: Terraform Apply Monitoring needs: workflow_setup runs-on: ubuntu-latest timeout-minutes: 3 @@ -62,6 +62,11 @@ jobs: run: | echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > k8s-monitoring/assets/microservices-list.json + - name: Create cronjobs JSON + working-directory: terraform/ + run: | + echo '${{ needs.workflow_setup.outputs.cronjobs }}' | jq -c 'sort' > k8s-monitoring/assets/cronjobs-list.json + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 with: @@ -92,8 +97,8 @@ jobs: run: | ./terraform.sh init "$NORM_ENV" - - name: Terraform Apply Monitoring Microservices - id: terraform_apply_monitoring_microservice + - name: Terraform Apply Monitoring + id: terraform_apply_monitoring working-directory: terraform/k8s-monitoring run: | - terraform apply -var-file="./env/dev/terraform.tfvars" -auto-approve + terraform apply -var-file="./env/$NORM_ENV/terraform.tfvars" -auto-approve diff --git a/.gitignore b/.gitignore index 85483a9..9d03ef6 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,5 @@ override.tf.json *_override.tf.json # Ignore JSON microservices list -#terraform/k8s-monitoring/assets/microservices-list.json \ No newline at end of file +terraform/k8s-monitoring/assets/microservices-list.json +terraform/k8s-monitoring/assets/cronjobs-list.json \ No newline at end of file diff --git a/terraform/k8s-monitoring/10-cloudwatch.tf b/terraform/k8s-monitoring/10-cloudwatch.tf new file mode 100644 index 0000000..f8bd07e --- /dev/null +++ b/terraform/k8s-monitoring/10-cloudwatch.tf @@ -0,0 +1,3 @@ +data "external" "cloudwatch_log_metric_filters" { + program = ["aws", "logs", "describe-metric-filters", "--log-group-name", "${var.cloudwatch_log_group_name}", "--output", "json", "--query", "metricFilters[0].metricTransformations[0].{metricName: metricName, metricNamespace: metricNamespace}"] +} \ No newline at end of file diff --git a/terraform/k8s-monitoring/10-sns.tf b/terraform/k8s-monitoring/10-sns.tf new file mode 100644 index 0000000..aa959c2 --- /dev/null +++ b/terraform/k8s-monitoring/10-sns.tf @@ -0,0 +1,3 @@ +data "aws_sns_topic" "platform_alarms" { + name = var.sns_topic_name +} \ No newline at end of file diff --git a/terraform/k8s-monitoring/20-k8s-monitoring-cronjobs.tf b/terraform/k8s-monitoring/20-k8s-monitoring-cronjobs.tf new file mode 100644 index 0000000..b6ff7c4 --- /dev/null +++ b/terraform/k8s-monitoring/20-k8s-monitoring-cronjobs.tf @@ -0,0 +1,35 @@ +data "local_file" "cronjobs_list" { + filename = "${path.module}/assets/cronjobs-list.json" +} + +locals { + cronjobs_names = jsondecode(data.local_file.cronjobs_list.content) +} + +resource "aws_cloudwatch_metric_alarm" "cronjob_errors" { + for_each = toset(local.cronjobs_names) + + alarm_name = format("k8s-cronjob-%s-errors-%s", each.key, var.env) + alarm_description = format("Cronjob errors alarm for %s", each.key) + + alarm_actions = [data.aws_sns_topic.platform_alarms.arn] + + metric_name = try(data.external.cloudwatch_log_metric_filters.result.metricName, null) + namespace = try(data.external.cloudwatch_log_metric_filters.result.metricNamespace, null) + + dimensions = { + PodApp = each.key + PodNamespace = var.env + } + + comparison_operator = "GreaterThanOrEqualToThreshold" + statistic = "Sum" + treat_missing_data = "notBreaching" + + threshold = 1 + period = 60 # 1 minute + evaluation_periods = 5 + datapoints_to_alarm = 1 + + tags = var.tags +} diff --git a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf similarity index 69% rename from terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf rename to terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf index eba85cd..2bdda3b 100644 --- a/terraform/k8s-monitoring/01-k8s-monitoring-deployments.tf +++ b/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf @@ -1,16 +1,7 @@ -data "aws_sns_topic" "platform_alarms" { - name = var.sns_topic_name -} - data "local_file" "microservices_list" { filename = "${path.module}/assets/microservices-list.json" } -data "external" "cloudwatch_log_metric_filters" { - #program = ["aws", "logs", "describe-metric-filters", "--log-group-name", "${var.cloudwatch_log_group_name}", "--output", "json"] - program = ["sh", "-c", "aws logs describe-metric-filters --log-group-name ${var.cloudwatch_log_group_name} --output json | jq '{metricName: .metricFilters[0].metricTransformations[0].metricName, metricNamespace: .metricFilters[0].metricTransformations[0].metricNamespace}'"] -} - locals { microservices_names = jsondecode(data.local_file.microservices_list.content) } diff --git a/terraform/k8s-monitoring/assets/microservices-list.json b/terraform/k8s-monitoring/assets/microservices-list.json deleted file mode 100644 index 0637a08..0000000 --- a/terraform/k8s-monitoring/assets/microservices-list.json +++ /dev/null @@ -1 +0,0 @@ -[] \ No newline at end of file From 6596d6e23201aced43ad407a1231933179b320c4 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 14:44:16 +0100 Subject: [PATCH 26/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 0566e26..5f25999 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -60,6 +60,7 @@ jobs: - name: Create microservices JSON working-directory: terraform/ run: | + mkdir -p k8s-monitoring/assets echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > k8s-monitoring/assets/microservices-list.json - name: Create cronjobs JSON From dbf374feb19ccee9868a8eb0f15bffc76a853c24 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 15:03:05 +0100 Subject: [PATCH 27/37] edit Create microservices JSON step --- .github/workflows/tf-apply.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 5f25999..d1a24e6 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -58,10 +58,10 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - name: Create microservices JSON - working-directory: terraform/ + working-directory: terraform/k8s-monitoring/ run: | - mkdir -p k8s-monitoring/assets - echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > k8s-monitoring/assets/microservices-list.json + mkdir assets + echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > assets/microservices-list.json - name: Create cronjobs JSON working-directory: terraform/ From ea48ceb2812ff06d6265dc2dd7965644dcd6cc6d Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 15:18:04 +0100 Subject: [PATCH 28/37] edit Create cronjobs JSON step --- .github/workflows/tf-apply.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index d1a24e6..feeb2ce 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -64,9 +64,9 @@ jobs: echo '${{ needs.workflow_setup.outputs.microservices }}' | jq -c 'sort' > assets/microservices-list.json - name: Create cronjobs JSON - working-directory: terraform/ + working-directory: terraform/k8s-monitoring/ run: | - echo '${{ needs.workflow_setup.outputs.cronjobs }}' | jq -c 'sort' > k8s-monitoring/assets/cronjobs-list.json + echo '${{ needs.workflow_setup.outputs.cronjobs }}' | jq -c 'sort' > assets/cronjobs-list.json - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 From 2e447783c0041b400da37d89aabf6a787cad438d Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 15:41:23 +0100 Subject: [PATCH 29/37] Remove comments from k8s-apply.yaml --- .github/workflows/k8s-apply.yaml | 184 +++++++++++++++---------------- 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 6d2f5d9..9f959f8 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -18,107 +18,107 @@ permissions: contents: read jobs: - # initChecks: - # runs-on: ubuntu-22.04 - # environment: ${{ inputs.environment }} - # steps: - # - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member - # id: checkUserPermissions - # if: ${{ inputs.environment != 'dev' }} - # env: - # GITHUB_TOKEN: ${{ secrets.BOT_TEAMS_RO_PAT }} - # ORG: ${{ github.repository_owner }} - # TEAMS: ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} - # USER: ${{ github.triggering_actor }} - # run: | - # set -euo pipefail - # TEAMS_LIST=$(echo $TEAMS | tr "," "\n") + initChecks: + runs-on: ubuntu-22.04 + environment: ${{ inputs.environment }} + steps: + - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member + id: checkUserPermissions + if: ${{ inputs.environment != 'dev' }} + env: + GITHUB_TOKEN: ${{ secrets.BOT_TEAMS_RO_PAT }} + ORG: ${{ github.repository_owner }} + TEAMS: ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} + USER: ${{ github.triggering_actor }} + run: | + set -euo pipefail + TEAMS_LIST=$(echo $TEAMS | tr "," "\n") - # CHECK_SUCCESS=0 + CHECK_SUCCESS=0 - # for TEAM in $TEAMS_LIST; do - # set +e - # # Check current user membership with gh api - # echo "Check if user is member of $TEAM" - # GH_TEAM_MEMBERSHIP_RESPONSE=$(gh api -i --method GET -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \/orgs/$ORG/teams/$TEAM/memberships/$USER) - # set -e + for TEAM in $TEAMS_LIST; do + set +e + # Check current user membership with gh api + echo "Check if user is member of $TEAM" + GH_TEAM_MEMBERSHIP_RESPONSE=$(gh api -i --method GET -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \/orgs/$ORG/teams/$TEAM/memberships/$USER) + set -e - # # Extract the HTTP status code - # HTTP_CODE=$(echo $GH_TEAM_MEMBERSHIP_RESPONSE | head -n 1 | cut -d' ' -f 2) + # Extract the HTTP status code + HTTP_CODE=$(echo $GH_TEAM_MEMBERSHIP_RESPONSE | head -n 1 | cut -d' ' -f 2) - # if [[ $HTTP_CODE -eq 200 ]]; then - # echo "User is member of $TEAM" - # CHECK_SUCCESS=1 - # break - # else - # echo "User is NOT member of $TEAM" - # fi - # done + if [[ $HTTP_CODE -eq 200 ]]; then + echo "User is member of $TEAM" + CHECK_SUCCESS=1 + break + else + echo "User is NOT member of $TEAM" + fi + done - # if [[ $CHECK_SUCCESS -eq 0 ]]; then - # echo "::error:: Resource not found. Please check the organization ($ORG), team ($TEAMS), and username ($USER). $USER is not memeber of specified teams." - # exit 1 - # fi + if [[ $CHECK_SUCCESS -eq 0 ]]; then + echo "::error:: Resource not found. Please check the organization ($ORG), team ($TEAMS), and username ($USER). $USER is not memeber of specified teams." + exit 1 + fi - # echo "$USER has the correct permissions to execute the workflow." + echo "$USER has the correct permissions to execute the workflow." - # create_runner: - # name: Create Self-Hosted Runner - # runs-on: ubuntu-22.04 - # environment: ${{ inputs.environment }} - # needs: [ initChecks ] - # outputs: - # ecs_task_id: ${{ steps.start_runner.outputs.ecs_task_id }} - # strategy: - # matrix: - # index: [1,2,3,4,5,6,7,8,9,10] - # fail-fast: false - # steps: - # - name: Start GitHub Runner - # id: start_runner - # uses: pagopa/interop-github-runner-aws-create-action@main - # with: - # aws_region: ${{ secrets.AWS_REGION }} - # iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} - # ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} - # ecs_task_definition: ${{ secrets.ECS_TASK_DEFINITION }} - # ecs_task_cpu: ${{ vars.ECS_TASK_CPU }} - # ecs_task_memory: ${{ vars.ECS_TASK_MEMORY }} - # ecs_container_name: ${{ vars.ECS_TASK_CONTAINER_NAME }} - # ecs_task_subnet_id: ${{ secrets.SUBNET_ID }} - # ecs_task_sec_group: ${{ secrets.SEC_GROUP_ID }} - # ecs_task_max_duration_seconds: ${{ vars.ECS_TASK_MAX_DURATION_SECONDS }} - # pat_token: ${{ secrets.BOT_TOKEN }} - # environment: ${{ inputs.environment }} + create_runner: + name: Create Self-Hosted Runner + runs-on: ubuntu-22.04 + environment: ${{ inputs.environment }} + needs: [ initChecks ] + outputs: + ecs_task_id: ${{ steps.start_runner.outputs.ecs_task_id }} + strategy: + matrix: + index: [1,2,3,4,5,6,7,8,9,10] + fail-fast: false + steps: + - name: Start GitHub Runner + id: start_runner + uses: pagopa/interop-github-runner-aws-create-action@main + with: + aws_region: ${{ secrets.AWS_REGION }} + iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} + ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} + ecs_task_definition: ${{ secrets.ECS_TASK_DEFINITION }} + ecs_task_cpu: ${{ vars.ECS_TASK_CPU }} + ecs_task_memory: ${{ vars.ECS_TASK_MEMORY }} + ecs_container_name: ${{ vars.ECS_TASK_CONTAINER_NAME }} + ecs_task_subnet_id: ${{ secrets.SUBNET_ID }} + ecs_task_sec_group: ${{ secrets.SEC_GROUP_ID }} + ecs_task_max_duration_seconds: ${{ vars.ECS_TASK_MAX_DURATION_SECONDS }} + pat_token: ${{ secrets.BOT_TOKEN }} + environment: ${{ inputs.environment }} - # deploy: - # needs: [ create_runner ] - # secrets: inherit - # uses: ./.github/workflows/k8s-apply-sub.yaml - # with: - # environment: ${{ inputs.environment }} - # timeout_seconds: 180 + deploy: + needs: [ create_runner ] + secrets: inherit + uses: ./.github/workflows/k8s-apply-sub.yaml + with: + environment: ${{ inputs.environment }} + timeout_seconds: 180 - # delete_runner: - # name: Delete Self-Hosted Runner - # needs: [create_runner, deploy] - # if: ${{ always() }} - # runs-on: ubuntu-22.04 - # environment: ${{ inputs.environment }} - # strategy: - # matrix: - # index: [1,2,3,4,5,6,7,8,9,10] - # fail-fast: false - # steps: - # - name: Stop Github Runner - # id: stop_runner - # uses: pagopa/interop-github-runner-aws-cleanup-action@main - # with: - # aws_region: ${{ secrets.AWS_REGION }} - # iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} - # ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} - # pat_token: ${{ secrets.BOT_TOKEN }} - # environment: ${{ inputs.environment }} + delete_runner: + name: Delete Self-Hosted Runner + needs: [create_runner, deploy] + if: ${{ always() }} + runs-on: ubuntu-22.04 + environment: ${{ inputs.environment }} + strategy: + matrix: + index: [1,2,3,4,5,6,7,8,9,10] + fail-fast: false + steps: + - name: Stop Github Runner + id: stop_runner + uses: pagopa/interop-github-runner-aws-cleanup-action@main + with: + aws_region: ${{ secrets.AWS_REGION }} + iam_role_arn: ${{ secrets.ECS_IAM_ROLE_ARN }} + ecs_cluster_name: ${{ secrets.ECS_CLUSTER_NAME }} + pat_token: ${{ secrets.BOT_TOKEN }} + environment: ${{ inputs.environment }} tf_apply: secrets: inherit From 58e0c7017ff89de53a6df60d9cbde4e6e7ed7510 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Fri, 3 Jan 2025 15:59:21 +0100 Subject: [PATCH 30/37] add clean-up job --- jobs/clean-up/att/values.yaml | 11 +++++++++++ jobs/clean-up/dev/values.yaml | 11 +++++++++++ 2 files changed, 22 insertions(+) create mode 100644 jobs/clean-up/att/values.yaml create mode 100644 jobs/clean-up/dev/values.yaml diff --git a/jobs/clean-up/att/values.yaml b/jobs/clean-up/att/values.yaml new file mode 100644 index 0000000..0c124bc --- /dev/null +++ b/jobs/clean-up/att/values.yaml @@ -0,0 +1,11 @@ +name: "tracing-be-clean-up" + +configmap: + APPLICATION_NAME: "tracing-clean-up" + API_OPERATIONS_BASEURL: "http://tracing-be-operations.att:8080" + +cronjob: + schedule: "50 23 * * *" + timeZone: "Europe/Rome" + concurrencyPolicy: "Forbid" + activeDeadlineSeconds: 3600 diff --git a/jobs/clean-up/dev/values.yaml b/jobs/clean-up/dev/values.yaml new file mode 100644 index 0000000..4338c81 --- /dev/null +++ b/jobs/clean-up/dev/values.yaml @@ -0,0 +1,11 @@ +name: "tracing-be-clean-up" + +configmap: + APPLICATION_NAME: "tracing-clean-up" + API_OPERATIONS_BASEURL: "http://tracing-be-operations.dev:8080" + +cronjob: + schedule: "50 23 * * *" + timeZone: "Europe/Rome" + concurrencyPolicy: "Forbid" + activeDeadlineSeconds: 3600 From a2176f6711aabdbeb91566a90eecf002f244b9f1 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 12:25:21 +0100 Subject: [PATCH 31/37] edit set-outputs step, add inputs to k8s-apply workflow --- .github/workflows/k8s-apply.yaml | 19 ++++++++++++++++++- .github/workflows/tf-apply.yaml | 4 ++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 153674b..3a7ebcf 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -12,6 +12,16 @@ on: required: true default: false type: boolean + run_k8s_workflow: + description: 'If true, run the k8s deployment jobs' + required: true + default: false + type: boolean + run_tf_workflow: + description: 'If true, run the TF apply job' + required: true + default: false + type: boolean permissions: id-token: write @@ -28,10 +38,13 @@ jobs: echo "- environment: \`${{ inputs.environment }}\`" >> $GITHUB_STEP_SUMMARY echo "- ref: \`${{ github.ref }}\`" >> $GITHUB_STEP_SUMMARY echo "- force_restart: \`${{ inputs.force_restart }}\`" >> $GITHUB_STEP_SUMMARY + echo "- run_k8s_workflow: \`${{ inputs.run_k8s_workflow }}\`" >> $GITHUB_STEP_SUMMARY + echo "- run_tf_workflow: \`${{ inputs.run_tf_workflow }}\`" >> $GITHUB_STEP_SUMMARY initChecks: runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} + if: ${{ inputs.run_k8s_workflow == true }} steps: - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member id: checkUserPermissions @@ -84,6 +97,7 @@ jobs: matrix: index: [1,2,3,4,5,6,7,8,9,10] fail-fast: false + if: ${{ inputs.run_k8s_workflow == true }} steps: - name: Start GitHub Runner id: start_runner @@ -105,6 +119,7 @@ jobs: deploy: needs: [ create_runner ] secrets: inherit + if: ${{ inputs.run_k8s_workflow == true }} uses: ./.github/workflows/k8s-apply-sub.yaml with: environment: ${{ inputs.environment }} @@ -113,7 +128,8 @@ jobs: delete_runner: name: Delete Self-Hosted Runner needs: [create_runner, deploy] - if: ${{ always() }} + #if: ${{ always() }} + if: ${{ inputs.run_k8s_workflow == true }} runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} strategy: @@ -133,6 +149,7 @@ jobs: tf_apply: secrets: inherit + if: ${{ inputs.run_tf_workflow == true }} uses: ./.github/workflows/tf-apply.yaml with: environment: ${{ inputs.environment }} diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index feeb2ce..a678dee 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -43,8 +43,8 @@ jobs: - id: set-outputs run: | - echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" - echo "cronjobs=$(find jobs -type f -path "*/$NORM_ENV/values.yaml" -exec dirname {} \; | awk -F'/' '{print $2}' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec yq '.name' {} \; | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + echo "cronjobs=$(find jobs -type f -path "*/$NORM_ENV/values.yaml" -exec yq '.name' {} \; | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" terraform_apply_monitoring: name: Terraform Apply Monitoring From 618094d9eedbe8b800ac1431f5613dddb50915df Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 12:27:47 +0100 Subject: [PATCH 32/37] edit description of inputs --- .github/workflows/k8s-apply.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 3a7ebcf..4f30916 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -13,12 +13,12 @@ on: default: false type: boolean run_k8s_workflow: - description: 'If true, run the k8s deployment jobs' + description: 'Run k8s deployment jobs' required: true default: false type: boolean run_tf_workflow: - description: 'If true, run the TF apply job' + description: 'Run TF apply job' required: true default: false type: boolean From ef5546cfbe82e3beb5f34359936269b47ff11a28 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 12:32:28 +0100 Subject: [PATCH 33/37] edit delete_runner job condition --- .github/workflows/k8s-apply.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 4f30916..62944b8 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -128,7 +128,6 @@ jobs: delete_runner: name: Delete Self-Hosted Runner needs: [create_runner, deploy] - #if: ${{ always() }} if: ${{ inputs.run_k8s_workflow == true }} runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} From d4cd03e07e3d9b1f5020352920b20fee44085920 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 13:57:01 +0100 Subject: [PATCH 34/37] edit job conditions --- .github/workflows/k8s-apply.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 62944b8..6ba7b07 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -44,7 +44,6 @@ jobs: initChecks: runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} - if: ${{ inputs.run_k8s_workflow == true }} steps: - name: Check user is a ${{ vars.ALLOWED_DEPLOY_GH_TEAMS }} team member id: checkUserPermissions @@ -128,7 +127,7 @@ jobs: delete_runner: name: Delete Self-Hosted Runner needs: [create_runner, deploy] - if: ${{ inputs.run_k8s_workflow == true }} + if: ${{ always() && inputs.run_k8s_workflow == true }} runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} strategy: From 0696abfef1dbb0725962bba65ee4afe5551b37b8 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 18:12:07 +0100 Subject: [PATCH 35/37] edit external module reference --- terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf b/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf index 2bdda3b..2f03f74 100644 --- a/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf +++ b/terraform/k8s-monitoring/20-k8s-monitoring-deployments.tf @@ -9,7 +9,7 @@ locals { module "k8s_deployment_monitoring" { for_each = toset(local.microservices_names) - source = "git::https://github.com/pagopa/interop-infra-commons//terraform/modules/k8s-deployment-monitoring?ref=v1.4.5" + source = "git@github.com:pagopa/interop-infra-commons//terraform/modules/k8s-deployment-monitoring?ref=v1.4.5" env = var.env eks_cluster_name = var.eks_cluster_name From 26b9b684b694ee55c0f2f3470ec069be7ce58581 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 18:13:37 +0100 Subject: [PATCH 36/37] delete merge conflict comments --- .github/workflows/k8s-apply.yaml | 23 ----------------------- .github/workflows/tf-apply.yaml | 3 --- 2 files changed, 26 deletions(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index bc03341..40b558f 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -13,16 +13,6 @@ on: default: false type: boolean run_k8s_workflow: -<<<<<<< HEAD - description: 'Run k8s deployment jobs' - required: true - default: false - type: boolean - run_tf_workflow: - description: 'Run TF apply job' - required: true - default: false -======= description: 'Run K8s workflow' required: true default: true @@ -31,7 +21,6 @@ on: description: 'Run TF workflow' required: true default: true ->>>>>>> main type: boolean permissions: @@ -130,11 +119,7 @@ jobs: deploy: needs: [ create_runner ] secrets: inherit -<<<<<<< HEAD - if: ${{ inputs.run_k8s_workflow == true }} -======= if: ${{ inputs.run_k8s_workflow }} ->>>>>>> main uses: ./.github/workflows/k8s-apply-sub.yaml with: environment: ${{ inputs.environment }} @@ -143,11 +128,7 @@ jobs: delete_runner: name: Delete Self-Hosted Runner needs: [create_runner, deploy] -<<<<<<< HEAD - if: ${{ always() && inputs.run_k8s_workflow == true }} -======= if: ${{ always() && inputs.run_k8s_workflow }} ->>>>>>> main runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} strategy: @@ -168,11 +149,7 @@ jobs: tf_apply: needs: [ initChecks ] secrets: inherit -<<<<<<< HEAD - if: ${{ inputs.run_tf_workflow == true }} -======= if: ${{ inputs.run_tf_workflow }} ->>>>>>> main uses: ./.github/workflows/tf-apply.yaml with: environment: ${{ inputs.environment }} diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index 3532f2a..17c9dd1 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -45,11 +45,8 @@ jobs: - id: set-outputs run: | -<<<<<<< HEAD -======= set -euo pipefail ->>>>>>> main echo "microservices=$(find microservices -type f -path "*/$NORM_ENV/values.yaml" -exec yq '.name' {} \; | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" echo "cronjobs=$(find jobs -type f -path "*/$NORM_ENV/values.yaml" -exec yq '.name' {} \; | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" From 17b1400ab5c7cd5db842a7637e01835795456b11 Mon Sep 17 00:00:00 2001 From: micheledellipaoli-pagopa Date: Tue, 7 Jan 2025 18:15:53 +0100 Subject: [PATCH 37/37] remove merge conflict typo --- .github/workflows/k8s-apply.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/k8s-apply.yaml b/.github/workflows/k8s-apply.yaml index 40b558f..f49e1dd 100644 --- a/.github/workflows/k8s-apply.yaml +++ b/.github/workflows/k8s-apply.yaml @@ -97,7 +97,6 @@ jobs: matrix: index: [1,2,3,4,5,6,7,8,9,10] fail-fast: false - if: ${{ inputs.run_k8s_workflow == true }} steps: - name: Start GitHub Runner id: start_runner