Merge pull request #45 from streamnative/feat/add_prom_clusterrole

Add Prometheus ClusterRole Helm Chart

README.md

@@ -171,6 +171,7 @@ No resources.
 | <a name="input_function_mesh_operator_settings"></a> [function\_mesh\_operator\_settings](#input\_function\_mesh\_operator\_settings) | Additional key value settings which will be passed to the Helm chart values, e.g. { "namespace" = "kube-system" }. | `map(any)` | `null` | no |
 | <a name="input_function_mesh_operator_timeout"></a> [function\_mesh\_operator\_timeout](#input\_function\_mesh\_operator\_timeout) | Time in seconds to wait for any individual kubernetes operation | `number` | `null` | no |
 | <a name="input_function_mesh_operator_values"></a> [function\_mesh\_operator\_values](#input\_function\_mesh\_operator\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no |
+| <a name="input_install_prometheus_cluster_role"></a> [install\_prometheus\_cluster\_role](#input\_install\_prometheus\_cluster\_role) | Installs the well-known Prometheus server ClusterRole resource on the cluster. | `bool` | `null` | no |
 | <a name="input_istio_cluster_name"></a> [istio\_cluster\_name](#input\_istio\_cluster\_name) | The name of the kubernetes cluster where Istio is being configured. This is required when "enable\_istio\_operator" is set to "true". | `string` | `null` | no |
 | <a name="input_istio_mesh_id"></a> [istio\_mesh\_id](#input\_istio\_mesh\_id) | The ID used by the Istio mesh. This is also the ID of the StreamNative Cloud Pool used for the workload environments. This is required when "enable\_istio\_operator" is set to "true". | `string` | `null` | no |
 | <a name="input_istio_network"></a> [istio\_network](#input\_istio\_network) | The name of network used for the Istio deployment. | `string` | `null` | no |

main.tf

@@ -147,15 +147,16 @@ module "prometheus_operator" {
   count  = var.enable_prometheus_operator == true ? 1 : 0
   source = "./modules/prometheus-operator"
 
-  chart_name       = var.prometheus_operator_chart_name
-  chart_repository = var.prometheus_operator_chart_repository
-  chart_version    = var.prometheus_operator_chart_version
-  create_namespace = var.create_prometheus_operator_namespace
-  namespace        = var.prometheus_operator_namespace
-  release_name     = var.prometheus_operator_release_name
-  settings         = var.prometheus_operator_settings
-  timeout          = var.prometheus_operator_timeout
-  values           = local.prometheus_operator_values
+  chart_name           = var.prometheus_operator_chart_name
+  chart_repository     = var.prometheus_operator_chart_repository
+  chart_version        = var.prometheus_operator_chart_version
+  create_namespace     = var.create_prometheus_operator_namespace
+  install_cluster_role = var.install_prometheus_cluster_role
+  namespace            = var.prometheus_operator_namespace
+  release_name         = var.prometheus_operator_release_name
+  settings             = var.prometheus_operator_settings
+  timeout              = var.prometheus_operator_timeout
+  values               = local.prometheus_operator_values
 }
 
 module "pulsar_operator" {

modules/prometheus-operator/README.md

@@ -6,23 +6,25 @@ A simple module that installs a the `kube-prometheus-stack` operator via helm
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.0.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.2.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.2.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >=2.2.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_prometheus_cluster_role"></a> [prometheus\_cluster\_role](#module\_prometheus\_cluster\_role) | ./prometheus-cluster-role | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [helm_release.prometheus_operator](https://registry.terraform.io/providers/hashicorp/helm/2.2.0/docs/resources/release) | resource |
+| [helm_release.prometheus_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 
 ## Inputs
 
@@ -34,6 +36,7 @@ No modules.
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the Helm chart to install. | `string` | `null` | no |
 | <a name="input_cleanup_on_fail"></a> [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails. | `bool` | `null` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults to "true". | `bool` | `null` | no |
+| <a name="input_install_cluster_role"></a> [install\_cluster\_role](#input\_install\_cluster\_role) | Installs the well-known Prometheus server ClusterRole resource on the cluster. | `bool` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace used for the operator deployment. | `string` | `null` | no |
 | <a name="input_release_name"></a> [release\_name](#input\_release\_name) | The name of the helm release. | `string` | `null` | no |
 | <a name="input_settings"></a> [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values. | `map(any)` | `{}` | no |

modules/prometheus-operator/main.tf

@@ -29,17 +29,18 @@ terraform {
 }
 
 locals {
-  atomic           = var.atomic != null ? var.atomic : true
-  chart_name       = var.chart_name != null ? var.chart_name : "kube-prometheus-stack"
-  chart_repository = var.chart_repository != null ? var.chart_repository : "https://prometheus-community.github.io/helm-charts"
-  chart_version    = var.chart_version != null ? var.chart_version : "33.2.1"
-  cleanup_on_fail  = var.cleanup_on_fail != null ? var.cleanup_on_fail : true
-  create_namespace = var.create_namespace != null ? var.create_namespace : true
-  namespace        = var.namespace != null ? var.namespace : "monitoring"
-  release_name     = var.release_name != null ? var.release_name : "kube-prometheus-stack"
-  settings         = var.settings != null ? var.settings : {}
-  timeout          = var.timeout != null ? var.timeout : 120
-  values           = var.values != null ? var.values : []
+  atomic               = var.atomic != null ? var.atomic : true
+  chart_name           = var.chart_name != null ? var.chart_name : "kube-prometheus-stack"
+  chart_repository     = var.chart_repository != null ? var.chart_repository : "https://prometheus-community.github.io/helm-charts"
+  chart_version        = var.chart_version != null ? var.chart_version : "33.2.1"
+  cleanup_on_fail      = var.cleanup_on_fail != null ? var.cleanup_on_fail : true
+  create_namespace     = var.create_namespace != null ? var.create_namespace : true
+  install_cluster_role = var.install_cluster_role != null ? var.install_cluster_role : true
+  namespace            = var.namespace != null ? var.namespace : "monitoring"
+  release_name         = var.release_name != null ? var.release_name : "kube-prometheus-stack"
+  settings             = var.settings != null ? var.settings : {}
+  timeout              = var.timeout != null ? var.timeout : 120
+  values               = var.values != null ? var.values : []
 }
 
 resource "helm_release" "prometheus_operator" {
@@ -68,3 +69,8 @@ resource "helm_release" "prometheus_operator" {
     }
   }
 }
+
+module "prometheus_cluster_role" {
+  count  = local.install_cluster_role ? 1 : 0
+  source = "./prometheus-cluster-role"
+}

modules/prometheus-operator/prometheus-cluster-role/README.md

@@ -0,0 +1,47 @@
+# prometheus-cluster-role
+This basic helm chart installs `ClusterRole` resource for Prometheus, useful when installing the operator but not the server component.
+
+## Usage
+Update the Helm provider configuration accordingly:
+
+```hcl
+provider "helm" {
+  kubernetes {
+    host                   = <host> 
+    cluster_ca_certificate = <ca_cert>
+    token                  = <token>
+  }
+}
+
+module "prometheus_cluster_role" {
+  source = "streamnative/charts/helm//modules/prometheus-operator/prometheus-cluster-role"
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.prometheus_cluster_role](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.

modules/prometheus-operator/prometheus-cluster-role/chart/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: prometheus-cluster-role 
+description: ClusterRole for Prometheus 
+version: 0.1.0
+home: https://streamnative.io
+sources:
+- https://github.com/streamnative/terraform-helm-charts
+icon: http://pulsar.apache.org/img/pulsar.svg
+maintainers:
+- name: jrsdav
+  email: [email protected]

modules/prometheus-operator/prometheus-cluster-role/chart/templates/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

modules/prometheus-operator/prometheus-cluster-role/chart/templates/clusterrole.yaml

@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - nodes/proxy
+  - nodes/metrics
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get

modules/prometheus-operator/prometheus-cluster-role/main.tf

@@ -0,0 +1,8 @@
+resource "helm_release" "prometheus_cluster_role" {
+  atomic          = true
+  chart           = "${path.module}/chart"
+  cleanup_on_fail = true
+  namespace       = "kube-system"
+  timeout         = 120
+  name            = "prometheus-cluster-role"
+}

modules/prometheus-operator/variables.tf

@@ -60,6 +60,12 @@ variable "create_namespace" {
   type        = bool
 }
 
+variable "install_cluster_role" {
+  default     = null
+  description = "Installs the well-known Prometheus server ClusterRole resource on the cluster."
+  type        = bool
+}
+
 variable "namespace" {
   default     = null
   description = "The namespace used for the operator deployment."

variables.tf

@@ -514,6 +514,12 @@ variable "otel_collector_values" {
 #######
 ### Prometheus Settings
 #######
+variable "install_prometheus_cluster_role" {
+  default     = null
+  description = "Installs the well-known Prometheus server ClusterRole resource on the cluster."
+  type        = bool
+}
+
 variable "prometheus_operator_chart_name" {
   default     = null
   description = "The name of the Helm chart to install"