Merge pull request #178 from DFE-Digital/1604-create-grafana-service

Modify grafana user access
DFE-Digital · Mar 12, 2024 · 00fff89 · 00fff89
2 parents eaf87ed + fcbe347
commit 00fff89
Show file tree

Hide file tree

Showing 11 changed files with 70 additions and 0 deletions.
diff --git a/.github/workflows/deploy-cluster.yml b/.github/workflows/deploy-cluster.yml
@@ -33,6 +33,7 @@ jobs:
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         terraform_root_folder: cluster/terraform_kubernetes
+        terrafile_environment: development
 
     - name: Validate custom_domains/terraform/infrastructure
       uses: ./.github/actions/validate-terraform

diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,9 @@ templates/new_service/terraform/domains/environment_domains/.terraform.lock.hcl
 templates/new_service/terraform/domains/environment_domains/vendor/
 templates/new_service/terraform/application/.terraform.lock.hcl
 templates/new_service/terraform/application/vendor/
+
+# terrafile
+cluster/terraform_kubernetes/vendor/modules/aks
+
+# macOS files
+.DS_Store
diff --git a/Makefile b/Makefile
@@ -1,3 +1,4 @@
+TERRAFILE_VERSION=0.8
 RG_TAGS={"Product" : "Teacher services cloud"}
 ARM_TEMPLATE_TAG=1.1.0
 
@@ -59,6 +60,7 @@ terraform-aks-cluster-destroy: terraform-aks-cluster-init
 	terraform -chdir=cluster/terraform_aks_cluster destroy -var-file config/${CONFIG}.tfvars.json ${AUTO_APPROVE}
 
 terraform-kubernetes-init: set-azure-account
+	./bin/terrafile -p cluster/terraform_kubernetes/vendor/modules -f cluster/terraform_kubernetes/config/$(CONFIG)_Terrafile
 	terraform -chdir=cluster/terraform_kubernetes init -reconfigure -upgrade \
 		-backend-config=resource_group_name=${RESOURCE_GROUP_NAME} \
 		-backend-config=storage_account_name=${STORAGE_ACCOUNT_NAME} \
@@ -106,6 +108,10 @@ arm-deployment: set-azure-account
 		--parameters "managedIdentityName=${MANAGE_IDENTITY_NAME}" \
 		${WHAT_IF}
 
+bin/terrafile: ## Install terrafile to manage terraform modules
+	curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \
+		| tar xz -C ./bin terrafile
+
 deploy-azure-resources: check-auto-approve arm-deployment # make dev deploy-azure-resources
 
 validate-azure-resources: set-what-if arm-deployment # make dev validate-azure-resources

diff --git a/bin/.gitkeep b/bin/.gitkeep
diff --git a/bin/terrafile b/bin/terrafile
diff --git a/cluster/terraform_kubernetes/cluster_data.tf b/cluster/terraform_kubernetes/cluster_data.tf
@@ -0,0 +1,4 @@
+module "cluster_data" {
+  source = "./vendor/modules/aks//aks/cluster_data"
+  name   = var.environment
+}
diff --git a/cluster/terraform_kubernetes/config/development_Terrafile b/cluster/terraform_kubernetes/config/development_Terrafile
@@ -0,0 +1,3 @@
+aks:
+    source:  "https://github.com/DFE-Digital/terraform-modules"
+    version: "main"
diff --git a/cluster/terraform_kubernetes/config/platform-test_Terrafile b/cluster/terraform_kubernetes/config/platform-test_Terrafile
@@ -0,0 +1,3 @@
+aks:
+    source:  "https://github.com/DFE-Digital/terraform-modules"
+    version: "testing"
diff --git a/cluster/terraform_kubernetes/config/production_Terrafile b/cluster/terraform_kubernetes/config/production_Terrafile
@@ -0,0 +1,3 @@
+aks:
+    source:  "https://github.com/DFE-Digital/terraform-modules"
+    version: "stable"
diff --git a/cluster/terraform_kubernetes/config/test_Terrafile b/cluster/terraform_kubernetes/config/test_Terrafile
@@ -0,0 +1,3 @@
+aks:
+    source:  "https://github.com/DFE-Digital/terraform-modules"
+    version: "testing"
diff --git a/cluster/terraform_kubernetes/grafana.tf b/cluster/terraform_kubernetes/grafana.tf
@@ -61,6 +61,18 @@ resource "kubernetes_deployment" "grafana_deployment" {
             name  = "GF_SECURITY_ADMIN_PASSWORD"
             value = data.azurerm_key_vault_secret.grafana_admin_password.value
           }
+          env {
+            name  = "GF_AUTH_ANONYMOUS_ENABLED"
+            value = "true"
+          }
+          env {
+            name  = "GF_AUTH_ANONYMOUS_ORG_NAME"
+            value = "Main Org."
+          }
+          env {
+            name  = "GF_AUTH_ANONYMOUS_ORG_ROLE"
+            value = "Viewer"
+          }
           resources {
             limits = {
               cpu    = "1"
@@ -130,6 +142,8 @@ resource "kubernetes_service" "grafana_service" {
       app = kubernetes_deployment.grafana_deployment.spec[0].template[0].metadata[0].labels["app"]
     }
 
+    type = "LoadBalancer"
+
     port {
       port        = 3000
       target_port = 3000
@@ -158,3 +172,30 @@ resource "kubernetes_config_map" "grafana_dashboard_provisioning" {
     "dashboards.yaml" = file("${path.module}/config/dashboards.yaml")
   }
 }
+
+resource "kubernetes_ingress_v1" "grafana_ingress" {
+
+  wait_for_load_balancer = true
+  metadata {
+    name      = "grafana"
+    namespace = kubernetes_namespace.default_list["monitoring"].metadata[0].name
+  }
+  spec {
+    ingress_class_name = "nginx"
+    rule {
+      host = "grafana.${module.cluster_data.ingress_domain}"
+      http {
+        path {
+          backend {
+            service {
+              name = "grafana"
+              port {
+                number = kubernetes_service.grafana_service.spec[0].port[0].port
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}