keep-dev: GKE metrics + env repairs

infrastructure/terraform/keep-dev/main.tf

@@ -121,11 +121,11 @@ module "gke_cluster" {
   gke_cluster {
     name                                = "${var.gke_cluster["name"]}"
     private_cluster                     = "${var.gke_cluster["private_cluster"]}"
-    subnetwork                          = "${module.vpc.vpc_private_subnet_self_link}"
     master_ipv4_cidr_block              = "${var.gke_cluster["master_ipv4_cidr_block"]}"
     daily_maintenance_window_start_time = "${var.gke_cluster["daily_maintenance_window_start_time"]}"
     network_policy_enabled              = "${var.gke_cluster["network_policy_enabled"]}"
     network_policy_provider             = "${var.gke_cluster["network_policy_provider"]}"
+    logging_service                     = "${var.gke_cluster["logging_service"]}"
   }
 
   gke_node_pool {
@@ -149,3 +149,36 @@ resource "google_compute_global_address" "atlantis_external_ip" {
   address_type = "${upper(var.atlantis_ip_address_type)}"
   labels       = "${local.labels}"
 }
+
+/* Using this module will create a data read and an update for the
+ * prometheus-to-sd resource on each Terraform planand apply run.  These
+ * updates will do nothing and are an artifact of the depends_on in the
+ * modules data resource. Terraform team is aware and have a proposed fix
+ * in the works.
+*/
+module "gke_cluster_metrics" {
+  source    = "[email protected]:thesis/infrastructure.git//terraform/modules/gke_metrics"
+  namespace = "${var.gke_metrics_namespace}"
+
+  kube_state_metrics {
+    version = "${var.kube_state_metrics["version"]}"
+  }
+
+  prometheus_to_sd {
+    version = "${var.prometheus_to_sd["version"]}"
+  }
+}
+
+module "openvpn" {
+  source = "[email protected]:thesis/infrastructure.git//terraform/modules/helm_openvpn"
+
+  openvpn {
+    name    = "${var.openvpn["name"]}"
+    version = "${var.openvpn["version"]}"
+  }
+
+  openvpn_parameters {
+    route_all_traffic_through_vpn = "${var.openvpn_parameters["route_all_traffic_through_vpn"]}"
+    gke_master_ipv4_cidr_address  = "${var.openvpn_parameters["gke_master_ipv4_cidr_address"]}"
+  }
+}

infrastructure/terraform/keep-dev/provider.tf

@@ -2,16 +2,17 @@ data "google_client_config" "default" {}
 
 # Configure the Google Cloud provider
 provider "google" {
-  version = "~> 1.19"
+  version = "<= 1.19.0"
   region  = "${var.region_data["region"]}"
 }
 
 provider "google-beta" {
-  version = "~> 1.19"
+  version = "<= 1.19.0"
   region  = "${var.region_data["region"]}"
 }
 
 provider "kubernetes" {
+  version                = "<= 1.5.0"
   load_config_file       = false
   host                   = "https://${var.gke_cluster["master_private_endpoint"]}"
   token                  = "${data.google_client_config.default.access_token}"
@@ -24,6 +25,8 @@ module "helm_provider_helper" {
 }
 
 provider "helm" {
+  version = "<= 0.7.0"
+
   kubernetes {
     host                   = "https://${var.gke_cluster["master_private_endpoint"]}"
     token                  = "${data.google_client_config.default.access_token}"
@@ -36,3 +39,15 @@ provider "helm" {
   namespace       = "${module.helm_provider_helper.tiller_namespace}"
   install_tiller  = true
 }
+
+provider "null" {
+  version = "<= 2.0.0"
+}
+
+provider "random" {
+  version = "<= 2.0.0"
+}
+
+provider "template" {
+  version = "<= 1.0.0"
+}

infrastructure/terraform/keep-dev/tf-setup.org

@@ -1853,3 +1853,148 @@ terraform output  \
 
 #+RESULTS:
 
+** DONE gke-metrics
+Configures monitoring and metrics collection for a GKE cluster.
+
+NOTE: Using this module will create a data read and an update for the
+prometheus-to-sd resource on each Terraform planand apply run.  These
+updates will do nothing and are an artifact of the depends_on in the
+modules data resource. Terraform team is aware and have a proposed fix
+in the works.
+
+*** Describe
+#+BEGIN_SRC sh :results pp
+date -u
+echo `whoami` "\n"
+
+kubectl describe \
+service helm-kube-state-metrics \
+--namespace metrics
+
+echo "-------"
+
+kubectl describe \
+deployment helm-kube-state-metrics \
+--namespace metrics
+
+echo "-------"
+
+kubectl describe \
+deployment helm-prometheus-to-sd \
+--namespace metrics
+#+END_SRC
+
+#+RESULTS:
+#+begin_example
+Wed Feb 13 15:50:08 UTC 2019
+sthompson22 
+
+Name:              helm-kube-state-metrics
+Namespace:         metrics
+Labels:            app=kube-state-metrics
+                   chart=kube-state-metrics-0.13.0
+                   heritage=Tiller
+                   release=helm-kube-state-metrics
+Annotations:       prometheus.io/scrape: true
+Selector:          app=kube-state-metrics,release=helm-kube-state-metrics
+Type:              ClusterIP
+IP:                10.102.100.169
+Port:              http  8080/TCP
+TargetPort:        8080/TCP
+Endpoints:         10.102.3.15:8080
+Session Affinity:  None
+Events:            <none>
+-------
+Name:                   helm-kube-state-metrics
+Namespace:              metrics
+CreationTimestamp:      Tue, 12 Feb 2019 11:18:51 -0500
+Labels:                 app=kube-state-metrics
+                        chart=kube-state-metrics-0.13.0
+                        heritage=Tiller
+                        release=helm-kube-state-metrics
+Annotations:            deployment.kubernetes.io/revision: 1
+Selector:               app=kube-state-metrics,release=helm-kube-state-metrics
+Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
+StrategyType:           RollingUpdate
+MinReadySeconds:        0
+RollingUpdateStrategy:  1 max unavailable, 1 max surge
+Pod Template:
+  Labels:           app=kube-state-metrics
+                    release=helm-kube-state-metrics
+  Service Account:  helm-kube-state-metrics
+  Containers:
+   kube-state-metrics:
+    Image:      quay.io/coreos/kube-state-metrics:v1.4.0
+    Port:       8080/TCP
+    Host Port:  0/TCP
+    Args:
+      --collectors=configmaps
+      --collectors=cronjobs
+      --collectors=daemonsets
+      --collectors=deployments
+      --collectors=endpoints
+      --collectors=horizontalpodautoscalers
+      --collectors=jobs
+      --collectors=limitranges
+      --collectors=namespaces
+      --collectors=nodes
+      --collectors=persistentvolumeclaims
+      --collectors=persistentvolumes
+      --collectors=pods
+      --collectors=replicasets
+      --collectors=replicationcontrollers
+      --collectors=resourcequotas
+      --collectors=secrets
+      --collectors=services
+      --collectors=statefulsets
+    Readiness:    http-get http://:8080/healthz delay=5s timeout=5s period=10s #success=1 #failure=3
+    Environment:  <none>
+    Mounts:       <none>
+  Volumes:        <none>
+Conditions:
+  Type           Status  Reason
+  ----           ------  ------
+  Available      True    MinimumReplicasAvailable
+  Progressing    True    NewReplicaSetAvailable
+OldReplicaSets:  <none>
+NewReplicaSet:   helm-kube-state-metrics-898cb4bf7 (1/1 replicas created)
+Events:          <none>
+-------
+Name:                   helm-prometheus-to-sd
+Namespace:              metrics
+CreationTimestamp:      Tue, 12 Feb 2019 11:18:57 -0500
+Labels:                 app=prometheus-to-sd
+                        chart=prometheus-to-sd-0.1.1
+                        heritage=Tiller
+                        release=helm-prometheus-to-sd
+Annotations:            deployment.kubernetes.io/revision: 1
+Selector:               app=prometheus-to-sd,release=helm-prometheus-to-sd
+Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
+StrategyType:           RollingUpdate
+MinReadySeconds:        0
+RollingUpdateStrategy:  25% max unavailable, 25% max surge
+Pod Template:
+  Labels:  app=prometheus-to-sd
+           release=helm-prometheus-to-sd
+  Containers:
+   prometheus-to-sd:
+    Image:      gcr.io/google-containers/prometheus-to-sd:v0.2.2
+    Port:       6060/TCP
+    Host Port:  0/TCP
+    Command:
+      /monitor
+      --stackdriver-prefix=custom.googleapis.com
+      --source=kube-state-metrics:http://10.102.100.169:8080
+    Environment:  <none>
+    Mounts:       <none>
+  Volumes:        <none>
+Conditions:
+  Type           Status  Reason
+  ----           ------  ------
+  Available      True    MinimumReplicasAvailable
+  Progressing    True    NewReplicaSetAvailable
+OldReplicaSets:  <none>
+NewReplicaSet:   helm-prometheus-to-sd-7447796c5 (1/1 replicas created)
+Events:          <none>
+#+end_example
+

infrastructure/terraform/keep-dev/variables.tf

@@ -118,8 +118,9 @@ variable "gke_cluster" {
     master_ipv4_cidr_block              = "172.16.0.0/28"
     master_private_endpoint             = "172.16.0.2"
     daily_maintenance_window_start_time = "00:00"
-    network_policy_enabled              = true
-    network_policy_provider             = "CALICO"
+    network_policy_enabled              = false
+    network_policy_provider             = "PROVIDER_UNSPECIFIED"
+    logging_service                     = "logging.googleapis.com/kubernetes"
   }
 }
 
@@ -161,3 +162,34 @@ variable "atlantis_ip_address_type" {
   description = "Internet facing or not. internal or external"
   default     = "external"
 }
+
+# gke_metrics
+variable "gke_metrics_namespace" {
+  default = "metrics"
+}
+
+variable "kube_state_metrics" {
+  default {
+    version = "0.13.0"
+  }
+}
+
+variable "prometheus_to_sd" {
+  default {
+    version = "0.1.1"
+  }
+}
+
+variable "openvpn" {
+  default {
+    name    = "helm-openvpn"
+    version = "3.10.0"
+  }
+}
+
+variable "openvpn_parameters" {
+  default {
+    route_all_traffic_through_vpn = "false"
+    gke_master_ipv4_cidr_address  = "172.16.0.0"
+  }
+}