updates to add logging needed for alb (#33)

CMS-Enterprise · Jul 29, 2024 · 9891c25 · 9891c25
2 parents 1bd4930 + bbad0b1
commit 9891c25
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 21 deletions.
diff --git a/addons/settings.tf b/addons/settings.tf
@@ -8,8 +8,10 @@ locals {
     alb_security_group_id = var.alb_security_group_id
     argocd_cert_arn       = data.aws_acm_certificate.argocd.arn
     argocd_sub_domain     = local.argocd_sub_domain
+    cluster_name          = var.eks_cluster_name
     domain_name           = var.domain_name
     k8s_alb_name          = var.k8s_alb_name
+    s3_logging_bucket     = data.aws_s3_bucket.logging.bucket
     argocd_use_sso        = var.argocd_use_sso
     okta_client_id        = var.okta_client_id
     okta_client_secret    = var.okta_client_secret
@@ -48,3 +50,7 @@ data "aws_acm_certificate" "argocd" {
   domain   = "${var.ado}-${var.env}.internal.cms.gov"
   statuses = ["ISSUED"]
 }
+
+data "aws_s3_bucket" "logging" {
+  bucket = "cms-cloud-${var.account_num}-${var.region_name}"
+}
diff --git a/addons/values/argocd/values.yaml.tpl b/addons/values/argocd/values.yaml.tpl
@@ -36,6 +36,7 @@ server:
       alb.ingress.kubernetes.io/load-balancer-name: ${k8s_alb_name}
       alb.ingress.kubernetes.io/certificate-arn: ${argocd_cert_arn}
       alb.ingress.kubernetes.io/security-groups: ${alb_security_group_id}
+      alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,connection_logs.s3.enabled=true,access_logs.s3.bucket=${s3_logging_bucket},connection_logs.s3.bucket=${s3_logging_bucket},access_logs.s3.prefix=${cluster_name}-argocd-access,connection_logs.s3.prefix=${cluster_name}-argocd-connection
       alb.ingress.kubernetes.io/backend-protocol: HTTP
       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}, {"HTTP": 80}]'
       alb.ingress.kubernetes.io/ssl-redirect: 443

diff --git a/addons/variables.tf b/addons/variables.tf
@@ -1,3 +1,8 @@
+variable "account_num" {
+  description = "The account number to use for the resources"
+  type        = string
+}
+
 variable "ado" {
   description = "The ADO to deploy into"
   type        = string
@@ -13,6 +18,12 @@ variable "argocd_chart_version" {
   type        = string
 }
 
+variable "argocd_use_sso" {
+  description = "Enable SSO for ArgoCD"
+  type        = bool
+  default     = false
+}
+
 variable "available_availability_zones" {
   description = "The available availability zones"
   type        = list(string)
@@ -183,22 +194,6 @@ variable "main_nodes_iam_role_arn" {
   type        = string
 }
 
-variable "post_bootstrap_user_data" {
-  description = "User data to run after the bootstrap script"
-  type        = string
-}
-
-variable "pre_bootstrap_user_data" {
-  description = "User data to run before the bootstrap script"
-  type        = string
-}
-
-variable "argocd_use_sso" {
-  description = "Enable SSO for ArgoCD"
-  type        = bool
-  default     = false
-}
-
 variable "okta_client_id" {
   description = "Okta Client ID for Setting up SSO for ArgoCD"
   type        = string
@@ -218,3 +213,18 @@ variable "okta_issuer" {
   type        = string
   default     = ""
 }
+
+variable "post_bootstrap_user_data" {
+  description = "User data to run after the bootstrap script"
+  type        = string
+}
+
+variable "pre_bootstrap_user_data" {
+  description = "User data to run before the bootstrap script"
+  type        = string
+}
+
+variable "region_name" {
+  description = "The name of the region to deploy into"
+  type        = string
+}
diff --git a/eks.tf b/eks.tf
@@ -113,9 +113,11 @@ module "main_nodes" {
 module "eks_addons" {
   source = "./addons"
 
+  account_num                   = data.aws_caller_identity.current.account_id
   ado                           = var.ado
   alb_security_group_id         = aws_security_group.alb.id
   argocd_chart_version          = var.argocd_chart_version
+  argocd_use_sso                = var.argocd_use_sso
   available_availability_zones  = local.available_availability_zone_names
   aws_partition                 = data.aws_partition.current.partition
   aws_region                    = data.aws_region.current.name
@@ -146,12 +148,12 @@ module "eks_addons" {
   karpenter_chart_version       = var.kp_chart_version
   k8s_alb_name                  = local.k8s_alb_name
   main_nodes_iam_role_arn       = module.main_nodes.iam_role_arn
-  post_bootstrap_user_data      = local.post_bootstrap_user_data
-  pre_bootstrap_user_data       = local.pre_bootstrap_user_data
-  argocd_use_sso                = var.argocd_use_sso
   okta_issuer                   = var.okta_issuer
   okta_client_id                = var.okta_client_id
   okta_client_secret            = var.okta_client_secret
+  post_bootstrap_user_data      = local.post_bootstrap_user_data
+  pre_bootstrap_user_data       = local.pre_bootstrap_user_data
+  region_name                   = data.aws_region.current.name
 
   depends_on = [
     module.eks_base,

diff --git a/example/main.tf b/example/main.tf
@@ -8,11 +8,11 @@ provider "aws" {
 }
 
 module "main-eks" {
-  source = "[email protected]:CMS-Enterprise/Energon-Kube.git?ref=3.1.1"
+  source = "[email protected]:CMS-Enterprise/Energon-Kube.git?ref=3.1.2"
 
   cluster_custom_name = "temp-test"
   env                 = "impl"
-  gold_image_date     = "2024-06"
+  gold_image_date     = "2024-07"
   ado                 = "batcave"
   program_office      = "batman"
 }
diff --git a/releases/3.1.2.md b/releases/3.1.2.md
@@ -0,0 +1,6 @@
+# Release Notes
+
+## [Version 3.1.2] - 2024-07-29
+
+### Improvements
+- Update the logging configuration for the load balancer provisioned for ArgoCD by the LB Controller.