bcgov · jlangy · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024
diff --git a/.github/workflows/publish-grafana-image.yaml b/.github/workflows/publish-grafana-image.yaml
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -10,12 +10,49 @@ on:
     - terraform-ecs/**
     - loki-authorizer/**
     - .github/**
+    - grafana-config/*
 
 env:
   TF_VERSION: 1.9.7
+  GITHUB_REGISTRY: ghcr.io
+  IMAGE_NAME: bcgov/sso-loki
 
 jobs:
+  build-and-push-image:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Log in to the GitHub Container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.GITHUB_REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=sha,format=long
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: grafana-config
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
   terraform:
+    needs: build-and-push-image
     permissions: write-all
     runs-on: ubuntu-20.04
     steps:
@@ -49,6 +86,11 @@ jobs:
         LOKI_BUCKET_NAME=${{ vars.LOKI_BUCKET_NAME_DEV }}
         S3_BACKEND_NAME=${{vars.S3_BACKEND_NAME_DEV}}
         LOKI_TAG=dev
+        READ_TASK_CPU=256
+        READ_TASK_MEMORY=512
+        RETENTION_PERIOD=168h
+        SUBNET_A=Web_Dev_aza_net
+        SUBNET_B=Web_Dev_azb_net
 
         EOF
 
@@ -61,7 +103,12 @@ jobs:
         LOKI_AUTH_TOKEN=${{ secrets.LOKI_AUTH_TOKEN_PROD }}
         LOKI_BUCKET_NAME=${{ vars.LOKI_BUCKET_NAME_PROD }}
         S3_BACKEND_NAME=${{vars.S3_BACKEND_NAME_PROD}}
-        LOKI_TAG=prod
+        LOKI_TAG=main
+        READ_TASK_CPU=512
+        READ_TASK_MEMORY=2048
+        RETENTION_PERIOD=180d
+        SUBNET_A=Web_Prod_aza_net
+        SUBNET_B=Web_Prod_azb_net
 
         EOF
 
@@ -85,10 +132,23 @@ jobs:
         EOF
         terraform init -backend-config=backend.hcl
 
+    - name: Terraform Variables
+      working-directory: ./terraform-ecs
+      run: |
+        cat >"ci.auto.tfvars" <<EOF
+        auth_secret="${{env.LOKI_AUTH_TOKEN}}"
+        bucket_name="${{ env.LOKI_BUCKET_NAME }}"
+        loki_read_cpu="${{env.LOKI_READ_CPU}}"
+        loki_read_memory="${{env.LOKI_READ_MEMORY}}"
+        retention_period="${{env.RETENTION_PERIOD}}"
+        subnet_a="${{env.SUBNET_A}}"
+        subnet_b="${{env.SUBNET_B}}"
+        EOF
+
     - name: Terraform Plan
-      run: terraform plan -var "auth_secret=${{env.LOKI_AUTH_TOKEN}}" -var "bucket_name=${{ env.LOKI_BUCKET_NAME }}" -var "loki_tag=${{env.LOKI_TAG}}" -no-color
+      run: terraform plan -no-color
       working-directory: ./terraform-ecs
 
     - name: Terraform Apply
-      run: terraform apply -var "auth_secret=${{env.LOKI_AUTH_TOKEN}}" -var "bucket_name=${{ env.LOKI_BUCKET_NAME }}" -var "loki_tag=${{env.LOKI_TAG}}" -auto-approve
+      run: terraform apply -auto-approve
       working-directory: ./terraform-ecs
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@ node_modules
 .terraform
 *.tfstate
 *.tfstate.backup
+*.tfvars
 loki-authorizer.zip
diff --git a/grafana-config/config.yaml b/grafana-config/config.yaml
@@ -41,7 +41,7 @@ limits_config:
   query_timeout: 500s
   reject_old_samples: true
   reject_old_samples_max_age: 168h
-  retention_period: 168h
+  retention_period: ${RETENTION_PERIOD:-180d}
   split_queries_by_interval: 30m
 memberlist:
   join_members:
@@ -79,7 +79,7 @@ server:
   http_server_idle_timeout: 500s
   http_server_read_timeout: 500s
   http_server_write_timeout: 500s
-  log_level: debug
+  log_level: error
 storage_config:
   boltdb_shipper:
     active_index_directory: /var/loki/active

diff --git a/terraform-ecs/ecs.tf b/terraform-ecs/ecs.tf
@@ -66,6 +66,10 @@ resource "aws_ecs_task_definition" "loki_write" {
         name  = "JOIN_MEMBERS"
         value = "${aws_lb.loki_gossip_lb.dns_name}:7946"
       },
+      {
+        name  = "RETENTION_PERIOD"
+        value = var.retention_period
+      },
     ]
     command = [
       "-target=write",
@@ -108,8 +112,8 @@ resource "aws_ecs_task_definition" "loki_read" {
   task_role_arn            = aws_iam_role.loki_task_role.arn
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
-  cpu                      = "256"
-  memory                   = "512"
+  cpu                      = var.loki_read_cpu
+  memory                   = var.loki_read_memory
 
   container_definitions = jsonencode([{
     name      = "loki-read"
@@ -157,6 +161,10 @@ resource "aws_ecs_task_definition" "loki_read" {
         name  = "JOIN_MEMBERS"
         value = "${aws_lb.loki_gossip_lb.dns_name}:7946"
       },
+      {
+        name  = "RETENTION_PERIOD"
+        value = var.retention_period
+      },
     ]
 
     logConfiguration = {

diff --git a/terraform-ecs/variables.tf b/terraform-ecs/variables.tf
@@ -53,3 +53,8 @@ variable "loki_tag" {
   type = string
   default = "dev"
 }
+
+variable "retention_period" {
+  type = string
+  default = "180d"
+}