natalie-elizabeth/prometheus.tf

## prometheus.tf
provider "kubernetes" {}

resource "kubernetes_namespace" "prometheus" {
  metadata {
    name = "prometheus"
  }
}

// config_map
resource "kubernetes_config_map" "prometheus" {
  metadata {
    name      = "prometheus"
    namespace = "prometheus"
  }
  data = {
    "entrypoint.sh"  = "${file("${path.module}/entrypoint.sh")}"
    "prometheus.yml" = "${file("${path.module}/prometheus.yml")}"
  }
}

// service
resource "kubernetes_service" "prometheus" {
  metadata {
    name      = "prometheus"
    namespace = "prometheus"
    labels = {
      app = "prometheus"
    }
  }
  spec {
    selector = {
      app = "prometheus"
    }
    type = "ClusterIP"
    port {
      name        = "http"
      port        = 80
      target_port = "http"
    }
  }
}

// persistent volume claim
resource "kubernetes_persistent_volume_claim" "prometheus" {
  metadata {
    namespace = "prometheus"
    name      = "prometheus"
    labels = {
      app = "prometheus"
    }
  }
  spec {
    access_modes       = ["ReadWriteOnce"]
    resources {
      requests = {
        storage = "4Gi"
      }
    }
  }
}

// deployment
resource "kubernetes_deployment" "prometheus" {
  metadata {
    name      = "prometheus"
    namespace = "prometheus"
    labels = {
      app = "prometheus"
    }
  }
  spec {
    replicas = 1
    selector {
      match_labels = {
        app = "prometheus"
      }
    }
    strategy {
      type = "Recreate"
    }
    template {
      metadata {
        labels = {
          app = "prometheus"
        }
        annotations = {
          "prometheus.io/port"   = "9090"
          "prometheus.io/scrape" = "true"
        }
      }
      spec {
        service_account_name = "prometheus"
        security_context {
          fs_group    = 1000
          run_as_user = 1000

        }
        container {
          name  = "prometheus"
          image = "prom/prometheus:v2.17.2"
          resources {
            requests {
              memory = "256Mi"
              cpu    = 0.1
            }
          }
          command = ["/config/entrypoint.sh"]
          security_context {
            read_only_root_filesystem  = true
            allow_privilege_escalation = false
          }
          port {
            name           = "http"
            container_port = 9090
          }

          // volume mounts
          volume_mount {
            name       = "data"
            mount_path = "/data"
          }
          volume_mount {
            name       = "config"
            mount_path = "/config"
            read_only  = true
          }
          volume_mount {
            name       = "tmp"
            mount_path = "/tmp"
          }

          liveness_probe {
            http_get {
              path = "/-/healthy"
              port = "http"
            }
            initial_delay_seconds = 5
            period_seconds        = 10
            timeout_seconds       = 2
          }
          readiness_probe {
            http_get {
              path = "/-/ready"
              port = "http"
            }
            initial_delay_seconds = 5
            period_seconds        = 10
            timeout_seconds       = 2
          }
        }
        volume {
          name = "data"
          persistent_volume_claim {
            claim_name = "prometheus"
          }
        }
        volume {
          name = "tmp"
          empty_dir {}
        }
        volume {
          name = "config"
          config_map {
            name         = "prometheus"
            default_mode = "0500"
          }
        }

      }
    }
  }
}

resource "kubernetes_cluster_role" "prometheus" {
  metadata {
    name = "prometheus"
  }
  rule {
    api_groups = [""]
    resources = [
      "nodes",
      "nodes/proxy",
      "services",
      "endpoints",
      "pods"
    ]
    verbs = [
      "get",
      "list",
      "watch"
    ]
  }
  rule {
    //
    api_groups = ["extensions"]
    resources = [
      "ingresses"
    ]
    verbs = [
      "get",
      "list",
      "watch"
    ]
  }
  rule {
    non_resource_urls = ["/metrics"]
    verbs = [
      "get"
    ]
  }

}

// service account
resource "kubernetes_service_account" "prometheus" {
  metadata {
    namespace = "prometheus"
    name      = "prometheus"
  }
}

// cluster role binding
resource "kubernetes_cluster_role_binding" "prometheus" {
  metadata {
    name = "prometheus"
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "prometheus"
  }
  subject {
    kind      = "ServiceAccount"
    namespace = "prometheus"
    name      = "prometheus"
  }
}
	provider "kubernetes" {}

	resource "kubernetes_namespace" "prometheus" {
	metadata {
	name = "prometheus"
	}
	}

	// config_map
	resource "kubernetes_config_map" "prometheus" {
	metadata {
	name = "prometheus"
	namespace = "prometheus"
	}
	data = {
	"entrypoint.sh" = "${file("${path.module}/entrypoint.sh")}"
	"prometheus.yml" = "${file("${path.module}/prometheus.yml")}"
	}
	}

	// service
	resource "kubernetes_service" "prometheus" {
	metadata {
	name = "prometheus"
	namespace = "prometheus"
	labels = {
	app = "prometheus"
	}
	}
	spec {
	selector = {
	app = "prometheus"
	}
	type = "ClusterIP"
	port {
	name = "http"
	port = 80
	target_port = "http"
	}
	}
	}

	// persistent volume claim
	resource "kubernetes_persistent_volume_claim" "prometheus" {
	metadata {
	namespace = "prometheus"
	name = "prometheus"
	labels = {
	app = "prometheus"
	}
	}
	spec {
	access_modes = ["ReadWriteOnce"]
	resources {
	requests = {
	storage = "4Gi"
	}
	}
	}
	}

	// deployment
	resource "kubernetes_deployment" "prometheus" {
	metadata {
	name = "prometheus"
	namespace = "prometheus"
	labels = {
	app = "prometheus"
	}
	}
	spec {
	replicas = 1
	selector {
	match_labels = {
	app = "prometheus"
	}
	}
	strategy {
	type = "Recreate"
	}
	template {
	metadata {
	labels = {
	app = "prometheus"
	}
	annotations = {
	"prometheus.io/port" = "9090"
	"prometheus.io/scrape" = "true"
	}
	}
	spec {
	service_account_name = "prometheus"
	security_context {
	fs_group = 1000
	run_as_user = 1000

	}
	container {
	name = "prometheus"
	image = "prom/prometheus:v2.17.2"
	resources {
	requests {
	memory = "256Mi"
	cpu = 0.1
	}
	}
	command = ["/config/entrypoint.sh"]
	security_context {
	read_only_root_filesystem = true
	allow_privilege_escalation = false
	}
	port {
	name = "http"
	container_port = 9090
	}

	// volume mounts
	volume_mount {
	name = "data"
	mount_path = "/data"
	}
	volume_mount {
	name = "config"
	mount_path = "/config"
	read_only = true
	}
	volume_mount {
	name = "tmp"
	mount_path = "/tmp"
	}

	liveness_probe {
	http_get {
	path = "/-/healthy"
	port = "http"
	}
	initial_delay_seconds = 5
	period_seconds = 10
	timeout_seconds = 2
	}
	readiness_probe {
	http_get {
	path = "/-/ready"
	port = "http"
	}
	initial_delay_seconds = 5
	period_seconds = 10
	timeout_seconds = 2
	}
	}
	volume {
	name = "data"
	persistent_volume_claim {
	claim_name = "prometheus"
	}
	}
	volume {
	name = "tmp"
	empty_dir {}
	}
	volume {
	name = "config"
	config_map {
	name = "prometheus"
	default_mode = "0500"
	}
	}

	}
	}
	}
	}

	resource "kubernetes_cluster_role" "prometheus" {
	metadata {
	name = "prometheus"
	}
	rule {
	api_groups = [""]
	resources = [
	"nodes",
	"nodes/proxy",
	"services",
	"endpoints",
	"pods"
	]
	verbs = [
	"get",
	"list",
	"watch"
	]
	}
	rule {
	//
	api_groups = ["extensions"]
	resources = [
	"ingresses"
	]
	verbs = [
	"get",
	"list",
	"watch"
	]
	}
	rule {
	non_resource_urls = ["/metrics"]
	verbs = [
	"get"
	]
	}

	}

	// service account
	resource "kubernetes_service_account" "prometheus" {
	metadata {
	namespace = "prometheus"
	name = "prometheus"
	}
	}

	// cluster role binding
	resource "kubernetes_cluster_role_binding" "prometheus" {
	metadata {
	name = "prometheus"
	}
	role_ref {
	api_group = "rbac.authorization.k8s.io"
	kind = "ClusterRole"
	name = "prometheus"
	}
	subject {
	kind = "ServiceAccount"
	namespace = "prometheus"
	name = "prometheus"
	}
	}