Skip to content

Commit

Permalink
85 log analytics private ingestion works
Browse files Browse the repository at this point in the history
  • Loading branch information
@HoussemDellai
HoussemDellai committed Feb 28, 2024
1 parent acd1daa commit 038d6cf
Show file tree
Hide file tree
Showing 11 changed files with 418 additions and 367 deletions.
22 changes: 11 additions & 11 deletions 85_prometheus_grafana_private_endpoint/ampls.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,17 @@ resource "azurerm_monitor_private_link_scoped_service" "ampls-dce-log-analytics"
}


# # not required
# # resource "azurerm_monitor_private_link_scoped_service" "prometheus" {
# # name = "ampls-prometheus"
# # resource_group_name = azurerm_resource_group.rg_monitoring.name
# # scope_name = azurerm_monitor_private_link_scope.ampls.name
# # linked_resource_id = azurerm_monitor_workspace.prometheus.id
# # }

# resource "azurerm_monitor_private_link_scoped_service" "prometheus" {
# name = "ampls-prometheus"
# resource "azurerm_monitor_private_link_scoped_service" "dce-prometheus" {
# name = "ampls-dce-prometheus"
# resource_group_name = azurerm_resource_group.rg_monitoring.name
# scope_name = azurerm_monitor_private_link_scope.ampls.name
# linked_resource_id = azurerm_monitor_workspace.prometheus.id
# }

resource "azurerm_monitor_private_link_scoped_service" "dce-prometheus" {
name = "ampls-dce-prometheus"
resource_group_name = azurerm_resource_group.rg_monitoring.name
scope_name = azurerm_monitor_private_link_scope.ampls.name
linked_resource_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
}
# linked_resource_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
# }
33 changes: 0 additions & 33 deletions 85_prometheus_grafana_private_endpoint/data_collection_rule.tf
View file

This file was deleted.

13 changes: 6 additions & 7 deletions ...vate_endpoint/data_collection_endpoint.tf → ...ana_private_endpoint/dce-log_analytics.tf
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
resource "azurerm_monitor_data_collection_endpoint" "dce-prometheus" {
name = "dce-prometheus"
resource "azurerm_monitor_data_collection_endpoint" "dce-log-analytics" {
name = "dce-log-analytics"
resource_group_name = azurerm_resource_group.rg_monitoring.name
location = azurerm_resource_group.rg_monitoring.location
kind = "Linux"
public_network_access_enabled = false # true # false
public_network_access_enabled = false
}

# associate to a Data Collection Endpoint
resource "azurerm_monitor_data_collection_rule_association" "dce-aks-prometheus" {
resource "azurerm_monitor_data_collection_rule_association" "dcra-dce-log-analytics-aks" {
name = "configurationAccessEndpoint" # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint
target_resource_id = azurerm_kubernetes_cluster.aks.id
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
}
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id
}
14 changes: 14 additions & 0 deletions 85_prometheus_grafana_private_endpoint/dce-prometheus.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# resource "azurerm_monitor_data_collection_endpoint" "dce-prometheus" {
# name = "dce-prometheus"
# resource_group_name = azurerm_resource_group.rg_monitoring.name
# location = azurerm_resource_group.rg_monitoring.location
# kind = "Linux"
# public_network_access_enabled = false # true # false
# }

# # associate to a Data Collection Endpoint
# resource "azurerm_monitor_data_collection_rule_association" "dcra-dce-prometheus-aks" {
# name = "configurationAccessEndpoint" # "dcra-dce-prometheus-aks" # # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint
# target_resource_id = azurerm_kubernetes_cluster.aks.id
# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
# }
18 changes: 2 additions & 16 deletions ...private_endpoint/dce-dcr-log_analytics.tf → ...ana_private_endpoint/dcr-log_analytics.tf
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,3 @@
resource "azurerm_monitor_data_collection_endpoint" "dce-log-analytics" {
name = "dce-log-analytics"
resource_group_name = azurerm_resource_group.rg_monitoring.name
location = azurerm_resource_group.rg_monitoring.location
public_network_access_enabled = false
}

# associate to a Data Collection Endpoint
resource "azurerm_monitor_data_collection_rule_association" "dce-aks-log-analytics" {
name = "configurationAccessEndpoint" # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint
target_resource_id = azurerm_kubernetes_cluster.aks.id
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id
}

resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" {
name = "dcr-log-analytics"
resource_group_name = azurerm_resource_group.rg_monitoring.name
Expand Down Expand Up @@ -66,8 +52,8 @@ resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" {
}

# associate to a Data Collection Rule
resource "azurerm_monitor_data_collection_rule_association" "dcr-aks-log-analytics" {
name = "dcr-aks-log-analytics"
resource "azurerm_monitor_data_collection_rule_association" "dcra-dcr-log-analytics-aks" {
name = "dcra-dcr-log-analytics-aks"
target_resource_id = azurerm_kubernetes_cluster.aks.id
data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-log-analytics.id
}
35 changes: 35 additions & 0 deletions 85_prometheus_grafana_private_endpoint/dcr-prometheus.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# resource "azurerm_monitor_data_collection_rule" "dcr-prometheus" {
# name = "dcr-prometheus"
# resource_group_name = azurerm_resource_group.rg_monitoring.name
# location = azurerm_resource_group.rg_monitoring.location
# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
# kind = "Linux"
# description = "DCR for Azure Monitor Metrics Profile (Managed Prometheus)"

# data_sources {
# prometheus_forwarder {
# name = "PrometheusDataSource"
# streams = ["Microsoft-PrometheusMetrics"]
# }
# }

# destinations {
# monitor_account {
# monitor_account_id = azurerm_monitor_workspace.prometheus.id
# name = azurerm_monitor_workspace.prometheus.name
# }
# }

# data_flow {
# streams = ["Microsoft-PrometheusMetrics"]
# destinations = [azurerm_monitor_workspace.prometheus.name]
# }
# }

# # associate to a Data Collection Rule
# resource "azurerm_monitor_data_collection_rule_association" "dcra-dcr-prometheus-aks" {
# name = "dcra-dcr-prometheus-aks"
# target_resource_id = azurerm_kubernetes_cluster.aks.id
# data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-prometheus.id
# description = "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster."
# }
94 changes: 47 additions & 47 deletions 85_prometheus_grafana_private_endpoint/grafana.tf
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,48 @@
resource "azurerm_dashboard_grafana" "grafana" {
name = var.grafana_name
resource_group_name = azurerm_resource_group.rg_monitoring.name
location = azurerm_resource_group.rg_monitoring.location
api_key_enabled = true
deterministic_outbound_ip_enabled = true
public_network_access_enabled = true
sku = "Standard"
zone_redundancy_enabled = false
grafana_major_version = "10" # 9

azure_monitor_workspace_integrations {
resource_id = azurerm_monitor_workspace.prometheus.id
}

identity {
type = "SystemAssigned" # "UserAssigned" #
# identity_ids = [azurerm_user_assigned_identity.identity-grafana.id]
}
}

data "azurerm_client_config" "current" {}

resource "azurerm_role_assignment" "role_grafana_admin" {
scope = azurerm_dashboard_grafana.grafana.id
role_definition_name = "Grafana Admin"
principal_id = data.azurerm_client_config.current.object_id
}

resource "azurerm_role_assignment" "role_monitoring_data_reader" {
scope = azurerm_monitor_workspace.prometheus.id
role_definition_name = "Monitoring Data Reader"
principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id #
}

data "azurerm_subscription" "current" {}

resource "azurerm_role_assignment" "role_monitoring_reader" {
scope = data.azurerm_subscription.current.id
role_definition_name = "Monitoring Reader"
principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id #
}

# resource "azurerm_user_assigned_identity" "identity-grafana" {
# name = "identity-grafana"
# resource_group_name = azurerm_resource_group.rg_monitoring.name
# location = azurerm_resource_group.rg_monitoring.location
# resource "azurerm_dashboard_grafana" "grafana" {
# name = var.grafana_name
# resource_group_name = azurerm_resource_group.rg_monitoring.name
# location = azurerm_resource_group.rg_monitoring.location
# api_key_enabled = true
# deterministic_outbound_ip_enabled = true
# public_network_access_enabled = true
# sku = "Standard"
# zone_redundancy_enabled = false
# grafana_major_version = "10" # 9

# azure_monitor_workspace_integrations {
# resource_id = azurerm_monitor_workspace.prometheus.id
# }

# identity {
# type = "SystemAssigned" # "UserAssigned" #
# # identity_ids = [azurerm_user_assigned_identity.identity-grafana.id]
# }
# }

# data "azurerm_client_config" "current" {}

# resource "azurerm_role_assignment" "role_grafana_admin" {
# scope = azurerm_dashboard_grafana.grafana.id
# role_definition_name = "Grafana Admin"
# principal_id = data.azurerm_client_config.current.object_id
# }

# resource "azurerm_role_assignment" "role_monitoring_data_reader" {
# scope = azurerm_monitor_workspace.prometheus.id
# role_definition_name = "Monitoring Data Reader"
# principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id #
# }

# data "azurerm_subscription" "current" {}

# resource "azurerm_role_assignment" "role_monitoring_reader" {
# scope = data.azurerm_subscription.current.id
# role_definition_name = "Monitoring Reader"
# principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id #
# }

# # resource "azurerm_user_assigned_identity" "identity-grafana" {
# # name = "identity-grafana"
# # resource_group_name = azurerm_resource_group.rg_monitoring.name
# # location = azurerm_resource_group.rg_monitoring.location
# # }
24 changes: 12 additions & 12 deletions 85_prometheus_grafana_private_endpoint/output.tf
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
output "query_endpoint" {
value = azurerm_monitor_workspace.prometheus.query_endpoint
}
# output "query_endpoint" {
# value = azurerm_monitor_workspace.prometheus.query_endpoint
# }

output "garafana_endpoint" {
value = azurerm_dashboard_grafana.grafana.endpoint
}
# output "garafana_endpoint" {
# value = azurerm_dashboard_grafana.grafana.endpoint
# }

output "grafana_name" {
value = azurerm_dashboard_grafana.grafana.name
}
# output "grafana_name" {
# value = azurerm_dashboard_grafana.grafana.name
# }

output "grafana_rg_name" {
value = azurerm_dashboard_grafana.grafana.resource_group_name
}
# output "grafana_rg_name" {
# value = azurerm_dashboard_grafana.grafana.resource_group_name
# }

output "aks_name" {
value = azurerm_kubernetes_cluster.aks.name
Expand Down
29 changes: 12 additions & 17 deletions ...rivate_endpoint/private_endpoint-ampls.tf → ...heus_grafana_private_endpoint/pe-ampls.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
locals {
dns_zones_ampls = [
"privatelink.monitor.azure.com",
"privatelink.oms.opinsights.azure.com",
"privatelink.ods.opinsights.azure.com",
"privatelink.agentsvc.azure-automation.net",
"privatelink.blob.core.windows.net"
]
}

resource "azurerm_private_endpoint" "pe-ampls" {
name = "pe-ampls"
resource_group_name = azurerm_virtual_network.vnet.resource_group_name
Expand All @@ -13,27 +23,12 @@ resource "azurerm_private_endpoint" "pe-ampls" {

private_dns_zone_group {
name = "private-dns-zone"
private_dns_zone_ids = [ for zone in azurerm_private_dns_zone.zones : zone.id ]
private_dns_zone_ids = [for zone in azurerm_private_dns_zone.zones : zone.id]
}
}

output "zone_id" {
value = [ for zone in azurerm_private_dns_zone.zones : zone.id ]
}

variable "dns_zones_ampls" {
type = list(string)
default = [
"privatelink.monitor.azure.com",
"privatelink.oms.opinsights.azure.com",
"privatelink.ods.opinsights.azure.com",
"privatelink.agentsvc.azure-automation.net",
"privatelink.blob.core.windows.net"
]
}

resource "azurerm_private_dns_zone" "zones" {
for_each = toset(var.dns_zones_ampls)
for_each = toset(local.dns_zones_ampls)
name = each.value
resource_group_name = azurerm_resource_group.rg_monitoring.name
}
Expand Down
Loading

0 comments on commit 038d6cf

Please sign in to comment.