From df29a7b9b7656364150a000b505cce896b6190b6 Mon Sep 17 00:00:00 2001 From: Marcus Ramberg Date: Fri, 9 Feb 2024 10:27:13 +0100 Subject: [PATCH] feat: Allow enabling observability metrics in the safer_cluster module --- autogen/safer-cluster/main.tf.tmpl | 1 + autogen/safer-cluster/variables.tf.tmpl | 6 ++++++ modules/safer-cluster-update-variant/README.md | 1 + modules/safer-cluster-update-variant/main.tf | 3 ++- modules/safer-cluster-update-variant/variables.tf | 6 ++++++ modules/safer-cluster/README.md | 1 + modules/safer-cluster/main.tf | 3 ++- modules/safer-cluster/variables.tf | 6 ++++++ 8 files changed, 25 insertions(+), 2 deletions(-) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 3146875d47..9437a38c46 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -108,6 +108,7 @@ module "gke" { monitoring_service = var.monitoring_service monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus + monitoring_enable_observability_metrics = var.monitoring_enable_observability_metrics // We never use the default service account for the cluster. The default // project/editor permissions can create problems if nodes were to be ever diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 0f21e99a4e..2d74af0246 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -280,6 +280,12 @@ variable "monitoring_enable_managed_prometheus" { default = false } +variable "monitoring_enable_observability_metrics" { + type = bool + description = "Whether or not the advanced datapath metrics are enabled." + default = false +} + variable "grant_registry_access" { type = bool description = "Grants created cluster-specific service account storage.objectViewer role." diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index 8aa383cec1..49d9d43d12 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -249,6 +249,7 @@ For simplicity, we suggest using `roles/container.admin` and | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | | monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster | `string` | n/a | yes | | network | The VPC network to host the cluster in | `string` | n/a | yes | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 3da128f44e..97adc08a4c 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -103,7 +103,8 @@ module "gke" { logging_service = var.logging_service monitoring_service = var.monitoring_service - monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus + monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus + monitoring_enable_observability_metrics = var.monitoring_enable_observability_metrics // We never use the default service account for the cluster. The default // project/editor permissions can create problems if nodes were to be ever diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 2b51a97541..8d0a53faf8 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -280,6 +280,12 @@ variable "monitoring_enable_managed_prometheus" { default = false } +variable "monitoring_enable_observability_metrics" { + type = bool + description = "Whether or not the advanced datapath metrics are enabled." + default = false +} + variable "grant_registry_access" { type = bool description = "Grants created cluster-specific service account storage.objectViewer role." diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index 8aa383cec1..49d9d43d12 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -249,6 +249,7 @@ For simplicity, we suggest using `roles/container.admin` and | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | | monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster | `string` | n/a | yes | | network | The VPC network to host the cluster in | `string` | n/a | yes | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 67a3a54ed4..9ec5622fc8 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -103,7 +103,8 @@ module "gke" { logging_service = var.logging_service monitoring_service = var.monitoring_service - monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus + monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus + monitoring_enable_observability_metrics = var.monitoring_enable_observability_metrics // We never use the default service account for the cluster. The default // project/editor permissions can create problems if nodes were to be ever diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 2b51a97541..8d0a53faf8 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -280,6 +280,12 @@ variable "monitoring_enable_managed_prometheus" { default = false } +variable "monitoring_enable_observability_metrics" { + type = bool + description = "Whether or not the advanced datapath metrics are enabled." + default = false +} + variable "grant_registry_access" { type = bool description = "Grants created cluster-specific service account storage.objectViewer role."