fix: terraform private link support (#991)

[comment]: # (Note that your PR title should follow the conventional commit format: https://conventionalcommits.org/en/v1.0.0/#summary) # PR Description [comment]: # (The below checklist is for PRs adding new features. If a box is not checked, add a reason why it's not needed.) # New Feature Checklist - [ ] List telemetry added about the feature. - [ ] Link to the one-pager about the feature. - [ ] List any tasks necessary for release (3P docs, AKS RP chart changes, etc.) after merging the PR. - [ ] Attach results of scale and perf testing. [comment]: # (The below checklist is for code changes. Not all boxes necessarily need to be checked. Build, doc, and template changes do not need to fill out the checklist.) # Tests Checklist - [ ] Have end-to-end Ginkgo tests been run on your cluster and passed? To bootstrap your cluster to run the tests, follow [these instructions](/otelcollector/test/README.md#bootstrap-a-dev-cluster-to-run-ginkgo-tests). - Labels used when running the tests on your cluster: - [ ] `operator` - [ ] `windows` - [ ] `arm64` - [ ] `arc-extension` - [ ] `fips` - [ ] Have new tests been added? For features, have tests been added for this feature? For fixes, is there a test that could have caught this issue and could validate that the fix works? - [ ] Is a new scrape job needed? - [ ] The scrape job was added to the folder [test-cluster-yamls](/otelcollector/test/test-cluster-yamls/) in the correct configmap or as a CR. - [ ] Was a new test label added? - [ ] A string constant for the label was added to [constants.go](/otelcollector/test/utils/constants.go). - [ ] The label and description was added to the [test README](/otelcollector/test/README.md). - [ ] The label was added to this [PR checklist](/.github/pull_request_template). - [ ] The label was added as needed to [testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml). - [ ] Are additional API server permissions needed for the new tests? - [ ] These permissions have been added to [api-server-permissions.yaml](/otelcollector/test/testkube/api-server-permissions.yaml). - [ ] Was a new test suite (a new folder under `/tests`) added? - [ ] The new test suite is included in [testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).
2024-10-15 16:00:45 -07:00 · 2024-10-15 16:00:45 -07:00 · cd82b253cc
--- a/AddonTerraformTemplate/main.tf
+++ b/AddonTerraformTemplate/main.tf
@ -8,7 +8,6 @@ resource "azurerm_kubernetes_cluster" "k8s" {
  name                = var.cluster_name
  resource_group_name = azurerm_resource_group.rg.name

-
  dns_prefix = var.dns_prefix
  tags = {
    Environment = "Development"
@ -48,6 +47,20 @@ resource "azurerm_monitor_data_collection_endpoint" "dce" {
  kind                = "Linux"
 }

+# Logic to determine region mismatch
+locals {
+  dce_region_mismatch = var.cluster_region != var.amw_region
+}
+
+# Create another DCE if the regions don't match and is_private_cluster is true
+resource "azurerm_monitor_data_collection_endpoint" "dce_mismatch" {
+  count               = (local.dce_region_mismatch && var.is_private_cluster) ? 1 : 0
+  name                = substr("MSProm-PL-${azurerm_resource_group.rg.location}-${var.cluster_name}", 0, min(44, length("MSProm-PL-${azurerm_resource_group.rg.location}-${var.cluster_name}")))
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = var.cluster_region
+  kind                = "Linux"
+}
+
 resource "azurerm_monitor_data_collection_rule" "dcr" {
  name                        = substr("MSProm-${azurerm_resource_group.rg.location}-${var.cluster_name}", 0, min(64, length("MSProm-${azurerm_resource_group.rg.location}-${var.cluster_name}")))
  resource_group_name         = azurerm_resource_group.rg.name
@ -90,10 +103,21 @@ resource "azurerm_monitor_data_collection_rule_association" "dcra" {
  ]
 }

+resource "azurerm_monitor_data_collection_rule_association" "dcra_mismatch" {
+  count                   = (local.dce_region_mismatch && var.is_private_cluster) ? 1 : 0
+  target_resource_id      = azurerm_kubernetes_cluster.k8s.id
+  data_collection_endpoint_id = local.dce_region_mismatch ? azurerm_monitor_data_collection_endpoint.dce_mismatch[0].id : azurerm_monitor_data_collection_endpoint.dce.id
+  description             = "Association of data collection endpoint for private link clusters. Deleting this association will break the data collection for this AKS Cluster."
+  depends_on = [
+    azurerm_monitor_data_collection_endpoint.dce
+  ]
+}
+
 resource "azurerm_dashboard_grafana" "grafana" {
  name                = var.grafana_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = var.grafana_location
+  grafana_major_version = var.grafana_version

  identity {
    type = "SystemAssigned"
@ -110,6 +134,7 @@ resource "azurerm_role_assignment" "datareaderrole" {
  principal_id       = azurerm_dashboard_grafana.grafana.identity.0.principal_id
 }

+
 resource "azurerm_monitor_alert_prometheus_rule_group" "node_recording_rules_rule_group" {
  name                = "NodeRecordingRulesRuleGroup-${var.cluster_name}"
  location            = azurerm_resource_group.rg.location
--- a/AddonTerraformTemplate/variables.tf
+++ b/AddonTerraformTemplate/variables.tf
@ -29,10 +29,28 @@ variable "grafana_location" {
  default = "eastus"
 }

+variable "grafana_version" {
+  default = "10"
+}
+
+variable "is_private_cluster" {
+  default = "false"
+}
+
 variable "monitor_workspace_name" {
  default = "amwtest"
 }

+variable "amw_region" {
+  default = "northeurope"
+  description = "Location of the Azure Monitor Workspace"
+}
+
+variable "cluster_region" {
+  default = "eastus"
+  description = "Location of the Azure Kubernetes Cluster"
+}
+
 variable "resource_group_location" {
  default     = "eastus"
  description = "Location of the resource group."