feat(loki-microservices): add frontend ingress (#25)

* feat(loki-microservices): add frontend ingress * docs(terraform-docs): generate docs and write to README.adoc --------- Co-authored-by: modridi <modridi@users.noreply.github.com> Release-As: v1.0.0-alpha.8
camptocamp · Feb 13, 2023 · b98a4bd · b98a4bd
1 parent 3c927ec
commit b98a4bd
Show file tree

Hide file tree

Showing 17 changed files with 418 additions and 134 deletions.
diff --git a/README.adoc b/README.adoc
@@ -9,8 +9,12 @@ The following providers are used by this module:
 
 - [[provider_argocd]] <<provider_argocd,argocd>>
 
+- [[provider_htpasswd]] <<provider_htpasswd,htpasswd>>
+
 - [[provider_null]] <<provider_null,null>>
 
+- [[provider_random]] <<provider_random,random>>
+
 - [[provider_utils]] <<provider_utils,utils>>
 
 === Modules
@@ -23,8 +27,10 @@ The following resources are used by this module:
 
 - https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/application[argocd_application.this] (resource)
 - https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/project[argocd_project.this] (resource)
+- https://registry.terraform.io/providers/loafoe/htpasswd/latest/docs/resources/password[htpasswd_password.loki_password_hash] (resource)
 - https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.dependencies] (resource)
 - https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.this] (resource)
+- https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password[random_password.loki_password] (resource)
 - https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml[utils_deep_merge_yaml.values] (data source)
 
 === Required Inputs
@@ -106,6 +112,22 @@ Type: `any`
 
 Default: `[]`
 
+==== [[input_ingress]] <<input_ingress,ingress>>
+
+Description: Loki frontend ingress configuration
+
+Type:
+[source,hcl]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+Default: `null`
+
 ==== [[input_namespace]] <<input_namespace,namespace>>
 
 Description: n/a
@@ -120,7 +142,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v1.0.0-alpha.6"`
+Default: `"v1.0.0-alpha.7"`
 
 === Outputs
 
@@ -129,6 +151,10 @@ The following outputs are exported:
 ==== [[output_id]] <<output_id,id>>
 
 Description: ID to pass other modules in order to refer to this module as a dependency.
+
+==== [[output_loki_credentials]] <<output_loki_credentials,loki_credentials>>
+
+Description: n/a
 // END_TF_DOCS
 // BEGIN_TF_TABLES
 
@@ -139,7 +165,9 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |===
 |Name |Version
 |[[provider_argocd]] <<provider_argocd,argocd>> |n/a
+|[[provider_htpasswd]] <<provider_htpasswd,htpasswd>> |n/a
 |[[provider_null]] <<provider_null,null>> |n/a
+|[[provider_random]] <<provider_random,random>> |n/a
 |[[provider_utils]] <<provider_utils,utils>> |n/a
 |===
 
@@ -150,8 +178,10 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |Name |Type
 |https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/application[argocd_application.this] |resource
 |https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/project[argocd_project.this] |resource
+|https://registry.terraform.io/providers/loafoe/htpasswd/latest/docs/resources/password[htpasswd_password.loki_password_hash] |resource
 |https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.dependencies] |resource
 |https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource[null_resource.this] |resource
+|https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password[random_password.loki_password] |resource
 |https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml[utils_deep_merge_yaml.values] |data source
 |===
 
@@ -222,6 +252,22 @@ object({
 |`[]`
 |no
 
+|[[input_ingress]] <<input_ingress,ingress>>
+|Loki frontend ingress configuration
+|
+
+[source]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+|`null`
+|no
+
 |[[input_namespace]] <<input_namespace,namespace>>
 |n/a
 |`string`
@@ -231,7 +277,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v1.0.0-alpha.6"`
+|`"v1.0.0-alpha.7"`
 |no
 
 |===
@@ -242,5 +288,6 @@ object({
 |===
 |Name |Description
 |[[output_id]] <<output_id,id>> |ID to pass other modules in order to refer to this module as a dependency.
+|[[output_loki_credentials]] <<output_loki_credentials,loki_credentials>> |n/a
 |===
 // END_TF_TABLES
diff --git a/aks/README.adoc b/aks/README.adoc
@@ -115,6 +115,22 @@ Type: `any`
 
 Default: `[]`
 
+==== [[input_ingress]] <<input_ingress,ingress>>
+
+Description: Loki frontend ingress configuration
+
+Type:
+[source,hcl]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+Default: `null`
+
 ==== [[input_namespace]] <<input_namespace,namespace>>
 
 Description: n/a
@@ -129,7 +145,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v1.0.0-alpha.6"`
+Default: `"v1.0.0-alpha.7"`
 
 === Outputs
 
@@ -138,6 +154,10 @@ The following outputs are exported:
 ==== [[output_id]] <<output_id,id>>
 
 Description: ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.
+
+==== [[output_loki_credentials]] <<output_loki_credentials,loki_credentials>>
+
+Description: n/a
 // END_TF_DOCS
 // BEGIN_TF_TABLES
 
@@ -217,6 +237,22 @@ object({
 |`[]`
 |no
 
+|[[input_ingress]] <<input_ingress,ingress>>
+|Loki frontend ingress configuration
+|
+
+[source]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+|`null`
+|no
+
 |[[input_logs_storage]] <<input_logs_storage,logs_storage>>
 |Azure Log storage configuration
 |
@@ -242,7 +278,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v1.0.0-alpha.6"`
+|`"v1.0.0-alpha.7"`
 |no
 
 |===
@@ -253,5 +289,6 @@ object({
 |===
 |Name |Description
 |[[output_id]] <<output_id,id>> |ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.
+|[[output_loki_credentials]] <<output_loki_credentials,loki_credentials>> |n/a
 |===
 // END_TF_TABLES
diff --git a/aks/main.tf b/aks/main.tf
@@ -10,6 +10,7 @@ module "loki-stack" {
   dependency_ids   = var.dependency_ids
 
   distributed_mode = var.distributed_mode
+  ingress          = var.ingress
 
   helm_values = concat(local.helm_values, var.helm_values)
 }
diff --git a/aks/outputs.tf b/aks/outputs.tf
@@ -2,3 +2,8 @@ output "id" {
   description = "ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place."
   value       = module.loki-stack.id
 }
+
+output "loki_credentials" {
+  value     = module.loki-stack.loki_credentials
+  sensitive = true
+}
diff --git a/charts/loki-microservice/templates/ingressRoute.yaml b/charts/loki-microservice/templates/ingressRoute.yaml
@@ -0,0 +1,65 @@
+{{- with .Values.frontendIngress }}
+{{- $hosts := printf "(Host(`%s`))" ( join "`) || Host(`" .hosts ) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: loki-frontend
+spec:
+  secretName: loki-frontend-tls
+  dnsNames:
+    {{- toYaml .hosts | nindent 4 }}
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: {{ .clusterIssuer }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: loki-frontend
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - match: {{ printf "(%s)" $hosts | quote }}
+    kind: Rule
+    services:
+    - name: {{ .serviceName }}
+      port: 3100
+    middlewares:
+{{- with .allowedIPs }}
+    - name: ip-whitelist
+{{- end }}
+    - name: basic-auth
+  tls:
+    secretName: loki-frontend-tls
+{{- with .allowedIPs }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ip-whitelist
+spec:
+  ipWhiteList:
+    sourceRange:
+    {{- range . }}
+      - {{ . | quote }}
+    {{- end }}
+{{- end }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+spec:
+  basicAuth:
+    secret: basic-auth-creds
+---
+apiVersion: v1
+data:
+  users: {{ .lokiCredentials }}
+kind: Secret
+metadata:
+  name: basic-auth-creds
+{{- end }}
diff --git a/eks/README.adoc b/eks/README.adoc
@@ -115,6 +115,22 @@ Type: `any`
 
 Default: `[]`
 
+==== [[input_ingress]] <<input_ingress,ingress>>
+
+Description: Loki frontend ingress configuration
+
+Type:
+[source,hcl]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+Default: `null`
+
 ==== [[input_namespace]] <<input_namespace,namespace>>
 
 Description: n/a
@@ -129,7 +145,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v1.0.0-alpha.6"`
+Default: `"v1.0.0-alpha.7"`
 
 === Outputs
 
@@ -138,6 +154,10 @@ The following outputs are exported:
 ==== [[output_id]] <<output_id,id>>
 
 Description: ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.
+
+==== [[output_loki_credentials]] <<output_loki_credentials,loki_credentials>>
+
+Description: n/a
 // END_TF_DOCS
 // BEGIN_TF_TABLES
 
@@ -217,6 +237,22 @@ object({
 |`[]`
 |no
 
+|[[input_ingress]] <<input_ingress,ingress>>
+|Loki frontend ingress configuration
+|
+
+[source]
+----
+object({
+    hosts          = list(string)
+    cluster_issuer = string
+    allowed_ips    = optional(list(string), [])
+  })
+----
+
+|`null`
+|no
+
 |[[input_logs_storage]] <<input_logs_storage,logs_storage>>
 |AWS S3 bucket configuration values for the bucket where the logs will be stored.
 |
@@ -242,7 +278,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v1.0.0-alpha.6"`
+|`"v1.0.0-alpha.7"`
 |no
 
 |===
@@ -253,5 +289,6 @@ object({
 |===
 |Name |Description
 |[[output_id]] <<output_id,id>> |ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place.
+|[[output_loki_credentials]] <<output_loki_credentials,loki_credentials>> |n/a
 |===
 // END_TF_TABLES
diff --git a/eks/main.tf b/eks/main.tf
@@ -10,6 +10,7 @@ module "loki-stack" {
   dependency_ids   = var.dependency_ids
 
   distributed_mode = false
+  ingress          = var.ingress
 
   helm_values = concat(local.helm_values, var.helm_values)
 }
diff --git a/eks/outputs.tf b/eks/outputs.tf
@@ -2,3 +2,8 @@ output "id" {
   description = "ID to pass other modules in order to refer to this module as a dependency. It takes the ID that comes from the main module and passes it along to the code that called this variant in the first place."
   value       = module.loki-stack.id
 }
+
+output "loki_credentials" {
+  value     = module.loki-stack.loki_credentials
+  sensitive = true
+}