https://github.com/opszero/terraform-helm-kubespot

https://github.com/opszero/terraform-helm-kubespot

Last synced: 5 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/opszero/terraform-helm-kubespot
• Owner: opszero
• License: other
• Created: 2022-04-15T23:01:00.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2025-11-24T19:29:51.000Z (7 months ago)
• Last Synced: 2025-11-28T07:33:42.586Z (7 months ago)
• Language: HCL
• Homepage: https://opszero.com
• Size: 233 KB
• Stars: 0
• Watchers: 2
• Forks: 3
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Support: SUPPORT

Awesome Lists containing this project

README

          

# Kubespot (Helm)

- cert-manager

- datadog

- keda

- nginx

- prometheus

- grafana

- grafana loki

- kubecost

# Configuration

## cert-manager

To use cert-manager add the following annotation to your Ingress

```yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  annotations:

    # add an annotation indicating the issuer to use.

    cert-manager.io/cluster-issuer: letsencrypt

  name: myIngress

  namespace: myIngress

spec:

  tls:

    - hosts:

        - https-example.foo.com

      secretName: testsecret-tls

  rules:

    - host: https-example.foo.com

      http:

        paths:

          - path: /

            pathType: Prefix

            backend:

              service:

                name: service1

                port:

                  number: 80

```

# Grafana

Grafana is installed on a ClusterIP use the following to open it locally.

```

kubectl port-forward -n grafana service/grafana 6891:80

open https://localhost:6891

Username: opszero

Password: opszero

```

# Deployment

```sh

terraform init

terraform plan

terraform apply -auto-approve

```

# Teardown

```sh

terraform destroy -auto-approve

```

## Providers

| Name | Version |

|------|---------|

|  [helm](#provider\_helm) | n/a |

|  [null](#provider\_null) | n/a |

|  [random](#provider\_random) | n/a |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cert\_manager\_email](#input\_cert\_manager\_email) | Your email address to use for cert manager | `any` | `null` | no |

|  [cert\_manager\_enable](#input\_cert\_manager\_enable) | Enable or disable cert-manager installation | `bool` | `true` | no |

|  [cert\_manager\_leader\_election\_namespace](#input\_cert\_manager\_leader\_election\_namespace) | The namespace used for the leader election lease. Change to cert-manager for GKE Autopilot | `string` | `"cert-manager"` | no |

|  [cert\_manager\_resources](#input\_cert\_manager\_resources) | n/a | 
map(object({
    cpu    = string
    memory = string
  }))
 | `null` | no |

|  [cert\_manager\_version](#input\_cert\_manager\_version) | The version of the Cert-Manager Helm chart to be deployed, used for automating the issuance and renewal of TLS certificates. | `string` | `"1.16.3"` | no |

|  [datadog\_api\_key](#input\_datadog\_api\_key) | The API key for datadog | `string` | `""` | no |

|  [datadog\_values](#input\_datadog\_values) | Values for datadog helm chart | `string` | `""` | no |

|  [datadog\_values\_extra](#input\_datadog\_values\_extra) | Path to extra values YAML file for Datadog Helm chart | `string` | `null` | no |

|  [datadog\_version](#input\_datadog\_version) | The version of the Datadog Helm chart to be deployed, used for monitoring, security, and observability in Kubernetes environments. | `string` | `"3.88.3"` | no |

|  [grafana\_admin\_password](#input\_grafana\_admin\_password) | The Password of Grafana for login Dashboard | `string` | `""` | no |

|  [grafana\_admin\_user](#input\_grafana\_admin\_user) | The User name of Grafana for login Dashboard | `string` | `"opszero"` | no |

|  [grafana\_datasources](#input\_grafana\_datasources) | n/a | 
list(object({
    name      = string
    type      = string
    url       = string
    access    = string
    isDefault = bool
  }))
 | `[]` | no |

|  [grafana\_efs\_enable](#input\_grafana\_efs\_enable) | Enable EFS storage for Grafana | `bool` | `false` | no |

|  [grafana\_efs\_storage\_class\_name](#input\_grafana\_efs\_storage\_class\_name) | If EFS is needed pass EFS storage class, but make sure efs and efs driver deployed | `string` | `"gp2"` | no |

|  [grafana\_enabled](#input\_grafana\_enabled) | Enable grafana | `bool` | `false` | no |

|  [grafana\_extra\_yml](#input\_grafana\_extra\_yml) | Grafana Datasources as Yaml | `any` | `null` | no |

|  [grafana\_google\_auth\_client\_id](#input\_grafana\_google\_auth\_client\_id) | Add Google Auth client id | `string` | `""` | no |

|  [grafana\_google\_auth\_client\_secret](#input\_grafana\_google\_auth\_client\_secret) | Add Google Auth client secret | `string` | `""` | no |

|  [grafana\_ingress\_class\_name](#input\_grafana\_ingress\_class\_name) | Ingress class name for Grafana | `string` | `"nginx"` | no |

|  [grafana\_ingress\_enabled](#input\_grafana\_ingress\_enabled) | Enable grafana ingress | `bool` | `false` | no |

|  [grafana\_ingress\_hosts](#input\_grafana\_ingress\_hosts) | Add grafana ingress hosts | `list` | `[]` | no |

|  [grafana\_loki\_bucket\_name](#input\_grafana\_loki\_bucket\_name) | Name for the S3 bucket | `string` | `""` | no |

|  [grafana\_loki\_enabled](#input\_grafana\_loki\_enabled) | Enable grafana loki | `bool` | `false` | no |

|  [grafana\_loki\_yml\_file](#input\_grafana\_loki\_yml\_file) | n/a | `any` | `null` | no |

|  [grafana\_persistence\_storage](#input\_grafana\_persistence\_storage) | Enable persistence storage for Grafana | `bool` | `true` | no |

|  [grafana\_version](#input\_grafana\_version) | The version of the Grafana Helm chart to be deployed, used for data visualization and monitoring dashboards. | `string` | `"8.8.5"` | no |

|  [ingress\_nginx\_enable](#input\_ingress\_nginx\_enable) | Enable or disable the installation of the ingress-nginx Helm chart | `string` | `"true"` | no |

|  [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | The version of the Ingress-NGINX Helm chart to be deployed, used for managing ingress traffic in Kubernetes. | `string` | `"4.12.1"` | no |

|  [keda\_version](#input\_keda\_version) | The version of the KEDA Helm chart to be deployed, used for Kubernetes-based Event-Driven Autoscaling. | `string` | `"2.16.1"` | no |

|  [kubecost\_enabled](#input\_kubecost\_enabled) | A boolean to enable or disable the deployment of Kubecost, a tool for monitoring and managing Kubernetes cost and resource usage. | `bool` | `false` | no |

|  [kubecost\_version](#input\_kubecost\_version) | The version of the Kubecost Helm chart to be deployed, used for Kubernetes cost management and optimization. | `string` | `"2.5.3"` | no |

|  [loki\_version](#input\_loki\_version) | The version of the Loki Helm chart to be deployed, used for log aggregation and analysis. | `string` | `"6.25.0"` | no |

|  [loki\_yml\_file](#input\_loki\_yml\_file) | Path to custom Loki YAML file | `string` | `null` | no |

|  [nginx\_max\_replicas](#input\_nginx\_max\_replicas) | Maximum number of Nginx Replicas | `number` | `11` | no |

|  [nginx\_min\_replicas](#input\_nginx\_min\_replicas) | Minimum number of Nginx Replicas | `number` | `2` | no |

|  [nginx\_name](#input\_nginx\_name) | Release name for the installed helm chart | `string` | `"nginx"` | no |

|  [nginx\_yml\_file](#input\_nginx\_yml\_file) | n/a | `any` | `null` | no |

|  [opentelemetry\_collector\_version](#input\_opentelemetry\_collector\_version) | The version of the OpenTelemetry Collector Helm chart to be deployed, used for collecting telemetry data (logs, metrics, and traces) from various sources. | `string` | `"0.115.0"` | no |

|  [otel\_yml\_file](#input\_otel\_yml\_file) | n/a | `any` | `null` | no |

|  [prometheus\_additional\_scrape\_configs](#input\_prometheus\_additional\_scrape\_configs) | Add additional scrape for configuration for prometheus if needed | 
list(object({
    job_name        = string
    targets         = list(string)
    scrape_interval = string
    metrics_path    = string
  }))
 | `[]` | no |

|  [prometheus\_enabled](#input\_prometheus\_enabled) | Enable prometheus | `bool` | `true` | no |

|  [prometheus\_persistence\_storage](#input\_prometheus\_persistence\_storage) | Enable persistence storage for Prometheus | `bool` | `false` | no |

|  [prometheus\_version](#input\_prometheus\_version) | The version of the Prometheus Helm chart to be deployed, used for monitoring and alerting in Kubernetes. | `string` | `"27.1.0"` | no |

|  [promtail\_version](#input\_promtail\_version) | The version of the Promtail Helm chart to be deployed, used as a log collector to send logs to Loki. | `string` | `"6.16.6"` | no |

|  [pushgateway\_ingress\_host](#input\_pushgateway\_ingress\_host) | List of hosts for prometheus push gateway ingress | `list` | `[]` | no |

|  [storage\_class](#input\_storage\_class) | Storage Class to use for Persistence | `string` | `"gp2"` | no |

## Resources


| Name | Type |

|------|------|

| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.datadog](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.grafana](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.keda](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.kubecost](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.loki](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.opentelemetry_collector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |

| [null_resource.cert-manager-cluster-issuer](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [random_password.grafana_admin_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |

## Outputs

| Name | Description |

|------|-------------|

|  [grafana\_admin\_password](#output\_grafana\_admin\_password) | n/a |

# 🚀 Built by opsZero!



[opsZero](https://opszero.com) provides software and consulting for Cloud + AI. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.

Our software and consulting solutions enable organizations to:

- migrate workloads to the Cloud

- setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.

- FinOps solutions to reduce the cost of running Cloud workloads

- Kubernetes optimized for web scale and AI workloads

- finding underutilized Cloud resources

- setting up custom AI training and delivery

- building data integrations and scrapers

- modernizing onto modern ARM based processors

We do this with a high-touch support model where you:

- Get access to us on Slack, Microsoft Teams or Email

- Get 24/7 coverage of your infrastructure

- Get an accelerated migration to Kubernetes

Please [schedule a call](https://calendly.com/opszero-llc/discovery) if you need support.