camptocamp · lentidas · Jan 18, 2024 · Dec 18, 2023 · Jan 18, 2024 · Jan 18, 2024
@@ -22,15 +22,15 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
-- [[provider_null]] <<provider_null,null>> (>= 3)
-
 - [[provider_random]] <<provider_random,random>> (>= 3)
 
 - [[provider_htpasswd]] <<provider_htpasswd,htpasswd>> (>= 1)
 
+- [[provider_utils]] <<provider_utils,utils>> (>= 1)
+
 - [[provider_argocd]] <<provider_argocd,argocd>> (>= 5)
 
-- [[provider_utils]] <<provider_utils,utils>> (>= 1)
+- [[provider_null]] <<provider_null,null>> (>= 3)
 
 === Resources
 
@@ -48,14 +48,6 @@ The following resources are used by this module:
 
 The following input variables are optional (have default values):
 
-==== [[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-
-Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
-
-Type: `string`
-
-Default: `"argocd"`
-
 ==== [[input_argocd_project]] <<input_argocd_project,argocd_project>>
 
 Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
@@ -86,15 +78,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v5.2.0"`
-
-==== [[input_namespace]] <<input_namespace,namespace>>
-
-Description: Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-
-Type: `string`
-
-Default: `"loki-stack"`
+Default: `"v6.0.0"`
 
 ==== [[input_helm_values]] <<input_helm_values,helm_values>>
 
@@ -190,11 +174,11 @@ Description: Credentials to access the Loki ingress, if activated.
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
-|[[provider_null]] <<provider_null,null>> |>= 3
 |[[provider_random]] <<provider_random,random>> |>= 3
 |[[provider_htpasswd]] <<provider_htpasswd,htpasswd>> |>= 1
 |[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
+|[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
 = Resources
@@ -216,12 +200,6 @@ Description: Credentials to access the Loki ingress, if activated.
 [cols="a,a,a,a,a",options="header,autowidth"]
 |===
 |Name |Description |Type |Default |Required
-|[[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-|Namespace used by Argo CD where the Application and AppProject resources should be created.
-|`string`
-|`"argocd"`
-|no
-
 |[[input_argocd_project]] <<input_argocd_project,argocd_project>>
 |Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
 |`string`
@@ -243,13 +221,7 @@ Description: Credentials to access the Loki ingress, if activated.
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v5.2.0"`
-|no
-
-|[[input_namespace]] <<input_namespace,namespace>>
-|Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-|`string`
-|`"loki-stack"`
+|`"v6.0.0"`
 |no
 
 |[[input_helm_values]] <<input_helm_values,helm_values>>

@@ -34,9 +34,9 @@ Version:
 The following resources are used by this module:
 
 - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/federated_identity_credential[azurerm_federated_identity_credential.loki] (resource)
-- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment[azurerm_role_assignment.contributor] (resource)
+- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment[azurerm_role_assignment.storage_contributor] (resource)
 - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity[azurerm_user_assigned_identity.loki] (resource)
-- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group[azurerm_resource_group.node] (data source)
+- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group[azurerm_resource_group.node_resource_group] (data source)
 - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container[azurerm_storage_container.container] (data source)
 
 === Required Inputs
@@ -63,14 +63,6 @@ object({
 
 The following input variables are optional (have default values):
 
-==== [[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-
-Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
-
-Type: `string`
-
-Default: `"argocd"`
-
 ==== [[input_argocd_project]] <<input_argocd_project,argocd_project>>
 
 Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
@@ -101,15 +93,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v5.2.0"`
-
-==== [[input_namespace]] <<input_namespace,namespace>>
-
-Description: Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-
-Type: `string`
-
-Default: `"loki-stack"`
+Default: `"v6.0.0"`
 
 ==== [[input_helm_values]] <<input_helm_values,helm_values>>
 
@@ -222,9 +206,9 @@ Description: Credentials to access the Loki ingress, if activated.
 |===
 |Name |Type
 |https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/federated_identity_credential[azurerm_federated_identity_credential.loki] |resource
-|https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment[azurerm_role_assignment.contributor] |resource
+|https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment[azurerm_role_assignment.storage_contributor] |resource
 |https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity[azurerm_user_assigned_identity.loki] |resource
-|https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group[azurerm_resource_group.node] |data source
+|https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group[azurerm_resource_group.node_resource_group] |data source
 |https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container[azurerm_storage_container.container] |data source
 |===
 
@@ -251,12 +235,6 @@ object({
 |n/a
 |yes
 
-|[[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-|Namespace used by Argo CD where the Application and AppProject resources should be created.
-|`string`
-|`"argocd"`
-|no
-
 |[[input_argocd_project]] <<input_argocd_project,argocd_project>>
 |Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
 |`string`
@@ -278,13 +256,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v5.2.0"`
-|no
-
-|[[input_namespace]] <<input_namespace,namespace>>
-|Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-|`string`
-|`"loki-stack"`
+|`"v6.0.0"`
 |no
 
 |[[input_helm_values]] <<input_helm_values,helm_values>>

@@ -9,12 +9,12 @@ variable "logs_storage" {
   })
 
   validation {
-    condition     = (var.logs_storage.managed_identity_node_rg_name == null) != (var.logs_storage.storage_account_key == null)
-    error_message = "You must set one (and only one) of these attributes: managed_identity_node_rg_name, storage_account_key."
+    condition     = (var.logs_storage.managed_identity_node_rg_name == null && var.logs_storage.managed_identity_oidc_issuer_url == null) != (var.logs_storage.storage_account_key == null)
+    error_message = "You can either set the variables for the managed identity or use storage account key, not both at the same time."
   }
 
   validation {
     condition     = (var.logs_storage.managed_identity_node_rg_name == null) == (var.logs_storage.managed_identity_oidc_issuer_url == null)
-    error_message = "managed_identity_node_rg_name & managed_identity_oidc_issuer_url are (un)set together."
+    error_message = "When using the managed identity, both `managed_identity_node_rg_name` and `managed_identity_oidc_issuer_url` are required."
   }
 }
@@ -10,11 +10,6 @@ locals {
       }
       } : null, {
       loki = merge(local.use_managed_identity ? {
-        # version >= 2.8 is required for workload identity support. Current chart version uses loki 2.7.5.
-        # TODO remove once chart uses a version >= 2.8.
-        image = {
-          tag = "2.8.0"
-        }
         podLabels = {
           "azure.workload.identity/use" = "true"
         }

@@ -1,4 +1,4 @@
-data "azurerm_resource_group" "node" {
+data "azurerm_resource_group" "node_resource_group" {
   count = local.use_managed_identity ? 1 : 0
 
   name = var.logs_storage.managed_identity_node_rg_name
@@ -14,12 +14,12 @@ data "azurerm_storage_container" "container" {
 resource "azurerm_user_assigned_identity" "loki" {
   count = local.use_managed_identity ? 1 : 0
 
-  resource_group_name = data.azurerm_resource_group.node[0].name
-  location            = data.azurerm_resource_group.node[0].location
   name                = "loki"
+  resource_group_name = data.azurerm_resource_group.node_resource_group[0].name
+  location            = data.azurerm_resource_group.node_resource_group[0].location
 }
 
-resource "azurerm_role_assignment" "contributor" {
+resource "azurerm_role_assignment" "storage_contributor" {
   count = local.use_managed_identity ? 1 : 0
 
   scope                = data.azurerm_storage_container.container[0].resource_manager_id
@@ -31,22 +31,20 @@ resource "azurerm_federated_identity_credential" "loki" {
   count = local.use_managed_identity ? 1 : 0
 
   name                = "loki"
-  resource_group_name = data.azurerm_resource_group.node[0].name
+  resource_group_name = data.azurerm_resource_group.node_resource_group[0].name
   audience            = ["api://AzureADTokenExchange"]
   issuer              = var.logs_storage.managed_identity_oidc_issuer_url
   parent_id           = azurerm_user_assigned_identity.loki[0].id
-  subject             = "system:serviceaccount:${var.namespace}:loki" # "loki" is the fullnameOverride value
+  subject             = "system:serviceaccount:loki-stack:loki" # "loki" is the fullnameOverride value
 }
 
 module "loki-stack" {
   source = "../"
 
-  argocd_namespace    = var.argocd_namespace
   argocd_project      = var.argocd_project
   argocd_labels       = var.argocd_labels
   destination_cluster = var.destination_cluster
   target_revision     = var.target_revision
-  namespace           = var.namespace
   app_autosync        = var.app_autosync
   dependency_ids      = var.dependency_ids
 

@@ -45,14 +45,6 @@ object({
 
 The following input variables are optional (have default values):
 
-==== [[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-
-Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
-
-Type: `string`
-
-Default: `"argocd"`
-
 ==== [[input_argocd_project]] <<input_argocd_project,argocd_project>>
 
 Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
@@ -83,15 +75,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v5.2.0"`
-
-==== [[input_namespace]] <<input_namespace,namespace>>
-
-Description: Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-
-Type: `string`
-
-Default: `"loki-stack"`
+Default: `"v6.0.0"`
 
 ==== [[input_helm_values]] <<input_helm_values,helm_values>>
 
@@ -211,12 +195,6 @@ object({
 |n/a
 |yes
 
-|[[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-|Namespace used by Argo CD where the Application and AppProject resources should be created.
-|`string`
-|`"argocd"`
-|no
-
 |[[input_argocd_project]] <<input_argocd_project,argocd_project>>
 |Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
 |`string`
@@ -238,13 +216,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v5.2.0"`
-|no
-
-|[[input_namespace]] <<input_namespace,namespace>>
-|Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-|`string`
-|`"loki-stack"`
+|`"v6.0.0"`
 |no
 
 |[[input_helm_values]] <<input_helm_values,helm_values>>

@@ -1,12 +1,10 @@
 module "loki-stack" {
   source = "../"
 
-  argocd_namespace    = var.argocd_namespace
   argocd_project      = var.argocd_project
   argocd_labels       = var.argocd_labels
   destination_cluster = var.destination_cluster
   target_revision     = var.target_revision
-  namespace           = var.namespace
   app_autosync        = var.app_autosync
   dependency_ids      = var.dependency_ids
 

@@ -47,14 +47,6 @@ object({
 
 The following input variables are optional (have default values):
 
-==== [[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-
-Description: Namespace used by Argo CD where the Application and AppProject resources should be created.
-
-Type: `string`
-
-Default: `"argocd"`
-
 ==== [[input_argocd_project]] <<input_argocd_project,argocd_project>>
 
 Description: Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
@@ -85,15 +77,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v5.2.0"`
-
-==== [[input_namespace]] <<input_namespace,namespace>>
-
-Description: Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-
-Type: `string`
-
-Default: `"loki-stack"`
+Default: `"v6.0.0"`
 
 ==== [[input_helm_values]] <<input_helm_values,helm_values>>
 
@@ -215,12 +199,6 @@ object({
 |n/a
 |yes
 
-|[[input_argocd_namespace]] <<input_argocd_namespace,argocd_namespace>>
-|Namespace used by Argo CD where the Application and AppProject resources should be created.
-|`string`
-|`"argocd"`
-|no
-
 |[[input_argocd_project]] <<input_argocd_project,argocd_project>>
 |Name of the Argo CD AppProject where the Application should be created. If not set, the Application will be created in a new AppProject only for this Application.
 |`string`
@@ -242,13 +220,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v5.2.0"`
-|no
-
-|[[input_namespace]] <<input_namespace,namespace>>
-|Namespace where the applications's Kubernetes resources should be created. Namespace will be created in case it doesn't exist.
-|`string`
-|`"loki-stack"`
+|`"v6.0.0"`
 |no
 
 |[[input_helm_values]] <<input_helm_values,helm_values>>

@@ -1,12 +1,10 @@
 module "loki-stack" {
   source = "../"
 
-  argocd_namespace    = var.argocd_namespace
   argocd_project      = var.argocd_project
   argocd_labels       = var.argocd_labels
   destination_cluster = var.destination_cluster
   target_revision     = var.target_revision
-  namespace           = var.namespace
   app_autosync        = var.app_autosync
   dependency_ids      = var.dependency_ids