Add ability to use sidecars (#10287)

# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-11-06 00:45:19 +00:00 · 2023-03-03 13:50:48 -05:00 · 2023-03-03 13:50:48 -05:00 · 2933a7bdaa
commit 2933a7bdaa
parent f7c1cc0c87
12 changed files with 124 additions and 2 deletions
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@ -0,0 +1 @@
+.external_modules
--- a/terraform/addons/xrays-sidecar/.header.md
+++ b/terraform/addons/xrays-sidecar/.header.md
@ -0,0 +1,2 @@
+# AWS Xrays ECS Sidecar
+This addon provides a sidecar for AWS Xrays Opentelemetry to allow Fleet to send traces to AWS Xrays.
--- a/terraform/addons/xrays-sidecar/.terraform-docs.yml
+++ b/terraform/addons/xrays-sidecar/.terraform-docs.yml
@ -0,0 +1 @@
+header-from: .header.md
--- a/terraform/addons/xrays-sidecar/README.md
+++ b/terraform/addons/xrays-sidecar/README.md
@ -0,0 +1,36 @@
+# AWS Xrays ECS Sidecar
+This addon provides a sidecar for AWS Xrays Opentelemetry to allow Fleet to send traces to AWS Xrays.
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_fleet_extra_environment_variables"></a> [fleet\_extra\_environment\_variables](#output\_fleet\_extra\_environment\_variables) | n/a |
+| <a name="output_fleet_extra_iam_policies"></a> [fleet\_extra\_iam\_policies](#output\_fleet\_extra\_iam\_policies) | n/a |
+| <a name="output_fleet_sidecars"></a> [fleet\_sidecars](#output\_fleet\_sidecars) | n/a |
--- a/terraform/addons/xrays-sidecar/main.tf
+++ b/terraform/addons/xrays-sidecar/main.tf
@ -0,0 +1,35 @@
+data "aws_region" "current" {}
+
+data "aws_iam_policy_document" "main" {
+  statement {
+    actions = [
+      "xray:PutTraceSegments",
+      "xray:PutTelemetryRecords",
+      "xray:GetSamplingRules",
+      "xray:GetSamplingTargets",
+      "xray:GetSamplingStatisticSummaries",
+      "logs:PutLogEvents",
+      "logs:CreateLogStream",
+    ]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "main" {
+  policy = data.aws_iam_policy_document.main.json
+}
+
+data "aws_iam_policy_document" "execution" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:CreateLogGroup",
+    ]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "execution" {
+  policy = data.aws_iam_policy_document.execution.json
+}
--- a/terraform/addons/xrays-sidecar/outputs.tf
+++ b/terraform/addons/xrays-sidecar/outputs.tf
@ -0,0 +1,38 @@
+output "fleet_extra_iam_policies" {
+  value = [aws_iam_policy.main.arn]
+}
+
+output "fleet_extra_execution_iam_policies" {
+  value = [aws_iam_policy.execution.arn]
+}
+
+output "fleet_sidecars" {
+  value = [
+    {
+      "name" : "aws-otel-collector",
+      "image" : "public.ecr.aws/aws-observability/aws-otel-collector:v0.26.1",
+      "essential" : true,
+      "command" : [
+        "--config=/etc/ecs/ecs-default-config.yaml"
+      ],
+      "logConfiguration" : {
+        "logDriver" : "awslogs",
+        "options" : {
+          "awslogs-create-group" : "True",
+          "awslogs-group" : "/ecs/ecs-aws-otel-sidecar-collector",
+          "awslogs-region" : data.aws_region.current.name,
+          "awslogs-stream-prefix" : "ecs"
+        }
+      }
+    }
+  ]
+}
+
+output "fleet_extra_environment_variables" {
+  value = {
+    FLEET_LOGGING_TRACING_ENABLED = "true"
+    FLEET_LOGGING_TRACING_TYPE    = "opentelemetry"
+    OTEL_SERVICE_NAME             = "fleet"
+    OTEL_EXPORTER_OTLP_ENDPOINT   = "http://localhost:4317"
+  }
+}
--- a/terraform/addons/xrays-sidecar/variables.tf
+++ b/terraform/addons/xrays-sidecar/variables.tf
@ -0,0 +1 @@
+
--- a/terraform/byo-vpc/byo-db/byo-ecs/main.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/main.tf
@ -46,7 +46,7 @@ resource "aws_ecs_task_definition" "backend" {
  cpu                      = var.fleet_config.cpu
  memory                   = var.fleet_config.mem
  container_definitions = jsonencode(
-    [
+    concat([
      {
        name        = "fleet"
        image       = var.fleet_config.image
@ -127,7 +127,7 @@ resource "aws_ecs_task_definition" "backend" {
          },
        ], local.environment)
      }
-  ])
+  ], var.fleet_config.sidecars))
 }

 resource "aws_appautoscaling_target" "ecs_target" {
--- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
@ -15,6 +15,7 @@ variable "fleet_config" {
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.22.1")
    family                       = optional(string, "fleet")
+    sidecars                     = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
@ -92,6 +93,7 @@ variable "fleet_config" {
    cpu                          = 256
    image                        = "fleetdm/fleet:v4.22.1"
    family                       = "fleet"
+    sidecars                     = []
    extra_environment_variables  = {}
    extra_iam_policies           = []
    extra_execution_iam_policies = []
--- a/terraform/byo-vpc/byo-db/variables.tf
+++ b/terraform/byo-vpc/byo-db/variables.tf
@ -54,6 +54,7 @@ variable "fleet_config" {
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.22.1")
    family                       = optional(string, "fleet")
+    sidecars                     = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
@ -131,6 +132,7 @@ variable "fleet_config" {
    cpu                          = 256
    image                        = "fleetdm/fleet:v4.22.1"
    family                       = "fleet"
+    sidecars                     = []
    extra_environment_variables  = {}
    extra_iam_policies           = []
    extra_execution_iam_policies = []
--- a/terraform/byo-vpc/variables.tf
+++ b/terraform/byo-vpc/variables.tf
@ -134,6 +134,7 @@ variable "fleet_config" {
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.22.1")
    family                       = optional(string, "fleet")
+    sidecars                     = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
@ -211,6 +212,7 @@ variable "fleet_config" {
    cpu                          = 256
    image                        = "fleetdm/fleet:v4.22.1"
    family                       = "fleet"
+    sidecars                     = []
    extra_environment_variables  = {}
    extra_iam_policies           = []
    extra_execution_iam_policies = []
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -189,6 +189,7 @@ variable "fleet_config" {
    cpu                          = optional(number, 512)
    image                        = optional(string, "fleetdm/fleet:v4.22.1")
    family                       = optional(string, "fleet")
+    sidecars                     = optional(list(any), [])
    extra_environment_variables  = optional(map(string), {})
    extra_iam_policies           = optional(list(string), [])
    extra_execution_iam_policies = optional(list(string), [])
@ -280,6 +281,7 @@ variable "fleet_config" {
    cpu                          = 256
    image                        = "fleetdm/fleet:v4.22.1"
    family                       = "fleet"
+    sidecars                     = []
    extra_environment_variables  = {}
    extra_iam_policies           = []
    extra_execution_iam_policies = []