feat: Support existing log analytics workspace (#211)#213
feat: Support existing log analytics workspace (#211)#213lonegunmanb merged 5 commits intoAzure:masterfrom
Conversation
|
|
lonegunmanb
left a comment
lonegunmanb
left a comment
There was a problem hiding this comment.
Hello @viters , thanks for submitting this pr. Almost LGTM but only one question.
| resource_group_name = var.resource_group_name | ||
| workspace_resource_id = azurerm_log_analytics_workspace.main[0].id | ||
| workspace_name = azurerm_log_analytics_workspace.main[0].name | ||
| workspace_resource_id = var.log_analytics_workspace == null ? azurerm_log_analytics_workspace.main[0].id : var.log_analytics_workspace.id |
There was a problem hiding this comment.
Hi, do we need add this var.log_analytics_workspace == null criteria to azurerm_log_analytics_solution's count expression, since the log analytics resource is injected by the module caller?
There was a problem hiding this comment.
azurerm_log_analytics_solution is ContainerInsights solution connecting newly created AKS and existing (or just created) Workspace. I think that current count expression var.enable_log_analytics_workspace ? 1 : 0 is valid. If caller specifies enable_log_analytics_workspace = true then caller either wants to create a new Workspace or use existing. In other words ContainerInsights solution is created always when enable_log_analytics_workspace = true, but the created solution can be connected to different Workspaces, which is solved later by conditions on workspace_resource_id and workspace_name.
There was a problem hiding this comment.
I have a question though, because I checked in azurerm_log_analytics_solution docs that:
In my current solution, existing Workspace var.log_analytics_workspace must be placed in the same RG as var.resource_group_name. Do you think it is valid assumption? It was valid in my use case.
Otherwise I can add resource_group_name field to var.log_analytics_workspace. It would mean that caller can create azurerm_log_analytics_solution in RG different than AKS resource.
There was a problem hiding this comment.
azurerm_log_analytics_solutionisContainerInsightssolution connecting newly created AKS and existing (or just created) Workspace. I think that currentcountexpressionvar.enable_log_analytics_workspace ? 1 : 0is valid. If caller specifiesenable_log_analytics_workspace = truethen caller either wants to create a new Workspace or use existing. In other wordsContainerInsightssolution is created always whenenable_log_analytics_workspace = true, but the created solution can be connected to different Workspaces, which is solved later by conditions onworkspace_resource_idandworkspace_name.
My concern is what if the caller has used another module that creates log analytics domain resources? It looks like we need both workspace and solution to make log work, so maybe we should treat them as an inseparable entity?
There was a problem hiding this comment.
I have a question though, because I checked in
azurerm_log_analytics_solutiondocs that:
In my current solution, existing Workspace
var.log_analytics_workspacemust be placed in the same RG asvar.resource_group_name. Do you think it is valid assumption? It was valid in my use case.Otherwise I can add
resource_group_namefield tovar.log_analytics_workspace. It would mean that caller can createazurerm_log_analytics_solutionin RG different than AKS resource.
Good question! I don't know whether it's valid to use different resource groups for aks cluster and log analytics workspace.
There was a problem hiding this comment.
I've verified that the workspace can be put in different rg, but must be in the same rg with solution, so I prefer we add this var.log_analytics_workspace == null criteria to solution's count expression, leave the choice to the caller.
There was a problem hiding this comment.
I do not get why should we add
var.log_analytics_workspace == nullcriteria to solution'scountexpression
The idea of that feature is not to use existing azurerm_log_analytics_solution, but to use existing azurerm_log_analytics_workspace. We need to create azurerm_log_analytics_solution irregardless of var.log_analytics_workspace value. I do not understand why var.log_analytics_workspace == null should be a part of criteria to solution's count expression.
I've verified that the workspace can be put in different rg, but must be in the same rg with solution
Awesome! I will add a way to set Workspace/Solution RG then.
There was a problem hiding this comment.
Hi @viters my concern is can our module be composited with other modules easily. When you opened this pr I do agree with you because what if the caller want to use another module to manage log analytics related resources? Your pr makes it possible to avoid a duplicated workspace and leaves the choice to the caller.
So what if the caller has a module that manage all log analytics related resources, even in a standalone repo along with its own state backend? There's no way for the caller to avoid bind the workspace to a solution that he doesn't want.
I think you pr's value is giving callers the right of composition, so can we give the caller more? Thanks!
There was a problem hiding this comment.
@lonegunmanb
Oh, I got it. Your idea is to add a way to use existing azurerm_log_analytics_solution and skip creation of it as well! I understand now, I will get to it!
There was a problem hiding this comment.
@lonegunmanb
As we discussed, I've added var.log_analytics_solution_id and azurerm_log_analytics_solution resource will not be created if var.log_analytics_solution_id != null.
I've used string id instead of bool to avoid breaking changes in future - we do not need the solution ID now, but it may be required in future Azure API somewhere, e.g. in oms_agent block.
|
@lonegunmanb |
| name = var.cluster_log_analytics_workspace_name == null ? "${var.prefix}-workspace" : var.cluster_log_analytics_workspace_name | ||
| location = coalesce(var.location, data.azurerm_resource_group.main.location) | ||
| resource_group_name = var.resource_group_name | ||
| resource_group_name = var.log_analytics_workspace_resource_group_name != null ? var.log_analytics_workspace_resource_group_name : var.resource_group_name |
There was a problem hiding this comment.
Would coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name) here be better?
There was a problem hiding this comment.
Yes, I will check how coalesce works and update!
There was a problem hiding this comment.
@lonegunmanb Used coalesce as you suggested!
| resource_group_name = var.resource_group_name | ||
| workspace_resource_id = azurerm_log_analytics_workspace.main[0].id | ||
| workspace_name = azurerm_log_analytics_workspace.main[0].name | ||
| resource_group_name = var.log_analytics_workspace_resource_group_name != null ? var.log_analytics_workspace_resource_group_name : var.resource_group_name |
There was a problem hiding this comment.
Would coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name) here be better?
There was a problem hiding this comment.
Yes, I will check how coalesce works and update!
There was a problem hiding this comment.
@lonegunmanb Used coalesce as you suggested!
| resource_group_name = var.resource_group_name | ||
| workspace_resource_id = azurerm_log_analytics_workspace.main[0].id | ||
| workspace_name = azurerm_log_analytics_workspace.main[0].name | ||
| workspace_resource_id = var.log_analytics_workspace == null ? azurerm_log_analytics_workspace.main[0].id : var.log_analytics_workspace.id |
There was a problem hiding this comment.
Hi @viters my concern is can our module be composited with other modules easily. When you opened this pr I do agree with you because what if the caller want to use another module to manage log analytics related resources? Your pr makes it possible to avoid a duplicated workspace and leaves the choice to the caller.
So what if the caller has a module that manage all log analytics related resources, even in a standalone repo along with its own state backend? There's no way for the caller to avoid bind the workspace to a solution that he doesn't want.
I think you pr's value is giving callers the right of composition, so can we give the caller more? Thanks!
2 participants
Fixes #211
Changes proposed in the pull request:
Provides a way to attach existing Log Analytics Workspace to AKS through Container Insights (
azurerm_log_analytics_solution).