Remove Grafana provider for EKS (#179)

* Remove Grafana provider for EKS * Drop provider * Add provider constraint config
aws-observability · Jun 12, 2023 · 86d0831 · 86d0831
1 parent fa38a90
commit 86d0831
Show file tree

Hide file tree

Showing 27 changed files with 25 additions and 99 deletions.
diff --git a/README.md b/README.md
@@ -24,6 +24,26 @@ costs, active series with [this module](./modules/managed-prometheus-monitoring)
 
 To explore the complete project documentation, please visit our [documentation site.](https://aws-observability.github.io/terraform-aws-observability-accelerator/)
 
+
+## Migration to v2.5
+
+If you are migrating from earlier versions to v2.5, please follow this guide.
+
+v2.5.0 removes the dependency to the Terraform Grafana provider in the EKS
+monitoring module. As Grafana Operator manages and syncs the Grafana contents,
+Terraform is not required anymore in this context.
+
+However, if you migrate from earlier versions, you might leave some data orphans
+as the Grafana provider is dropped. Terraform will throw an error. We have
+released [v2.5.0-rc.1](https://github.com/aws-observability/terraform-aws-observability-accelerator/releases/tag/v2.5.0-rc.1)
+which removes all the Grafana resources provisioned by Terraform in the EKS
+context, without removing the provider configurations.
+
+- Step 1: migrate to [v2.5.0-rc.1](https://github.com/aws-observability/terraform-aws-observability-accelerator/releases/tag/v2.5.0-rc.1)
+and run `apply`
+- Step 2: migrate to `v2.5.0` or above
+
+
 ## Getting started
 
 To quick start with a complete workflow and view Amazon EKS infrastructure dashboards,
@@ -57,7 +77,6 @@ module "aws_observability_accelerator" {
 
   # As Grafana shares a different lifecycle, we recommend using an existing workspace.
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
-  grafana_api_key              = var.grafana_api_key
 }
 ```
 
@@ -79,7 +98,6 @@ module "aws_observability_accelerator" {
   managed_prometheus_workspace_id  = "ws-abcd123..."
 
   managed_grafana_workspace_id = "g-abcdef123"
-  grafana_api_key              = var.grafana_api_key
 }
 ```
 
@@ -153,7 +171,6 @@ If you are interested in contributing, see the
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
 | <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.24.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 
 ## Providers
 
@@ -181,7 +198,6 @@ No modules.
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region | `string` | n/a | yes |
 | <a name="input_enable_alertmanager"></a> [enable\_alertmanager](#input\_enable\_alertmanager) | Creates Amazon Managed Service for Prometheus AlertManager for all workloads | `bool` | `false` | no |
 | <a name="input_enable_managed_prometheus"></a> [enable\_managed\_prometheus](#input\_enable\_managed\_prometheus) | Creates a new Amazon Managed Service for Prometheus Workspace | `bool` | `true` | no |
-| <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | Grafana API key for the Amazon Managed Grafana workspace | `string` | n/a | yes |
 | <a name="input_managed_grafana_workspace_id"></a> [managed\_grafana\_workspace\_id](#input\_managed\_grafana\_workspace\_id) | Amazon Managed Grafana Workspace ID | `string` | n/a | yes |
 | <a name="input_managed_prometheus_workspace_id"></a> [managed\_prometheus\_workspace\_id](#input\_managed\_prometheus\_workspace\_id) | Amazon Managed Service for Prometheus Workspace ID | `string` | `""` | no |
 | <a name="input_managed_prometheus_workspace_region"></a> [managed\_prometheus\_workspace\_region](#input\_managed\_prometheus\_workspace\_region) | Region where Amazon Managed Service for Prometheus is deployed | `string` | `null` | no |

diff --git a/docs/concepts.md b/docs/concepts.md
@@ -78,7 +78,6 @@ module "aws_observability_accelerator" {
 
   # As Grafana shares a different lifecycle, we recommend using an existing workspace.
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
-  grafana_api_key              = var.grafana_api_key
 }
 ```
 
@@ -100,7 +99,6 @@ module "aws_observability_accelerator" {
   managed_prometheus_workspace_id  = "ws-abcd123..."
 
   managed_grafana_workspace_id = "g-abcdef123"
-  grafana_api_key              = var.grafana_api_key
 }
 ```
 

diff --git a/examples/eks-cluster-with-vpc/versions.tf b/examples/eks-cluster-with-vpc/versions.tf
@@ -18,10 +18,6 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.10.0"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.40.1"
-    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

diff --git a/examples/eks-multicluster/main.tf b/examples/eks-multicluster/main.tf
@@ -3,7 +3,6 @@ module "aws_observability_accelerator" {
   aws_region                          = var.eks_cluster_1_region
   enable_managed_prometheus           = false
   enable_alertmanager                 = true
-  grafana_api_key                     = var.grafana_api_key
   managed_prometheus_workspace_region = null
   managed_prometheus_workspace_id     = var.managed_prometheus_workspace_id
   managed_grafana_workspace_id        = var.managed_grafana_workspace_id
@@ -44,7 +43,6 @@ module "eks_cluster_1_monitoring" {
     aws        = aws.eks_cluster_1
     kubernetes = kubernetes.eks_cluster_1
     helm       = helm.eks_cluster_1
-    grafana    = grafana
   }
 
   depends_on = [
@@ -82,7 +80,6 @@ module "eks_cluster_2_monitoring" {
     aws        = aws.eks_cluster_2
     kubernetes = kubernetes.eks_cluster_2
     helm       = helm.eks_cluster_2
-    grafana    = grafana
   }
 
   depends_on = [

diff --git a/examples/eks-multicluster/providers.tf b/examples/eks-multicluster/providers.tf
@@ -39,8 +39,3 @@ provider "aws" {
   region = var.eks_cluster_2_region
   alias  = "eks_cluster_2"
 }
-
-provider "grafana" {
-  url  = module.aws_observability_accelerator.managed_grafana_workspace_endpoint
-  auth = var.grafana_api_key
-}
diff --git a/examples/eks-multicluster/variables.tf b/examples/eks-multicluster/variables.tf
@@ -39,7 +39,7 @@ variable "managed_grafana_workspace_id" {
 }
 
 variable "grafana_api_key" {
-  description = "API key for authorizing the Grafana provider to make changes to Amazon Managed Grafana"
+  description = "API key for external-secrets to create secrets for grafana-operator"
   type        = string
   default     = ""
   sensitive   = true

diff --git a/examples/eks-multicluster/versions.tf b/examples/eks-multicluster/versions.tf
@@ -21,9 +21,5 @@ terraform {
       source  = "gavinbunney/kubectl"
       version = ">= 1.14"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 }
diff --git a/examples/existing-cluster-java/README.md b/examples/existing-cluster-java/README.md
@@ -193,7 +193,6 @@ terraform destroy -var-file=terraform.tfvars
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
@@ -225,7 +224,7 @@ terraform destroy -var-file=terraform.tfvars
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region | `string` | n/a | yes |
 | <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | Name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_enable_dashboards"></a> [enable\_dashboards](#input\_enable\_dashboards) | Enables or disables curated dashboards | `bool` | `true` | no |
-| <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | API key for authorizing the Grafana provider to make changes to Amazon Managed Grafana | `string` | n/a | yes |
+| <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | API key for external-secrets to create secrets for grafana-operator | `string` | n/a | yes |
 | <a name="input_managed_grafana_workspace_id"></a> [managed\_grafana\_workspace\_id](#input\_managed\_grafana\_workspace\_id) | Amazon Managed Grafana Workspace ID | `string` | n/a | yes |
 | <a name="input_managed_prometheus_workspace_id"></a> [managed\_prometheus\_workspace\_id](#input\_managed\_prometheus\_workspace\_id) | Amazon Managed Service for Prometheus Workspace ID | `string` | `""` | no |
 

diff --git a/examples/existing-cluster-java/main.tf b/examples/existing-cluster-java/main.tf
@@ -48,20 +48,10 @@ module "aws_observability_accelerator" {
 
   # reusing existing Amazon Managed Grafana workspace
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
-  grafana_api_key              = var.grafana_api_key
 
   tags = local.tags
 }
 
-# https://www.terraform.io/language/modules/develop/providers
-# A module intended to be called by one or more other modules must not contain
-# any provider blocks.
-# This allows forcing dependency between base and workloads module
-provider "grafana" {
-  url  = module.aws_observability_accelerator.managed_grafana_workspace_endpoint
-  auth = var.grafana_api_key
-}
-
 module "eks_monitoring" {
   source = "../../modules/eks-monitoring"
   # source = "github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring?ref=v2.0.0"

diff --git a/examples/existing-cluster-java/variables.tf b/examples/existing-cluster-java/variables.tf
@@ -20,7 +20,7 @@ variable "managed_grafana_workspace_id" {
 }
 
 variable "grafana_api_key" {
-  description = "API key for authorizing the Grafana provider to make changes to Amazon Managed Grafana"
+  description = "API key for external-secrets to create secrets for grafana-operator"
   type        = string
   sensitive   = true
 }

diff --git a/examples/existing-cluster-java/versions.tf b/examples/existing-cluster-java/versions.tf
@@ -18,10 +18,6 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.4.1"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

diff --git a/examples/existing-cluster-nginx/README.md b/examples/existing-cluster-nginx/README.md
@@ -204,7 +204,6 @@ add this `managed_prometheus_region=xxx` and `managed_prometheus_workspace_id=ws
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
@@ -236,7 +235,7 @@ add this `managed_prometheus_region=xxx` and `managed_prometheus_workspace_id=ws
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region | `string` | n/a | yes |
 | <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
 | <a name="input_enable_dashboards"></a> [enable\_dashboards](#input\_enable\_dashboards) | Enables or disables curated dashboards | `bool` | `true` | no |
-| <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | API key for authorizing the Grafana provider to make changes to Amazon Managed Grafana | `string` | n/a | yes |
+| <a name="input_grafana_api_key"></a> [grafana\_api\_key](#input\_grafana\_api\_key) | API key for external-secrets to create secrets for grafana-operator | `string` | n/a | yes |
 | <a name="input_managed_grafana_workspace_id"></a> [managed\_grafana\_workspace\_id](#input\_managed\_grafana\_workspace\_id) | Amazon Managed Grafana (AMG) workspace ID | `string` | n/a | yes |
 | <a name="input_managed_prometheus_workspace_id"></a> [managed\_prometheus\_workspace\_id](#input\_managed\_prometheus\_workspace\_id) | Amazon Managed Service for Prometheus (AMP) workspace ID | `string` | `""` | no |
 

diff --git a/examples/existing-cluster-nginx/main.tf b/examples/existing-cluster-nginx/main.tf
@@ -48,16 +48,10 @@ module "aws_observability_accelerator" {
 
   # reusing existing Amazon Managed Grafana workspace
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
-  grafana_api_key              = var.grafana_api_key
 
   tags = local.tags
 }
 
-provider "grafana" {
-  url  = module.aws_observability_accelerator.managed_grafana_workspace_endpoint
-  auth = var.grafana_api_key
-}
-
 module "eks_monitoring" {
   source = "../../modules/eks-monitoring"
   # source = "github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring?ref=v2.0.0"

diff --git a/examples/existing-cluster-nginx/variables.tf b/examples/existing-cluster-nginx/variables.tf
@@ -20,7 +20,7 @@ variable "managed_grafana_workspace_id" {
 }
 
 variable "grafana_api_key" {
-  description = "API key for authorizing the Grafana provider to make changes to Amazon Managed Grafana"
+  description = "API key for external-secrets to create secrets for grafana-operator"
   type        = string
   sensitive   = true
 }

diff --git a/examples/existing-cluster-nginx/versions.tf b/examples/existing-cluster-nginx/versions.tf
@@ -18,10 +18,6 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.4.1"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

diff --git a/examples/existing-cluster-with-base-and-infra/README.md b/examples/existing-cluster-with-base-and-infra/README.md
@@ -21,7 +21,6 @@ View the full documentation for this example [here](https://aws-observability.gi
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

diff --git a/examples/existing-cluster-with-base-and-infra/main.tf b/examples/existing-cluster-with-base-and-infra/main.tf
@@ -50,23 +50,11 @@ module "aws_observability_accelerator" {
   enable_alertmanager = true
 
   # reusing existing Amazon Managed Grafana workspace
-  # This is not needed anymore but kept here for a two step transition into
-  # removing the Terraform Grafana provider
   managed_grafana_workspace_id = var.managed_grafana_workspace_id
-  grafana_api_key              = var.grafana_api_key
 
   tags = local.tags
 }
 
-# https://www.terraform.io/language/modules/develop/providers
-# A module intended to be called by one or more other modules must not contain
-# any provider blocks.
-# This allows forcing dependency between base and workloads module
-provider "grafana" {
-  url  = module.aws_observability_accelerator.managed_grafana_workspace_endpoint
-  auth = var.grafana_api_key
-}
-
 module "eks_monitoring" {
   source = "../../modules/eks-monitoring"
   # source = "github.com/aws-observability/terraform-aws-observability-accelerator//modules/eks-monitoring?ref=v2.0.0"

diff --git a/examples/existing-cluster-with-base-and-infra/versions.tf b/examples/existing-cluster-with-base-and-infra/versions.tf
@@ -18,10 +18,6 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.4.1"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 
   # ##  Used for end-to-end testing on project; update to suit your needs

diff --git a/main.tf b/main.tf
@@ -5,11 +5,6 @@ resource "aws_prometheus_workspace" "this" {
   tags  = var.tags
 }
 
-provider "grafana" {
-  url  = local.amg_ws_endpoint
-  auth = var.grafana_api_key
-}
-
 resource "aws_prometheus_alert_manager_definition" "this" {
   count = var.enable_alertmanager ? 1 : 0
 

diff --git a/modules/eks-monitoring/README.md b/modules/eks-monitoring/README.md
@@ -21,7 +21,6 @@ See examples using this Terraform modules in the **Amazon EKS** section of [this
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

diff --git a/modules/eks-monitoring/patterns/java/README.md b/modules/eks-monitoring/patterns/java/README.md
@@ -12,7 +12,6 @@ Provides monitoring for Java based workloads with the following resources:
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |

diff --git a/modules/eks-monitoring/patterns/java/versions.tf b/modules/eks-monitoring/patterns/java/versions.tf
@@ -18,9 +18,5 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.4.1"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 }
diff --git a/modules/eks-monitoring/patterns/nginx/README.md b/modules/eks-monitoring/patterns/nginx/README.md
@@ -14,7 +14,6 @@ It provides the following resources:
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
-| <a name="requirement_grafana"></a> [grafana](#requirement\_grafana) | >= 1.25.0 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 1.14 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
 

diff --git a/modules/eks-monitoring/patterns/nginx/versions.tf b/modules/eks-monitoring/patterns/nginx/versions.tf
@@ -14,9 +14,5 @@ terraform {
       source  = "gavinbunney/kubectl"
       version = ">= 1.14"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 }
diff --git a/modules/eks-monitoring/versions.tf b/modules/eks-monitoring/versions.tf
@@ -18,9 +18,5 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.4.1"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -33,11 +33,6 @@ variable "tags" {
   default     = {}
 }
 
-variable "grafana_api_key" {
-  description = "Grafana API key for the Amazon Managed Grafana workspace"
-  type        = string
-}
-
 variable "managed_grafana_workspace_id" {
   description = "Amazon Managed Grafana Workspace ID"
   type        = string

diff --git a/versions.tf b/versions.tf
@@ -10,9 +10,5 @@ terraform {
       source  = "hashicorp/awscc"
       version = ">= 0.24.0"
     }
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 1.25.0"
-    }
   }
 }