put elasticsearch in system namespace (#4)

* put elasticsearch in system namespace

* force delete registry bucket

* remove random suffix from router redis

* fix elasticsearch hostname

* fix type name of logs

terraform/api/do/main.tf

@@ -36,7 +36,7 @@ module "k8s" {
 
   env = {
     BUCKET            = digitalocean_spaces_bucket.storage.name
-    ELASTICSEARCH_URL = "http://elasticsearch.kube-system.svc.cluster.local:9200"
+    ELASTICSEARCH_URL = var.elasticsearch
     PROVIDER          = "do"
     REGION            = var.region
     REGISTRY          = "registry.${var.domain}"

terraform/api/do/variables.tf

@@ -6,6 +6,10 @@ variable "domain" {
   type = "string"
 }
 
+variable "elasticsearch" {
+  type = "string"
+}
+
 variable "kubeconfig" {
   type = "string"
 }

terraform/cluster/do/main.tf

@@ -42,9 +42,7 @@ resource "digitalocean_kubernetes_cluster" "rack" {
 }
 
 resource "local_file" "kubeconfig" {
-  depends_on = [
-    digitalocean_kubernetes_cluster.rack,
-  ]
+  depends_on = [digitalocean_kubernetes_cluster.rack]
 
   filename = pathexpand("~/.kube/config.do.${var.name}")
   content = templatefile("${path.module}/kubeconfig.tpl", {

terraform/elasticsearch/k8s/outputs.tf

@@ -0,0 +1,9 @@
+output "host" {
+  depends_on = [kubernetes_stateful_set.elasticsearch]
+  value      = "${kubernetes_service.http.metadata.0.name}.${var.namespace}.svc.cluster.local"
+}
+
+output "url" {
+  depends_on = [kubernetes_stateful_set.elasticsearch]
+  value      = "http://${kubernetes_service.http.metadata.0.name}.${var.namespace}.svc.cluster.local:9200"
+}

terraform/fluentd/do/main.tf

@@ -16,5 +16,5 @@ module "k8s" {
   cluster   = var.cluster
   image     = "fluent/fluentd-kubernetes-daemonset:v1.7-debian-elasticsearch6-1"
   namespace = var.namespace
-  target    = file("${path.module}/target.conf")
+  target    = templatefile("${path.module}/target.conf.tpl", { elasticsearch = var.elasticsearch })
 }

terraform/fluentd/do/target.conf.tpl

@@ -3,17 +3,17 @@
 		@type record_transformer
 		enable_ruby true
 		<record>
-			index convox.${record["kubernetes"]["namespace_labels"]["rack"]}.${record["kubernetes"]["namespace_labels"]["app"]}
-			stream service.${record["kubernetes"]["labels"]["service"]}.${record["kubernetes"]["pod_name"]}
+			index convox.$${record["kubernetes"]["namespace_labels"]["rack"]}.$${record["kubernetes"]["namespace_labels"]["app"]}
+			stream service.$${record["kubernetes"]["labels"]["service"]}.$${record["kubernetes"]["pod_name"]}
 		</record>
 	</filter>
 
 	<match **>
 		@type elasticsearch
-		host elasticsearch.kube-system.svc.cluster.local
+		host ${elasticsearch}
 		port 9200
 		target_index_key index
-		type_name fluentd
+		type_name _doc
 		logstash_format true
 		<buffer>
 			flush_interval 1

terraform/fluentd/do/variables.tf

@@ -2,6 +2,10 @@ variable "cluster" {
   type = "string"
 }
 
+variable "elasticsearch" {
+  type = "string"
+}
+
 variable "namespace" {
   type = "string"
 }

terraform/rack/do/main.tf

@@ -33,16 +33,27 @@ module "api" {
     kubernetes   = kubernetes
   }
 
-  access_id  = var.access_id
-  domain     = module.router.endpoint
-  kubeconfig = var.kubeconfig
-  name       = var.name
-  namespace  = module.k8s.namespace
-  region     = var.region
-  release    = var.release
-  router     = module.router.endpoint
-  secret     = random_string.secret.result
-  secret_key = var.secret_key
+  access_id     = var.access_id
+  elasticsearch = module.elasticsearch.url
+  domain        = module.router.endpoint
+  kubeconfig    = var.kubeconfig
+  name          = var.name
+  namespace     = module.k8s.namespace
+  region        = var.region
+  release       = var.release
+  router        = module.router.endpoint
+  secret        = random_string.secret.result
+  secret_key    = var.secret_key
+}
+
+module "elasticsearch" {
+  source = "../../elasticsearch/k8s"
+
+  providers = {
+    kubernetes = kubernetes
+  }
+
+  namespace = module.k8s.namespace
 }
 
 module "router" {

terraform/rack/do/outputs.tf

@@ -2,6 +2,10 @@ output "api" {
   value = module.api.endpoint
 }
 
+output "elasticsearch" {
+  value = module.elasticsearch.host
+}
+
 output "endpoint" {
   value = module.router.endpoint
 }

terraform/rack/do/registry.tf

@@ -5,9 +5,10 @@ resource "random_string" "suffix" {
 }
 
 resource "digitalocean_spaces_bucket" "registry" {
-  name   = "${var.name}-registry-${random_string.suffix.result}"
-  region = var.region
-  acl    = "private"
+  name          = "${var.name}-registry-${random_string.suffix.result}"
+  region        = var.region
+  acl           = "private"
+  force_destroy = true
 }
 
 resource "random_string" "secret" {

terraform/router/do/redis.tf

@@ -1,11 +1,5 @@
-resource "random_string" "suffix" {
-  length  = 12
-  special = false
-  upper   = false
-}
-
 resource "digitalocean_database_cluster" "cache" {
-  name       = "${var.name}-router-${random_string.suffix.result}"
+  name       = "${var.name}-router"
   engine     = "redis"
   size       = "db-s-1vcpu-1gb"
   region     = var.region

terraform/system/do/main.tf

@@ -34,16 +34,6 @@ module "cluster" {
   token     = var.token
 }
 
-module "elasticsearch" {
-  source = "../../elasticsearch/k8s"
-
-  providers = {
-    kubernetes = kubernetes
-  }
-
-  namespace = "kube-system"
-}
-
 module "fluentd" {
   source = "../../fluentd/do"
 
@@ -51,9 +41,10 @@ module "fluentd" {
     kubernetes = kubernetes
   }
 
-  cluster   = var.name
-  namespace = "kube-system"
-  name      = var.name
+  cluster       = var.name
+  elasticsearch = module.rack.elasticsearch
+  namespace     = "kube-system"
+  name          = var.name
 }
 
 module "rack" {