datadog-synthetics-private-location
This component provisions a Datadog synthetics private location on Datadog and a private location agent on EKS cluster.
Private locations allow you to monitor internal-facing applications or any private URLs that are not accessible from the public internet.
Usage
Usage
Stack Level: Regional
Use this in the catalog or use these variables to overwrite the catalog values.
components:
terraform:
datadog-synthetics-private-location:
settings:
spacelift:
workspace_enabled: true
vars:
enabled: true
name: "datadog-synthetics-private-location"
description: "Datadog Synthetics Private Location Agent"
kubernetes_namespace: "monitoring"
create_namespace: true
# https://github.com/DataDog/helm-charts/tree/main/charts/synthetics-private-location
repository: "https://helm.datadoghq.com"
chart: "synthetics-private-location"
chart_version: "0.15.15"
timeout: 180
wait: true
atomic: true
cleanup_on_fail: true
Synthetics Private Location Config
docker run --rm datadog/synthetics-private-location-worker --help
The Datadog Synthetics Private Location Worker runs tests on privately accessible websites and brings results to Datadog
Access keys:
--accessKey Access Key for Datadog API authentication [string]
--secretAccessKey Secret Access Key for Datadog API authentication [string]
--datadogApiKey Datadog API key to send browser tests artifacts (e.g. screenshots) [string]
--privateKey Private Key used to decrypt test configurations [array]
--publicKey Public Key used by Datadog to encrypt test results. Composed of --publicKey.pem and --publicKey.fingerprint
Worker configuration:
--site Datadog site (datadoghq.com, us3.datadoghq.com, datadoghq.eu or ddog-gov.com) [string] [required] [default: "datadoghq.com"]
--concurrency Maximum number of tests executed in parallel [number] [default: 10]
--maxNumberMessagesToFetch Maximum number of tests that can be fetched at the same time [number] [default: 10]
--proxyDatadog Proxy URL used to send requests to Datadog [string] [default: none]
--dumpConfig Display non-secret worker configuration parameters [boolean]
--enableStatusProbes Enable the probes system for Kubernetes [boolean] [default: false]
--statusProbesPort The port for the probes server to listen on [number] [default: 8080]
--config Path to JSON config file [default: "/etc/datadog/synthetics-check-runner.json"]
Tests configuration:
--maxTimeout Maximum test execution duration, in milliseconds [number] [default: 60000]
--proxyTestRequests Proxy URL used to send test requests [string] [default: none]
--proxyIgnoreSSLErrors Discard SSL errors when using a proxy [boolean] [default: false]
--dnsUseHost Use local DNS config for API tests and HTTP steps in browser tests (currently ["192.168.65.5"]) [boolean] [default: true]
--dnsServer DNS server IPs used in given order for API tests and HTTP steps in browser tests (--dnsServer="1.0.0.1" --dnsServer="9.9.9.9") and after local DNS config, if --dnsUseHost is present [array] [default: ["8.8.8.8","1.1.1.1"]]
Network filtering:
--allowedIPRanges Grant access to IP ranges (has precedence over --blockedIPRanges) [default: none]
--blockedIPRanges Deny access to IP ranges (e.g. --blockedIPRanges.4="127.0.0.0/8" --blockedIPRanges.6="::1/128") [default: none]
--enableDefaultBlockedIpRanges Deny access to all reserved IP ranges, except for those explicitly set in --allowedIPRanges [boolean] [default: false]
--allowedDomainNames Grant access to domain names for API tests (has precedence over --blockedDomainNames, e.g. --allowedDomainNames="*.example.com") [array] [default: none]
--blockedDomainNames Deny access to domain names for API tests (e.g. --blockedDomainNames="example.org" --blockedDomainNames="*.com") [array] [default: none]
Options:
--enableIPv6 Use IPv6 to perform tests. (Warning: IPv6 in Docker is only supported with Linux host) [boolean] [default: false]
--version Show version number [boolean]
-f, --logFormat Format log output [choices: "pretty", "pretty-compact", "json"] [default: "pretty"]
-h, --help Show help [boolean]
Volumes:
/etc/datadog/certs/ .pem certificates present in this directory will be imported and trusted as certificate authorities for API and browser tests
Environment variables:
Command options can also be set via environment variables (DATADOG_API_KEY="...", DATADOG_WORKER_CONCURRENCY="15", DATADOG_DNS_USE_HOST="true")
For options that accept multiple arguments, JSON string array notation should be used (DATADOG_TESTS_DNS_SERVER='["8.8.8.8", "1.1.1.1"]')
Supported environment variables:
DATADOG_ACCESS_KEY,
DATADOG_API_KEY,
DATADOG_PRIVATE_KEY,
DATADOG_PUBLIC_KEY_FINGERPRINT,
DATADOG_PUBLIC_KEY_PEM,
DATADOG_SECRET_ACCESS_KEY,
DATADOG_SITE,
DATADOG_WORKER_CONCURRENCY,
DATADOG_WORKER_LOG_FORMAT,
DATADOG_WORKER_MAX_NUMBER_MESSAGES_TO_FETCH,
DATADOG_WORKER_PROXY,
DATADOG_TESTS_DNS_SERVER,
DATADOG_TESTS_DNS_USE_HOST,
DATADOG_TESTS_PROXY,
DATADOG_TESTS_PROXY_IGNORE_SSL_ERRORS,
DATADOG_TESTS_TIMEOUT,
DATADOG_ALLOWED_IP_RANGES_4,
DATADOG_ALLOWED_IP_RANGES_6,
DATADOG_BLOCKED_IP_RANGES_4,
DATADOG_BLOCKED_IP_RANGES_6,
DATADOG_ENABLE_DEFAULT_WINDOWS_FIREWALL_RULES,
DATADOG_ALLOWED_DOMAIN_NAMES,
DATADOG_BLOCKED_DOMAIN_NAMES,
DATADOG_WORKER_ENABLE_STATUS_PROBES,
DATADOG_WORKER_STATUS_PROBES_PORT
Variables
Required Variables
chart
(string
) requiredChart name to be installed. The chart name can be local path, a URL to a chart, or the name of the chart if
repository
is specified. It is also possible to use the<repository>/<chart>
format here if you are running Terraform on a system that the repository has been added to withhelm repo add
but this is not recommendedkubernetes_namespace
(string
) requiredKubernetes namespace to install the release into
region
(string
) requiredAWS Region
Optional Variables
atomic
(bool
) optionalIf set, installation process purges chart on fail. The wait flag will be set automatically if atomic is used
Default value:
true
chart_version
(string
) optionalSpecify the exact chart version to install. If this is not specified, the latest version is installed
Default value:
null
cleanup_on_fail
(bool
) optionalAllow deletion of new resources created in this upgrade when upgrade fails
Default value:
true
create_namespace
(bool
) optionalCreate the Kubernetes namespace if it does not yet exist
Default value:
true
description
(string
) optionalRelease description attribute (visible in the history)
Default value:
null
eks_component_name
(string
) optionalThe name of the eks component
Default value:
"eks/cluster"
helm_manifest_experiment_enabled
(bool
) optionalEnable storing of the rendered manifest for helm_release so the full diff of what is changing can been seen in the plan
Default value:
false
kube_data_auth_enabled
(bool
) optionalIf
true
, use anaws_eks_cluster_auth
data source to authenticate to the EKS cluster.
Disabled bykubeconfig_file_enabled
orkube_exec_auth_enabled
.Default value:
false
kube_exec_auth_aws_profile
(string
) optionalThe AWS config profile for
aws eks get-token
to useDefault value:
""
kube_exec_auth_aws_profile_enabled
(bool
) optionalIf
true
, passkube_exec_auth_aws_profile
as theprofile
toaws eks get-token
Default value:
false
kube_exec_auth_enabled
(bool
) optionalIf
true
, use the Kubernetes providerexec
feature to executeaws eks get-token
to authenticate to the EKS cluster.
Disabled bykubeconfig_file_enabled
, overrideskube_data_auth_enabled
.Default value:
true
kube_exec_auth_role_arn
(string
) optionalThe role ARN for
aws eks get-token
to useDefault value:
""
kube_exec_auth_role_arn_enabled
(bool
) optionalIf
true
, passkube_exec_auth_role_arn
as the role ARN toaws eks get-token
Default value:
true
kubeconfig_context
(string
) optionalContext to choose from the Kubernetes config file.
If supplied,kubeconfig_context_format
will be ignored.Default value:
""
kubeconfig_context_format
(string
) optionalA format string to use for creating the
kubectl
context name when
kubeconfig_file_enabled
istrue
andkubeconfig_context
is not supplied.
Must include a single%s
which will be replaced with the cluster name.Default value:
""
kubeconfig_exec_auth_api_version
(string
) optionalThe Kubernetes API version of the credentials returned by the
exec
auth pluginDefault value:
"client.authentication.k8s.io/v1beta1"
kubeconfig_file
(string
) optionalThe Kubernetes provider
config_path
setting to use whenkubeconfig_file_enabled
istrue
Default value:
""
kubeconfig_file_enabled
(bool
) optionalIf
true
, configure the Kubernetes provider withkubeconfig_file
and use that kubeconfig file for authenticating to the EKS clusterDefault value:
false
List of static tags to associate with the synthetics private location
Default value:
[ ]
repository
(string
) optionalRepository URL where to locate the requested chart
Default value:
null
timeout
(number
) optionalTime in seconds to wait for any individual kubernetes operation (like Jobs for hooks). Defaults to
300
secondsDefault value:
null
verify
(bool
) optionalVerify the package before installing it. Helm uses a provenance file to verify the integrity of the chart; this must be hosted alongside the chart
Default value:
false
wait
(bool
) optionalWill wait until all resources are in a ready state before marking the release as successful. It will wait for as long as
timeout
. Defaults totrue
Default value:
null
Context Variables
The following variables are defined in the context.tf
file of this module and part of the terraform-null-label pattern.
context.tf
file of this module and part of the terraform-null-label pattern.Outputs
metadata
Block status of the deployed release
synthetics_private_location_id
Synthetics private location ID
Dependencies
Requirements
terraform
, version:>= 1.0.0
aws
, version:>= 4.0, < 6.0.0
datadog
, version:>= 3.3.0
helm
, version:>= 2.3.0, < 3.0.0
kubernetes
, version:>= 2.14.0, != 2.21.0
local
, version:>= 1.3
template
, version:>= 2.0
Providers
aws
, version:>= 4.0, < 6.0.0
datadog
, version:>= 3.3.0
Modules
Name | Version | Source | Description |
---|---|---|---|
datadog_configuration | v1.535.7 | github.com/cloudposse-terraform-components/aws-datadog-credentials//src/modules/datadog_keys | n/a |
datadog_synthetics_private_location | 0.10.1 | cloudposse/helm-release/aws | n/a |
eks | 1.8.0 | cloudposse/stack-config/yaml//modules/remote-state | n/a |
iam_roles | v1.535.5 | github.com/cloudposse-terraform-components/aws-account-map//src/modules/iam-roles | n/a |
this | 0.25.0 | cloudposse/label/null | n/a |
Resources
The following resources are used by this module:
datadog_synthetics_private_location.this
(resource)
Data Sources
The following data sources are used by this module:
aws_eks_cluster_auth.eks
(data source)