Exploring an updated Terraform template to handle the addition of Activity Tracker and Log Analysis.

Earlier this year, the IBM Cloud Observability team announced IAM-based access controls for IBM Cloud Activity Tracker and IBM Cloud Log Analysis in the “Increased IAM Control of Log Analysis and Activity Tracker Services in IBM Cloud” post. It follows a similar capability in IBM Cloud Monitoring for which I wrote an Infrastructure-as-Code Terraform template discussed in the “Terraform Template for Monitoring with Sysdig Teams” post.

That post explored the scenario in which two separate development teams shared the same Monitoring instance and the same IBM Cloud Kubernetes Service and demonstrated how a team can automate the process of deploying and configuring such an environment.

I recently updated the Terraform template to handle the addition of Activity Tracker and Log Analysis, as depicted below: 

As a reminder for this scenario, two development teams are working on a complex application that will eventually be deployed on the same Kubernetes cluster. To provide a more elaborate example, let’s assume that each team has selected their preferred programming language — in this case, Go and Node.js. Once their applications are ready — or as they go through various iterations of it — they create a container image and publish it to a private container registry in the IBM Cloud.

An infrastructure team is responsible for deploying the environment (i.e., Kubernetes cluster), monitoring, log analysis, activity tracking and configuring the access levels to these services and associated dashboards. They choose to use Terraform, an Infrastructure-as-Code tool used on previous projects. We create all resources and applications in an IBM Cloud region. We use Identity and Access Management to assign access to the Activity Tracker, Log Analysis, and Monitoring instances.

Deploying and configuring the components

This repository contains all the infrastructure configuration instructions to create and configure the resources as depicted above. Here is a high-level overview of the code repository structure:

  • The main.tf contains the instructions for setting up the Terraform provisions used for this template.
  • The instance_config.tf contains the instructions for creating and configuring the Log Analysis and Monitoring instances. It will also create the teams and assign the filtering to limit access to metrics, logs and activities based on the container tags. This file also contains the instructions to configure the logging and monitoring agents on the Kubernetes cluster leveraging a new resource in the IBM provider for Terraform ibm_ob_logging and ibm_ob_monitoring.
  • The app_install.tf contains the instructions to deploy the applications from the container registry to the Kubernetes cluster.
  • The variables.tf contain all of the input required by the Terraform template. Don’t modify this file, as the number of values that you need to modify is more limited. Use the config.tfvars to supply your values as described in the repository.
  • The scripts folder contains the various shell scripts that are invoked during the run of the Terraform template. As of this writing, the LogDNA provider for Terraform does not provide resources to create teams in Log Analysis or Activity Tracker, therefore the scripts are used to create the team leveraging the LogDNA REST APIs. A change is coming soon to add support for this capability in the provider and will be reflected in the repository once it becomes available.

After deploying the environment in the Activity Tracker, Monitoring and Log Analysis instances, the Infrastructure Engineer has a complete view of all metrics from the Kubernetes cluster.

Getting started

To get started, try our sample code on GitHub. Instructions are provided in the README.md to create and use this template. Start by identifying an existing Kubernetes cluster to use or create a new one via the IBM Cloud UI or CLI and then apply the template to create the services and the IAM policies. We also cover how to clean up resources when you no longer need them.

Questions and feedback

The GitHub repository for this scenario has an Issues tab where you can comment on the content and code. If you have suggestions or issues, please submit your feedback.

More from Cloud

Strengthening cybersecurity in life sciences with IBM and AWS

7 min read - Cloud is transforming the way life sciences organizations are doing business. Cloud computing offers the potential to redefine and personalize customer relationships, transform and optimize operations, improve governance and transparency, and expand business agility and capability. Leading life science companies are leveraging cloud for innovation around operational, revenue and business models. According to a report on mapping the cloud maturity curve from the EIU, 48% of industry executives said cloud has improved data access, analysis and utilization, 45% say cloud…

7 min read

Kubernetes version 1.27 now available in IBM Cloud Kubernetes Service

< 1 min read - We are excited to announce the availability of Kubernetes version 1.27 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 22nd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.25 (soon to be 1.26); you can also choose to immediately deploy version 1.27. Learn more about deploying clusters here. Kubernetes version 1.27 In…

< 1 min read

Redefining the consumer experience: Diageo partners with SAP and IBM on global digital transformation

3 min read - In an era of evolving consumer preferences and economic uncertainties, the beverage industry stands as a vibrant reflection of changing trends and shifting priorities. Despite the challenges posed by inflation and the cost-of-living crisis, a dichotomy has emerged in consumer behavior, where individuals untouched by the crisis continue to indulge in their favorite beverages, while those directly affected pivot towards more affordable luxuries, such as a bottle of something special. This intriguing juxtaposition highlights the resilient nature of consumers and…

3 min read

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

2 min read - IBM Cloud completed its 2023 independent review of IBM Cloud services and processes. The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services? IBM Cloud for Financial Services® is designed to build trust and enable a transparent public cloud ecosystem with features for security, compliance and…

2 min read