Merge branch 'dev'

Author: akhil27051999

.gitignore

@@ -23,3 +23,11 @@ vagrant/*.pem
 
 # ignore Vagrant state
 vagrant/.vagrant
+
+# ignore Terraform files
+.terraform/
+*.tfstate
+*.tfstate.backup
+*.tfvars
+*.pem
+*.key

k8s/promtail.yaml

@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: promtail-serviceaccount
+  namespace: observability
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: promtail-clusterrole
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - services
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: promtail-clusterrolebinding
+subjects:
+- kind: ServiceAccount
+  name: promtail-serviceaccount
+  namespace: observability
+roleRef:
+  kind: ClusterRole
+  name: promtail-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: promtail-config
+  namespace: observability
+data:
+  promtail.yaml: |
+    server:
+      http_listen_port: 9080
+      grpc_listen_port: 0
+    
+    positions:
+      filename: /tmp/positions.yaml
+    
+    clients:
+    - url: http://loki.observability.svc.cluster.local:3100/loki/api/v1/push
+    
+    scrape_configs:
+    # VERY SPECIFIC - Only Flask API logs
+    - job_name: flask-api-only
+      static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: flask-api
+          __path__: /var/log/pods/*student-api*flask-api*/*.log
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: promtail
+  namespace: observability
+  labels:
+    app: promtail
+spec:
+  selector:
+    matchLabels:
+      app: promtail
+  template:
+    metadata:
+      labels:
+        app: promtail
+    spec:
+      serviceAccountName: promtail-serviceaccount
+      hostNetwork: true
+      containers:
+      - name: promtail
+        image: grafana/promtail:2.8.0
+        args:
+        - -config.file=/etc/promtail/promtail.yaml
+        - -log.level=info
+        volumeMounts:
+        - name: config
+          mountPath: /etc/promtail
+        - name: positions
+          mountPath: /tmp
+        - name: logs
+          mountPath: /var/log
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "100m"
+        securityContext:
+          runAsUser: 0
+          runAsGroup: 0
+      volumes:
+      - name: config
+        configMap:
+          name: promtail-config
+      - name: positions
+        emptyDir: {}
+      - name: logs
+        hostPath:
+          path: /var/log
+      tolerations:
+      - operator: Exists

terraform/.terraform.lock.hcl

@@ -0,0 +1,206 @@
+# This block configures Terraform itself - it's like "settings" for how Terraform should run our code.
+# This prevents surprises and makes our infrastructure more reliable!
+
+terraform {
+    required_version = ">=1.0"
+    required_providers {
+        aws = {
+            source = "hashicorp/aws"
+            version = "~>5.0"
+        }
+    }
+}
+
+# AWS provider
+
+provider "aws" {
+    region = var.aws_region
+}
+
+# VPC
+
+resource "aws_vpc" "main" {
+    cidr_block = var.vpc_cidr
+    enable_dns_hostnames = true
+    enable_dns_support = true
+
+    tags = {
+        Name = "${var.project_name}-vpc"
+    }
+}
+
+# Internet Gateway
+
+resource "aws_internet_gateway" "main" {
+    vpc_id = aws_vpc.main.id
+
+    tags = {
+        Name = "${var.project_name}-igw"
+    }
+}
+
+# Public Subnet
+resource "aws_subnet" "public" {
+    vpc_id = aws_vpc.main.id
+    cidr_block = var.public_subnet_cidr
+    availability_zone = var.availability_zone
+    map_public_ip_on_launch = true
+
+    tags = {
+        Name = "${var.project_name}-public-subnet"
+    }
+}
+
+# Route Table for Public Subnet
+resource "aws_route_table" "public" {
+    vpc_id = aws_vpc.main.id
+
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = aws_internet_gateway.main.id
+    }
+
+    tags = {
+        Name = "${var.project_name}-public-rt"
+    }
+}
+
+# Route Table Association
+resource "aws_route_table_association" "public" {
+    subnet_id = aws_subnet.public.id
+    route_table_id = aws_route_table.public.id
+}
+
+# Security Group
+resource "aws_security_group" "api_server" {
+    name = "${var.project_name}-sg"
+    description = "Security group for API server"
+    vpc_id = aws_vpc.main.id
+
+    ingress {
+        description = "SSH"
+        from_port = 22
+        to_port = 22
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "HTTP"
+        from_port = 80
+        to_port = 80
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "HTTPS"
+        from_port = 443
+        to_port = 443
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    ingress {
+        description = "Kubernetes API"
+        from_port = 6443
+        to_port = 6443
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    egress {
+        from_port = 0
+        to_port = 0
+        protocol = "-1"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+
+    tags = {
+        Name = "${var.project_name}-sg"
+    }
+}
+
+# IAM Role for EC2
+
+resource "aws_iam_role" "ec2_role" {
+    name = "${var.project_name}-ec2-role"
+
+    assume_role_policy = jsonencode({
+        Version = "2012-10-17"
+        Statement = [
+            {
+                Action = "sts:AssumeRole"
+                Effect = "Allow"
+                Principal = {
+                    Service = "ec2.amazonaws.com"
+                }
+            }
+        ]
+
+    })
+
+    tags = {
+        Name = "${var.project_name}-ec2-role"
+    }
+}
+
+# IAM Role Policy Attachment
+
+resource "aws_iam_role_policy_attachment" "ec2_ssm" {
+    role = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_s3" {
+    role       = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_ecr" {
+    role       = aws_iam_role.ec2_role.name
+    policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
+# IAM Instance Profile
+
+resource "aws_iam_instance_profile" "ec2_profile" {
+    name = "${var.project_name}-ec2-profile"
+    role = aws_iam_role.ec2_role.name
+}
+
+# EC2 Instance
+
+resource "aws_instance" "api_server" {
+    ami = var.ami_id
+    instance_type = var.instance_type
+    key_name = var.key_name
+    subnet_id = aws_subnet.public.id
+    vpc_security_group_ids = [aws_security_group.api_server.id]
+    iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
+
+    root_block_device {
+        volume_type = "gp3"
+        volume_size = 50
+        encrypted = true
+    }
+
+    tags = {
+        Name = "${var.project_name}-api_server"
+    }
+
+    lifecycle {
+        ignore_changes = [ami]
+    }
+}
+
+# Elastic IP
+
+resource "aws_eip" "api_server" {
+    instance = aws_instance.api_server.id
+    domain = "vpc"
+
+    tags = {
+        Name = "${var.project_name}-eip"
+    }
+}

terraform/main.tf

@@ -0,0 +1,29 @@
+output "instance_public_ip" {
+  description = "Public IP address of the EC2 instance"
+  value       = aws_eip.api_server.public_ip
+}
+
+output "instance_id" {
+  description = "ID of the EC2 instance"
+  value       = aws_instance.api_server.id
+}
+
+output "ssh_connection_command" {
+  description = "SSH connection command"
+  value       = "ssh -i ${var.key_name}.pem ubuntu@${aws_eip.api_server.public_ip}"
+}
+
+output "vpc_id" {
+  description = "VPC ID"
+  value       = aws_vpc.main.id
+}
+
+# Remove the problematic next_steps output or fix it:
+output "next_steps" {
+  description = "Next steps after deployment"
+  value       = <<EOT
+Next steps:
+1. SSH to the instance: ssh -i ${var.key_name}.pem ubuntu@${aws_eip.api_server.public_ip}
+2. The instance is ready for Ansible configuration
+EOT
+}