From 4aa4e6107b81d27a4180398fd9fc54c2b3f1bd18 Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Tue, 26 Dec 2023 17:35:44 -0500 Subject: [PATCH] working gcp setup --- .gitignore | 2 + charts/runtime/Chart.yaml | 4 +- .../templates/deployment.yaml | 2 + .../templates/logtail.yaml | 13 -- .../templates/pki.yaml | 8 ++ .../runtime/templates/helmrepositories.yaml | 8 ++ charts/runtime/templates/issuer.yaml | 25 +++- charts/runtime/values.yaml | 5 +- clouds/aws/runtime.tf | 6 - providers/aws.tf | 10 +- providers/azure.tf | 12 ++ providers/gcp.tf | 6 + setup/main.tf | 26 ---- setup/variables.tf | 8 -- {clouds => terraform/clouds}/aws/eks.tf | 2 +- .../clouds}/aws/kubernetes.tf | 0 terraform/clouds/aws/locals.tf | 3 + .../vpc.tf => terraform/clouds/aws/network.tf | 0 {clouds => terraform/clouds}/aws/outputs.tf | 2 +- {clouds => terraform/clouds}/aws/postgres.tf | 2 +- .../clouds/aws/runtime.tf | 11 ++ {clouds => terraform/clouds}/aws/variables.tf | 12 +- {clouds => terraform/clouds}/azure/aks.tf | 2 +- terraform/clouds/azure/kubernetes.tf | 6 + {clouds => terraform/clouds}/azure/locals.tf | 1 + {clouds => terraform/clouds}/azure/network.tf | 0 {clouds => terraform/clouds}/azure/outputs.tf | 2 +- .../clouds}/azure/postgres.tf | 0 .../clouds}/azure/resource_group.tf | 0 {clouds => terraform/clouds}/azure/runtime.tf | 13 +- .../clouds}/azure/variables.tf | 10 ++ {clouds => terraform/clouds}/gcp/gke.tf | 21 ++- terraform/clouds/gcp/kubernetes.tf | 7 + terraform/clouds/gcp/locals.tf | 3 + {clouds => terraform/clouds}/gcp/network.tf | 0 {clouds => terraform/clouds}/gcp/outputs.tf | 2 +- {clouds => terraform/clouds}/gcp/postgres.tf | 14 +- {clouds => terraform/clouds}/gcp/runtime.tf | 13 +- terraform/clouds/gcp/services.tf | 96 ++++++++++++++ {clouds => terraform/clouds}/gcp/variables.tf | 15 +++ test/.terraform.lock.hcl | 122 ++++++++++++++++++ test/main.tf | 7 + test/provider.tf | 19 +++ 43 files changed, 430 insertions(+), 90 deletions(-) delete mode 100644 charts/runtime/charts/plural-certmanager-webhook/templates/logtail.yaml delete mode 100644 clouds/aws/runtime.tf delete mode 100644 setup/main.tf delete mode 100644 setup/variables.tf rename {clouds => terraform/clouds}/aws/eks.tf (93%) rename {clouds => terraform/clouds}/aws/kubernetes.tf (100%) create mode 100644 terraform/clouds/aws/locals.tf rename clouds/aws/vpc.tf => terraform/clouds/aws/network.tf (100%) rename {clouds => terraform/clouds}/aws/outputs.tf (59%) rename {clouds => terraform/clouds}/aws/postgres.tf (97%) rename clouds/aws/addons.tf => terraform/clouds/aws/runtime.tf (81%) rename {clouds => terraform/clouds}/aws/variables.tf (75%) rename {clouds => terraform/clouds}/azure/aks.tf (90%) create mode 100644 terraform/clouds/azure/kubernetes.tf rename {clouds => terraform/clouds}/azure/locals.tf (57%) rename {clouds => terraform/clouds}/azure/network.tf (100%) rename {clouds => terraform/clouds}/azure/outputs.tf (61%) rename {clouds => terraform/clouds}/azure/postgres.tf (100%) rename {clouds => terraform/clouds}/azure/resource_group.tf (100%) rename {clouds => terraform/clouds}/azure/runtime.tf (56%) rename {clouds => terraform/clouds}/azure/variables.tf (79%) rename {clouds => terraform/clouds}/gcp/gke.tf (59%) create mode 100644 terraform/clouds/gcp/kubernetes.tf create mode 100644 terraform/clouds/gcp/locals.tf rename {clouds => terraform/clouds}/gcp/network.tf (100%) rename {clouds => terraform/clouds}/gcp/outputs.tf (60%) rename {clouds => terraform/clouds}/gcp/postgres.tf (80%) rename {clouds => terraform/clouds}/gcp/runtime.tf (52%) create mode 100644 terraform/clouds/gcp/services.tf rename {clouds => terraform/clouds}/gcp/variables.tf (77%) create mode 100644 test/.terraform.lock.hcl create mode 100644 test/main.tf create mode 100644 test/provider.tf diff --git a/.gitignore b/.gitignore index 9b8a46e..c13c434 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc + +helm-values \ No newline at end of file diff --git a/charts/runtime/Chart.yaml b/charts/runtime/Chart.yaml index 98f8ef8..18a7c00 100644 --- a/charts/runtime/Chart.yaml +++ b/charts/runtime/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: runtime description: Sets up the basic dependencies needed to get a network stack running type: application -version: 0.1.2 -appVersion: "1.16.0" +version: 0.1.3 +appVersion: "0.1.0" dependencies: - name: external-dns version: 6.14.5 diff --git a/charts/runtime/charts/plural-certmanager-webhook/templates/deployment.yaml b/charts/runtime/charts/plural-certmanager-webhook/templates/deployment.yaml index 6848e3a..04b5f11 100644 --- a/charts/runtime/charts/plural-certmanager-webhook/templates/deployment.yaml +++ b/charts/runtime/charts/plural-certmanager-webhook/templates/deployment.yaml @@ -7,6 +7,8 @@ metadata: chart: {{ include "plural-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/runtime/charts/plural-certmanager-webhook/templates/logtail.yaml b/charts/runtime/charts/plural-certmanager-webhook/templates/logtail.yaml deleted file mode 100644 index 27d3de1..0000000 --- a/charts/runtime/charts/plural-certmanager-webhook/templates/logtail.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.plural.sh/v1alpha1 -kind: LogTail -metadata: - name: plural-webhook - labels: - app: {{ include "plural-webhook.name" . }} - chart: {{ include "plural-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - limit: 50 - target: deployment/{{ include "plural-webhook.fullname" . }} - follow: true \ No newline at end of file diff --git a/charts/runtime/charts/plural-certmanager-webhook/templates/pki.yaml b/charts/runtime/charts/plural-certmanager-webhook/templates/pki.yaml index 3d40432..dd16453 100644 --- a/charts/runtime/charts/plural-certmanager-webhook/templates/pki.yaml +++ b/charts/runtime/charts/plural-certmanager-webhook/templates/pki.yaml @@ -11,6 +11,8 @@ metadata: chart: {{ include "plural-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade spec: selfSigned: {} @@ -27,6 +29,8 @@ metadata: chart: {{ include "plural-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade spec: secretName: {{ include "plural-webhook.rootCACertificate" . }} duration: 43800h # 5y @@ -48,6 +52,8 @@ metadata: chart: {{ include "plural-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade spec: ca: secretName: {{ include "plural-webhook.rootCACertificate" . }} @@ -65,6 +71,8 @@ metadata: chart: {{ include "plural-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade spec: secretName: {{ include "plural-webhook.servingCertificate" . }} duration: 8760h # 1y diff --git a/charts/runtime/templates/helmrepositories.yaml b/charts/runtime/templates/helmrepositories.yaml index bd99ce2..a2a004c 100644 --- a/charts/runtime/templates/helmrepositories.yaml +++ b/charts/runtime/templates/helmrepositories.yaml @@ -2,6 +2,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: bitnami + annotations: + "helm.sh/hook": post-install,post-upgrade spec: interval: 5m0s type: oci @@ -11,6 +13,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: flagger + annotations: + "helm.sh/hook": post-install,post-upgrade spec: interval: 5m0s url: https://flagger.app @@ -19,6 +23,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: console + annotations: + "helm.sh/hook": post-install,post-upgrade spec: interval: 5m0s url: https://pluralsh.github.io/console @@ -27,6 +33,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: bootstrap + annotations: + "helm.sh/hook": post-install,post-upgrade spec: interval: 5m0s url: https://pluralsh.github.io/bootstrap diff --git a/charts/runtime/templates/issuer.yaml b/charts/runtime/templates/issuer.yaml index 71fc909..cf0f1b9 100644 --- a/charts/runtime/templates/issuer.yaml +++ b/charts/runtime/templates/issuer.yaml @@ -2,13 +2,35 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-staging + annotations: + "helm.sh/hook": post-install,post-upgrade spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer +metadata: + name: letsencrypt-prod + annotations: + "helm.sh/hook": post-install,post-upgrade +spec: + acme: + email: {{ .Values.ownerEmail }} + server: {{ .Values.letsencryptServer }} + privateKeySecretRef: + name: letsencryt-prod-key + solvers: + - http01: + ingress: + ingressClassName: nginx +{{ if and .Values.acmeEAB.kid .Values.dnsSolver }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer metadata: name: plural + annotations: + "helm.sh/hook": post-install,post-upgrade spec: acme: # You must replace this email address with your own. @@ -30,4 +52,5 @@ spec: # Add a single challenge solver, dns01, configured using the appropriate cloud dns setup solvers: - dns01: - {{ .Values.dnsSolver | toYaml | nindent 8 }} \ No newline at end of file + {{ .Values.dnsSolver | toYaml | nindent 8 }} +{{ end }} \ No newline at end of file diff --git a/charts/runtime/values.yaml b/charts/runtime/values.yaml index 20eca1f..08d0e77 100644 --- a/charts/runtime/values.yaml +++ b/charts/runtime/values.yaml @@ -21,6 +21,7 @@ external-dns: ownerEmail: someone@example.com acmeServer: https://acme.zerossl.com/v2/DV90 +letsencryptServer: https://acme-v02.api.letsencrypt.org/directory dnsSolver: webhook: @@ -116,7 +117,7 @@ ingress-nginx: prometheus.io/path: "/metrics" prometheus.io/scheme: http serviceMonitor: - enabled: true + enabled: false prometheusRule: enabled: false @@ -188,7 +189,7 @@ ingress-nginx-private: prometheus.io/path: "/metrics" prometheus.io/scheme: http serviceMonitor: - enabled: true + enabled: false prometheusRule: enabled: false diff --git a/clouds/aws/runtime.tf b/clouds/aws/runtime.tf deleted file mode 100644 index 58c1b5d..0000000 --- a/clouds/aws/runtime.tf +++ /dev/null @@ -1,6 +0,0 @@ - -module "runtime" { - count = var.install_runtime ? 1 : 0 - source = "../../setup" - cluster_endpoint = module.aks.cluster_fqdn -} \ No newline at end of file diff --git a/providers/aws.tf b/providers/aws.tf index b8d69e4..495601a 100644 --- a/providers/aws.tf +++ b/providers/aws.tf @@ -1,6 +1,12 @@ terraform { required_version = ">= 1.0" + backend "s3" { + bucket = "{{ .Bucket }}" + key = "{{ .Cluster }}/terraform.tfstate" + region = "{{ .Region }}" + } + required_providers { aws = { source = "hashicorp/aws" @@ -22,5 +28,5 @@ terraform { } provider "aws" { - region = "us-east-2" -} \ No newline at end of file + region = "{{ .Region }}" +} diff --git a/providers/azure.tf b/providers/azure.tf index 2ac5853..8975819 100644 --- a/providers/azure.tf +++ b/providers/azure.tf @@ -1,5 +1,13 @@ terraform { required_version = ">=1.3" + + backend "azurerm" { + storage_account_name = "{{ .Context.StorageAccount }}" + resource_group_name = "{{ .Project }}" + container_name = "{{ .Bucket }}" + key = "{{ .Cluster }}/terraform.tfstate" + } + required_providers { azurerm = { source = "hashicorp/azurerm" @@ -9,6 +17,10 @@ terraform { source = "anschoewe/curl" version = "1.0.2" } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.10" + } random = { source = "hashicorp/random" version = "3.3.2" diff --git a/providers/gcp.tf b/providers/gcp.tf index 949a0fb..6f4e525 100644 --- a/providers/gcp.tf +++ b/providers/gcp.tf @@ -1,10 +1,16 @@ terraform { + backend "gcs" { + bucket = "{{ .Bucket }}" + prefix = "{{ .Cluster }}/bootstrap" + } + required_providers { google = { source = "hashicorp/google" } kubernetes = { source = "hashicorp/kubernetes" + version = ">= 2.10" } random = { source = "hashicorp/random" diff --git a/setup/main.tf b/setup/main.tf deleted file mode 100644 index 677c06d..0000000 --- a/setup/main.tf +++ /dev/null @@ -1,26 +0,0 @@ - -resource "kubernetes_namespace" "plural-runtime" { - metadata { - name = "plural-runtime" - labels = { - "app.kubernetes.io/managed-by" = "plural" - "app.plural.sh/name" = "runtime" - } - } - - depends_on = [ var.cluster_endpoint ] -} - -provider "helm" {} - -resource "helm_release" "runtime" { - name = "runtime" - namespace = "plural-runtime" - chart = "../charts/runtime" - timeout = 1200 - values = [ - file(var.values_file) - ] - - depends_on = [ kubernetes_namespace.plural-runtime.id ] -} \ No newline at end of file diff --git a/setup/variables.tf b/setup/variables.tf deleted file mode 100644 index 1fc0c3c..0000000 --- a/setup/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "values_file" { - type = string - default = "../../helm-values/runtime.yaml" -} - -variable "cluster_endpoint" { - type = string -} \ No newline at end of file diff --git a/clouds/aws/eks.tf b/terraform/clouds/aws/eks.tf similarity index 93% rename from clouds/aws/eks.tf rename to terraform/clouds/aws/eks.tf index 564d17b..4534d36 100644 --- a/clouds/aws/eks.tf +++ b/terraform/clouds/aws/eks.tf @@ -3,7 +3,7 @@ module "eks" { version = "~> 19.0" cluster_name = var.cluster_name - cluster_version = var.cluster_version + cluster_version = var.kubernetes_version cluster_endpoint_public_access = var.public diff --git a/clouds/aws/kubernetes.tf b/terraform/clouds/aws/kubernetes.tf similarity index 100% rename from clouds/aws/kubernetes.tf rename to terraform/clouds/aws/kubernetes.tf diff --git a/terraform/clouds/aws/locals.tf b/terraform/clouds/aws/locals.tf new file mode 100644 index 0000000..fc8b777 --- /dev/null +++ b/terraform/clouds/aws/locals.tf @@ -0,0 +1,3 @@ +locals { + db_url = format("postgresql://console:%s@%s:5432/console", random_password.password.result, module.db.db_instance_address) +} \ No newline at end of file diff --git a/clouds/aws/vpc.tf b/terraform/clouds/aws/network.tf similarity index 100% rename from clouds/aws/vpc.tf rename to terraform/clouds/aws/network.tf diff --git a/clouds/aws/outputs.tf b/terraform/clouds/aws/outputs.tf similarity index 59% rename from clouds/aws/outputs.tf rename to terraform/clouds/aws/outputs.tf index 21d01f0..2305bf4 100644 --- a/clouds/aws/outputs.tf +++ b/terraform/clouds/aws/outputs.tf @@ -12,6 +12,6 @@ output "db" { } output "db_url" { - value = format("postgresql://console:%s@%s:5432/console", random_password.password.result, module.db.db_instance_address) + value = local.db_url sensitive = true } \ No newline at end of file diff --git a/clouds/aws/postgres.tf b/terraform/clouds/aws/postgres.tf similarity index 97% rename from clouds/aws/postgres.tf rename to terraform/clouds/aws/postgres.tf index 0e5f3c8..42bbd80 100644 --- a/clouds/aws/postgres.tf +++ b/terraform/clouds/aws/postgres.tf @@ -48,7 +48,7 @@ module "db" { ] # Database Deletion Protection - deletion_protection = true + deletion_protection = var.deletion_protection } module "security_group" { diff --git a/clouds/aws/addons.tf b/terraform/clouds/aws/runtime.tf similarity index 81% rename from clouds/aws/addons.tf rename to terraform/clouds/aws/runtime.tf index 65cc6a4..b5f1561 100644 --- a/clouds/aws/addons.tf +++ b/terraform/clouds/aws/runtime.tf @@ -34,4 +34,15 @@ module "eks_blueprints_addons" { enable_aws_load_balancer_controller = true enable_cluster_proportional_autoscaler = true enable_metrics_server = true +} + +resource "helm_release" "runtime" { + name = "runtime" + namespace = "plural-runtime" + chart = "../../../charts/runtime" + create_namespace = true + timeout = 300 + values = [ + file(var.runtime_values_file) + ] } \ No newline at end of file diff --git a/clouds/aws/variables.tf b/terraform/clouds/aws/variables.tf similarity index 75% rename from clouds/aws/variables.tf rename to terraform/clouds/aws/variables.tf index f6fe77d..649a468 100644 --- a/clouds/aws/variables.tf +++ b/terraform/clouds/aws/variables.tf @@ -3,7 +3,7 @@ variable "cluster_name" { default = "plural" } -variable "cluster_version" { +variable "kubernetes_version" { type = string default = "1.27" } @@ -36,4 +36,14 @@ variable "public_subnets" { variable "install_runtime" { type = bool default = true +} + +variable "deletion_protection" { + type = bool + default = true +} + +variable "runtime_values_file" { + type = string + default = "../../helm-values/runtime.yaml" } \ No newline at end of file diff --git a/clouds/azure/aks.tf b/terraform/clouds/azure/aks.tf similarity index 90% rename from clouds/azure/aks.tf rename to terraform/clouds/azure/aks.tf index 2bf1b7a..d41f37e 100644 --- a/clouds/azure/aks.tf +++ b/terraform/clouds/azure/aks.tf @@ -2,7 +2,7 @@ module "aks" { source = "Azure/aks/azurerm" version = "7.5.0" - kubernetes_version = "1.27.3" + kubernetes_version = var.kubernetes_version cluster_name = var.cluster_name resource_group_name = local.resource_group.name os_disk_size_gb = 60 diff --git a/terraform/clouds/azure/kubernetes.tf b/terraform/clouds/azure/kubernetes.tf new file mode 100644 index 0000000..c99c595 --- /dev/null +++ b/terraform/clouds/azure/kubernetes.tf @@ -0,0 +1,6 @@ +provider "kubernetes" { + host = module.aks.cluster_fqdn + cluster_ca_certificate = base64decode(module.aks.cluster_ca_certificate) + client_certificate = base64decode(module.aks.client_certificate) + client_key = base64decode(module.aks.client_key) +} \ No newline at end of file diff --git a/clouds/azure/locals.tf b/terraform/clouds/azure/locals.tf similarity index 57% rename from clouds/azure/locals.tf rename to terraform/clouds/azure/locals.tf index c15976a..04dc0cc 100644 --- a/clouds/azure/locals.tf +++ b/terraform/clouds/azure/locals.tf @@ -4,4 +4,5 @@ locals { name = var.create_resource_group ? azurerm_resource_group.main[0].name : var.resource_group_name location = var.location } + db_url = format("postgresql://console:%s@%s:5432/console", random_password.password.result, module.postgresql.server_fqdn) } \ No newline at end of file diff --git a/clouds/azure/network.tf b/terraform/clouds/azure/network.tf similarity index 100% rename from clouds/azure/network.tf rename to terraform/clouds/azure/network.tf diff --git a/clouds/azure/outputs.tf b/terraform/clouds/azure/outputs.tf similarity index 61% rename from clouds/azure/outputs.tf rename to terraform/clouds/azure/outputs.tf index b2c9284..56850c6 100644 --- a/clouds/azure/outputs.tf +++ b/terraform/clouds/azure/outputs.tf @@ -11,6 +11,6 @@ output "db" { } output "db_url" { - value = format("postgresql://console:%s@%s:5432/console", random_password.password.result, module.postgresql.server_fqdn) + value = local.db_url sensitive = true } \ No newline at end of file diff --git a/clouds/azure/postgres.tf b/terraform/clouds/azure/postgres.tf similarity index 100% rename from clouds/azure/postgres.tf rename to terraform/clouds/azure/postgres.tf diff --git a/clouds/azure/resource_group.tf b/terraform/clouds/azure/resource_group.tf similarity index 100% rename from clouds/azure/resource_group.tf rename to terraform/clouds/azure/resource_group.tf diff --git a/clouds/azure/runtime.tf b/terraform/clouds/azure/runtime.tf similarity index 56% rename from clouds/azure/runtime.tf rename to terraform/clouds/azure/runtime.tf index 8f1fd72..12391ae 100644 --- a/clouds/azure/runtime.tf +++ b/terraform/clouds/azure/runtime.tf @@ -7,8 +7,13 @@ provider "helm" { } } -module "runtime" { - count = var.install_runtime ? 1 : 0 - source = "../../setup" - cluster_endpoint = module.aks.cluster_fqdn +resource "helm_release" "runtime" { + name = "runtime" + namespace = "plural-runtime" + chart = "../../../charts/runtime" + create_namespace = true + timeout = 300 + values = [ + file(var.runtime_values_file) + ] } \ No newline at end of file diff --git a/clouds/azure/variables.tf b/terraform/clouds/azure/variables.tf similarity index 79% rename from clouds/azure/variables.tf rename to terraform/clouds/azure/variables.tf index 3111adc..37b3190 100644 --- a/clouds/azure/variables.tf +++ b/terraform/clouds/azure/variables.tf @@ -3,6 +3,11 @@ variable "cluster_name" { default = "plural" } +variable "kubernetes_version" { + type = string + default = "1.27.3" +} + variable "create_resource_group" { type = bool default = true @@ -41,4 +46,9 @@ variable "postgres_name" { variable "install_runtime" { type = bool default = true +} + +variable "runtime_values_file" { + type = string + default = "../../helm-values/runtime.yaml" } \ No newline at end of file diff --git a/clouds/gcp/gke.tf b/terraform/clouds/gcp/gke.tf similarity index 59% rename from clouds/gcp/gke.tf rename to terraform/clouds/gcp/gke.tf index 2572165..04639dc 100644 --- a/clouds/gcp/gke.tf +++ b/terraform/clouds/gcp/gke.tf @@ -1,17 +1,8 @@ - -data "google_client_config" "default" {} - -provider "kubernetes" { - host = "https://${module.gke.endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(module.gke.ca_certificate) -} - module "gke" { source = "terraform-google-modules/kubernetes-engine/google" version = "~> 29.0" - kubernetes_version = "1.27.4-gke.900" + kubernetes_version = var.kubernetes_version project_id = var.project_id name = var.cluster_name regional = true @@ -21,5 +12,13 @@ module "gke" { ip_range_pods = var.ip_range_pods_name ip_range_services = var.ip_range_services_name create_service_account = true - deletion_protection = true + deletion_protection = var.deletion_protection + + depends_on = [ + google_project_service.gcr, + google_project_service.container, + google_project_service.iam, + google_project_service.storage, + google_project_service.dns, + ] } \ No newline at end of file diff --git a/terraform/clouds/gcp/kubernetes.tf b/terraform/clouds/gcp/kubernetes.tf new file mode 100644 index 0000000..6b53c1d --- /dev/null +++ b/terraform/clouds/gcp/kubernetes.tf @@ -0,0 +1,7 @@ +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} \ No newline at end of file diff --git a/terraform/clouds/gcp/locals.tf b/terraform/clouds/gcp/locals.tf new file mode 100644 index 0000000..e43d9f8 --- /dev/null +++ b/terraform/clouds/gcp/locals.tf @@ -0,0 +1,3 @@ +locals { + db_url = format("postgresql://console:%s@%s:5432/plural", random_password.password.result, module.pg.dns_name) +} \ No newline at end of file diff --git a/clouds/gcp/network.tf b/terraform/clouds/gcp/network.tf similarity index 100% rename from clouds/gcp/network.tf rename to terraform/clouds/gcp/network.tf diff --git a/clouds/gcp/outputs.tf b/terraform/clouds/gcp/outputs.tf similarity index 60% rename from clouds/gcp/outputs.tf rename to terraform/clouds/gcp/outputs.tf index f6cc898..297833e 100644 --- a/clouds/gcp/outputs.tf +++ b/terraform/clouds/gcp/outputs.tf @@ -11,6 +11,6 @@ output "db" { } output "db_url" { - value = format("postgresql://console:%s@%s:5432/plural", random_password.password.result, module.pg.dns_name) + value = local.db_url sensitive = true } \ No newline at end of file diff --git a/clouds/gcp/postgres.tf b/terraform/clouds/gcp/postgres.tf similarity index 80% rename from clouds/gcp/postgres.tf rename to terraform/clouds/gcp/postgres.tf index 3d44722..6542d54 100644 --- a/clouds/gcp/postgres.tf +++ b/terraform/clouds/gcp/postgres.tf @@ -23,7 +23,7 @@ module "pg" { maintenance_window_hour = 12 maintenance_window_update_track = "stable" - deletion_protection = true + deletion_protection = var.deletion_protection database_flags = [{ name = "autovacuum", value = "on" }] @@ -32,9 +32,10 @@ module "pg" { } ip_configuration = { - ipv4_enabled = true - private_network = module.gcp-subnetwork.network_id - require_ssl = true + ipv4_enabled = false + psc_enabled = true + psc_allowed_consumer_projects = [var.project_id] + require_ssl = true } backup_configuration = { @@ -53,4 +54,9 @@ module "pg" { user_name = "console" user_password = random_password.password.result + + depends_on = [ + google_project_service.sql, + google_project_service.servicenetworking + ] } \ No newline at end of file diff --git a/clouds/gcp/runtime.tf b/terraform/clouds/gcp/runtime.tf similarity index 52% rename from clouds/gcp/runtime.tf rename to terraform/clouds/gcp/runtime.tf index 9a06fb7..e7873ef 100644 --- a/clouds/gcp/runtime.tf +++ b/terraform/clouds/gcp/runtime.tf @@ -8,8 +8,13 @@ provider "helm" { } } -module "runtime" { - count = var.install_runtime ? 1 : 0 - source = "../../setup" - cluster_endpoint = module.aks.cluster_fqdn +resource "helm_release" "runtime" { + name = "runtime" + namespace = "plural-runtime" + chart = "${path.module}/../../../charts/runtime" + create_namespace = true + timeout = 300 + values = [ + file(var.runtime_values_file) + ] } \ No newline at end of file diff --git a/terraform/clouds/gcp/services.tf b/terraform/clouds/gcp/services.tf new file mode 100644 index 0000000..7ea2f27 --- /dev/null +++ b/terraform/clouds/gcp/services.tf @@ -0,0 +1,96 @@ +# annoyingly need to ensure these are enabled +resource "google_project_service" "gcr" { + project = var.project_id + service = "artifactregistry.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "container" { + project = var.project_id + service = "container.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "iam" { + project = var.project_id + service = "iam.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "storage" { + project = var.project_id + service = "storage.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "dns" { + project = var.project_id + service = "dns.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "compute" { + project = var.project_id + service = "compute.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "sql" { + project = var.project_id + service = "sqladmin.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} + +resource "google_project_service" "servicenetworking" { + project = var.project_id + service = "servicenetworking.googleapis.com" + + timeouts { + create = "30m" + update = "40m" + } + + disable_on_destroy = false +} \ No newline at end of file diff --git a/clouds/gcp/variables.tf b/terraform/clouds/gcp/variables.tf similarity index 77% rename from clouds/gcp/variables.tf rename to terraform/clouds/gcp/variables.tf index e148684..1fe7eab 100644 --- a/clouds/gcp/variables.tf +++ b/terraform/clouds/gcp/variables.tf @@ -3,6 +3,16 @@ variable "cluster_name" { default = "plural" } +variable "deletion_protection" { + type = bool + default = true +} + +variable "kubernetes_version" { + type = string + default = "1.27.3-gke.100" +} + variable "project_id" { type = string } @@ -40,4 +50,9 @@ variable "db_name" { variable "install_runtime" { type = bool default = true +} + +variable "runtime_values_file" { + type = string + default = "../../helm-values/runtime.yaml" } \ No newline at end of file diff --git a/test/.terraform.lock.hcl b/test/.terraform.lock.hcl new file mode 100644 index 0000000..343428a --- /dev/null +++ b/test/.terraform.lock.hcl @@ -0,0 +1,122 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "5.10.0" + constraints = ">= 3.33.0, >= 3.83.0, >= 4.25.0, >= 4.64.0, >= 4.80.0, >= 5.0.0, < 6.0.0" + hashes = [ + "h1:upxt/hLnX1r+yyYTF1zA0Lx3xoTHTtkYF3VjWBr1W4s=", + "zh:0f6a1feb5b3a128be6ef5fe0400ed800310a67e799c18aec7442161bb6d3ba36", + "zh:13d591ba78e424c94ce5caaf176ab6b087b0e3af08a7b6bcd963673698cdefda", + "zh:3bef54a2b24b06eef99f3df02e0fe4ac97f018c89f83e0faeb4ade921962565b", + "zh:3f3755b8f5b9db1611d42a02c21f03c54577e4aad3cf93323792f131c671c050", + "zh:61516eec734714ac48b565bee93cc2532160d1b4bd0320753799b829083b7060", + "zh:9160848ad0b9becb522a0744dcb89474849906aa2436ed945c658fe201a724b0", + "zh:aa5e79b01949cfedd874bf52958f90cf8f7d202600126c872127a9a156a3c17b", + "zh:cef73a67031008b7d7ef3edfbcd5e1a9b04c0f2580d815401248025b741bc8e4", + "zh:d2ad21ff9e9d2ad04146591c1b5784075e6df73e2bd243efd8d227d764b80b6e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f58b145081d20bce52e14bee0de73f5c018bc39b8c4736e23e1329df32f8bd45", + "zh:fb82f6b5d1f992243ab8fe417659cdf9831202cf1e16fe7593d3967888b035cc", + ] +} + +provider "registry.terraform.io/hashicorp/google-beta" { + version = "5.10.0" + constraints = ">= 4.64.0, >= 4.80.0, < 6.0.0" + hashes = [ + "h1:FbQG6/zQoZsAmErPjaDsu6snwopIKc9LqrLipyxgiPk=", + "zh:1004ac3733679254abcc7f5e9d594d9ee079cf071391a92f82b50077e07c70b5", + "zh:1e25af33d20b6ab369860d5b7c746b4a3b3dccc061b14dde91b6ccccfe704cc4", + "zh:2873a614a1dc1c460246edc95a558ad9befedf93490a0204bee8fb95362813cc", + "zh:2f421e13247b3822ef3c2e07e1aee948116a5064c386466a53fb72486daded20", + "zh:517c13cd146d3451789da8f13cbfa5355c3e88456cf762ad3918dada84a5f261", + "zh:56553ae44f4089f5149551714daaf3c97205d4638dd93b0675ed777476d56048", + "zh:6925a07bcb9ab70faa84bf36f87990025e3f9cd6c8cfab5260877f60086c8161", + "zh:72454b65ee4a24896d215f7f7af41e31336865c86d6c20ea4acb63596e75ac0d", + "zh:8b05f8a6ff51999bf65e3127618931647a00bc9abf739f0711151e4145cae3d5", + "zh:a3b7d3b39740088174d121bc7e4e3ce27da0ebf0c87877f8fce9277b0046c75b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fe2af4fcda1b45d73ef8b8c728c150e00d1a4d5c0323b30d7d43c6f24ed78bcb", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.12.1" + constraints = "2.12.1" + hashes = [ + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.24.0" + constraints = "~> 2.10" + hashes = [ + "h1:8Ov9r+eCpuqY9LNjG3I8vKT0hX/FkyzuDxQySZVt9i4=", + "zh:0ed83ec390a7e75c4990ebce698f14234de2b6204ed9a01cd042bb7ea5f26564", + "zh:195150e4fdab259c70088528006f4604557a051e037ebe8de64e92840f27e40a", + "zh:1a334af55f7a74adf033eb871c9fe7e9e648b41ab84321114ef4ca0e7a34fba6", + "zh:1ef68c3832691de21a61bf1a4e268123f3e08850712eda0b893cac908a0d1bc1", + "zh:44a1c58e5a6646e62b0bad653319c245f3b635dd03554dea2707a38f553e4a52", + "zh:54b5b374c4386f7f05b3fe986f9cb57bde4beab3bdf6ee33444f2b9a81b8af64", + "zh:aa8c2687ab784b72f8cdad8d3c3673dea83b33561e7b3f2d287ef0d06ff2a9e5", + "zh:e6ecba0503052ef3ad49ad56e17b2a73d9b55e30fcb82b040189d281e25e1a3b", + "zh:f105393f6487d3eb1f1636ba42d10c82950ddfef852244c1bca8d526fa23a9a3", + "zh:f17a8f1914ec66d80ccacecd40123362cf093abee3d3aa1ff9f8f687d8736f85", + "zh:f394b12ef01fa0bdf666a43ad152eb3890134f35e635ea056b18771c292de46e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = "~> 3.1" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.3.2" + constraints = ">= 2.1.0, ~> 3.1, 3.3.2" + hashes = [ + "h1:YChjos7Hrvr2KgTc9GzQ+de/QE2VLAeRJgxFemnCltU=", + "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", + "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", + "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", + "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", + "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", + "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", + "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", + "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", + "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", + "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", + ] +} diff --git a/test/main.tf b/test/main.tf new file mode 100644 index 0000000..7046178 --- /dev/null +++ b/test/main.tf @@ -0,0 +1,7 @@ +module "gcp" { + source = "../terraform/clouds/gcp" + project_id = "pluralsh-test-384515" + cluster_name = "bootstrap-test" + runtime_values_file = "../helm-values/runtime.yaml" + deletion_protection = false +} diff --git a/test/provider.tf b/test/provider.tf new file mode 100644 index 0000000..949a0fb --- /dev/null +++ b/test/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + random = { + source = "hashicorp/random" + version = "3.3.2" + } + helm = { + source = "hashicorp/helm" + version = "2.12.1" + } + } + required_version = ">= 0.13" +} \ No newline at end of file