From 11f491e2a314a4ba9cb9bec5149123c61ab1f2fa Mon Sep 17 00:00:00 2001 From: Michael Barroco Date: Fri, 22 Dec 2023 01:07:58 +0100 Subject: [PATCH] Use public module and remove connection to kube and helm --- .github/workflows/dss-deploy.yml | 2 +- .../modules/terraform-aws-dss/main.tf | 1 - .../modules/terraform-aws-dss/output.tf | 11 +++- deploy/operations/Dockerfile | 2 + .../ci/aws-1/kubernetes_admin_access.tf | 4 +- deploy/operations/ci/aws-1/main.tf | 52 +++++-------------- deploy/operations/ci/aws-1/output.tf | 8 +-- deploy/operations/ci/aws-1/providers.tf | 24 --------- deploy/operations/ci/aws-1/test.sh | 7 +-- 9 files changed, 37 insertions(+), 74 deletions(-) diff --git a/.github/workflows/dss-deploy.yml b/.github/workflows/dss-deploy.yml index 787d28fdc..f7fe7a889 100644 --- a/.github/workflows/dss-deploy.yml +++ b/.github/workflows/dss-deploy.yml @@ -45,4 +45,4 @@ jobs: env: COMPOSE_PROFILES: aws-1 run: | - docker compose up --exit-code-from ci-aws-1 + docker compose up --exit-code-from ci-aws-1 || docker-compose logs -n 100 ci-aws-1 diff --git a/deploy/infrastructure/modules/terraform-aws-dss/main.tf b/deploy/infrastructure/modules/terraform-aws-dss/main.tf index 0099d214b..fdf906cf8 100644 --- a/deploy/infrastructure/modules/terraform-aws-dss/main.tf +++ b/deploy/infrastructure/modules/terraform-aws-dss/main.tf @@ -6,7 +6,6 @@ module "terraform-aws-kubernetes" { crdb_hostname_suffix = var.crdb_hostname_suffix aws_instance_type = var.aws_instance_type aws_route53_zone_id = var.aws_route53_zone_id - aws_iam_path = var.aws_iam_path aws_iam_permissions_boundary = var.aws_iam_permissions_boundary node_count = var.node_count diff --git a/deploy/infrastructure/modules/terraform-aws-dss/output.tf b/deploy/infrastructure/modules/terraform-aws-dss/output.tf index 4b0fceb15..4ab65ab50 100644 --- a/deploy/infrastructure/modules/terraform-aws-dss/output.tf +++ b/deploy/infrastructure/modules/terraform-aws-dss/output.tf @@ -6,10 +6,19 @@ output "gateway_address" { value = module.terraform-aws-kubernetes.gateway_address } +output "iam_role_node_group_arn" { + value = module.terraform-aws-kubernetes.iam_role_node_group_arn +} + output "generated_files_location" { value = module.terraform-commons-dss.generated_files_location } +output "workspace_location" { + value = module.terraform-commons-dss.workspace_location +} + output "cluster_context" { value = module.terraform-aws-kubernetes.kubernetes_context_name -} \ No newline at end of file +} + diff --git a/deploy/operations/Dockerfile b/deploy/operations/Dockerfile index 3d7eb0e2f..130fb0474 100644 --- a/deploy/operations/Dockerfile +++ b/deploy/operations/Dockerfile @@ -18,6 +18,8 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv && rm awscliv2.zip \ && ./aws/install +RUN aws --version + # Kubectl && Helm RUN curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null \ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list \ diff --git a/deploy/operations/ci/aws-1/kubernetes_admin_access.tf b/deploy/operations/ci/aws-1/kubernetes_admin_access.tf index 9de035e53..8a6c10899 100644 --- a/deploy/operations/ci/aws-1/kubernetes_admin_access.tf +++ b/deploy/operations/ci/aws-1/kubernetes_admin_access.tf @@ -16,7 +16,7 @@ resource "local_file" "aws-auth-config-map" { "system:bootstrappers", "system:nodes" ] - rolearn = module.terraform-aws-kubernetes.iam_role_node_group_arn + rolearn = module.terraform-aws-dss.iam_role_node_group_arn username = "system:node:{{EC2PrivateDNSName}}" }, { @@ -37,5 +37,5 @@ resource "local_file" "aws-auth-config-map" { } }) - filename = "${module.terraform-commons-dss.workspace_location}/aws_auth_config_map.yml" + filename = "${module.terraform-aws-dss.workspace_location}/aws_auth_config_map.yml" } diff --git a/deploy/operations/ci/aws-1/main.tf b/deploy/operations/ci/aws-1/main.tf index 159d949bb..3b0fee971 100644 --- a/deploy/operations/ci/aws-1/main.tf +++ b/deploy/operations/ci/aws-1/main.tf @@ -6,46 +6,22 @@ terraform { } } -module "terraform-aws-kubernetes" { - # See variables.tf for variables description. - cluster_name = var.cluster_name - aws_region = var.aws_region +module "terraform-aws-dss" { + source = "../../../infrastructure/modules/terraform-aws-dss" + app_hostname = var.app_hostname - crdb_hostname_suffix = var.crdb_hostname_suffix + authorization = var.authorization + aws_iam_permissions_boundary = var.aws_iam_permissions_boundary aws_instance_type = var.aws_instance_type + aws_kubernetes_storage_class = var.aws_kubernetes_storage_class + aws_region = var.aws_region aws_route53_zone_id = var.aws_route53_zone_id - aws_iam_permissions_boundary = var.aws_iam_permissions_boundary - node_count = var.node_count - - source = "../../../infrastructure/dependencies/terraform-aws-kubernetes" + cluster_name = var.cluster_name + crdb_hostname_suffix = var.crdb_hostname_suffix + crdb_locality = var.crdb_locality + image = var.image + node_count = 3 + should_init = true + enable_scd = true } -module "terraform-commons-dss" { - # See variables.tf for variables description. - image = var.image - image_pull_secret = var.image_pull_secret - kubernetes_namespace = var.kubernetes_namespace - kubernetes_storage_class = var.aws_kubernetes_storage_class - app_hostname = var.app_hostname - crdb_hostname_suffix = var.crdb_hostname_suffix - should_init = var.should_init - authorization = var.authorization - crdb_locality = var.crdb_locality - crdb_internal_nodes = module.terraform-aws-kubernetes.crdb_nodes - ip_gateway = module.terraform-aws-kubernetes.ip_gateway - kubernetes_api_endpoint = module.terraform-aws-kubernetes.kubernetes_api_endpoint - kubernetes_cloud_provider_name = module.terraform-aws-kubernetes.kubernetes_cloud_provider_name - kubernetes_context_name = module.terraform-aws-kubernetes.kubernetes_context_name - kubernetes_get_credentials_cmd = module.terraform-aws-kubernetes.kubernetes_get_credentials_cmd - workload_subnet = module.terraform-aws-kubernetes.workload_subnet - gateway_cert_name = module.terraform-aws-kubernetes.app_hostname_cert_arn - - source = "../../../infrastructure/dependencies/terraform-commons-dss" -} -terraform { - backend "s3" { - bucket = "interuss-tf-backend-ci" - key = "aws-1" - region = "us-east-1" - } -} diff --git a/deploy/operations/ci/aws-1/output.tf b/deploy/operations/ci/aws-1/output.tf index 295b20f35..84de2328a 100644 --- a/deploy/operations/ci/aws-1/output.tf +++ b/deploy/operations/ci/aws-1/output.tf @@ -1,11 +1,11 @@ output "generated_files_location" { - value = module.terraform-commons-dss.generated_files_location + value = module.terraform-aws-dss.generated_files_location } output "workspace_location" { - value = module.terraform-commons-dss.workspace_location + value = module.terraform-aws-dss.workspace_location } -output "kubernetes_context" { - value = module.terraform-aws-kubernetes.kubernetes_context_name +output "cluster_context" { + value = module.terraform-aws-dss.cluster_context } diff --git a/deploy/operations/ci/aws-1/providers.tf b/deploy/operations/ci/aws-1/providers.tf index 629198205..c1259402c 100644 --- a/deploy/operations/ci/aws-1/providers.tf +++ b/deploy/operations/ci/aws-1/providers.tf @@ -1,27 +1,3 @@ provider "aws" { region = "us-east-1" } - -data "aws_eks_cluster_auth" "kubernetes_cluster" { - name = var.cluster_name - depends_on = [module.terraform-aws-kubernetes] -} - -data "aws_eks_cluster" "kubernetes_cluster" { - name = var.cluster_name - depends_on = [module.terraform-aws-kubernetes] -} - -provider kubernetes { - host = data.aws_eks_cluster.kubernetes_cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.kubernetes_cluster.token -} - -provider "helm" { - kubernetes { - host = data.aws_eks_cluster.kubernetes_cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.kubernetes_cluster.token - } -} diff --git a/deploy/operations/ci/aws-1/test.sh b/deploy/operations/ci/aws-1/test.sh index dc8f8be7e..63940a01b 100755 --- a/deploy/operations/ci/aws-1/test.sh +++ b/deploy/operations/ci/aws-1/test.sh @@ -15,13 +15,14 @@ cd "${BASEDIR}" || exit 1 terraform init # TODO: Fail if env is not clean -# Deploy the Kubernetes cluster +## Deploy the Kubernetes cluster terraform apply -auto-approve -KUBE_CONTEXT="$(terraform output -raw kubernetes_context)" +KUBE_CONTEXT="$(terraform output -raw cluster_context)" WORKSPACE_LOCATION="$(terraform output -raw workspace_location)" cd "${WORKSPACE_LOCATION}" ./get-credentials.sh +echo "Authenticated" aws sts get-caller-identity # Allow access to the cluster to AWS admins @@ -39,7 +40,7 @@ helm upgrade --install --kube-context="$KUBE_CONTEXT" -f "${WORKSPACE_LOCATION}/ # TODO: Test the deployment of the DSS if [ -n "$DO_NOT_DESTROY" ]; then - "No destroy required. Stop." + "Destroy disabled. Exit." exit 0 fi