feat(example): devops-stack on scaleway

chore(scaleway): first example

.gitignore

@@ -55,3 +55,14 @@ ehthumbs_vista.db
 
 # Folder config file
 [Dd]esktop.ini
+.DS_STORE
+examples/*/secrets.yml
+examples/*/terraform.tfstate*
+examples/*/.terraform.lock.hcl
+examples/*/kubeconfig.yml
+examples/*/issue.txt
+examples/*/log.txt
+examples/*/*.png
+examples/*/*.html
+examples/*/issuers.yml
+**/*.swp

examples/scaleway/README.md

@@ -0,0 +1,27 @@
+## Installation
+
+Add your credentials to launch the project. At least the following environement variables are required: `SCW_ACCESS_KEY,SCW_ACCESS_KEY,SCW_DEFAULT_ORGANIZATION_ID,SCW_DEFAULT_PROJECT_ID,SCW_DEFAULT_PROJECT_ID`.
+
+Configure the stack by modifying `inputs.tfvars` (e.g: cluster\_name) and launch the terraform apply with:
+
+```bash
+terraform init
+terraform apply -var-file inputs.tfvars 
+```
+
+## Usage
+Get the kubeconfig file and the domain name with the following commands:
+
+```bash
+terraform output -raw kubeconfig_file > kubeconfig.json
+terraform output base_domain 
+```
+
+Your application are available at the following address: $APP\_NAME.apps.$CLUSTER\_NAME.$BASE\_DOMAIN.
+e.g: prometheus.apps.devops-stack.51-51-52-52.np.io
+
+For authentication on oidc, users and password are available in the output:
+```bash
+terraform output passwords
+```
+

examples/scaleway/inputs.tfvars

@@ -0,0 +1,38 @@
+# ###################################################
+# Input for module which creates the scaleway cluster 
+# ###################################################
+cluster_name        = "devops-stack"
+cluster_description = "Devops-stack on cloud provider scaleway"
+cluster_tags        = ["demo", "dev", "devops-stack", "test", ]
+cluster_type        = "multicloud"
+kubernetes_version  = "1.27.10"
+admission_plugins   = ["PodNodeSelector", ]
+node_pools = {
+  config1 = {
+    node_type           = "DEV1-M"
+    size                = 2
+    min_size            = 2
+    max_size            = 2
+    autoscaling         = true
+    autohealing         = true
+    container_runtime   = "containerd"
+    wait_for_pool_ready = true
+  }
+}
+
+# #########################
+# Additional cluster config
+# #########################
+base_domain = "gs-fr-dev.camptocamp.com"
+lb_name     = "devops-stack"
+zone        = "fr-par-1"
+lb_type     = "LB-S"
+
+# Ingress
+ingress_enable_service_monitor = false
+
+# Keycloak
+cluster_issuer = "ca-issuer"
+
+# Cert-manager
+cert_manager_enable_service_monitor = false

examples/scaleway/main.tf

@@ -1,54 +1,42 @@
-locals {
-  cluster_name   = "scaleway-test"
-  cluster_region = "fr-par"
-  cluster_zone   = "fr-par-1"
-  tags           = ["test", "${local.cluster_name}"]
-}
-
-module "cluster" {
-  source = "git::https://github.com/camptocamp/devops-stack.git//modules/scaleway?ref=v1-alpha"
-
-  kubernetes_version = "1.24.3"
-
-  cluster_type = "kapsule"
-  cluster_name = local.cluster_name
-  cluster_tags = local.tags
-  region       = local.cluster_region
-  zone         = local.cluster_zone
-  lb_type      = "LB-S"
-
+# ###########################
+# INFRA + K8s PHASE
+# ###########################
+module "scaleway" {
+  source = "[email protected]:camptocamp/devops-stack-module-cluster-scaleway.git"
+
+  base_domain         = var.base_domain
+  cluster_name        = var.cluster_name
+  cluster_description = var.cluster_description
+  cluster_tags        = var.cluster_tags
+  cluster_type        = var.cluster_type
+  kubernetes_version  = var.kubernetes_version
+  lb_name             = var.lb_name
+  lb_type             = var.lb_type
+  zone                = var.zone
+  node_pools          = var.node_pools
 }
 
+# ###########################
+# BOOTSPRAP APPLICATION PHASE
+# ###########################
 
 module "argocd_bootstrap" {
-  source         = "git::https://github.com/camptocamp/devops-stack-module-argocd.git//bootstrap?ref=v1-alpha"
-  cluster_name   = local.cluster_name
-  base_domain    = module.cluster.base_domain
-  cluster_issuer = "letsencrypt-prod"
-
-  argocd = {
-    admin_enabled = "true"
-  }
-
-  depends_on = [
-    module.cluster,
-  ]
+  source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git//bootstrap?ref=v4.4.0"
 }
 
+module "ingress_controller" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-traefik.git?ref=v5.0.0"
 
-module "ingress" {
-  source = "git::https://github.com/camptocamp/devops-stack-module-traefik.git//scaleway?ref=v1-alpha"
-
-  cluster_name     = local.cluster_name
-  argocd_namespace = module.argocd_bootstrap.argocd_namespace
-  base_domain      = module.cluster.base_domain
+  cluster_name           = var.cluster_name
+  base_domain            = module.scaleway.base_domain
+  enable_service_monitor = var.ingress_enable_service_monitor
 
   helm_values = [{
     traefik = {
       service = {
         type = "LoadBalancer"
         annotations = {
-          "service.beta.kubernetes.io/scw-loadbalancer-id" = module.cluster.lb_id
+          "service.beta.kubernetes.io/scw-loadbalancer-id" = module.scaleway.lb_id
         }
       }
     }
@@ -60,131 +48,103 @@ module "ingress" {
 }
 
 module "cert-manager" {
-  source = "git::https://github.com/camptocamp/devops-stack-module-cert-manager.git//scaleway?ref=remove-read-only-attribut"
-
-  cluster_name     = local.cluster_name
-  argocd_namespace = module.argocd_bootstrap.argocd_namespace
-  base_domain      = module.cluster.base_domain
+  source = "git::https://github.com/camptocamp/devops-stack-module-cert-manager.git//self-signed?ref=v8.1.0"
 
-  helm_values = [{
-    cert-manager = {
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = true
-        }
-        acme = {
-          solvers = [
-            {
-              http01 = {
-                ingress = {}
-              }
-            }
-          ]
-        }
-      }
-    }
-  }]
+  enable_service_monitor = var.cert_manager_enable_service_monitor
 
   dependency_ids = {
     argocd = module.argocd_bootstrap.id
   }
 }
 
-module "argocd" {
-  source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git?ref=v1-alpha"
+module "authentication_with_keycloak" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-keycloak.git?ref=v2.0.1"
 
-  bootstrap_values = module.argocd_bootstrap.bootstrap_values
+  cluster_name     = var.cluster_name
   argocd_namespace = module.argocd_bootstrap.argocd_namespace
+  base_domain      = var.base_domain
+  cluster_issuer   = var.cluster_issuer
 
-  oidc = {}
+  dependency_ids = {
+    ingress_controller = module.ingress_controller.id
+    cert-manager       = module.cert-manager.id
+  }
+}
 
-  helm_values = [{
-    argo-cd = {
-      global = {
-        image = {
-          repository = "camptocamp/argocd"
-          tag        = "v2.3.4_c2c.3"
-        }
-      }
-      server = {
-        config = {
-          configManagementPlugins = <<-EOT
-                - name: kustomized-helm
-                  init:
-                    command: ["/bin/sh", "-c"]
-                    args: ["helm dependency build || true"]
-                  generate:
-                    command: ["/bin/sh", "-c"]
-                    args: ["echo \"$HELM_VALUES\" | helm template . --name-template $ARGOCD_APP_NAME --namespace $ARGOCD_APP_NAMESPACE $HELM_ARGS -f - --include-crds > all.yaml && kustomize build"]
-                - name: helmfile
-                  init:
-                    command: ["argocd-helmfile"]
-                    args: ["init"]
-                  generate:
-                    command: ["argocd-helmfile"]
-                    args: ["generate"]
-                  lockRepo: true
-          EOT
-        }
-      }
+module "authorization_with_keycloak" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-keycloak.git//oidc_bootstrap?ref=v2.0.1"
+
+  cluster_name   = var.cluster_name
+  base_domain    = var.base_domain
+  cluster_issuer = var.cluster_issuer
+  user_map = {
+    jdoe = {
+      username   = "jdoe"
+      email      = "[email protected]"
+      first_name = "John"
+      last_name  = "Doe"
     }
-  }]
+  }
+  dependency_ids = {
+    keycloak = module.authentication_with_keycloak.id
+  }
+}
+
+
+module "kube-prometheus-stack" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-kube-prometheus-stack?ref=v9.2.0"
+
+  cluster_name     = var.cluster_name
+  base_domain      = module.scaleway.base_domain
+  cluster_issuer   = var.cluster_issuer
+
+  metrics_storage_main = null
+
+  prometheus = {
+    oidc = module.authorization_with_keycloak.oidc
+  }
+  alertmanager = {
+    oidc = module.authorization_with_keycloak.oidc
+  }
+  grafana = {
+    oidc = module.authorization_with_keycloak.oidc
+  }
 
   dependency_ids = {
-    argocd       = module.argocd_bootstrap.id
-    cert_manager = module.cert-manager.id
+    ingress_controller = module.ingress_controller.id
+    cert-manager       = module.cert-manager.id
+    oidc               = module.authentication_with_keycloak.id
   }
 }
 
-#module "monitoring" {
-#  source = "git::https://github.com/camptocamp/devops-stack-module-kube-prometheus-stack.git?ref=v1-alpha"
-#
-#  cluster_name = local.cluster_name
-#
-#  prometheus = {
-#    oidc = {
-#      issuer_url    = module.oidc.issuer_url
-#      api_url       = "${module.oidc.issuer_url}/healthz"
-#      client_id     = module.oidc.clients.prometheus.id
-#      client_secret = module.oidc.clients.prometheus.secret
-#
-#      oauth2_proxy_extra_args = [
-#      ]
-#    }
-#  }
-#
-#  alertmanager = {
-#    oidc = {
-#      issuer_url    = module.oidc.issuer_url
-#      api_url       = "${module.oidc.issuer_url}/healthz"
-#      client_id     = module.oidc.clients.alertmanager.id
-#      client_secret = module.oidc.clients.alertmanager.secret
-#
-#      oauth2_proxy_extra_args = [
-#      ]
-#    }
-#  }
-#
-#  grafana = {
-#    oidc = {
-#      oauth_url     = "${module.oidc.issuer_url}/auth"
-#      token_url     = "${module.oidc.issuer_url}/token"
-#      api_url       = "${module.oidc.issuer_url}/userinfo"
-#      client_id     = module.oidc.clients.grafana.id
-#      client_secret = module.oidc.clients.grafana.secret
-#
-#      oauth2_proxy_extra_args = [
-#      ]
-#    }
-#  }
-#
-#  argocd_namespace = module.argocd_bootstrap.argocd_namespace
-#  base_domain      = module.cluster.base_domain
-#  cluster_issuer   = "letsencrypt-prod"
-#  metrics_archives = {}
-#
-#  dependency_ids = {
-#    argocd = module.argocd_bootstrap.id
-#    oidc   = module.oidc.id
-#  }
-#}
+module "argocd" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git?ref=v4.4.0"
+
+  base_domain              = module.scaleway.base_domain
+  cluster_name             = var.cluster_name
+  cluster_issuer           = var.cluster_issuer
+  server_secretkey         = module.argocd_bootstrap.argocd_server_secretkey
+  accounts_pipeline_tokens = module.argocd_bootstrap.argocd_accounts_pipeline_tokens
+
+  admin_enabled = true
+  #app_autosync = {}
+
+  oidc = {
+    name         = "OIDC"
+    issuer       = module.authorization_with_keycloak.oidc.issuer_url
+    clientID     = module.authorization_with_keycloak.oidc.client_id
+    clientSecret = module.authorization_with_keycloak.oidc.client_secret
+    requestedIDTokenClaims = {
+      groups = {
+        essential = true
+      }
+    }
+  }
+
+  dependency_ids = {
+    ingress_controller = module.ingress_controller.id
+    cert-manager       = module.cert-manager.id
+    oidc               = module.authorization_with_keycloak.id
+    #  kube-prometheus-stack = module.kube-prometheus-stack.id
+  }
+}