Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(example): devops-stack on scaleway #1271

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(example): devops-stack on scaleway #1271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
feceb41
feat(example): devops-stack on scaleway
Xaving Jun 22, 2023
3362cf4
chore(update):pin newer version of modules
Xaving Jun 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,19 @@
### Unwanted Terraform files when using the examples ###

examples/*/.terraform
examples/*/terraform.tfstate
examples/*/terraform.tfstate.*
examples/*/.terraform.tfstate.lock.info
examples/*/*-config
examples/*/.terraform.lock.hcl

examples/*/secrets.yml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should no be here, because we add these files with a placeholder content to the examples. See here, for example.

examples/*/terraform.tfstate*
examples/*/.terraform.lock.hcl
Comment on lines +9 to +10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These lines are doubled and already exist in the file.

examples/*/kubeconfig.yml
examples/*/issue.txt
examples/*/log.txt
examples/*/*.png
examples/*/*.html
examples/*/issuers.yml
Comment on lines +11 to +16
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think only you have this files in your folders. Should we add it to the .gitignore and include these exceptions for everybody?


### Files and folders when building the website and documentation locally ###

Expand Down Expand Up @@ -55,3 +62,5 @@ ehthumbs_vista.db

# Folder config file
[Dd]esktop.ini
.DS_STORE
**/*.swp
36 changes: 36 additions & 0 deletions examples/scaleway/README.md
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion the documentation could be completed with more explanations like in the other examples.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i can't see any README for the other example. So this one is not too bad.

Copy link
Contributor

@lentidas lentidas Jun 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually there is not supposed to be a README.md but rather a documentation page like those here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, i added the doc to the devops-stack-module-cluster-scaleway module.

Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## Introduction
The terraform project will instanciated a devops-stack on Scaleway.

## Installation

Add your credentials to launch the project. At least the following environement variables are required: `SCW_ACCESS_KEY,SCW_ACCESS_KEY,SCW_DEFAULT_ORGANIZATION_ID,SCW_DEFAULT_PROJECT_ID,SCW_DEFAULT_PROJECT_ID`.

We also use an environement variable for the variable PROJECT\_ID called `TF_VAR_PROJECT_ID`

Configure the stack by modifying `inputs.tfvars` (e.g: cluster\_name) and launch the terraform apply with:

If you want to create a Kapsule cluster, you will have to use the scaleway provider in version 2.33.0.

If you modify the base\_domain, be sure to add a new star record that points to the load balancer ip address created by the stack in your domain.

```bash
terraform init
terraform apply -var-file inputs.tfvars
```

## Usage
Get the kubeconfig file and the domain name with the following commands:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, it's not best practice to use this Kubeconfig file as a way to authenticate to the cluster, since these are the same values used for setting the providers in the Terraform configuration. Maybe there is a way to recover new secret and ephemeral certificates using the Scaleway CLI utility, if it exists (see the SKS example).


```bash
terraform output -raw kubeconfig_file > kubeconfig.json
terraform output base_domain
```

Your application are available at the following address: $APP\_NAME.apps.$CLUSTER\_NAME.$BASE\_DOMAIN.
e.g: prometheus.apps.devops-stack.51-51-52-52.np.io

For authentication on oidc, users and password are available in the output:
```bash
terraform output passwords
```

38 changes: 38 additions & 0 deletions examples/scaleway/inputs.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# ###################################################
# Input for module which creates the scaleway cluster
# ###################################################
cluster_name = "devops-stack"
cluster_description = "Devops-stack on cloud provider scaleway"
cluster_tags = ["demo", "dev", "devops-stack", "test", ]
cluster_type = "multicloud"
kubernetes_version = "1.29.1"
admission_plugins = ["PodNodeSelector", ]
node_pools = {
config1 = {
node_type = "DEV1-L"
size = 2
min_size = 2
max_size = 2
autoscaling = true
autohealing = true
container_runtime = "containerd"
wait_for_pool_ready = true
}
}

# #########################
# Additional cluster config
# #########################
base_domain = "gs-fr-dev.camptocamp.com"
lb_name = "devops-stack"
zone = "fr-par-1"
lb_type = "LB-S"

# Ingress
ingress_enable_service_monitor = false

# Keycloak
cluster_issuer = "ca-issuer"

# Cert-manager
cert_manager_enable_service_monitor = false
159 changes: 159 additions & 0 deletions examples/scaleway/loki.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
data "scaleway_account_project" "devops_stack" {
project_id = var.project_id
}

resource "scaleway_object_bucket" "loki" {
name = "devops-stack-loki-logs"
tags = {
line = "devops-stack"
platform = "scw-devops-stack-example"
}
}

resource "scaleway_iam_application" "loki" {
name = "devops-stack-example-loki"
description = "Loki access to S3 buckets from Devops Stack example"
}

resource "scaleway_iam_policy" "loki" {
name = "devops-stack-example-loki"
description = "Loki access to S3 buckets from Devops Stack example"
application_id = scaleway_iam_application.loki.id

rule {
project_ids = [data.scaleway_account_project.devops_stack.id]
permission_set_names = [
"ObjectStorageObjectsDelete",
"ObjectStorageObjectsRead",
"ObjectStorageObjectsWrite",
"ObjectStorageBucketsRead",
]
}
}

resource "scaleway_iam_api_key" "loki" {
application_id = scaleway_iam_application.loki.id
description = "Loki credentials for Devops Stack example"
default_project_id = data.scaleway_account_project.devops_stack.id
}

locals {
loki_common_settings = {
extraEnv = [
{
name = "AWS_ACCESS_KEY_ID"
valueFrom = {
secretKeyRef = {
name = kubernetes_secret.credentials_loki_s3.metadata.0.name
key = "AWS_ACCESS_KEY_ID"
}
}
},
{
name = "AWS_SECRET_ACCESS_KEY"
valueFrom = {
secretKeyRef = {
name = kubernetes_secret.credentials_loki_s3.metadata.0.name
key = "AWS_SECRET_ACCESS_KEY"
}
}
},
]
}
}

module "loki" {
source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git?ref=v8.1.0"

app_autosync = {}

retention = "9000h"
ingress = {
hosts = ["loki.apps.${var.cluster_name}.${var.base_domain}"]
cluster_issuer = var.cluster_issuer
}

helm_values = [{
loki-distributed = {
loki = merge({
structuredConfig = {
auth_enabled = false
compactor = {
retention_delete_delay = "1h"
retention_enabled = false
}
ingester = {
lifecycler = {
ring = {
replication_factor = 1
}
}
}
}
schemaConfig = {
configs = [
{
from = "2023-04-28",
store = "boltdb-shipper"
object_store = "s3"
schema = "v11"
index = {
prefix = "index_"
period = "24h"
}
}
]
}
storageConfig = {
aws = {
bucketnames = scaleway_object_bucket.loki.id
endpoint = scaleway_object_bucket.loki.endpoint
s3forcepathstyle = true
#region = "fr-par"
sse_encryption = false
signature_version = "v2"
}
boltdb_shipper = {
shared_store = "s3"
cache_ttl = "24h"
}
}
}, local.loki_common_settings)
indexGateway = local.loki_common_settings
ingester = merge({ replicas = 1 }, local.loki_common_settings)
compactor = local.loki_common_settings
queryFrontend = local.loki_common_settings
querier = local.loki_common_settings
distributor = local.loki_common_settings
}
promtail = {
updateStrategy = {
type = "RollingUpdate"
rollingUpdate = {
maxUnavailable = 3
}
}
config = {
clients = [
{
url = "http://loki-distributor:3100/loki/api/v1/push"
#tenant_id = 1
}
]
}
}
}]
}

resource "kubernetes_secret" "credentials_loki_s3" {
metadata {
namespace = "loki-stack"
name = "credentials-loki-s3"
}

data = {
AWS_ACCESS_KEY_ID = scaleway_iam_api_key.loki.access_key
AWS_SECRET_ACCESS_KEY = scaleway_iam_api_key.loki.secret_key
}

}
Loading