Skip to content

Commit

Permalink
[terraform] Reorganize terraform-commons-dss (#1016)
Browse files Browse the repository at this point in the history 
* [terraform] Reorganize terrafrom-commons-dss

* Move helm variables

* clean spaces
  • Loading branch information
@barroco
barroco authored Apr 12, 2024
1 parent aefdc4b commit 0435250
Show file tree
Hide file tree
Showing 4 changed files with 133 additions and 134 deletions.
70 changes: 70 additions & 0 deletions deploy/infrastructure/dependencies/terraform-commons-dss/helm.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
locals {
# Tanka defines itself the variables below. For helm, since we are using the official helm CRDB chart,
# the following has to be provided and constructed here.
helm_crdb_statefulset_name = "dss-cockroachdb"
helm_nodes_to_join = concat(["${local.helm_crdb_statefulset_name}-0.${local.helm_crdb_statefulset_name}"], var.crdb_external_nodes)
}

resource "local_file" "helm_chart_values" {
filename = "${local.workspace_location}/helm_values.yml"
content = yamlencode({
cockroachdb = {
fullnameOverride = local.helm_crdb_statefulset_name

conf = {
join = local.helm_nodes_to_join
cluster-name = "dss-aws-1"
single-node = false
locality = "zone=${var.crdb_locality}"
}

statefulset = {
args = [
"--locality-advertise-addr=zone=${var.crdb_locality}@$(hostname -f)",
"--advertise-addr=$${HOSTNAME##*-}.${var.crdb_hostname_suffix}"
]
}

storage = {
persistentVolume = {
storageClass = var.kubernetes_storage_class
}
}
}

loadBalancers = {
cockroachdbNodes = [
for ip in var.crdb_internal_nodes[*].ip :
{
ip = ip
subnet = var.workload_subnet
}
]

dssGateway = {
ip = var.ip_gateway
subnet = var.workload_subnet
certName = var.gateway_cert_name
sslPolicy = var.ssl_policy
}
}

dss = {
image = local.image

conf = {
pubKeys = [
"/test-certs/auth2.pem"
]
jwksEndpoint = var.authorization.jwks != null ? var.authorization.jwks.endpoint : ""
jwksKeyIds = var.authorization.jwks != null ? [var.authorization.jwks.key_id] : []
hostname = var.app_hostname
enableScd = var.enable_scd
}
}

global = {
cloudProvider = var.kubernetes_cloud_provider_name
}
})
}
134 changes: 0 additions & 134 deletions deploy/infrastructure/dependencies/terraform-commons-dss/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,138 +2,4 @@ locals {
workspace_folder = replace(replace(var.kubernetes_context_name, "/", "_"), ":", "_")
# Replace ':' and '/' characters from folder name by underscores. Those characters are used by AWS for contexts.
workspace_location = abspath("${path.module}/../../../../build/workspace/${local.workspace_folder}")

# Tanka defines itself the variables below. For helm, since we are using the official helm CRDB chart,
# the following has to be provided and constructed here.
helm_crdb_statefulset_name = "dss-cockroachdb"
helm_nodes_to_join = concat(["${local.helm_crdb_statefulset_name}-0.${local.helm_crdb_statefulset_name}"], var.crdb_external_nodes)
}

resource "local_file" "tanka_config_main" {
content = templatefile("${path.module}/templates/main.jsonnet.tmp", {
root_path = path.module
VAR_NAMESPACE = var.kubernetes_namespace
VAR_CLUSTER_CONTEXT = var.kubernetes_context_name
VAR_ENABLE_SCD = var.enable_scd
VAR_CRDB_HOSTNAME_SUFFIX = var.crdb_hostname_suffix
VAR_CRDB_LOCALITY = var.crdb_locality
VAR_CRDB_NODE_IPS = join(",", [for i in var.crdb_internal_nodes[*].ip : "'${i}'"])
VAR_INGRESS_NAME = var.ip_gateway
VAR_CRDB_EXTERNAL_NODES = join(",", [for a in var.crdb_external_nodes : "'${a}'"])
VAR_STORAGE_CLASS = var.kubernetes_storage_class
VAR_DOCKER_IMAGE_NAME = local.image
VAR_APP_HOSTNAME = var.app_hostname
VAR_PUBLIC_KEY_PEM_PATH = var.authorization.public_key_pem_path != null ? var.authorization.public_key_pem_path : ""
VAR_JWKS_ENDPOINT = var.authorization.jwks != null ? var.authorization.jwks.endpoint : ""
VAR_JWKS_KEY_ID = var.authorization.jwks != null ? var.authorization.jwks.key_id : ""
VAR_DESIRED_RID_DB_VERSION = local.rid_db_schema
VAR_DESIRED_SCD_DB_VERSION = local.scd_db_schema
VAR_SHOULD_INIT = var.should_init
VAR_DOCKER_IMAGE_PULL_SECRET = var.image_pull_secret != null ? var.image_pull_secret : ""
VAR_CLOUD_PROVIDER = var.kubernetes_cloud_provider_name
VAR_CERT_NAME = var.gateway_cert_name
VAR_SUBNET = var.workload_subnet
VAR_SSL_POLICY = var.ssl_policy
})
filename = "${local.workspace_location}/main.jsonnet"
}

resource "local_file" "tanka_config_spec" {
content = templatefile("${path.module}/templates/spec.json.tmp", {
root_path = path.module
namespace = var.kubernetes_namespace
cluster_context = var.kubernetes_context_name
api_server = var.kubernetes_api_endpoint
})
filename = "${local.workspace_location}/spec.json"
}

resource "local_file" "make_certs" {
content = templatefile("${path.module}/templates/make-certs.sh.tmp", {
cluster_context = var.kubernetes_context_name
namespace = var.kubernetes_namespace
node_address = join(" ", var.crdb_internal_nodes[*].dns)
joining_pool = length(var.crdb_external_nodes) > 0
})
filename = "${local.workspace_location}/make-certs.sh"
}

resource "local_file" "apply_certs" {
content = templatefile("${path.module}/templates/apply-certs.sh.tmp", {
cluster_context = var.kubernetes_context_name
namespace = var.kubernetes_namespace
})
filename = "${local.workspace_location}/apply-certs.sh"
}

resource "local_file" "get_credentials" {
content = templatefile("${path.module}/templates/get-credentials.sh.tmp", {
get_credentials_cmd = var.kubernetes_get_credentials_cmd
})
filename = "${local.workspace_location}/get-credentials.sh"
}

resource "local_file" "helm_chart_values" {
filename = "${local.workspace_location}/helm_values.yml"
content = yamlencode({
cockroachdb = {
fullnameOverride = local.helm_crdb_statefulset_name

conf = {
join = local.helm_nodes_to_join
cluster-name = "dss-aws-1"
single-node = false
locality = "zone=${var.crdb_locality}"
}

statefulset = {
args = [
"--locality-advertise-addr=zone=${var.crdb_locality}@$(hostname -f)",
"--advertise-addr=$${HOSTNAME##*-}.${var.crdb_hostname_suffix}"
]
}

storage = {
persistentVolume = {
storageClass = var.kubernetes_storage_class
}
}
}

loadBalancers = {
cockroachdbNodes = [
for ip in var.crdb_internal_nodes[*].ip :
{
ip = ip
subnet = var.workload_subnet
}
]

dssGateway = {
ip = var.ip_gateway
subnet = var.workload_subnet
certName = var.gateway_cert_name
sslPolicy = var.ssl_policy
}
}

dss = {
image = local.image

conf = {
pubKeys = [
"/test-certs/auth2.pem"
]
jwksEndpoint = var.authorization.jwks != null ? var.authorization.jwks.endpoint : ""
jwksKeyIds = var.authorization.jwks != null ? [var.authorization.jwks.key_id] : []
hostname = var.app_hostname
enableScd = var.enable_scd
}
}

global = {
cloudProvider = var.kubernetes_cloud_provider_name
}
})
}

25 changes: 25 additions & 0 deletions deploy/infrastructure/dependencies/terraform-commons-dss/scripts.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@

resource "local_file" "make_certs" {
content = templatefile("${path.module}/templates/make-certs.sh.tmp", {
cluster_context = var.kubernetes_context_name
namespace = var.kubernetes_namespace
node_address = join(" ", var.crdb_internal_nodes[*].dns)
joining_pool = length(var.crdb_external_nodes) > 0
})
filename = "${local.workspace_location}/make-certs.sh"
}

resource "local_file" "apply_certs" {
content = templatefile("${path.module}/templates/apply-certs.sh.tmp", {
cluster_context = var.kubernetes_context_name
namespace = var.kubernetes_namespace
})
filename = "${local.workspace_location}/apply-certs.sh"
}

resource "local_file" "get_credentials" {
content = templatefile("${path.module}/templates/get-credentials.sh.tmp", {
get_credentials_cmd = var.kubernetes_get_credentials_cmd
})
filename = "${local.workspace_location}/get-credentials.sh"
}
38 changes: 38 additions & 0 deletions deploy/infrastructure/dependencies/terraform-commons-dss/tanka.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
resource "local_file" "tanka_config_main" {
content = templatefile("${path.module}/templates/main.jsonnet.tmp", {
root_path = path.module
VAR_NAMESPACE = var.kubernetes_namespace
VAR_CLUSTER_CONTEXT = var.kubernetes_context_name
VAR_ENABLE_SCD = var.enable_scd
VAR_CRDB_HOSTNAME_SUFFIX = var.crdb_hostname_suffix
VAR_CRDB_LOCALITY = var.crdb_locality
VAR_CRDB_NODE_IPS = join(",", [for i in var.crdb_internal_nodes[*].ip : "'${i}'"])
VAR_INGRESS_NAME = var.ip_gateway
VAR_CRDB_EXTERNAL_NODES = join(",", [for a in var.crdb_external_nodes : "'${a}'"])
VAR_STORAGE_CLASS = var.kubernetes_storage_class
VAR_DOCKER_IMAGE_NAME = local.image
VAR_APP_HOSTNAME = var.app_hostname
VAR_PUBLIC_KEY_PEM_PATH = var.authorization.public_key_pem_path != null ? var.authorization.public_key_pem_path : ""
VAR_JWKS_ENDPOINT = var.authorization.jwks != null ? var.authorization.jwks.endpoint : ""
VAR_JWKS_KEY_ID = var.authorization.jwks != null ? var.authorization.jwks.key_id : ""
VAR_DESIRED_RID_DB_VERSION = local.rid_db_schema
VAR_DESIRED_SCD_DB_VERSION = local.scd_db_schema
VAR_SHOULD_INIT = var.should_init
VAR_DOCKER_IMAGE_PULL_SECRET = var.image_pull_secret != null ? var.image_pull_secret : ""
VAR_CLOUD_PROVIDER = var.kubernetes_cloud_provider_name
VAR_CERT_NAME = var.gateway_cert_name
VAR_SUBNET = var.workload_subnet
VAR_SSL_POLICY = var.ssl_policy
})
filename = "${local.workspace_location}/main.jsonnet"
}

resource "local_file" "tanka_config_spec" {
content = templatefile("${path.module}/templates/spec.json.tmp", {
root_path = path.module
namespace = var.kubernetes_namespace
cluster_context = var.kubernetes_context_name
api_server = var.kubernetes_api_endpoint
})
filename = "${local.workspace_location}/spec.json"
}

0 comments on commit 0435250

Please sign in to comment.