From 4a91ec36d0d2d1dd6653b8ba1c5e718f146baede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Wed, 5 Jun 2024 20:37:46 +0200 Subject: [PATCH] chore: tflint and cleanup --- .github/workflows/ci.yaml | 11 +- .tflint.hcl | 10 ++ Makefile | 29 +++- README.md | 2 + examples/with-backstage/README.md | 46 +++--- .../with-backstage/backstage-humanitec.tf | 76 +-------- .../with-backstage/create-gh-app/index.js | 153 ------------------ examples/with-backstage/provider.tf | 14 +- .../with-backstage/terraform.tfvars.example | 5 +- examples/with-backstage/variables.tf | 6 - main.tf | 8 + modules/base/README.md | 92 ++++++----- modules/base/humanitec.tf | 2 +- modules/base/main.tf | 2 - modules/base/providers.tf | 10 +- modules/base/terraform.tfvars.example | 52 ++++++ 16 files changed, 199 insertions(+), 319 deletions(-) create mode 100644 .tflint.hcl delete mode 100644 examples/with-backstage/create-gh-app/index.js create mode 100644 modules/base/terraform.tfvars.example diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0c0f5a3..c96a235 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,7 +20,7 @@ jobs: - name: Install terraform-docs run: | WORK_DIR=$(mktemp -d) - curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz + curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.18.0/terraform-docs-v0.18.0-$(uname)-amd64.tar.gz cd ${WORK_DIR} tar -xzf terraform-docs.tar.gz chmod +x terraform-docs @@ -31,11 +31,14 @@ jobs: - name: Check git diff is clean (all files generated should be committed) run: git diff --exit-code - - name: Terraform Format Check - run: make fmt-check + - uses: terraform-linters/setup-tflint@v4 + with: + tflint_version: v0.51.1 + - name: Terraform Lint + run: make lint - name: Stub GitHub App credentials (required for validation) - run: cd ./examples/with-backstage && STUB_FILE=1 node create-gh-app/index.js + run: cd ./examples/with-backstage && docker run --rm -e STUB_FILE=1 -v $(pwd):/pwd ghcr.io/humanitec-architecture/create-gh-app - name: Terraform Validate run: make validate diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..676fcf4 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,10 @@ +plugin "terraform" { + enabled = true + preset = "recommended" +} + +plugin "aws" { + enabled = true + version = "0.31.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} diff --git a/Makefile b/Makefile index ccca688..7d3b704 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,18 @@ TF_DIRS = $(patsubst %/main.tf, %, $(shell find . -type d -name .terraform -prune -o -name 'main.tf' -print)) VALIDATE_TF_DIRS = $(addprefix validate-,$(TF_DIRS)) +LINT_TF_DIRS = $(addprefix lint-,$(TF_DIRS)) +DOCS_TF_DIRS = $(addprefix docs-,$(TF_DIRS)) + +# Generate docs for a terraform directories +$(DOCS_TF_DIRS): docs-%: + @echo "Docs $*" + terraform-docs --config docs/.terraform-docs.yaml $* + terraform-docs --config docs/.terraform-docs-example.yaml $* # Generate docs .PHONY: docs -docs: - terraform-docs --lockfile=false ./modules/base - terraform-docs --config docs/.terraform-docs.yaml . - terraform-docs --config docs/.terraform-docs-example.yaml . - terraform-docs --config docs/.terraform-docs.yaml ./examples/with-backstage - terraform-docs --config docs/.terraform-docs-example.yaml ./examples/with-backstage +docs: $(DOCS_TF_DIRS) + @echo "All docs generated" # Format all terraform files fmt: @@ -27,3 +31,16 @@ $(VALIDATE_TF_DIRS): validate-%: # Validate all terraform directories validate: $(VALIDATE_TF_DIRS) @echo "All validated" + +# Lint a terraform directories +$(LINT_TF_DIRS): lint-%: + @echo "Lint $*" + tflint --config "$(PWD)/.tflint.hcl" --chdir="$*" + +# Initialize tflint +lint-init: + tflint --init + +# Lint all terraform directories +lint: lint-init $(LINT_TF_DIRS) fmt-check + @echo "All linted" diff --git a/README.md b/README.md index 1107f16..01a866a 100644 --- a/README.md +++ b/README.md @@ -184,7 +184,9 @@ Once you are finished with the reference architecture, you can remove all provis |------|---------| | terraform | >= 1.3.0 | | aws | ~> 5.17 | +| helm | ~> 2.12 | | humanitec | ~> 1.0 | +| kubernetes | ~> 2.25 | ### Modules diff --git a/examples/with-backstage/README.md b/examples/with-backstage/README.md index 65e8668..7eb54b4 100644 --- a/examples/with-backstage/README.md +++ b/examples/with-backstage/README.md @@ -5,24 +5,30 @@ Provisions the AWS reference architecture connected to Humanitec and installs Ba ## Prerequisites * The same prerequisites as the [base reference architecture](../../README.md#prerequisites), plus the following items. -* A GitHub organization and permission to create new repositories in it. Go to https://github.com/account/organizations/new to create a new org (the "Free" option is fine). Note: is has to be an organization, a free account is not sufficient. +* A GitHub organization and permission to create new repositories in it. Go to to create a new org (the "Free" option is fine). Note: is has to be an organization, a free account is not sufficient. * Create a classic github personal access token with `repo`, `workflow`, `delete_repo` and `admin:org` scope [here](https://github.com/settings/tokens). * Set the `GITHUB_TOKEN` environment variable to your token. - ``` + + ```bash export GITHUB_TOKEN="my-github-token" ``` + * Set the `GITHUB_ORG_ID` environment variable to your GitHub organization ID. - ``` + + ```bash export GITHUB_ORG_ID="my-github-org-id" ``` + * [Node.js](https://nodejs.org) installed locally. -* Install the GitHub App for Backstage into your GitHub organization using `node create-gh-app/index.js`. Follow the instructions. - * “All repositories” ~> Install - * “Okay, […] was installed on the […] account.” ~> You can close the window and server. +* Install the GitHub App for Backstage into your GitHub organization + * Run `docker run --rm -it -e GITHUB_ORG_ID -v $(pwd):/pwd -p 127.0.0.1:3000:3000 ghcr.io/humanitec-architecture/create-gh-app` ([image source](https://github.com/humanitec-architecture/create-gh-app/)) and follow the instructions: + * “All repositories” ~> Install + * “Okay, […] was installed on the […] account.” ~> You can close the window and server. ## Usage Follow the same steps as for the [base layer](../../README.md#usage), applying these modifications: + * Execute `cd ./examples/with-backstage` after cloning the repo. Execute all subsequent commands in this directory. * In particular, use the `./examples/with-backstage/terraform.tfvars.example` file as the basis for your `terraform.tfvars` file. It defines additional variables needed to setup and configure Backstage. @@ -32,31 +38,38 @@ Check for the existence of key elements of the backstage module. This is a subse 1. Perform the [verification steps of the base installation](../../README.md) if you have not already done so. 2. Verify the existence of the Backstage Application in your Humanitec Organization: + ``` curl -s https://api.humanitec.io/orgs/${HUMANITEC_ORG}/apps/backstage \ --header "Authorization: Bearer ${HUMANITEC_TOKEN}" ``` + This should output a JSON formatted representation of the Application like so: + ``` {"id":"backstage","name":"backstage","created_at":"2023-10-02T13:44:27Z","created_by":"s-d3e94a0e-8b53-29f9-b666-27548b7e06e0","envs":[{"id":"development","name":"Development","type":"development"}]} ``` + You can also check for the Application in the [Humanitec Platform Orchestrator UI](https://app.humanitec.io). 3. Connect to your EKS cluster via `kubectl`. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html) or use this command: + ``` aws eks update-kubeconfig --region --name ref-arch ``` + 4. Get the elements in the newly created Kubernetes namespace: + ``` kubectl get all -n backstage-development ``` + You should see - - a `deployment`, `replicaset`, running `pod`, and `service` for Backstage - - a `statefulset`, running `pod`, and `service` for PostgreSQL database used by Backstage. + * a `deployment`, `replicaset`, running `pod`, and `service` for Backstage + * a `statefulset`, running `pod`, and `service` for PostgreSQL database used by Backstage. Note: it may take up to ten minutes after the `terraform apply` completed until you actually see those resources. The Backstage application needs to built and deployed via a GitHub action out of the newly created repository in your GitHub organization. - ## Cleaning up Once you are finished with the reference architecture, you can remove all provisioned infrastrcuture and the resource definitions created in Humanitec with the following: @@ -75,7 +88,9 @@ Once you are finished with the reference architecture, you can remove all provis | terraform | >= 1.3.0 | | aws | ~> 5.17 | | github | ~> 5.38 | +| helm | ~> 2.12 | | humanitec | ~> 1.0 | +| kubernetes | ~> 2.25 | | random | ~> 3.5 | ### Providers @@ -92,12 +107,8 @@ Once you are finished with the reference architecture, you can remove all provis | Name | Source | Version | |------|--------|---------| | backstage\_ecr | terraform-aws-modules/ecr/aws | ~> 1.6 | -| backstage\_iam\_policy\_ecr\_create\_repository | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository | n/a | -| backstage\_iam\_role\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account | n/a | -| backstage\_k8s\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account | n/a | -| backstage\_mysql | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic | n/a | -| backstage\_postgres | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic | n/a | -| backstage\_workload | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account | n/a | +| backstage\_mysql | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/mysql/basic | +| backstage\_postgres | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/postgres/basic | | base | ../../modules/base | n/a | | iam\_github\_oidc\_provider | terraform-aws-modules/iam/aws//modules/iam-github-oidc-provider | ~> 5.30 | | iam\_github\_oidc\_role | terraform-aws-modules/iam/aws//modules/iam-github-oidc-role | ~> 5.30 | @@ -114,12 +125,8 @@ Once you are finished with the reference architecture, you can remove all provis | [github_actions_organization_variable.backstage_humanitec_org_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource | | [github_repository.backstage](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource | | [humanitec_application.backstage](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | -| [humanitec_resource_definition_criteria.backstage_iam_policy_ecr_create_repository](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_iam_role_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_k8s_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.backstage_mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.backstage_postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_value.app_config_backend_auth_keys](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | | [humanitec_value.aws_default_region](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | | [humanitec_value.backstage_cloud_provider](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | @@ -144,5 +151,4 @@ Once you are finished with the reference architecture, you can remove all provis | humanitec\_org\_id | Humanitec Organization ID | `string` | n/a | yes | | disk\_size | Disk size in GB to use for EKS nodes | `number` | `20` | no | | instance\_types | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | -| resource\_packs\_aws\_rev | Revision of the resource-packs-aws repository to use | `string` | `"refs/heads/main"` | no | diff --git a/examples/with-backstage/backstage-humanitec.tf b/examples/with-backstage/backstage-humanitec.tf index b06fbdb..edd6e1f 100644 --- a/examples/with-backstage/backstage-humanitec.tf +++ b/examples/with-backstage/backstage-humanitec.tf @@ -108,7 +108,7 @@ locals { # in-cluster postgres module "backstage_postgres" { - source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic" + source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/postgres/basic" prefix = local.res_def_prefix } @@ -120,84 +120,12 @@ resource "humanitec_resource_definition_criteria" "backstage_postgres" { force_delete = true } -# k8s service account (to assume an AWS role) - -module "backstage_k8s_service_account" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account" - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_k8s_service_account" { - resource_definition_id = module.backstage_k8s_service_account.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# AWS policy to create ECR repositories (required to scaffold apps) - -module "backstage_iam_policy_ecr_create_repository" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository" - - driver_account = module.base.humanitec_resource_account_id - resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.aws_region - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_iam_policy_ecr_create_repository" { - resource_definition_id = module.backstage_iam_policy_ecr_create_repository.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# AWS role assumable by the k8s service account - -module "backstage_iam_role_service_account" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account" - - driver_account = module.base.humanitec_resource_account_id - resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.aws_region - - policy_classes = ["default"] - - cluster_name = module.base.eks_cluster_name - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_iam_role_service_account" { - resource_definition_id = module.backstage_iam_role_service_account.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# Workload resource that sets the service account - -module "backstage_workload" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account" - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_workload" { - resource_definition_id = module.backstage_workload.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - - # Configure required resources for scaffolded apps # in-cluster mysql module "backstage_mysql" { - source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic" + source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/mysql/basic" prefix = local.res_def_prefix } diff --git a/examples/with-backstage/create-gh-app/index.js b/examples/with-backstage/create-gh-app/index.js deleted file mode 100644 index 553c073..0000000 --- a/examples/with-backstage/create-gh-app/index.js +++ /dev/null @@ -1,153 +0,0 @@ -// Small CLI tool to create a GitHub App for Backstage -// -// Heavily inspired by https://github.com/backstage/backstage/blob/master/packages/cli/src/commands/create-github-app/ - -const http = require('http'); -const crypto = require('crypto'); -const fs = require('fs/promises') - -const hostname = '127.0.0.1'; -const port = 3000; - -const FORM_PAGE = ` - - -
- - -
- - - -`; - - -let baseUrl; - - -const webhookId = crypto -.randomBytes(15) -.toString('base64') -.replace(/[\+\/]/g, ''); - -const webhookUrl = `https://smee.io/${webhookId}`; - -const handleIndex = (req, res, GITHUB_ORG_ID) => { - const encodedOrg = encodeURIComponent(GITHUB_ORG_ID); - const actionUrl = `https://github.com/organizations/${encodedOrg}/settings/apps/new`; - - - res.statusCode = 200; - const manifest = { - default_events: ['create', 'delete', 'push', 'repository'], - default_permissions: { - members: 'read', - administration: 'write', - contents: 'write', - metadata: 'read', - pull_requests: 'write', - issues: 'write', - workflows: 'write', - checks: 'read', - actions_variables: 'write', - secrets: 'write', - environments: 'write', - }, - name: `backstage-${GITHUB_ORG_ID}`, - url: 'https://backstage.io', - description: 'GitHub App for Backstage', - public: false, - redirect_url: `${baseUrl}/callback`, - hook_attributes: { - url: webhookUrl, - active: false, - }, - }; - - const manifestJson = JSON.stringify(manifest).replace(/\"/g, '"'); - - let body = FORM_PAGE; - body = body.replace('MANIFEST_JSON', manifestJson); - body = body.replace('ACTION_URL', actionUrl); - - res.setHeader('content-type', 'text/html'); - res.end(body); -} - - -const writeConfigFile = async (data, webhookUrl) => { - const fileName = `github-app-credentials.json`; - const content = JSON.stringify({ - name: data.name, - slug: data.slug, - appId: data.id, - webhookUrl: webhookUrl, - clientId: data.client_id, - clientSecret: data.client_secret, - webhookSecret: data.webhook_secret, - privateKey: data.pem, - }, null, 2) - - await fs.writeFile(fileName, content); - - console.log(`Created ${fileName}, you can close the server now.`) -} - -const handleCallback = async (req, res) => { - const url = new URL(req.url, `http://${req.headers.host}`); - const conversionRes = await fetch(`https://api.github.com/app-manifests/${encodeURIComponent(url.searchParams.get('code'))}/conversions`, { - method: 'POST', - }); - - if (conversionRes.status !== 201) { - const body = await conversionRes.text(); - res.statusCode = conversionRes.status; - res.end(body); - } - - const data = await conversionRes.json(); - - await writeConfigFile(data, webhookUrl); - - res.writeHead(302, { Location: `${data.html_url}/installations/new` }); - res.end(); -} - -if (process.env.STUB_FILE === '1') { - writeConfigFile({ - name: 'stub', - slug: 'stub', - id: 'stub', - client_id: 'stub', - client_secret: 'stub', - webhook_secret: 'stub', - pem: 'stub', - }, 'https://smee.io/stub'); - - return; -} - -const GITHUB_ORG_ID = process.env.GITHUB_ORG_ID; -if (!GITHUB_ORG_ID) { - console.error('Please export GITHUB_ORG_ID'); - process.exit(1); -} - -const server = http.createServer((req, res) => { - if (req.url === '/') { - handleIndex(req, res, GITHUB_ORG_ID); - } else if (req.url.startsWith('/callback?')) { - handleCallback(req, res); - } else { - res.statusCode = 404; - res.end('Not found, url: ' + req.url); - } -}); - -server.listen(port, hostname, () => { - baseUrl = `http://${hostname}:${port}`; - - console.log(`Open ${baseUrl}`); -}); diff --git a/examples/with-backstage/provider.tf b/examples/with-backstage/provider.tf index 990d784..e388034 100644 --- a/examples/with-backstage/provider.tf +++ b/examples/with-backstage/provider.tf @@ -4,13 +4,21 @@ terraform { source = "hashicorp/aws" version = "~> 5.17" } + github = { + source = "integrations/github" + version = "~> 5.38" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.12" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } - github = { - source = "integrations/github" - version = "~> 5.38" + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25" } random = { source = "hashicorp/random" diff --git a/examples/with-backstage/terraform.tfvars.example b/examples/with-backstage/terraform.tfvars.example index 1125b1a..7b5799e 100644 --- a/examples/with-backstage/terraform.tfvars.example +++ b/examples/with-backstage/terraform.tfvars.example @@ -20,7 +20,4 @@ humanitec_org_id = "" # List of EC2 instances types to use for EKS nodes instance_types = [ "t3.large" -] - -# Revision of the resource-packs-aws repository to use -resource_packs_aws_rev = "refs/heads/main" \ No newline at end of file +] \ No newline at end of file diff --git a/examples/with-backstage/variables.tf b/examples/with-backstage/variables.tf index 8d8238a..43ac6c5 100644 --- a/examples/with-backstage/variables.tf +++ b/examples/with-backstage/variables.tf @@ -24,12 +24,6 @@ variable "humanitec_ci_service_user_token" { sensitive = true } -variable "resource_packs_aws_rev" { - description = "Revision of the resource-packs-aws repository to use" - type = string - default = "refs/heads/main" -} - variable "instance_types" { description = "List of EC2 instances types to use for EKS nodes" type = list(string) diff --git a/main.tf b/main.tf index 08cd954..574c2c9 100644 --- a/main.tf +++ b/main.tf @@ -5,10 +5,18 @@ terraform { source = "hashicorp/aws" version = "~> 5.17" } + helm = { + source = "hashicorp/helm" + version = "~> 2.12" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25" + } } required_version = ">= 1.3.0" } diff --git a/modules/base/README.md b/modules/base/README.md index efb9d3f..bc26e2b 100644 --- a/modules/base/README.md +++ b/modules/base/README.md @@ -1,35 +1,40 @@ -# base +# base Module that provides the reference architecture. +## Terraform docs + -## Requirements +### Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.3.0 | -| [aws](#requirement\_aws) | >= 4.50 | -| [kubernetes](#requirement\_kubernetes) | >= 2.0.3 | +| terraform | >= 1.3.0 | +| aws | >= 4.50 | +| helm | ~> 2.12 | +| humanitec | ~> 1.0 | +| kubernetes | >= 2.0.3 | +| random | ~> 3.5 | -## Providers +### Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.50 | -| [helm](#provider\_helm) | n/a | -| [humanitec](#provider\_humanitec) | n/a | -| [kubernetes](#provider\_kubernetes) | >= 2.0.3 | -| [random](#provider\_random) | n/a | +| aws | >= 4.50 | +| helm | ~> 2.12 | +| humanitec | ~> 1.0 | +| kubernetes | >= 2.0.3 | +| random | ~> 3.5 | -## Modules +### Modules | Name | Source | Version | |------|--------|---------| -| [aws\_eks](#module\_aws\_eks) | terraform-aws-modules/eks/aws | ~> 20.2 | -| [aws\_vpc](#module\_aws\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.1 | -| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.30 | +| aws\_eks | terraform-aws-modules/eks/aws | ~> 20.2 | +| aws\_vpc | terraform-aws-modules/vpc/aws | ~> 5.1 | +| ebs\_csi\_irsa\_role | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.30 | -## Resources +### Resources | Name | Type | |------|------| @@ -42,44 +47,43 @@ Module that provides the reference architecture. | [humanitec_resource_definition_criteria.k8s_cluster_driver](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.k8s_namespace](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_elb_hosted_zone_id.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_hosted_zone_id) | data source | | [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | | [kubernetes_service.ingress_nginx_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | -## Inputs +### Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_k8s\_access\_entries](#input\_additional\_k8s\_access\_entries) | Additional access entries add to the k8s aws-auth configmap | 
list(object({
    id            = string
    principal_arn = string
    groups        = list(string)
  }))
| `[]` | no | -| [capacity\_type](#input\_capacity\_type) | Defines whether to use ON\_DEMAND or SPOT EC2 instances for EKS nodes | `string` | `"ON_DEMAND"` | no | -| [cluster\_name](#input\_cluster\_name) | Name for the EKS cluster | `string` | `"ref-arch"` | no | -| [cluster\_version](#input\_cluster\_version) | Version of the EKS cluster to deploy | `string` | `null` | no | -| [disk\_size](#input\_disk\_size) | Disk size in GB to use for EKS nodes | `number` | `20` | no | -| [eks\_public\_access\_cidrs](#input\_eks\_public\_access\_cidrs) | List of CIDRs that can access the EKS cluster's public endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [environment](#input\_environment) | Name of the environment to be deployed into | `string` | `"development"` | no | -| [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM user to create for Humanitec EKS access | `string` | `"svc-humanitec"` | no | -| [ingress\_nginx\_min\_unavailable](#input\_ingress\_nginx\_min\_unavailable) | Number of allowed unavaiable replicas for the ingress-nginx controller | `number` | `1` | no | -| [ingress\_nginx\_replica\_count](#input\_ingress\_nginx\_replica\_count) | Number of replicas for the ingress-nginx controller | `number` | `2` | no | -| [instance\_types](#input\_instance\_types) | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | -| [node\_group\_desired\_size](#input\_node\_group\_desired\_size) | Desired number of nodes for the EKS node group | `number` | `3` | no | -| [node\_group\_max\_size](#input\_node\_group\_max\_size) | Maximum number of nodes for the EKS node group | `number` | `3` | no | -| [node\_group\_min\_size](#input\_node\_group\_min\_size) | Minimum number of nodes for the EKS node group | `number` | `2` | no | -| [region](#input\_region) | AWS Region to deploy into | `string` | `"us-east-1"` | no | -| [vpc\_name](#input\_vpc\_name) | AWS VPC name | `string` | `"ref-arch"` | no | +| additional\_k8s\_access\_entries | Additional access entries add to the k8s aws-auth configmap | 
list(object({
    id            = string
    principal_arn = string
    groups        = list(string)
  }))
| `[]` | no | +| capacity\_type | Defines whether to use ON\_DEMAND or SPOT EC2 instances for EKS nodes | `string` | `"ON_DEMAND"` | no | +| cluster\_name | Name for the EKS cluster | `string` | `"ref-arch"` | no | +| cluster\_version | Version of the EKS cluster to deploy | `string` | `null` | no | +| disk\_size | Disk size in GB to use for EKS nodes | `number` | `20` | no | +| eks\_public\_access\_cidrs | List of CIDRs that can access the EKS cluster's public endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| environment | Name of the environment to be deployed into | `string` | `"development"` | no | +| iam\_role\_name | Name of the IAM user to create for Humanitec EKS access | `string` | `"svc-humanitec"` | no | +| ingress\_nginx\_min\_unavailable | Number of allowed unavaiable replicas for the ingress-nginx controller | `number` | `1` | no | +| ingress\_nginx\_replica\_count | Number of replicas for the ingress-nginx controller | `number` | `2` | no | +| instance\_types | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | +| node\_group\_desired\_size | Desired number of nodes for the EKS node group | `number` | `3` | no | +| node\_group\_max\_size | Maximum number of nodes for the EKS node group | `number` | `3` | no | +| node\_group\_min\_size | Minimum number of nodes for the EKS node group | `number` | `2` | no | +| region | AWS Region to deploy into | `string` | `"us-east-1"` | no | +| vpc\_name | AWS VPC name | `string` | `"ref-arch"` | no | -## Outputs +### Outputs | Name | Description | |------|-------------| -| [eks\_cluster\_certificate\_authority\_data](#output\_eks\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [eks\_cluster\_name](#output\_eks\_cluster\_name) | The name of the EKS cluster | -| [eks\_oidc\_provider](#output\_eks\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | The ARN of the OIDC Provider | -| [environment](#output\_environment) | Name of the environment to be deployed into | -| [humanitec\_resource\_account\_id](#output\_humanitec\_resource\_account\_id) | Humanitec resource account id for the cluster | -| [ingress\_nginx\_external\_dns](#output\_ingress\_nginx\_external\_dns) | External DNS entry for the Nginx ingress controller | -| [vpc\_id](#output\_vpc\_id) | VPC id | +| eks\_cluster\_certificate\_authority\_data | Base64 encoded certificate data required to communicate with the cluster | +| eks\_cluster\_endpoint | Endpoint for your Kubernetes API server | +| eks\_cluster\_name | The name of the EKS cluster | +| eks\_oidc\_provider | The OpenID Connect identity provider (issuer URL without leading `https://`) | +| eks\_oidc\_provider\_arn | The ARN of the OIDC Provider | +| environment | Name of the environment to be deployed into | +| humanitec\_resource\_account\_id | Humanitec resource account id for the cluster | +| ingress\_nginx\_external\_dns | External DNS entry for the Nginx ingress controller | +| vpc\_id | VPC id | diff --git a/modules/base/humanitec.tf b/modules/base/humanitec.tf index 304f73e..b7394ba 100644 --- a/modules/base/humanitec.tf +++ b/modules/base/humanitec.tf @@ -1,7 +1,7 @@ # Humanitec resource definition to connect the cluster to Humanitec locals { - ingress_address = data.kubernetes_service.ingress_nginx_controller.status.0.load_balancer.0.ingress.0.hostname + ingress_address = data.kubernetes_service.ingress_nginx_controller.status[0].load_balancer[0].ingress[0].hostname } data "aws_elb_hosted_zone_id" "main" {} diff --git a/modules/base/main.tf b/modules/base/main.tf index c4f3f8b..94a8fda 100644 --- a/modules/base/main.tf +++ b/modules/base/main.tf @@ -62,8 +62,6 @@ module "aws_vpc" { tags = local.tags } -data "aws_caller_identity" "current" {} - locals { default_k8s_access_entries = [ { diff --git a/modules/base/providers.tf b/modules/base/providers.tf index 76fb784..2ff1e62 100644 --- a/modules/base/providers.tf +++ b/modules/base/providers.tf @@ -9,10 +9,16 @@ terraform { version = ">= 2.0.3" } helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" + version = "~> 2.12" } humanitec = { - source = "humanitec/humanitec" + source = "humanitec/humanitec" + version = "~> 1.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.5" } } required_version = ">= 1.3.0" diff --git a/modules/base/terraform.tfvars.example b/modules/base/terraform.tfvars.example new file mode 100644 index 0000000..55132ff --- /dev/null +++ b/modules/base/terraform.tfvars.example @@ -0,0 +1,52 @@ + +# Additional access entries add to the k8s aws-auth configmap +additional_k8s_access_entries = [] + +# Defines whether to use ON_DEMAND or SPOT EC2 instances for EKS nodes +capacity_type = "ON_DEMAND" + +# Name for the EKS cluster +cluster_name = "ref-arch" + +# Version of the EKS cluster to deploy +cluster_version = "" + +# Disk size in GB to use for EKS nodes +disk_size = 20 + +# List of CIDRs that can access the EKS cluster's public endpoint +eks_public_access_cidrs = [ + "0.0.0.0/0" +] + +# Name of the environment to be deployed into +environment = "development" + +# Name of the IAM user to create for Humanitec EKS access +iam_role_name = "svc-humanitec" + +# Number of allowed unavaiable replicas for the ingress-nginx controller +ingress_nginx_min_unavailable = 1 + +# Number of replicas for the ingress-nginx controller +ingress_nginx_replica_count = 2 + +# List of EC2 instances types to use for EKS nodes +instance_types = [ + "t3.large" +] + +# Desired number of nodes for the EKS node group +node_group_desired_size = 3 + +# Maximum number of nodes for the EKS node group +node_group_max_size = 3 + +# Minimum number of nodes for the EKS node group +node_group_min_size = 2 + +# AWS Region to deploy into +region = "us-east-1" + +# AWS VPC name +vpc_name = "ref-arch" \ No newline at end of file