diff --git a/cli/internal/terraform/BUILD.bazel b/cli/internal/terraform/BUILD.bazel index 05a8e86b3ab..3c277b9ad34 100644 --- a/cli/internal/terraform/BUILD.bazel +++ b/cli/internal/terraform/BUILD.bazel @@ -9,89 +9,6 @@ go_library( "terraform.go", "variables.go", ], - embedsrcs = [ - "terraform/aws/.terraform.lock.hcl", - "terraform/aws/main.tf", - "terraform/aws/modules/instance_group/main.tf", - "terraform/aws/modules/instance_group/variables.tf", - "terraform/aws/modules/load_balancer_target/main.tf", - "terraform/aws/modules/load_balancer_target/output.tf", - "terraform/aws/modules/load_balancer_target/variables.tf", - "terraform/aws/modules/public_private_subnet/main.tf", - "terraform/aws/modules/public_private_subnet/output.tf", - "terraform/aws/modules/public_private_subnet/variables.tf", - "terraform/aws/outputs.tf", - "terraform/aws/variables.tf", - "terraform/azure/.terraform.lock.hcl", - "terraform/azure/main.tf", - "terraform/azure/modules/load_balancer_backend/main.tf", - "terraform/azure/modules/load_balancer_backend/outputs.tf", - "terraform/azure/modules/load_balancer_backend/variables.tf", - "terraform/azure/modules/scale_set/main.tf", - "terraform/azure/modules/scale_set/variables.tf", - "terraform/azure/outputs.tf", - "terraform/azure/variables.tf", - "terraform/gcp/.terraform.lock.hcl", - "terraform/gcp/main.tf", - "terraform/gcp/modules/instance_group/main.tf", - "terraform/gcp/modules/instance_group/outputs.tf", - "terraform/gcp/modules/instance_group/variables.tf", - "terraform/gcp/modules/loadbalancer/main.tf", - "terraform/gcp/modules/loadbalancer/variables.tf", - "terraform/gcp/outputs.tf", - "terraform/gcp/variables.tf", - "terraform/iam/aws/README.md", - "terraform/iam/aws/main.tf", - "terraform/iam/aws/outputs.tf", - "terraform/iam/aws/variables.tf", - "terraform/iam/azure/README.md", - "terraform/iam/azure/main.tf", - "terraform/iam/azure/outputs.tf", - "terraform/iam/azure/variables.tf", - "terraform/iam/gcp/README.md", - "terraform/iam/gcp/main.tf", - "terraform/iam/gcp/outputs.tf", - "terraform/iam/gcp/variables.tf", - "terraform/qemu/.terraform.lock.hcl", - "terraform/qemu/main.tf", - "terraform/qemu/modules/instance_group/domain.xsl", - "terraform/qemu/modules/instance_group/main.tf", - "terraform/qemu/modules/instance_group/outputs.tf", - "terraform/qemu/modules/instance_group/variables.tf", - "terraform/qemu/outputs.tf", - "terraform/qemu/variables.tf", - "terraform/openstack/.terraform.lock.hcl", - "terraform/openstack/main.tf", - "terraform/openstack/modules/instance_group/main.tf", - "terraform/openstack/modules/instance_group/outputs.tf", - "terraform/openstack/modules/instance_group/variables.tf", - "terraform/openstack/modules/loadbalancer/main.tf", - "terraform/openstack/modules/loadbalancer/variables.tf", - "terraform/openstack/outputs.tf", - "terraform/openstack/variables.tf", - "terraform/qemu/modules/instance_group/tdx_domain.xsl", - "terraform/iam/aws/.terraform.lock.hcl", - "terraform/iam/azure/.terraform.lock.hcl", - "terraform/iam/gcp/.terraform.lock.hcl", - "terraform/gcp/modules/internal_load_balancer/main.tf", - "terraform/gcp/modules/internal_load_balancer/variables.tf", - "terraform/gcp/modules/jump_host/main.tf", - "terraform/gcp/modules/jump_host/outputs.tf", - "terraform/gcp/modules/jump_host/variables.tf", - "terraform/aws/modules/jump_host/main.tf", - "terraform/aws/modules/jump_host/output.tf", - "terraform/aws/modules/jump_host/variables.tf", - "terraform/azure/modules/jump_host/main.tf", - "terraform/azure/modules/jump_host/variables.tf", - "terraform/azure/modules/jump_host/outputs.tf", - "terraform/constellation-cluster/.terraform.lock.hcl", - "terraform/constellation-cluster/install-constellation.sh", - "terraform/constellation-cluster/main.tf", - "terraform/constellation-cluster/variables.tf", - "terraform/aws-constellation/.terraform.lock.hcl", - "terraform/aws-constellation/main.tf", - "terraform/aws-constellation/variables.tf", - ], importpath = "github.com/edgelesssys/constellation/v2/cli/internal/terraform", visibility = ["//cli:__subpackages__"], deps = [ @@ -99,6 +16,7 @@ go_library( "//internal/cloud/cloudprovider", "//internal/constants", "//internal/file", + "//terraform", "@com_github_hashicorp_go_version//:go-version", "@com_github_hashicorp_hc_install//:hc-install", "@com_github_hashicorp_hc_install//fs", diff --git a/cli/internal/terraform/loader.go b/cli/internal/terraform/loader.go index 092bf28c60d..5346d88d19f 100644 --- a/cli/internal/terraform/loader.go +++ b/cli/internal/terraform/loader.go @@ -8,7 +8,6 @@ package terraform import ( "bytes" - "embed" "errors" "fmt" "io/fs" @@ -16,6 +15,8 @@ import ( "path/filepath" "strings" + "github.com/edgelesssys/constellation/v2/terraform" + "github.com/edgelesssys/constellation/v2/internal/file" "github.com/spf13/afero" ) @@ -23,11 +24,6 @@ import ( // ErrTerraformWorkspaceDifferentFiles is returned when a re-used existing Terraform workspace has different files than the ones to be extracted (e.g. due to a version mix-up or incomplete writes). var ErrTerraformWorkspaceDifferentFiles = errors.New("creating cluster: trying to overwrite an existing Terraform file with a different version") -//go:embed terraform/* -//go:embed terraform/*/.terraform.lock.hcl -//go:embed terraform/iam/*/.terraform.lock.hcl -var terraformFS embed.FS - const ( noOverwrites overwritePolicy = iota allowOverwrites @@ -59,7 +55,7 @@ func prepareUpgradeWorkspace(rootDir string, fileHandler file.Handler, workingDi // allowOverwrites allows overwriting existing files in the workspace. func terraformCopier(fileHandler file.Handler, rootDir, workingDir string, overwritePolicy overwritePolicy) error { goEmbedRootDir := filepath.ToSlash(rootDir) - return fs.WalkDir(terraformFS, goEmbedRootDir, func(path string, d fs.DirEntry, err error) error { + return fs.WalkDir(terraform.Assets, goEmbedRootDir, func(path string, d fs.DirEntry, err error) error { if err != nil { return err } @@ -68,7 +64,7 @@ func terraformCopier(fileHandler file.Handler, rootDir, workingDir string, overw } goEmbedPath := filepath.ToSlash(path) - content, err := terraformFS.ReadFile(goEmbedPath) + content, err := terraform.Assets.ReadFile(goEmbedPath) if err != nil { return err } diff --git a/terraform/BUILD.bazel b/terraform/BUILD.bazel new file mode 100644 index 00000000000..10f8bfd7b76 --- /dev/null +++ b/terraform/BUILD.bazel @@ -0,0 +1,91 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "terraform", + srcs = ["assets.go"], + embedsrcs = [ + "terraform/aws-constellation/.terraform.lock.hcl", + "terraform/aws-constellation/main.tf", + "terraform/aws-constellation/variables.tf", + "terraform/aws/.terraform.lock.hcl", + "terraform/aws/main.tf", + "terraform/aws/modules/instance_group/main.tf", + "terraform/aws/modules/instance_group/variables.tf", + "terraform/aws/modules/jump_host/main.tf", + "terraform/aws/modules/jump_host/output.tf", + "terraform/aws/modules/jump_host/variables.tf", + "terraform/aws/modules/load_balancer_target/main.tf", + "terraform/aws/modules/load_balancer_target/output.tf", + "terraform/aws/modules/load_balancer_target/variables.tf", + "terraform/aws/modules/public_private_subnet/main.tf", + "terraform/aws/modules/public_private_subnet/output.tf", + "terraform/aws/modules/public_private_subnet/variables.tf", + "terraform/aws/outputs.tf", + "terraform/aws/variables.tf", + "terraform/azure/.terraform.lock.hcl", + "terraform/azure/main.tf", + "terraform/azure/modules/jump_host/main.tf", + "terraform/azure/modules/jump_host/outputs.tf", + "terraform/azure/modules/jump_host/variables.tf", + "terraform/azure/modules/load_balancer_backend/main.tf", + "terraform/azure/modules/load_balancer_backend/outputs.tf", + "terraform/azure/modules/load_balancer_backend/variables.tf", + "terraform/azure/modules/scale_set/main.tf", + "terraform/azure/modules/scale_set/variables.tf", + "terraform/azure/outputs.tf", + "terraform/azure/variables.tf", + "terraform/constellation-cluster/.terraform.lock.hcl", + "terraform/constellation-cluster/install-constellation.sh", + "terraform/constellation-cluster/main.tf", + "terraform/constellation-cluster/variables.tf", + "terraform/gcp/.terraform.lock.hcl", + "terraform/gcp/main.tf", + "terraform/gcp/modules/instance_group/main.tf", + "terraform/gcp/modules/instance_group/outputs.tf", + "terraform/gcp/modules/instance_group/variables.tf", + "terraform/gcp/modules/internal_load_balancer/main.tf", + "terraform/gcp/modules/internal_load_balancer/variables.tf", + "terraform/gcp/modules/jump_host/main.tf", + "terraform/gcp/modules/jump_host/outputs.tf", + "terraform/gcp/modules/jump_host/variables.tf", + "terraform/gcp/modules/loadbalancer/main.tf", + "terraform/gcp/modules/loadbalancer/variables.tf", + "terraform/gcp/outputs.tf", + "terraform/gcp/variables.tf", + "terraform/iam/aws/.terraform.lock.hcl", + "terraform/iam/aws/README.md", + "terraform/iam/aws/main.tf", + "terraform/iam/aws/outputs.tf", + "terraform/iam/aws/variables.tf", + "terraform/iam/azure/.terraform.lock.hcl", + "terraform/iam/azure/README.md", + "terraform/iam/azure/main.tf", + "terraform/iam/azure/outputs.tf", + "terraform/iam/azure/variables.tf", + "terraform/iam/gcp/.terraform.lock.hcl", + "terraform/iam/gcp/README.md", + "terraform/iam/gcp/main.tf", + "terraform/iam/gcp/outputs.tf", + "terraform/iam/gcp/variables.tf", + "terraform/openstack/.terraform.lock.hcl", + "terraform/openstack/main.tf", + "terraform/openstack/modules/instance_group/main.tf", + "terraform/openstack/modules/instance_group/outputs.tf", + "terraform/openstack/modules/instance_group/variables.tf", + "terraform/openstack/modules/loadbalancer/main.tf", + "terraform/openstack/modules/loadbalancer/variables.tf", + "terraform/openstack/outputs.tf", + "terraform/openstack/variables.tf", + "terraform/qemu/.terraform.lock.hcl", + "terraform/qemu/main.tf", + "terraform/qemu/modules/instance_group/domain.xsl", + "terraform/qemu/modules/instance_group/main.tf", + "terraform/qemu/modules/instance_group/outputs.tf", + "terraform/qemu/modules/instance_group/tdx_domain.xsl", + "terraform/qemu/modules/instance_group/variables.tf", + "terraform/qemu/outputs.tf", + "terraform/qemu/variables.tf", + ], + importpath = "github.com/edgelesssys/constellation/v2/terraform", + visibility = ["//visibility:public"], +) diff --git a/terraform/assets.go b/terraform/assets.go index e69de29bb2d..422498daf0a 100644 --- a/terraform/assets.go +++ b/terraform/assets.go @@ -0,0 +1,16 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package terraform + +import "embed" + +// Assets are the exported Terraform template files. +// +//go:embed terraform/* +//go:embed terraform/*/.terraform.lock.hcl +//go:embed terraform/iam/*/.terraform.lock.hcl +var Assets embed.FS diff --git a/terraform/aws-constellation/main.tf b/terraform/aws-constellation/main.tf index 80f644229a0..c4ee112fa5f 100644 --- a/terraform/aws-constellation/main.tf +++ b/terraform/aws-constellation/main.tf @@ -32,8 +32,8 @@ module "constellation" { initSecretHash = module.aws.initSecret apiServerCertSANs = module.aws.api_server_cert_sans iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile # TODO CSP specific - iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile # TODO CSP specific - region = var.region # TODO CSP specific - zone = var.zone # TODO CSP specific + iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile # TODO CSP specific + region = var.region # TODO CSP specific + zone = var.zone # TODO CSP specific node_groups = var.node_groups } diff --git a/terraform/terraform/aws-constellation/.terraform.lock.hcl b/terraform/terraform/aws-constellation/.terraform.lock.hcl new file mode 100644 index 00000000000..ebdd23caa1d --- /dev/null +++ b/terraform/terraform/aws-constellation/.terraform.lock.hcl @@ -0,0 +1,45 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.17.0" + constraints = "5.17.0" + hashes = [ + "h1:rplvK7UGP2FuzM44t2eRX+QYYPC0aUIoKdi5XayRI8M=", + "zh:0087b9dd2c9c638fd63e527e5b9b70988008e263d480a199f180efe5a4f070f0", + "zh:0fd532a4fd03ddef11f0502ff9fe4343443e1ae805cb088825a71d6d48906ec7", + "zh:16411e731100cd15f7e165f53c23be784b2c86c2fcfd34781e0642d17090d342", + "zh:251d520927e77f091e2ec6302e921d839a2430ac541c6a461aed7c08fb5eae12", + "zh:4919e69682dc2a8c32d44f6ebc038a52c9f40af9c61cb574b64e322800d6a794", + "zh:5334c60759d5f76bdc51355d1a3ebcc451d4d20f632f5c73b6e55c52b5dc9e52", + "zh:7341a2b7247572eba0d0486094a870b872967702ec0ac7af728c2df2c30af4e5", + "zh:81d1b1cb2cac6b3922a05adab69543b678f344a01debd54500263700dad7a288", + "zh:882bc8e15ef6d4020a07321ec4c056977c5c1d96934118032922561d29504d43", + "zh:8cd4871ef2b03fd916de1a6dc7eb8a81a354c421177d4334a2e3308e50215e41", + "zh:97e12fe6529b21298adf1046c5e20ac35d0569c836a6f385ff041e257e00cfd2", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9f5baf5d59b9f3cf5504d1fa975f10f27da3791896a9e18ece47c258bac17634", + "zh:dffafba6731ac1db1c540bdbd6a8c878486b71de9d0ca1d23c5c00a6c3c14d80", + "zh:fa7440c3c15a42fc5731444d324ced75407d417bfe3184661ae47d40a9718dce", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.5.1" + constraints = "3.5.1" + hashes = [ + "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=", + "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", + "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", + "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", + "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", + "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", + "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", + "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", + "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", + "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", + "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + ] +} diff --git a/terraform/terraform/aws-constellation/main.tf b/terraform/terraform/aws-constellation/main.tf new file mode 100644 index 00000000000..80f644229a0 --- /dev/null +++ b/terraform/terraform/aws-constellation/main.tf @@ -0,0 +1,39 @@ +module "aws_iam" { + source = "../iam/aws" + name_prefix = var.name_prefix + region = var.region +} + + +module "aws" { + source = "../aws" + name = var.name + node_groups = var.node_groups + iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile + iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile + ami = var.ami + region = var.region + zone = var.zone + debug = var.debug + enable_snp = var.enable_snp + custom_endpoint = var.custom_endpoint +} + +module "constellation" { + source = "../constellation-cluster" + csp = "aws" + name = var.name + image = var.image + microservice_version = var.microservice_version + kubernetes_version = var.kubernetes_version + uid = module.aws.uid + clusterEndpoint = module.aws.out_of_cluster_endpoint + inClusterEndpoint = module.aws.in_cluster_endpoint + initSecretHash = module.aws.initSecret + apiServerCertSANs = module.aws.api_server_cert_sans + iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile # TODO CSP specific + iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile # TODO CSP specific + region = var.region # TODO CSP specific + zone = var.zone # TODO CSP specific + node_groups = var.node_groups +} diff --git a/terraform/terraform/aws-constellation/variables.tf b/terraform/terraform/aws-constellation/variables.tf new file mode 100644 index 00000000000..684d9dc40ef --- /dev/null +++ b/terraform/terraform/aws-constellation/variables.tf @@ -0,0 +1,110 @@ +variable "name" { + type = string + description = "Name of your Constellation" + validation { + condition = length(var.name) <= 10 + error_message = "The length of the name of the Constellation must be <= 10 characters" + } +} + +variable "image" { + type = string + description = "Node image version" + default = "v2.12.0" +} + +variable "microservice_version" { + type = string + description = "Microservice version" + default = "v2.12.0" +} + +variable "kubernetes_version" { + type = string + description = "Kubernetes version" + default = "v1.26.9" +} + + +variable "node_groups" { + type = map(object({ + role = string + initial_count = optional(number) + instance_type = string + disk_size = number + disk_type = string + zone = string + })) + description = "A map of node group names to node group configurations." + validation { + condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"]) + error_message = "The role has to be 'control-plane' or 'worker'." + } + default = { + control_plane_default = { + role = "control-plane" + zone = "eu-west-1b" + instance_type = "m6a.xlarge" + disk_size = 30 + disk_type = "gp3" + initial_count = 2 + }, + worker_default = { + role = "worker" + zone = "eu-west-1b" + instance_type = "m6a.xlarge" + disk_size = 30 + disk_type = "gp3" + initial_count = 2 + } + } +} + +variable "ami" { + type = string + description = "AMI ID" + validation { + condition = length(var.ami) > 4 && substr(var.ami, 0, 4) == "ami-" + error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." + } + default = "ami-05f952f58bc859371" // TODO translate from image version +} + +variable "region" { + type = string + description = "The AWS region to create the cluster in" +} + +variable "zone" { + type = string + description = "The AWS availability zone name to create the cluster in" +} + +variable "debug" { + type = bool + default = false + description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper." +} + +variable "enable_snp" { + type = bool + default = true + description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable." +} + +variable "custom_endpoint" { + type = string + default = "" + description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used." +} + +variable "internal_load_balancer" { + type = bool + default = false + description = "Use an internal load balancer." +} + +variable "name_prefix" { + type = string + description = "Prefix for all resources" +} diff --git a/terraform/terraform/terraform/aws/.terraform.lock.hcl b/terraform/terraform/aws/.terraform.lock.hcl similarity index 100% rename from terraform/terraform/terraform/aws/.terraform.lock.hcl rename to terraform/terraform/aws/.terraform.lock.hcl diff --git a/terraform/terraform/terraform/aws/main.tf b/terraform/terraform/aws/main.tf similarity index 100% rename from terraform/terraform/terraform/aws/main.tf rename to terraform/terraform/aws/main.tf diff --git a/terraform/terraform/terraform/aws/modules/instance_group/main.tf b/terraform/terraform/aws/modules/instance_group/main.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/instance_group/main.tf rename to terraform/terraform/aws/modules/instance_group/main.tf diff --git a/terraform/terraform/terraform/aws/modules/instance_group/variables.tf b/terraform/terraform/aws/modules/instance_group/variables.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/instance_group/variables.tf rename to terraform/terraform/aws/modules/instance_group/variables.tf diff --git a/terraform/terraform/terraform/aws/modules/jump_host/main.tf b/terraform/terraform/aws/modules/jump_host/main.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/jump_host/main.tf rename to terraform/terraform/aws/modules/jump_host/main.tf diff --git a/terraform/terraform/terraform/aws/modules/jump_host/output.tf b/terraform/terraform/aws/modules/jump_host/output.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/jump_host/output.tf rename to terraform/terraform/aws/modules/jump_host/output.tf diff --git a/terraform/terraform/terraform/aws/modules/jump_host/variables.tf b/terraform/terraform/aws/modules/jump_host/variables.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/jump_host/variables.tf rename to terraform/terraform/aws/modules/jump_host/variables.tf diff --git a/terraform/terraform/terraform/aws/modules/load_balancer_target/main.tf b/terraform/terraform/aws/modules/load_balancer_target/main.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/load_balancer_target/main.tf rename to terraform/terraform/aws/modules/load_balancer_target/main.tf diff --git a/terraform/terraform/terraform/aws/modules/load_balancer_target/output.tf b/terraform/terraform/aws/modules/load_balancer_target/output.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/load_balancer_target/output.tf rename to terraform/terraform/aws/modules/load_balancer_target/output.tf diff --git a/terraform/terraform/terraform/aws/modules/load_balancer_target/variables.tf b/terraform/terraform/aws/modules/load_balancer_target/variables.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/load_balancer_target/variables.tf rename to terraform/terraform/aws/modules/load_balancer_target/variables.tf diff --git a/terraform/terraform/terraform/aws/modules/public_private_subnet/main.tf b/terraform/terraform/aws/modules/public_private_subnet/main.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/public_private_subnet/main.tf rename to terraform/terraform/aws/modules/public_private_subnet/main.tf diff --git a/terraform/terraform/terraform/aws/modules/public_private_subnet/output.tf b/terraform/terraform/aws/modules/public_private_subnet/output.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/public_private_subnet/output.tf rename to terraform/terraform/aws/modules/public_private_subnet/output.tf diff --git a/terraform/terraform/terraform/aws/modules/public_private_subnet/variables.tf b/terraform/terraform/aws/modules/public_private_subnet/variables.tf similarity index 100% rename from terraform/terraform/terraform/aws/modules/public_private_subnet/variables.tf rename to terraform/terraform/aws/modules/public_private_subnet/variables.tf diff --git a/terraform/terraform/terraform/aws/outputs.tf b/terraform/terraform/aws/outputs.tf similarity index 100% rename from terraform/terraform/terraform/aws/outputs.tf rename to terraform/terraform/aws/outputs.tf diff --git a/terraform/terraform/terraform/aws/variables.tf b/terraform/terraform/aws/variables.tf similarity index 100% rename from terraform/terraform/terraform/aws/variables.tf rename to terraform/terraform/aws/variables.tf diff --git a/terraform/terraform/terraform/azure/.terraform.lock.hcl b/terraform/terraform/azure/.terraform.lock.hcl similarity index 100% rename from terraform/terraform/terraform/azure/.terraform.lock.hcl rename to terraform/terraform/azure/.terraform.lock.hcl diff --git a/terraform/terraform/terraform/azure/main.tf b/terraform/terraform/azure/main.tf similarity index 100% rename from terraform/terraform/terraform/azure/main.tf rename to terraform/terraform/azure/main.tf diff --git a/terraform/terraform/terraform/azure/modules/jump_host/main.tf b/terraform/terraform/azure/modules/jump_host/main.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/jump_host/main.tf rename to terraform/terraform/azure/modules/jump_host/main.tf diff --git a/terraform/terraform/terraform/azure/modules/jump_host/outputs.tf b/terraform/terraform/azure/modules/jump_host/outputs.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/jump_host/outputs.tf rename to terraform/terraform/azure/modules/jump_host/outputs.tf diff --git a/terraform/terraform/terraform/azure/modules/jump_host/variables.tf b/terraform/terraform/azure/modules/jump_host/variables.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/jump_host/variables.tf rename to terraform/terraform/azure/modules/jump_host/variables.tf diff --git a/terraform/terraform/terraform/azure/modules/load_balancer_backend/main.tf b/terraform/terraform/azure/modules/load_balancer_backend/main.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/load_balancer_backend/main.tf rename to terraform/terraform/azure/modules/load_balancer_backend/main.tf diff --git a/terraform/terraform/terraform/azure/modules/load_balancer_backend/outputs.tf b/terraform/terraform/azure/modules/load_balancer_backend/outputs.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/load_balancer_backend/outputs.tf rename to terraform/terraform/azure/modules/load_balancer_backend/outputs.tf diff --git a/terraform/terraform/terraform/azure/modules/load_balancer_backend/variables.tf b/terraform/terraform/azure/modules/load_balancer_backend/variables.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/load_balancer_backend/variables.tf rename to terraform/terraform/azure/modules/load_balancer_backend/variables.tf diff --git a/terraform/terraform/terraform/azure/modules/scale_set/main.tf b/terraform/terraform/azure/modules/scale_set/main.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/scale_set/main.tf rename to terraform/terraform/azure/modules/scale_set/main.tf diff --git a/terraform/terraform/terraform/azure/modules/scale_set/variables.tf b/terraform/terraform/azure/modules/scale_set/variables.tf similarity index 100% rename from terraform/terraform/terraform/azure/modules/scale_set/variables.tf rename to terraform/terraform/azure/modules/scale_set/variables.tf diff --git a/terraform/terraform/terraform/azure/outputs.tf b/terraform/terraform/azure/outputs.tf similarity index 100% rename from terraform/terraform/terraform/azure/outputs.tf rename to terraform/terraform/azure/outputs.tf diff --git a/terraform/terraform/terraform/azure/variables.tf b/terraform/terraform/azure/variables.tf similarity index 100% rename from terraform/terraform/terraform/azure/variables.tf rename to terraform/terraform/azure/variables.tf diff --git a/terraform/terraform/constellation-cluster/.terraform.lock.hcl b/terraform/terraform/constellation-cluster/.terraform.lock.hcl new file mode 100644 index 00000000000..6e7e533323b --- /dev/null +++ b/terraform/terraform/constellation-cluster/.terraform.lock.hcl @@ -0,0 +1,2 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. diff --git a/terraform/terraform/constellation-cluster/install-constellation.sh b/terraform/terraform/constellation-cluster/install-constellation.sh new file mode 100755 index 00000000000..dcafe4dfea3 --- /dev/null +++ b/terraform/terraform/constellation-cluster/install-constellation.sh @@ -0,0 +1,30 @@ +#!/bin/bash +VERSION="latest" +if ! command -v constellation &> /dev/null; then + OS=$(uname -s) + ARCH=$(uname -m) + + URL="" + + if [[ $OS == "Darwin" ]]; then + if [[ $ARCH == "arm64" ]]; then + URL="https://github.com/edgelesssys/constellation/releases/${VERSION}/download/constellation-darwin-arm64" + elif [[ $ARCH == "x86_64" ]]; then + URL="https://github.com/edgelesssys/constellation/releases/${VERSION}/download/constellation-darwin-amd64" + fi + elif [[ $OS == "Linux" ]]; then + if [[ $ARCH == "x86_64" ]]; then + URL="https://github.com/edgelesssys/constellation/releases/${VERSION}/download/constellation-linux-amd64" + elif [[ $ARCH == "arm64" ]]; then + URL="https://github.com/edgelesssys/constellation/releases/${VERSION}/download/constellation-linux-arm64" + fi + fi + + if [ -z "$URL" ]; then + echo "Unsupported OS or architecture" + exit 1 + else + curl -o constellation -LO $URL + sudo install constellation /usr/local/bin/constellation + fi +fi diff --git a/terraform/terraform/constellation-cluster/main.tf b/terraform/terraform/constellation-cluster/main.tf new file mode 100644 index 00000000000..ad7b58940b7 --- /dev/null +++ b/terraform/terraform/constellation-cluster/main.tf @@ -0,0 +1,89 @@ +locals { + yq_node_groups = join("\n", flatten([ + for name, group in var.node_groups : [ + "yq eval '.nodeGroups.${name}.role = \"${group.role}\"' -i constellation-conf.yaml", + "yq eval '.nodeGroups.${name}.zone = \"${group.zone}\"' -i constellation-conf.yaml", + "yq eval '.nodeGroups.${name}.instanceType = \"${group.instance_type}\"' -i constellation-conf.yaml", + "yq eval '.nodeGroups.${name}.stateDiskSizeGB = ${group.disk_size}' -i constellation-conf.yaml", + "yq eval '.nodeGroups.${name}.stateDiskType = \"${group.disk_type}\"' -i constellation-conf.yaml", + "yq eval '.nodeGroups.${name}.initialCount = ${group.initial_count}' -i constellation-conf.yaml" + ] + ])) +} + + +resource "terraform_data" "ensure_cli" { + provisioner "local-exec" { + command = "${path.module}/install-constellation.sh && ./constellation config generate ${var.csp}" + } + // generate config here to only create it once (csp won't change) +} +# TODO ensure yq dependency + +# TODO how to handle CSP specific config without CSP specific input? +resource "terraform_data" "csp_config" { + count = var.csp == "aws" ? 1 : 0 + provisioner "local-exec" { + command = <