Skip to content

Commit

Permalink
init tf module
Browse files Browse the repository at this point in the history
  • Loading branch information
elchead committed Oct 23, 2023
1 parent 5d640ff commit bdea091
Show file tree
Hide file tree
Showing 7 changed files with 366 additions and 0 deletions.
45 changes: 45 additions & 0 deletions cli/internal/terraform/terraform/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash
alias constellation="./constellation"
#if ! command -v constellation &> /dev/null
#then
# OS=$(uname -s)
# ARCH=$(uname -m)

# URL=""

# if [[ "$OS" = "Darwin" ]]; then
# if [[ "$ARCH" = "arm64" ]]; then
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64"
# elif [[ "$ARCH" = "x86_64" ]]; then
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64"
# fi
# elif [[ "$OS" = "Linux" ]]; then
# if [[ "$ARCH" = "x86_64" ]]; then
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64"
# elif [[ "$ARCH" = "arm64" ]]; then
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64"
# fi
# fi

# if [ -z "$URL" ]; then
# echo "Unsupported OS or architecture"
# exit 1
# else
# curl -o constellation -LO $URL
# sudo install constellation /usr/local/bin/constellation
# fi
#fi
56 changes: 56 additions & 0 deletions cli/internal/terraform/terraform/constellation-cluster/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
resource "terraform_data" "ensure_cli" {
provisioner "local-exec" {
command = "${path.module}/install-constellation.sh"
}
}
# TODO ensure yq dependency

resource "terraform_data" "prepare_config" {
#} // TODO only once
provisioner "local-exec" {
command = <<EOT
rm constellation-conf.yaml constellation-state.yaml
./constellation config generate ${var.csp}
yq eval '.provider.aws.region = "${var.region}"' --inplace constellation-conf.yaml
yq eval '.provider.aws.zone = "${var.zone}"' --inplace constellation-conf.yaml
yq eval '.provider.aws.zone = "${var.zone}"' --inplace constellation-conf.yaml
yq eval '.nodeGroups.*.zone = "${var.zone}"' --inplace constellation-conf.yaml
yq eval '.provider.aws.iamProfileControlPlane = "${var.iam_instance_profile_control_plane}"' --inplace constellation-conf.yaml
yq eval '.provider.aws.iamProfileWorkerNodes = "${var.iam_instance_profile_worker_nodes}"' --inplace constellation-conf.yaml
EOT
# TODO support custom node groups
}

depends_on = [
terraform_data.ensure_cli
]
}

# TODO
resource "terraform_data" "infra" {
provisioner "local-exec" {
command = <<EOT
yq eval '.infrastructure.uid = "${var.uid}"' --inplace constellation-state.yaml
yq eval '.infrastructure.inClusterEndpoint = "${var.inClusterEndpoint}"' --inplace constellation-state.yaml
yq eval '.infrastructure.clusterEndpoint = "${var.clusterEndpoint}"' --inplace constellation-state.yaml
yq eval '.infrastructure.initSecret = "${var.initSecretHash}"' --inplace constellation-state.yaml
yq eval '.infrastructure.apiServerCertSANs = ${jsonencode(var.apiServerCertSANs)}' --inplace constellation-state.yaml
yq eval '.infrastructure.name = "${var.name}"' --inplace constellation-state.yaml
EOT
}

depends_on = [
terraform_data.prepare_config
]
}


resource "terraform_data" "apply" {
provisioner "local-exec" {
command = "./constellation init" # TODO use apply --yes
}

depends_on = [
terraform_data.infra
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
variable "csp" {
type = string
description = "The CSP to create the cluster in"
validation {
condition = var.csp == "aws" // TODO || var.csp == "azure" || var.csp == "gcp"
error_message = "The CSP must be 'aws', 'azure' or 'gcp'."
}
default = "aws"
}


# STATE related
variable "uid" {
type = string
description = "The UID of the Constellation"
}

variable "clusterEndpoint" {
type = string
description = "Endpoint of the cluster"
}

variable "inClusterEndpoint" {
type = string
description = "The endpoint the cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g. an internal load balancer is used."
}

variable "initSecretHash" {
type = string
description = "Init secret hash"
}

variable "apiServerCertSANs" {
type = list(string)
description = "List of additional SANs for the Kubernetes API server certificate"
}

variable "name" {
type = string
description = "Name used in the cluster's named resources"
}

# CONFIG related

variable "region" {
type = string
description = "The AWS region to create the cluster in"
}

variable "zone" {
type = string
description = "The AWS availability zone name to create the cluster in"
}

variable "iam_instance_profile_worker_nodes" {
type = string
description = "Name of the IAM instance profile for worker nodes"
}

variable "iam_instance_profile_control_plane" {
type = string
description = "Name of the IAM instance profile for control plane nodes"
}

#variable "image" {
# type = string
# description = "Node image version"
#}

#variable "kubernetes_version" {
# type = string
# description = "Kubernetes version"
#}

#variable "microservice_version" {
# type = string
# description = "Microservice version"
#}

#variable "name" {
# type = string
# description = "Name of your Constellation"
# validation {
# condition = length(var.name) <= 10 # TODO only checked AWS condition
# error_message = "The length of the name of the Constellation must be <= 10 characters"
# }
#}
35 changes: 35 additions & 0 deletions cli/internal/terraform/terraform/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
module "aws_iam" {
source = "./iam/aws"
name_prefix = var.name_prefix
region = var.region
}


module "aws" {
source = "./aws"
name = var.name
node_groups = var.node_groups
iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile
iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile
ami = var.ami
region = var.region
zone = var.zone
debug = var.debug
enable_snp = var.enable_snp
custom_endpoint = var.custom_endpoint
}

module "constellation" {
source = "./constellation-cluster"
csp = "aws"
name = var.name
uid = module.aws.uid
clusterEndpoint = module.aws.out_of_cluster_endpoint
inClusterEndpoint = module.aws.in_cluster_endpoint # TODO after apply rebased on main
initSecretHash = module.aws.initSecret
apiServerCertSANs = module.aws.api_server_cert_sans
iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile
iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile
region = var.region
zone = var.zone
}
91 changes: 91 additions & 0 deletions cli/internal/terraform/terraform/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
variable "name" {
type = string
description = "Name of your Constellation"
validation {
condition = length(var.name) <= 10
error_message = "The length of the name of the Constellation must be <= 10 characters"
}
}

variable "name_prefix" {
type = string
description = "Prefix for all resources"
}

variable "node_groups" {
type = map(object({
role = string
initial_count = optional(number)
instance_type = string
disk_size = number
disk_type = string
zone = string
}))
description = "A map of node group names to node group configurations."
validation {
condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"])
error_message = "The role has to be 'control-plane' or 'worker'."
}
default = {
control_plane_default = {
role = "control-plane"
zone = "eu-west-1b"
instance_type = "m6a.xlarge"
disk_size = 30
disk_type = "gp3"
initial_count = 2
},
worker_default = {
role = "worker"
zone = "eu-west-1b"
instance_type = "m6a.xlarge"
disk_size = 30
disk_type = "gp3"
initial_count = 2
}
}
}

variable "ami" {
type = string
description = "AMI ID"
validation {
condition = length(var.ami) > 4 && substr(var.ami, 0, 4) == "ami-"
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
}
default = "ami-05f952f58bc859371" // TODO
}

variable "region" {
type = string
description = "The AWS region to create the cluster in"
}

variable "zone" {
type = string
description = "The AWS availability zone name to create the cluster in"
}

variable "debug" {
type = bool
default = false
description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
}

variable "enable_snp" {
type = bool
default = true
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable."
}

variable "custom_endpoint" {
type = string
default = ""
description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used."
}

variable "internal_load_balancer" {
type = bool
default = false
description = "Use an internal load balancer."
}

0 comments on commit bdea091

Please sign in to comment.