-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
366 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
21 changes: 21 additions & 0 deletions
21
cli/internal/terraform/terraform/constellation-cluster/.terraform.lock.hcl
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
31 changes: 31 additions & 0 deletions
31
cli/internal/terraform/terraform/constellation-cluster/install-constellation.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/bin/bash | ||
alias constellation="./constellation" | ||
#if ! command -v constellation &> /dev/null | ||
#then | ||
# OS=$(uname -s) | ||
# ARCH=$(uname -m) | ||
|
||
# URL="" | ||
|
||
# if [[ "$OS" = "Darwin" ]]; then | ||
# if [[ "$ARCH" = "arm64" ]]; then | ||
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64" | ||
# elif [[ "$ARCH" = "x86_64" ]]; then | ||
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64" | ||
# fi | ||
# elif [[ "$OS" = "Linux" ]]; then | ||
# if [[ "$ARCH" = "x86_64" ]]; then | ||
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64" | ||
# elif [[ "$ARCH" = "arm64" ]]; then | ||
# URL="https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64" | ||
# fi | ||
# fi | ||
|
||
# if [ -z "$URL" ]; then | ||
# echo "Unsupported OS or architecture" | ||
# exit 1 | ||
# else | ||
# curl -o constellation -LO $URL | ||
# sudo install constellation /usr/local/bin/constellation | ||
# fi | ||
#fi |
56 changes: 56 additions & 0 deletions
56
cli/internal/terraform/terraform/constellation-cluster/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
resource "terraform_data" "ensure_cli" { | ||
provisioner "local-exec" { | ||
command = "${path.module}/install-constellation.sh" | ||
} | ||
} | ||
# TODO ensure yq dependency | ||
|
||
resource "terraform_data" "prepare_config" { | ||
#} // TODO only once | ||
provisioner "local-exec" { | ||
command = <<EOT | ||
rm constellation-conf.yaml constellation-state.yaml | ||
./constellation config generate ${var.csp} | ||
yq eval '.provider.aws.region = "${var.region}"' --inplace constellation-conf.yaml | ||
yq eval '.provider.aws.zone = "${var.zone}"' --inplace constellation-conf.yaml | ||
yq eval '.provider.aws.zone = "${var.zone}"' --inplace constellation-conf.yaml | ||
yq eval '.nodeGroups.*.zone = "${var.zone}"' --inplace constellation-conf.yaml | ||
yq eval '.provider.aws.iamProfileControlPlane = "${var.iam_instance_profile_control_plane}"' --inplace constellation-conf.yaml | ||
yq eval '.provider.aws.iamProfileWorkerNodes = "${var.iam_instance_profile_worker_nodes}"' --inplace constellation-conf.yaml | ||
EOT | ||
# TODO support custom node groups | ||
} | ||
|
||
depends_on = [ | ||
terraform_data.ensure_cli | ||
] | ||
} | ||
|
||
# TODO | ||
resource "terraform_data" "infra" { | ||
provisioner "local-exec" { | ||
command = <<EOT | ||
yq eval '.infrastructure.uid = "${var.uid}"' --inplace constellation-state.yaml | ||
yq eval '.infrastructure.inClusterEndpoint = "${var.inClusterEndpoint}"' --inplace constellation-state.yaml | ||
yq eval '.infrastructure.clusterEndpoint = "${var.clusterEndpoint}"' --inplace constellation-state.yaml | ||
yq eval '.infrastructure.initSecret = "${var.initSecretHash}"' --inplace constellation-state.yaml | ||
yq eval '.infrastructure.apiServerCertSANs = ${jsonencode(var.apiServerCertSANs)}' --inplace constellation-state.yaml | ||
yq eval '.infrastructure.name = "${var.name}"' --inplace constellation-state.yaml | ||
EOT | ||
} | ||
|
||
depends_on = [ | ||
terraform_data.prepare_config | ||
] | ||
} | ||
|
||
|
||
resource "terraform_data" "apply" { | ||
provisioner "local-exec" { | ||
command = "./constellation init" # TODO use apply --yes | ||
} | ||
|
||
depends_on = [ | ||
terraform_data.infra | ||
] | ||
} |
87 changes: 87 additions & 0 deletions
87
cli/internal/terraform/terraform/constellation-cluster/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
variable "csp" { | ||
type = string | ||
description = "The CSP to create the cluster in" | ||
validation { | ||
condition = var.csp == "aws" // TODO || var.csp == "azure" || var.csp == "gcp" | ||
error_message = "The CSP must be 'aws', 'azure' or 'gcp'." | ||
} | ||
default = "aws" | ||
} | ||
|
||
|
||
# STATE related | ||
variable "uid" { | ||
type = string | ||
description = "The UID of the Constellation" | ||
} | ||
|
||
variable "clusterEndpoint" { | ||
type = string | ||
description = "Endpoint of the cluster" | ||
} | ||
|
||
variable "inClusterEndpoint" { | ||
type = string | ||
description = "The endpoint the cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g. an internal load balancer is used." | ||
} | ||
|
||
variable "initSecretHash" { | ||
type = string | ||
description = "Init secret hash" | ||
} | ||
|
||
variable "apiServerCertSANs" { | ||
type = list(string) | ||
description = "List of additional SANs for the Kubernetes API server certificate" | ||
} | ||
|
||
variable "name" { | ||
type = string | ||
description = "Name used in the cluster's named resources" | ||
} | ||
|
||
# CONFIG related | ||
|
||
variable "region" { | ||
type = string | ||
description = "The AWS region to create the cluster in" | ||
} | ||
|
||
variable "zone" { | ||
type = string | ||
description = "The AWS availability zone name to create the cluster in" | ||
} | ||
|
||
variable "iam_instance_profile_worker_nodes" { | ||
type = string | ||
description = "Name of the IAM instance profile for worker nodes" | ||
} | ||
|
||
variable "iam_instance_profile_control_plane" { | ||
type = string | ||
description = "Name of the IAM instance profile for control plane nodes" | ||
} | ||
|
||
#variable "image" { | ||
# type = string | ||
# description = "Node image version" | ||
#} | ||
|
||
#variable "kubernetes_version" { | ||
# type = string | ||
# description = "Kubernetes version" | ||
#} | ||
|
||
#variable "microservice_version" { | ||
# type = string | ||
# description = "Microservice version" | ||
#} | ||
|
||
#variable "name" { | ||
# type = string | ||
# description = "Name of your Constellation" | ||
# validation { | ||
# condition = length(var.name) <= 10 # TODO only checked AWS condition | ||
# error_message = "The length of the name of the Constellation must be <= 10 characters" | ||
# } | ||
#} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
module "aws_iam" { | ||
source = "./iam/aws" | ||
name_prefix = var.name_prefix | ||
region = var.region | ||
} | ||
|
||
|
||
module "aws" { | ||
source = "./aws" | ||
name = var.name | ||
node_groups = var.node_groups | ||
iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile | ||
iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile | ||
ami = var.ami | ||
region = var.region | ||
zone = var.zone | ||
debug = var.debug | ||
enable_snp = var.enable_snp | ||
custom_endpoint = var.custom_endpoint | ||
} | ||
|
||
module "constellation" { | ||
source = "./constellation-cluster" | ||
csp = "aws" | ||
name = var.name | ||
uid = module.aws.uid | ||
clusterEndpoint = module.aws.out_of_cluster_endpoint | ||
inClusterEndpoint = module.aws.in_cluster_endpoint # TODO after apply rebased on main | ||
initSecretHash = module.aws.initSecret | ||
apiServerCertSANs = module.aws.api_server_cert_sans | ||
iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile | ||
iam_instance_profile_worker_nodes = module.aws_iam.worker_nodes_instance_profile | ||
region = var.region | ||
zone = var.zone | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
variable "name" { | ||
type = string | ||
description = "Name of your Constellation" | ||
validation { | ||
condition = length(var.name) <= 10 | ||
error_message = "The length of the name of the Constellation must be <= 10 characters" | ||
} | ||
} | ||
|
||
variable "name_prefix" { | ||
type = string | ||
description = "Prefix for all resources" | ||
} | ||
|
||
variable "node_groups" { | ||
type = map(object({ | ||
role = string | ||
initial_count = optional(number) | ||
instance_type = string | ||
disk_size = number | ||
disk_type = string | ||
zone = string | ||
})) | ||
description = "A map of node group names to node group configurations." | ||
validation { | ||
condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"]) | ||
error_message = "The role has to be 'control-plane' or 'worker'." | ||
} | ||
default = { | ||
control_plane_default = { | ||
role = "control-plane" | ||
zone = "eu-west-1b" | ||
instance_type = "m6a.xlarge" | ||
disk_size = 30 | ||
disk_type = "gp3" | ||
initial_count = 2 | ||
}, | ||
worker_default = { | ||
role = "worker" | ||
zone = "eu-west-1b" | ||
instance_type = "m6a.xlarge" | ||
disk_size = 30 | ||
disk_type = "gp3" | ||
initial_count = 2 | ||
} | ||
} | ||
} | ||
|
||
variable "ami" { | ||
type = string | ||
description = "AMI ID" | ||
validation { | ||
condition = length(var.ami) > 4 && substr(var.ami, 0, 4) == "ami-" | ||
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"." | ||
} | ||
default = "ami-05f952f58bc859371" // TODO | ||
} | ||
|
||
variable "region" { | ||
type = string | ||
description = "The AWS region to create the cluster in" | ||
} | ||
|
||
variable "zone" { | ||
type = string | ||
description = "The AWS availability zone name to create the cluster in" | ||
} | ||
|
||
variable "debug" { | ||
type = bool | ||
default = false | ||
description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper." | ||
} | ||
|
||
variable "enable_snp" { | ||
type = bool | ||
default = true | ||
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable." | ||
} | ||
|
||
variable "custom_endpoint" { | ||
type = string | ||
default = "" | ||
description = "Custom endpoint to use for the Kubernetes apiserver. If not set, the default endpoint will be used." | ||
} | ||
|
||
variable "internal_load_balancer" { | ||
type = bool | ||
default = false | ||
description = "Use an internal load balancer." | ||
} |