Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

terraform: Terraform module for AWS #2503

Merged
merged 4 commits into from
Nov 8, 2023
Merged

Conversation

elchead
Copy link
Contributor

@elchead elchead commented Oct 23, 2023

Context

This is the first implementation to manage constellation through Terraform using a module. It internally still relies on the CLI to call constellation apply.
However, the CLI is automatically fetched (and yq), so it's hidden from the user.

Proposed change(s)

  • create a terraform-module for aws (shipped as zipped artifact)
  • add an e2e test for the setup and run during weekly tests

Additional info

  • AB#3502
  • Successful E2E run older here
  • Terraform changes will be rebased once reviewed. Since the files moved to a new location any Terraform change will cause conflicts right now.
  • should we fetch yq like the constellation CLI in the background? It was found that yq has incompatible changes in different minor releases. E.g. one version required - to be present to process stdout input and another didn't. I'm not aware of any incompatibility issues in the current code, but I think it's safer to ensure one yq version.
  • consider publication to module registry? https://developer.hashicorp.com/terraform/registry/modules/publish~ -> not until asked for
  • How should we solve the reference to the constellation CLI until the release?
  • Is it ok to use yq? and potentially install as dependency too?
    You need to perform a bazel devbuild inside aws-constellation such that the binary is available.

Usage

  1. Download the terraform-module artifact.
  2. cd terraform-module/aws-constellation
  3. Create a terraform.tfvars file with the input (see E2E test)
  4. (Optional): If you want to use a custom constellation CLI, you can place the binary inside the terraform-module/aws-constellation. Otherwise the latest CLI release is fetched during the execution.
  5. Run terraform apply:
terraform apply -var-file=terraform.tfvars  -auto-approve
...
module.constellation.terraform_data.apply: Still creating... [15m40s elapsed]
module.constellation.terraform_data.apply (local-exec): Your Constellation cluster was successfully initialized.

module.constellation.terraform_data.apply (local-exec): Constellation cluster identifier  ff9a90dff66b2d4fe6043593bdef6abe28b26cd9d73b30febf709c1820f818e6
module.constellation.terraform_data.apply (local-exec): Kubernetes configuration          constellation-admin.conf

module.constellation.terraform_data.apply (local-exec): You can now connect to your cluster by executing:
module.constellation.terraform_data.apply (local-exec): 	export KUBECONFIG="/Users/adria/work/constellation/cli/internal/terraform/terraform/constellation-admin.conf"

module.constellation.terraform_data.apply: Creation complete after 15m49s [id=7451e54c-6620-1f58-29b6-f88472b1109f]

Apply complete! Resources: 3 added, 0 changed, 1 destroyed.
21.35s user 4.51s system 2% cpu 15:55.62s total

Checklist

  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@netlify
Copy link

netlify bot commented Oct 23, 2023

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 7d9fd37
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/654a87ee8ef5c70008443810

@elchead elchead added the no changelog Change won't be listed in release changelog label Oct 23, 2023
@elchead elchead added this to the v2.13.0 milestone Oct 23, 2023
@elchead elchead force-pushed the feat/cli/terraform-module branch from 556b2a4 to 1daf560 Compare October 24, 2023 08:30
@elchead elchead marked this pull request as ready for review October 24, 2023 08:56
@msanft msanft changed the title feat: Terraform module for AWS terraform: Terraform module for AWS Oct 24, 2023
@elchead elchead force-pushed the feat/cli/terraform-module branch from 2f7eb4d to 445e017 Compare October 24, 2023 10:02
@elchead elchead requested a review from 3u13r October 24, 2023 13:03
@elchead elchead marked this pull request as draft October 24, 2023 13:07
@daniel-weisse daniel-weisse removed their request for review October 24, 2023 13:29
3u13r
3u13r previously requested changes Oct 24, 2023
cli/internal/state/state.go Outdated Show resolved Hide resolved

resource "terraform_data" "apply" {
provisioner "local-exec" {
command = "./constellation init --force" # TODO use apply --yes --skip-phases infrastructure
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the reason why we use --force here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no reason. was just handy during testing. This should be replaced by apply as annotated before merging at any rate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EDIT: it is needed for devbuilds of the CLI (since currently only release images are supported).

@msanft
Copy link
Contributor

msanft commented Oct 25, 2023

IMO, as we also discussed yesterday, we shouldn't place the module in the CLI directory. Here is my idea:

Move all of our Terraform configurations to a top-level directory called terraform. In that directory, place an assets.go, similar to what we use in the debugd. This file should just embed all the Terraform configurations that we currently embed in the CLI Terraform code directly. Then, in the CLI, we can import this assets-file. What do you think?

msanft
msanft previously requested changes Oct 25, 2023
Copy link
Contributor

@msanft msanft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, as we also discussed yesterday, we shouldn't place the module in the CLI directory. Here is my idea:

Move all of our Terraform configurations to a top-level directory called terraform. In that directory, place an assets.go, similar to what we use in the debugd. This file should just embed all the Terraform configurations that we currently embed in the CLI Terraform code directly. Then, in the CLI, we can import this assets-file. What do you think?

@elchead elchead requested review from 3u13r and msanft October 25, 2023 11:07
@msanft msanft added the hold This cannot be merged right now label Oct 25, 2023
@elchead elchead force-pushed the feat/cli/terraform-module branch from 3178817 to 9e84f27 Compare October 25, 2023 12:25
@elchead elchead dismissed stale reviews from msanft and 3u13r October 26, 2023 08:42

done

@elchead elchead force-pushed the feat/cli/terraform-module branch 9 times, most recently from e442f9c to d58f91b Compare October 26, 2023 14:58
@elchead elchead force-pushed the feat/cli/terraform-module branch 2 times, most recently from a03abaa to 632925e Compare November 2, 2023 15:57
3u13r
3u13r previously requested changes Nov 2, 2023
.github/workflows/e2e-test-weekly.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
terraform/aws-constellation/fetch-ami/main.tf Show resolved Hide resolved
terraform/aws-constellation/install-yq.sh Outdated Show resolved Hide resolved
terraform/constellation-cluster/install-constellation.sh Outdated Show resolved Hide resolved
.gitignore Outdated Show resolved Hide resolved
terraform/assets.go Show resolved Hide resolved
@elchead elchead force-pushed the feat/cli/terraform-module branch from 7fdecaf to 1666334 Compare November 3, 2023 09:32
@elchead elchead requested a review from 3u13r November 3, 2023 09:41
@elchead elchead force-pushed the feat/cli/terraform-module branch 2 times, most recently from a5aeab1 to be58543 Compare November 3, 2023 10:48
@msanft
Copy link
Contributor

msanft commented Nov 3, 2023

Looking good from a first glance! Will give this one more thorough review on monday, then we should be gtm.

@elchead elchead requested a review from thomasten November 6, 2023 12:37
Copy link
Member

@thomasten thomasten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last commit addressing my suggestions looks good. I'm not familiar enough with our TF code to approve the whole PR.

Copy link
Contributor

@msanft msanft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM apart from the comments I made. Still, I feel unsure about approving this alone. I would like if @3u13r or someone else could have another look

.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
internal/constants/constants.go Show resolved Hide resolved
terraform/constellation-cluster/variables.tf Outdated Show resolved Hide resolved
terraform/constellation-cluster/variables.tf Outdated Show resolved Hide resolved
@elchead elchead force-pushed the feat/cli/terraform-module branch from f339483 to b850c4b Compare November 7, 2023 13:39
3u13r
3u13r previously requested changes Nov 7, 2023
.github/actions/upload_terraform_module/action.yml Outdated Show resolved Hide resolved
.github/workflows/e2e-test-tf-module.yml Outdated Show resolved Hide resolved
terraform/aws-constellation/main.tf Outdated Show resolved Hide resolved
terraform/aws-constellation/variables.tf Outdated Show resolved Hide resolved
terraform/constellation-cluster/main.tf Show resolved Hide resolved
Copy link
Contributor

github-actions bot commented Nov 7, 2023

Coverage report

Package Old New Trend
cli/internal/terraform 72.30% 72.30% ↔️
internal/constants [no test files] [no test files] 🚧
terraform 0.00% [no test files] 🚨

Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@elchead elchead merged commit cea6204 into main Nov 8, 2023
9 of 10 checks passed
@elchead elchead deleted the feat/cli/terraform-module branch November 8, 2023 18:10
@elchead elchead mentioned this pull request Nov 9, 2023
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature This introduces new functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants