Terraform code for Exoscale SKS (#508)

* Add: makefiles for Exoscale Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: Terraform code for SKS Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
portefaix · May 5, 2021 · 6d6acaa · 6d6acaa
1 parent a78a4c2
commit 6d6acaa
Show file tree

Hide file tree

Showing 13 changed files with 369 additions and 0 deletions.
diff --git a/hack/exoscale.dev.mk b/hack/exoscale.dev.mk
@@ -0,0 +1,21 @@
+# Copyright (C) 2020 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+EXO_PROJECT_dev = portefaix-dev
+
+EXO_REGION_dev = ch-dk-2
+
+EXO_CLUSTER_dev = portefaix-dev-cluster-sks
+
+KUBE_CONTEXT_dev =
diff --git a/hack/exoscale.mk b/hack/exoscale.mk
@@ -0,0 +1,56 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
+MKFILE_DIR := $(dir $(MKFILE_PATH))
+
+include $(MKFILE_DIR)/commons.mk
+include $(MKFILE_DIR)/exoscale.*.mk
+
+EXO_PROJECT = $(EXO_PROJECT_$(ENV))
+EXO_REGION  = $(EXO_REGION_$(ENV))
+
+CLUSTER     = $(EXO_CLUSTER_$(ENV))
+
+BUNDLE_PATH=$(DIR)/vendor/bundle/ruby/2.7.0/bin
+
+
+# ====================================
+# E X O S C A L E
+# ====================================
+
+##@ Exoscale
+
+.PHONY: exo-kube-credentials
+exo-kube-credentials: guard-ENV ## Generate credentials
+	exo sks kubeconfig $(CLUSTER) admin -g system:masters > /tmp/exo-$(CLUSTER)
+
+.PHONY: exo-bucket
+exo-bucket: guard-ENV ## Setup the bucket for Terraform states
+	@echo -e "$(INFO_COLOR)Create the service account into $(GCP_PROJECT) $(NO_COLOR)"
+	exo storage mb sos://$(EXO_PROJECT)-tfstates --acl private
+
+
+# ====================================
+# I N S P E C
+# ====================================
+
+##@ Inspec
+
+.PHONY: inspec-cis-kubernetes
+inspec-cis-kubernetes: guard-ENV ## Test inspec
+	@echo -e "$(OK_COLOR)CIS Kubernetes benchmark$(NO_COLOR)"
+	@bundle exec inspec exec \
+		https://github.com/dev-sec/cis-kubernetes-benchmark.git \
+		--reporter cli json:$(AZ_RESOURCE_GROUP).json
diff --git a/iac/exoscale/sks/terraform/.terraform-version b/iac/exoscale/sks/terraform/.terraform-version
@@ -0,0 +1 @@
+0.15.0
diff --git a/iac/exoscale/sks/terraform/.terraform.lock.hcl b/iac/exoscale/sks/terraform/.terraform.lock.hcl
diff --git a/iac/exoscale/sks/terraform/backend-vars/dev.tfvars b/iac/exoscale/sks/terraform/backend-vars/dev.tfvars
@@ -0,0 +1,18 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+endpoint = "https://sos-ch-dk-2.exo.io"
+region   = "ch-dk-2"
+bucket   = "portefaix-dev-tfstates"
+key      = "portefaix-dev-tfstates"
diff --git a/iac/exoscale/sks/terraform/backend.tf b/iac/exoscale/sks/terraform/backend.tf
@@ -0,0 +1,25 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  backend "s3" {
+    # Deactivate the AWS specific behaviours
+    # https://www.terraform.io/docs/backends/types/s3.html#skip_credentials_validation
+    skip_credentials_validation = true
+    skip_get_ec2_platforms      = true
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+}
diff --git a/iac/exoscale/sks/terraform/errored.tfstate b/iac/exoscale/sks/terraform/errored.tfstate
@@ -0,0 +1,39 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{
+  "version": 4,
+  "terraform_version": "0.15.0",
+  "serial": 0,
+  "lineage": "2da3dd8d-f5a2-3332-7980-19f8183ed9c9",
+  "outputs": {},
+  "resources": [
+    {
+      "module": "module.sks",
+      "mode": "managed",
+      "type": "exoscale_security_group_rules",
+      "name": "sks",
+      "provider": "provider[\"registry.terraform.io/exoscale/exoscale\"]",
+      "instances": []
+    },
+    {
+      "module": "module.sks",
+      "mode": "managed",
+      "type": "exoscale_sks_nodepool",
+      "name": "core",
+      "provider": "provider[\"registry.terraform.io/exoscale/exoscale\"]",
+      "instances": []
+    }
+  ]
+}
diff --git a/iac/exoscale/sks/terraform/main.tf b/iac/exoscale/sks/terraform/main.tf
@@ -0,0 +1,24 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_version = ">= 0.15.0"
+
+  required_providers {
+    exoscale = {
+      source  = "exoscale/exoscale"
+      version = "0.23.0"
+    }
+  }
+}
diff --git a/iac/exoscale/sks/terraform/outputs.tf b/iac/exoscale/sks/terraform/outputs.tf
@@ -0,0 +1,13 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/iac/exoscale/sks/terraform/provider.tf b/iac/exoscale/sks/terraform/provider.tf
@@ -0,0 +1,17 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "exoscale" {
+  region = var.region
+}
diff --git a/iac/exoscale/sks/terraform/sks.tf b/iac/exoscale/sks/terraform/sks.tf
@@ -0,0 +1,28 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "sks" {
+  source  = "nlamirault/sks/exoscale"
+  version = "0.1.0"
+
+  name = var.name
+  zone = var.zone
+
+  kubernetes_version = var.kubernetes_version
+  service_level      = var.service_level
+  cni                = var.cni
+  addons             = var.addons
+
+  node_pools = var.node_pools
+}
diff --git a/iac/exoscale/sks/terraform/tfvars/dev.tfvars b/iac/exoscale/sks/terraform/tfvars/dev.tfvars
@@ -0,0 +1,41 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################################################################""
+# Provider
+
+region = "ch-dk-2"
+
+###########################################################################
+# Kubernetes cluster
+
+name = "portefaix-dev-cluster-sks"
+
+zone = "ch-dk-2"
+
+kubernetes_version = "1.20.6"
+
+service_level = "starter"
+
+cni = "calico"
+
+addons = ["exoscale-cloud-controller"]
+
+node_pools = [
+  {
+    name          = "core"
+    instance_type = "medium"
+    size          = 2
+  }
+]
diff --git a/iac/exoscale/sks/terraform/variables.tf b/iac/exoscale/sks/terraform/variables.tf
@@ -0,0 +1,64 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#######################################################################
+# Provider
+
+variable "region" {
+  type        = string
+  description = "The region in which the cluster should be created."
+}
+
+#######################################################################
+# SKS
+
+variable "name" {
+  description = "The name of the SKS cluster."
+  type        = string
+}
+
+variable "zone" {
+  description = "The name of the zone to deploy the SKS cluster into."
+  type        = string
+}
+
+variable "kubernetes_version" {
+  type        = string
+  description = "The Kubernetes version of the SKS cluster control plane"
+}
+
+variable "service_level" {
+  type        = string
+  description = "The service level of the SKS cluster control plane"
+}
+
+variable "cni" {
+  type        = string
+  description = "The Kubernetes CNI plugin to be deployed in the SKS cluster control plane"
+}
+
+variable "addons" {
+  type        = list(string)
+  description = "A list of optional add-ons to be deployed in the SKS cluster control plane"
+}
+
+variable "node_pools" {
+  description = "The SKS node pools to create."
+  type = list(object({
+    name          = string
+    instance_type = string
+    size          = number
+  }))
+  default = []
+}