Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a core-infra stack to set up initial service contexts, and other … #76

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions setup/catalogs.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: deployments.plural.sh/v1alpha1
kind: ServiceDeployment
metadata:
name: catalogs
namespace: infra
spec:
namespace: catalogs
git:
folder: setup
ref: main
repositoryRef:
kind: GitRepository
namespace: infra
name: scaffolds
clusterRef:
kind: Cluster
name: mgmt
namespace: infra
22 changes: 22 additions & 0 deletions setup/notifications.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: deployments.plural.sh/v1alpha1
kind: NotificationRouter
metadata:
name: deployments
spec:
events:
- stack.run
- pr.create
- pr.close
sinks:
- name: plural
namespace: infra
---
apiVersion: deployments.plural.sh/v1alpha1
kind: NotificationSink
metadata:
name: plural
spec:
type: PLURAL
name: plural
bindings:
- groupName: general
2 changes: 1 addition & 1 deletion setup/pr-automation/cluster-creator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
destination: "bootstrap/clusters.yaml"
external: false
scmConnectionRef:
name: github # you'll need to add this ScmConnection manually before this is functional
name: plural # you'll need to add this ScmConnection manually before this is functional
title: "Adding {{ context.cloud }} cluster: {{ context.name }}"
message: "Adding {{ context.cloud }} cluster {{ context.name }} and registering it with Plural"
identifier: [[ .Identifier ]] # REPLACEME with your own repo slug
Expand Down
28 changes: 0 additions & 28 deletions setup/pr-automation/gatekeeper-setup.yaml

This file was deleted.

34 changes: 0 additions & 34 deletions setup/pr-automation/prometheus/prom-agent-creator.yaml

This file was deleted.

28 changes: 0 additions & 28 deletions setup/pr-automation/prometheus/prom-creator.yaml

This file was deleted.

6 changes: 3 additions & 3 deletions setup/pr-automation/scm.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# You will need to manually create the github scm connection this refers to
# You will need to manually create the SCM connection this refers to in the Plural Console UI
# apiVersion: deployments.plural.sh/v1alpha1
# kind: ScmConnection
# metadata:
# name: github
# name: plural
# spec:
# name: github
# name: plural
# type: GITHUB
2 changes: 2 additions & 0 deletions setup/settings.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ metadata:
name: global
namespace: plrl-deploy-operator
spec:
managementRepo: [[ .Identifier ]]

stacks:
jobSpec:
namespace: plrl-deploy-operator
Expand Down
23 changes: 23 additions & 0 deletions setup/stacks/core-infra.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: deployments.plural.sh/v1alpha1
kind: InfrastructureStack
metadata:
name: core-infra
spec:
name: core-infra
detach: false
type: TERRAFORM
approval: true
manageState: true
actor: [email protected]
repositoryRef:
name: infra
namespace: infra
clusterRef:
name: mgmt
namespace: infra
variables:
region: [[ .Region ]]
cluster_name: [[ .Cluster ]]
git:
ref: main
folder: terraform/core-infra
22 changes: 22 additions & 0 deletions setup/stacks/mgmt.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: deployments.plural.sh/v1alpha1
kind: InfrastructureStack
metadata:
name: mgmt
spec:
name: mgmt
detach: false
type: TERRAFORM
approval: true
manageState: false
actor: [email protected]
repositoryRef:
name: infra
namespace: infra
clusterRef:
name: mgmt
namespace: infra
variables:
use_cli: false
git:
ref: main
folder: terraform/mgmt
13 changes: 5 additions & 8 deletions templates/clusters/stack.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,10 @@ spec:
clusterRef:
name: mgmt
namespace: infra
variables:
cluster: {{ context.name }}
fleet: {{ context.fleet }}
tier: {{ context.tier }}
git:
ref: main
folder: terraform/modules/clusters/{{ context.cloud }}
environment:
- name: TF_VAR_cluster
value: {{ context.name }}
- name: TF_VAR_fleet
value: {{ context.fleet }}
- name: TF_VAR_tier
value: {{ context.tier }}
folder: terraform/modules/clusters/{{ context.cloud }}
11 changes: 10 additions & 1 deletion templates/providers/bootstrap/aws.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,17 @@ provider "aws" {
data "aws_eks_cluster" "cluster" {
name = module.mgmt.cluster.cluster_name

# BEGIN REMOVE
depends_on = [ module.mgmt.cluster ]
# END REMOVE
}

data "aws_eks_cluster_auth" "cluster" {
name = module.mgmt.cluster.cluster_name

# BEGIN REMOVE
depends_on = [ module.mgmt.cluster ]
# END REMOVE
}

provider "kubernetes" {
Expand All @@ -66,7 +70,7 @@ provider "helm" {
}

provider "plural" {
use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
use_cli = var.use_cli # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
}

## useful outputs dumped here, can be moved to a separate file post-generate
Expand All @@ -76,4 +80,9 @@ output "cloudwatch_iam_arn" {

output "vpc_id" {
value = module.mgmt.vpc.vpc_id
}

variable "use_cli" {
type = bool
default = true
}
7 changes: 6 additions & 1 deletion templates/providers/bootstrap/azure.tf
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,10 @@ provider "helm" {
}

provider "plural" {
use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
use_cli = var.use_cli # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
}

variable "use_cli" {
type = bool
default = true
}
7 changes: 6 additions & 1 deletion templates/providers/bootstrap/gcp.tf
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,10 @@ provider "helm" {
}

provider "plural" {
use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
use_cli = var.use_cli # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
}

variable "use_cli" {
type = bool
default = true
}
7 changes: 6 additions & 1 deletion templates/providers/bootstrap/linode.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,5 +52,10 @@ provider "helm" {
}

provider "plural" {
use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
use_cli = var.use_cli # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
}

variable "use_cli" {
type = bool
default = true
}
43 changes: 42 additions & 1 deletion terraform/clouds/aws/eks.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,23 @@
data "aws_caller_identity" "current" {}

data "aws_iam_session_context" "current" {
# This data source provides information on the IAM source role of an STS assumed role
# For non-role ARNs, this data source simply passes the ARN through issuer ARN
# Ref https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2327#issuecomment-1355581682
# Ref https://github.com/hashicorp/terraform-provider-aws/issues/28381
arn = data.aws_caller_identity.current.arn
}

data "aws_partition" "current" {}

locals {
cluster_admin_policy = "arn:${data.aws_partition.current.partition}:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
stacks_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/${var.cluster_name}-plrl-stacks"
}

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.0"
version = "~> 20.0"

cluster_name = var.cluster_name
cluster_version = var.kubernetes_version
Expand All @@ -13,6 +30,30 @@ module "eks" {

create_kms_key = true

# You'll need to set this to false to allow Plural stacks to manage this cluster
enable_cluster_creator_admin_permissions = true

access_entries = {
stacks = {
principal_arn = local.stacks_arn
type = "STANDARD"

policy_associations = {
admin = {
policy_arn = local.cluster_admin_policy
access_scope = {
type = "cluster"
}
}
}
}
}

kms_key_administrators = concat([
# UNCOMMENT local.stacks_arn,
data.aws_iam_session_context.current.issuer_arn
], var.additional_kms_administrators)

# EKS Managed Node Group(s)
eks_managed_node_group_defaults = merge(var.node_group_defaults,
{ami_release_version = data.aws_ssm_parameter.eks_ami_release_version.value})
Expand Down
5 changes: 5 additions & 0 deletions terraform/clouds/aws/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -106,4 +106,9 @@ variable "create_cloudwatch_log_group" {
variable "monitoring_role" {
type = string
default = ""
}

variable "additional_kms_administrators" {
type = list(string)
default = [ ]
}
4 changes: 4 additions & 0 deletions terraform/core-infra/aws/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# this can be used for provisioning any base infrastructure for your environment, a couple of common usecases:
# * setting up multi-cluster networks
# * setting up dns zones, subdomains, etc
# * configuring Cloud IAM throughout your environment
Loading