added configuration for install apps

22c087d6 · Jose Ernesto Suarez · 1297fb4a · 22c087d6 · 22c087d6 · 22c087d6
Commit 22c087d6 authored Oct 11, 2021 by Jose Ernesto Suarez
8 changed files
--- a/apps.tf
+++ b/apps.tf
+# provision the apps
+resource "helm_release" "app" {
+  # provision only those apps which were enabled explicitly
+  for_each = { for k, v in local.expanded_apps_settings : k => v if lookup(v, "enabled", false) }
+
+  name             = each.key
+  chart            = each.value["chart"]
+  repository       = each.value["repository"]
+  version          = each.value["version"]
+  namespace        = each.value["namespace"]
+  create_namespace = true
+
+  max_history = each.value["max_history"]
+
+  values = lookup(each.value["values"], "file", [])
+
+  dynamic "set" {
+    for_each = each.value["values"]["set"]
+
+    content {
+      name  = set.key
+      value = set.value
+    }
+  }
+}
+
+# since the istio is still not in the helm repo
+# we will need to download the release and install it from the local filesystem
+resource "null_resource" "istio" {
+  count = lookup(var.istio, "enabled", false) ? 1 : 0
+
+  triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "local-exec" {
+    command = "apk add curl && curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${var.istio["version"]} sh -"
+  }
+}
+
+resource "helm_release" "istio_base" {
+  count = lookup(var.istio, "enabled", false) ? 1 : 0
+
+  name             = "istio-base"
+  chart            = "./istio-${var.istio["version"]}/manifests/charts/base"
+  description      = "Istio version: ${var.istio["version"]}"
+  namespace        = "istio-system"
+  create_namespace = true
+
+  max_history = 3
+
+  depends_on = [null_resource.istio]
+}
+
+resource "helm_release" "istiod" {
+  count = lookup(var.istio, "enabled", false) ? 1 : 0
+
+  name             = "istiod"
+  chart            = "./istio-${var.istio["version"]}/manifests/charts/istio-control/istio-discovery"
+  description      = "Istio version: ${var.istio["version"]}"
+  namespace        = "istio-system"
+  create_namespace = true
+
+  max_history = 3
+
+  set {
+    name  = "global.hub"
+    value = "docker.io/istio"
+  }
+
+  set {
+    name  = "global.tag"
+    value = var.istio["version"]
+  }
+
+  # aditional values for discovery
+  dynamic "set" {
+    for_each = lookup(var.istio, "set", {})
+
+    content {
+      name  = each.key
+      value = each.value
+    }
+  }
+
+  depends_on = [null_resource.istio, helm_release.istio_base]
+}
+
+# remove the downloaded artifacts
+resource "null_resource" "istio_cleanup" {
+  count = lookup(var.istio, "enabled", false) ? 1 : 0
+
+  triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "local-exec" {
+    command = "[ -d './istio-${var.istio["version"]}' ] && (rm -rf  './istio-${var.istio["version"]}' || true)"
+  }
+
+  depends_on = [helm_release.istio_base, helm_release.istiod, null_resource.istio]
+}
--- a/data.tf
+++ b/data.tf
+data "aws_eks_cluster_auth" "auth" {
+  name = aws_eks_cluster.cluster.id
+  depends_on  = [null_resource.wait_for_cluster]
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = aws_eks_cluster.cluster.id
+  depends_on  = [null_resource.wait_for_cluster]
+}
\ No newline at end of file
--- a/helm.tf
+++ b/helm.tf
+provider "helm" {
+  kubernetes {
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    token                  = data.aws_eks_cluster_auth.auth.token
+  }
+}
\ No newline at end of file
--- a/k8s-base.tf
+++ b/k8s-base.tf
-
-
-
 # create our namespaces
 resource "kubernetes_namespace" "managed" {
  for_each = toset(var.managed_namespaces)

--- a/k8s-provider.tf
+++ b/k8s-provider.tf
-data "aws_eks_cluster_auth" "auth" {
-  name = aws_eks_cluster.cluster.id
-  depends_on  = [null_resource.wait_for_cluster]
-}

-data "aws_eks_cluster" "cluster" {
-  name = aws_eks_cluster.cluster.id
-  depends_on  = [null_resource.wait_for_cluster]
-}

 # configure our provider
 provider "kubernetes" {

--- a/locals.tf
+++ b/locals.tf
@@ -27,6 +27,135 @@ locals {

  configs_map = { for item in local.configmaps : item.config_name => item }
 }
+
+##########
+# HELM APPS
+##########
+locals {
+
+ # current_apps = var.istio_enable ? var
+  apps_defaults = {
+    cert-manager = {
+      namespace   = "cert-manager"
+      chart       = "cert-manager"
+      repository  = "https://charts.jetstack.io"
+      version     = "1.2.0"
+      max_history = 3,
+      values = {
+        file = [],
+        set = {
+          "installCRDs" = "true"
+        }
+      }
+    },
+
+    prometheus = {
+      namespace   = "monitoring"
+      chart       = "prometheus"
+      repository  = "https://prometheus-community.github.io/helm-charts"
+      version     = "13.3.2"
+      max_history = 3,
+      values = {
+        file = [],
+        set = {
+          "alertmanager.enabled"                 = "false",
+          "pushgateway.enabled"                  = "false",
+          "server.persistentVolume.size"         = "20Gi",
+          "server.persistentVolume.storageClass" = "",
+          "alertmanagerFiles.alertmanager.yml"   = ""
+        }
+      }
+    },
+
+    grafana = {
+      namespace   = "monitoring"
+      chart       = "grafana"
+      repository  = "https://grafana.github.io/helm-charts"
+      version     = "6.4.2"
+      max_history = 3,
+      values = {
+        file = [],
+        set = {
+          "persistence.enabled"          = "true",
+          "persistence.storageClassName" = "",
+        }
+      }
+    },
+
+    ingress-nginx = {
+      namespace   = "ingress-nginx"
+      chart       = "ingress-nginx"
+      repository  = "https://kubernetes.github.io/ingress-nginx"
+      version     = "3.23.0"
+      max_history = 3,
+      values = {
+        file = [
+          file("${path.module}/values/ingress-nginx.yaml")
+        ],
+        set = {}
+      }
+    }
+
+    metrics-server = {
+      namespace   = "kube-system"
+      chart       = "metrics-server"
+      repository  = "https://charts.bitnami.com/bitnami"
+      version     = "5.5.1"
+      max_history = 3,
+      values = {
+        file = [],
+        set = {
+          "rbac.create"       = "true"
+          "apiService.create" = "true"
+        }
+      }
+    }
+
+    datadog = {
+      namespace   = "monitoring"
+      chart       = "datadog"
+      repository  = "https://helm.datadoghq.com"
+      version     = "2.10.8"
+      max_history = 3,
+      force       = true,
+      values = {
+        file = [],
+        set  = {}
+      }
+    }
+
+    cluster-autoscaler = {
+      namespace   = "kube-system"
+      chart       = "cluster-autoscaler"
+      repository  = "https://kubernetes.github.io/autoscaler"
+      version     = "9.4.0"
+      max_history = 3,
+      values = {
+        file = [],
+        set = {
+          "cloudProvider" = "aws"
+        }
+      }
+    }
+  }
+
+  # extend the default settings with provided values
+  expanded_apps_settings = { for k, v in var.apps :
+    k => merge(v, length(lookup(local.apps_defaults, k, {})) == 0 ? tomap() : {
+      namespace   = lookup(v, "namespace", local.apps_defaults[k]["namespace"]),
+      chart       = lookup(v, "chart", local.apps_defaults[k]["chart"]),
+      repository  = lookup(v, "repository", local.apps_defaults[k]["repository"]),
+      version     = lookup(v, "version", local.apps_defaults[k]["version"]),
+      max_history = lookup(v, "max_history", local.apps_defaults[k]["max_history"]),
+
+      values = {
+        file = concat(local.apps_defaults[k]["values"]["file"], lookup(lookup(v, "values", {}), "file", [])),
+        set  = merge(local.apps_defaults[k]["values"]["set"], lookup(lookup(v, "values", {}), "set", {}))
+      }
+    })
+  }
+}
+
 ##########
 # K8S-BASE INGRESS
 ##########

--- a/values/ingress-nginx.yaml
+++ b/values/ingress-nginx.yaml
+controller:
+  service:
+    internal:
+      enabled: true
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+
+    # create a network tcp loadbalancer
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+
+  # where the pods are run
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: app.kubernetes.io/name
+              operator: In
+              values:
+              - ingress-nginx
+            - key: app.kubernetes.io/instance
+              operator: In
+              values:
+              - ingress-nginx
+            - key: app.kubernetes.io/component
+              operator: In
+              values:
+              - controller
+          topologyKey: kubernetes.io/hostname
+
+  resources:
+    limits:
+      cpu: 1024m
+      memory: 256Mi
+    requests:
+      cpu: 1024m
+      memory: 256Mi
+
+  # start more pods if there is high load
+  autoscaling:
+    enabled: true
+    minReplicas: 3
+    maxReplicas: 6
+    targetCPUUtilizationPercentage: 75
+    targetMemoryUtilizationPercentage: 75
+
+  admissionWebhooks:
+    port: 8444
+
+  metrics:
+    port: 10254
+    enabled: true
+
+    service:
+      servicePort: 10254
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "10254"
+
+tcp:
+  8443: "ingress-nginx/ingress-nginx-controller:443"
--- a/variables.tf
+++ b/variables.tf
@@ -119,3 +119,52 @@ variable "ingresses" {
  type        = any
  default     = []
 }
+
+##########
+# K8S APPS
+##########
+variable "apps" {
+  description = "Apps settings"
+  type        = any
+  default     = {}
+}
+variable "istio" {
+  description = "Istio settings"
+  type        = any
+  default     = { enabled = false, version = "", set = {} }
+}
+#variable "istio_enable" {
+#  description = "Flag to enable Istio"
+#  type        = bool
+#  default     = false
+#}
+#
+#variable "istio_version" {
+#  description = "Istio Version"
+#  type        = string
+#  default     = "1.8.1"
+#}
+#
+#variable "metricserver" {
+#  description = "Flag to enable Metrics Server"
+#  type        = bool
+#  default     = false
+#}
+#
+#variable "certmanager" {
+#  description = "Flag to enable CertManager"
+#  type        = bool
+#  default     = false
+#}
+#
+#variable "autoscaler" {
+#  description = "Flag to enable Cluster Autoscaler"
+#  type        = bool
+#  default     = false
+#}
+#
+#variable "ingress_nginx" {
+#  description = "Flag to enable Ingress Nginx"
+#  type        = bool
+#  default     = false
+#}
\ No newline at end of file