feat: Init helm release

ctrlplanedev · Aug 29, 2024 · 0e28dc0 · 0e28dc0
2 parents 65c9c77 + 403985b
commit 0e28dc0
Show file tree

Hide file tree

Showing 12 changed files with 314 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,7 @@ override.tf.json
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
 
+examples/local/*
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -1 +1,55 @@
-# terraform-google-ctrlplane
+# terraform-google-ctrlplane
+
+This module creates a reslient and fault tolerant Ctrlplane installation using
+Google Kubernetes Engine (GKE) as the computing environment and the following
+services for storing data:
+
+- CloudSQL for PostgreSQL
+- Memorystore for Redis
+- Cloud Storage
+
+## Compatibility
+
+This module is meant for use with Terraform 1.0+ and tested using Terraform
+1.6.
+
+## Usage
+
+There are examples included in the examples folder but simple usage is as
+follows:
+
+```hcl
+module "ctrlplane" {
+  source    = "sizzldev/ctrlplane/google"
+  namespace = "ctrlplane"
+}
+```
+
+Then perform the following commands on the root folder:
+
+1. `terraform init` to get the plugins
+2. `terraform plan` to see the infrastructure plan
+3. `terraform apply` to apply the infrastructure build
+4. `terraform destroy` to destroy the built infrastructure
+
+## Install
+
+**Terraform**
+
+Be sure you have the correct Terraform version, you can choose the binary here:
+
+- https://releases.hashicorp.com/terraform/
+
+## File structure
+
+The project has the following folders and files:
+
+- `/`: root folder
+- `/examples`: examples for using this module
+- `/helpers`: Helper scripts
+- `/test`: Folders with files for testing the module (see Testing section on
+  this file)
+- `/main.tf`: main file for this module, contains all the resources to create
+- `/variables.tf`: all the variables for the module
+- `/output.tf`: the outputs of the module
+- `/README.md`: this file
diff --git a/example/.terraform.lock.hcl → examples/basic/.terraform.lock.hcl b/example/.terraform.lock.hcl → examples/basic/.terraform.lock.hcl
diff --git a/example/main.tf → examples/basic/main.tf b/example/main.tf → examples/basic/main.tf
@@ -11,6 +11,7 @@ provider "google-beta" {
 }
 
 module "ctrlplane" {
-  source    = "../"
+  source    = "../../"
   namespace = var.namespace
+  domains  = ["example.com"]
 }
diff --git a/example/variables.tf → examples/basic/variables.tf b/example/variables.tf → examples/basic/variables.tf
diff --git a/main.tf b/main.tf
@@ -63,3 +63,40 @@ module "gke" {
 
   depends_on = [module.networking, module.service_accounts]
 }
+
+resource "google_compute_global_address" "this" {
+  name = "${var.namespace}-address"
+}
+
+resource "google_compute_managed_ssl_certificate" "this" {
+  name = "${var.namespace}-cert"
+
+  managed {
+    domains = var.domains
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+module "helm_release" {
+  source = "./modules/helm_release"
+
+  redis_host     = module.redis.redis_host
+  redis_port     = module.redis.redis_port
+  redis_password = module.redis.redis_auth_string
+
+  postgres_user     = module.database.sql_user_username
+  postgres_password = module.database.sql_user_password
+  postgres_host     = module.database.database_instance_private_ip_address
+  postgres_port     = 5432
+  postgres_database = module.database.database_name
+
+  service_account_email = module.service_accounts.service_account_email
+
+  global_static_ip_name = google_compute_global_address.this.name
+  pre_shared_cert       = google_compute_managed_ssl_certificate.this.name
+
+  depends_on = [module.gke, module.database, module.redis, module.service_accounts]
+}
diff --git a/modules/helm_release/main.tf b/modules/helm_release/main.tf
@@ -0,0 +1,74 @@
+resource "helm_release" "this" {
+  name       = "ctrlplane"
+  chart      = "ctrlplane"
+  repository = "https://charts.ctrlplane.dev/"
+
+
+  set {
+    name = "global"
+    value = yamlencode({
+      "postgres" = {
+        "user"     = var.postgres_user
+        "password" = var.postgres_password
+        "host"     = var.postgres_host
+        "port"     = var.postgres_port
+        "database" = var.postgres_database
+      }
+
+      "reds" = {
+        "host"     = var.redis_host
+        "port"     = var.redis_port
+        "password" = var.redis_password
+      }
+    })
+  }
+
+  set {
+    name = "ingress"
+    value = yamlencode({
+      "enabled" = true
+      "annotations" = {
+        "kubernetes.io/ingress.class"                 = "gce"
+        "kubernetes.io/ingress.global-static-ip-name" = var.global_static_ip_name
+        "ingress.gcp.kubernetes.io/pre-shared-cert"   = var.pre_shared_cert
+        "kubernetes.io/ingress.allow-http"            = "false"
+      }
+    })
+  }
+
+  set {
+    name = "webservice"
+    value = yamlencode({
+      "serviceAccount" = {
+        "create" = true
+        "annotations" = {
+          "iam.gke.io/gcp-service-account" = var.service_account_email
+        }
+      }
+    })
+  }
+
+  set {
+    name = "job-policy-checker"
+    value = yamlencode({
+      "serviceAccount" = {
+        "create" = true
+        "annotations" = {
+          "iam.gke.io/gcp-service-account" = var.service_account_email
+        }
+      }
+    })
+  }
+
+  set {
+    name = "migrations"
+    value = yamlencode({
+      "serviceAccount" = {
+        "create" = true
+        "annotations" = {
+          "iam.gke.io/gcp-service-account" = var.service_account_email
+        }
+      }
+    })
+  }
+}
diff --git a/modules/helm_release/variables.tf b/modules/helm_release/variables.tf
@@ -0,0 +1,52 @@
+variable "redis_host" {
+  type        = string
+  description = "The host for the Redis instance."
+}
+
+variable "redis_port" {
+  type        = number
+  description = "The port for the Redis instance."
+}
+
+variable "redis_password" {
+  type        = string
+  description = "The password for the Redis instance."
+}
+
+variable "postgres_user" {
+  type        = string
+  description = "The user for the Postgres instance."
+}
+
+variable "postgres_password" {
+  type        = string
+  description = "The password for the Postgres instance."
+}
+
+variable "postgres_host" {
+  type        = string
+  description = "The host for the Postgres instance."
+}
+
+variable "postgres_port" {
+  type        = number
+  description = "The port for the Postgres instance."
+}
+
+variable "postgres_database" {
+  type        = string
+  description = "The database for the Postgres instance."
+}
+
+variable "service_account_email" {
+  type        = string
+  description = "The service account email."
+}
+
+variable "global_static_ip_name" {
+  type = string
+}
+
+variable "pre_shared_cert" {
+  type = string
+}
diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf
@@ -32,6 +32,8 @@ resource "google_service_account_iam_binding" "this" {
   service_account_id = google_service_account.this.id
   role               = "roles/iam.workloadIdentityUser"
   members = [
-    "serviceAccount:${local.project_id}.svc.id.goog[default/ctrlplane-${var.namespace}-sa]"
+    "serviceAccount:${local.project_id}.svc.id.goog[default/ctrlplane-webservice]",
+    "serviceAccount:${local.project_id}.svc.id.goog[default/ctrlplane-job-policy-checker]",
+    "serviceAccount:${local.project_id}.svc.id.goog[default/ctrlplane-migrations]"
   ]
 }
diff --git a/variables.tf b/variables.tf
@@ -39,3 +39,8 @@ variable "deletion_protection" {
   default     = true
 }
 
+variable "domains" {
+  description = "The domains to use for the SSL certificate."
+  type        = list(string)
+
+}
diff --git a/versions.tf b/versions.tf
@@ -5,5 +5,10 @@ terraform {
       source  = "hashicorp/google"
       version = "~> 5.42"
     }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.15"
+    }
   }
 }