Merge pull request #11 from shalb/refactoring

Refactoring

.gitignore

@@ -0,0 +1 @@
+tmp/**

aws-k3s.yaml

@@ -11,10 +11,9 @@ _p: &provider_aws
 - aws:
     region: {{ .variables.region }}
 
-
 name: aws-k3s
 kind: StackTemplate
-cliVersion: ">=0.6.1"
+cliVersion: ">=v0.8.0"
 units:
   -
     name: aws_key_pair
@@ -25,6 +24,7 @@ units:
       create_key_pair: true
       public_key: {{ .variables.public_key }}
       key_name: {{ .variables.public_key_name }}
+  {{- if .variables.domain }}
   -
     name: route53
     type: tfmodule
@@ -34,6 +34,7 @@ units:
       cluster_name: {{ .variables.cluster_name }}
       cluster_domain: {{ .variables.domain }}
       zone_delegation: {{ if eq .variables.domain "cluster.dev" }}true{{ else }}false{{ end }}
+  {{- end }}
   {{- if not .variables.vpc_id }}
   -
     name: vpc
@@ -73,23 +74,17 @@ units:
         "kubernetes.io/role/internal-lb": 1
       azs: {{ insertYAML $azs }}
   {{- end }}
-  -
-    name: ext-dns-iam
-    type: tfmodule
-    source: ./ext-dns-iam
-    providers: *provider_aws
-    inputs:
-      name: {{ .variables.cluster_name }}-test
-      domain: {{ remoteState "this.route53.zone_id" }}
   -
     name: k3s
     type: tfmodule
-    source: github.com/shalb/terraform-aws-k3s?ref=v0.4.2
+    source: github.com/shalb/terraform-aws-k3s?ref=v0.5.0
     inputs:
       cluster_name: {{ .variables.cluster_name }}
       extra_args:
         - "--disable traefik"
+      {{ if .variables.domain }}
       domain: {{ remoteState "this.route53.domain" }}
+      {{ end  }}
       k3s_version: {{ .variables.k3s_version }}
       {{- if .variables.vpc_id }}
       public_subnets: {{ insertYAML .variables.public_subnets }}
@@ -102,31 +97,78 @@ units:
       master_node_count: {{ .variables.master_node_count }}
       worker_node_groups: {{ insertYAML .variables.worker_node_groups  }}
       master_iam_policies:
-        - {{ remoteState "this.ext-dns-iam.arn" }}
-      worker_iam_policies:
-        - {{ remoteState "this.ext-dns-iam.arn" }}
+        - {{ remoteState "this.iam-policy-external-dns.arn" }}
       enable_asg_rolling_auto_update: true
   -
     name: kubeconfig
-    type: shell
+    type: tfmodule
     force_apply: true
     depends_on: this.k3s
-    apply:
-      commands:
-        - aws s3 cp s3://{{ .variables.bucket }}/{{ .variables.cluster_name }}/kubeconfig /tmp/kubeconfig_{{ .variables.cluster_name }}
-        - echo "kubeconfig_base64=$(cat /tmp/kubeconfig_{{ .variables.cluster_name }} | base64 -w 0)"
-        - echo "kubeconfig_path=/tmp/kubeconfig_{{ .variables.cluster_name }}"
-    outputs:
-      type: separator
-      separator: "="
+    source: github.com/shalb/terraform-modules//local-file?ref=0.0.1
+    inputs:
+      filename: /tmp/kubeconfig_{{ .variables.cluster_name }}
+      source_s3:
+        bucket: {{ .variables.bucket }}
+        key: {{ .variables.cluster_name }}/kubeconfig
+      file_permission: "0600"
+  {{- if .variables.domain }}
+  -
+    name: iam-policy-external-dns
+    type: tfmodule
+    source: "terraform-aws-modules/iam/aws//modules/iam-policy"
+    version: "5.30.0"
+    providers: *provider_aws
+    inputs:
+      name: AllowRoute53ZoneManagement-{{ .variables.cluster_name }}
+      policy: |
+        {
+            "Version": "2012-10-17",
+            "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                "route53:ChangeResourceRecordSets",
+                "route53:GetChange"
+                ],
+                "Resource": [
+                "arn:aws:route53:::hostedzone/{{ .variables.domain }}",
+                "arn:aws:route53:::change/*"
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                "route53:ListHostedZones",
+                "route53:ListResourceRecordSets",
+                "route53:ListHostedZonesByName"
+                ],
+                "Resource": [
+                "*"
+                ]
+            }
+            ]
+        }
+  -
+    name: external-dns
+    type: helm
+    source:
+      repository: "https://charts.bitnami.com/bitnami"
+      chart: "external-dns"
+      version: "6.26.3"
+    kubeconfig: {{ remoteState "this.kubeconfig.path" }}
+    additional_options:
+      namespace: "external-dns"
+      create_namespace: true
+    values:
+      - file: ./values/external-dns.yaml
   -
     name: cert-manager
     type: helm
     source:
       repository: "https://charts.jetstack.io"
       chart: "cert-manager"
       version: "v1.6.1"
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
+    kubeconfig: {{ output "this.kubeconfig.path" }}
     additional_options:
       namespace: "cert-manager"
       create_namespace: true
@@ -140,82 +182,33 @@ units:
       serviceAccount.create: true
   -
     name: cert-manager-issuer
-    type: k8s-manifest
-    path: ./cert-manager/issuer.yaml
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
+    type: kubernetes
     depends_on: this.cert-manager
+    source: ./cert-manager/issuer.yaml
+    kubeconfig: {{ remoteState "this.kubeconfig.path" }}
+  {{- end }}
   -
     name: ingress-nginx
     type: helm
     source:
       repository: "https://kubernetes.github.io/ingress-nginx"
       chart: "ingress-nginx"
-      version: "4.0.13"
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
+      version: "4.7.3"
+    kubeconfig: {{ output "this.kubeconfig.path" }}
     additional_options:
       namespace: "ingress-nginx"
       create_namespace: true
+      timeout: 60
     inputs:
         service.type: LoadBalancer
         controller.admissionWebhooks.enabled: false
         service.externalTrafficPolicy: Local
         controller.ingressClassResource.default: true
-  -
-    name: csi
-    type: helm
-    source:
-      repository: "https://kubernetes-sigs.github.io/aws-ebs-csi-driver"
-      chart: "aws-ebs-csi-driver"
-      version: "2.6.9"
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
-    additional_options:
-      namespace: "kube-system"
-    values:
-      - file: ./csi/values.yaml
-        apply_template: false
-  -
-    name: argocd
-    type: helm
-    source:
-      repository: "https://argoproj.github.io/argo-helm"
-      chart: "argo-cd"
-      version: "4.5.7"
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
-    depends_on: this.cert-manager-issuer
-    additional_options:
-      namespace: "argocd"
-      create_namespace: true
-    inputs:
-      service.type: LoadBalancer
-      server.certificate.domain: argocd.{{ .variables.cluster_name }}.{{ .variables.domain }}
-      server.certificate.enabled: true
-      server.certificate.issuer.name: letsencrypt-prod
-      server.certificate.issuer.kind: ClusterIssuer
-      server.ingress.enabled: true
-      server.ingress.tls[0].secretName: argocd-secret
-      server.ingress.hosts[0]: argocd.{{ .variables.cluster_name }}.{{ .variables.domain }}
-      server.ingress.tls[0].hosts[0]: argocd.{{ .variables.cluster_name }}.{{ .variables.domain }}
-      server.ingress.annotations.cert-manager\.io/cluster-issuer: letsencrypt-prod
-      server.ingress.annotations.kubernetes\.io/ingress.class: nginx
-      server.ingress.annotations.kubernetes\.io/tls-acme: "true"
-      server.ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-passthrough: "true"
-      server.ingress.annotations.nginx\.ingress\.kubernetes\.io/backend-protocol: "HTTPS"
-      server.config.url: https://argocd.{{ .variables.cluster_name }}.{{ .variables.domain }}
-      configs.secret.argocdServerAdminPassword: {{ .variables.argocdServerAdminPassword }}
-      configs.secret.argocdServerAdminPasswordMtime: "2021-01-01T00:00:00Z"
-  -
-    name: argocd_apps
-    type: k8s-manifest
-    path: ./argocd-apps/
-    kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
-    depends_on: this.argocd
   -
     name: outputs
     type: printer
-    depends_on: this.argocd_apps
     outputs:
       cluster_name: {{ .variables.cluster_name }}
       region: {{ .variables.region }}
-      kubeconfig: {{ output "this.kubeconfig.kubeconfig_path" }}
+      kubeconfig: {{ output "this.kubeconfig.path" }}
       k3s_version: {{ .variables.k3s_version }}
-      argocd_url: https://argocd.{{ .variables.cluster_name }}.{{ .variables.domain }}

examples/demo-app.yaml

@@ -4,5 +4,5 @@ kind: Stack
 backend: aws-backend
 variables:
   replicas: 3
-  domain: {{ output "k3s-demo.outputs.cluster_name" }}.{{ .project.variables.domain }}
-  kubeconfig: {{ output "k3s-demo.kubeconfig.kubeconfig_path" }}
+  domain: {{ remoteState "k3s-demo.outputs.cluster_name" }}.{{ .project.variables.domain }}
+  kubeconfig: {{ output "k3s-demo.kubeconfig.path" }}

examples/demo-infra.yaml

@@ -1,24 +1,16 @@
 name: k3s-demo
-template: https://github.com/shalb/cdev-aws-k3s?ref=main
+template: ../
 kind: Stack
 backend: aws-backend
 variables:
-  cluster_name: k3s-demo-boston
+  cluster_name: demo-k3s
   bucket: {{ .project.variables.state_bucket_name }}
   region: {{ .project.variables.region }}
   organization: {{ .project.variables.organization }}
   domain: {{ .project.variables.domain }}
   instance_type: "t3.medium"
-  k3s_version: "1.25.11+k3s1"
-  # Uncomment lines below if you need to specify the VPC
-  #vpc_id: "vpc-5ecf1234"
-  #public_subnets:
-  #  - "subnet-d775f0bd"
-  #  - "subnet-6696651a"
+  k3s_version: "v1.28.2+k3s1"
   env: "demo"
-  azs:
-    - "{{ .project.variables.region }}a"
-    - "{{ .project.variables.region }}b"
   public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCi6UIVruH0CfKewYlSjA7oR6gjahZrkJ+k/0cj46nvYrORVcds2cijZPT34ACWkvXV8oYvXGWmvlGXV5H1sD0356zpjhRnGo6j4UZVS6KYX5HwObdZ6H/i+A9knEyXxOCyo6p4VeJIYGhVYcQT4GDAkxb8WXHVP0Ax/kUqrKx0a2tK9JjGkuLbufQc3yWhqcfZSVRU2a+M8f8EUmGLOc2VEi2mGoxVgikrelJ0uIGjLn63L6trrsbvasoBuILeXOAO1xICwtYFek/MexQ179NKqQ1Wx/+9Yx4Xc63MB0vR7kde6wxx2Auzp7CjJBFcSTz0TXSRsvF3mnUUoUrclNkr demo" # Change this.
   public_key_name: demo
   master_node_count: 1
@@ -27,4 +19,3 @@ variables:
       min_size: 2
       max_size: 3
       instance_type: "t3.medium"
-  argocdServerAdminPassword: "$2a$10$1buVsK9yv0Al1oJlLmABeeRxYsArdlT2QPdNRqaZwiuYztj9JUDmu" # Bcrypted "password"

examples/project.yaml

@@ -1,10 +1,10 @@
-name: demo
+name: cdev-example
 kind: Project
 backend: aws-backend
 variables:
-  organization: shalb # sample global variable
+  organization: my-organization
   region: eu-central-1
-  state_bucket_name: cdev-k3s-arti # create and set your s3 bucket here
+  state_bucket_name: cdev-state
   domain: cluster.dev
 # exports:
 #  AWS_PROFILE: cluster-dev # optional set the AWS profile to use during apply

examples/sample-application-template/kuard.yaml

@@ -3,10 +3,9 @@ kind: StackTemplate
 units:
   -
     name: kuard
-    type: k8s-manifest
+    type: kubernetes
     namespace: default
-    path: ./manifests/
-    apply_template: true
+    source: ./manifests/
     kubeconfig: {{ .variables.kubeconfig }}
     kubectl_opts: "--wait=true"
     inputs: