From cbfe4a2895b8204b4bb41c8e9cbc9c97dd46bf08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfredo=20Espa=C3=B1a?= Date: Sat, 7 May 2022 11:02:44 -0600 Subject: [PATCH] Aws S3 Support (#15) * Adding S3 support --- .gitignore | 3 +- README.md | 143 ++++++++++++++++++++++++++++++-- templates/secrets-executor.yaml | 28 +++++-- templates/secrets-registry.yaml | 16 +++- values.schema.json | 27 +++++- values.yaml | 9 +- 6 files changed, 207 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index ddfddfe..96647a0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ sample-values.yaml sample-values-post.yaml sample-values-mysql.yaml -sample-values-dev365.yaml \ No newline at end of file +sample-values-dev365.yaml +sample-values-dev365-aws.yaml \ No newline at end of file diff --git a/README.md b/README.md index c07f21f..e4c69fd 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,8 @@ Once the group it is created we will need to include ***Terrakube APP*** as a me ### 3. Terrakube Storage +#### 3.1 Azure Storage Account + Terrakube require an Azure Storage account to save the state/output for the jobs and to save the terraform modules when using terraform CLI and it require the following containers: - registry (blob) - tfstate (private) @@ -56,11 +58,19 @@ Terrakube require an Azure Storage account to save the state/output for the jobs To create the Azure storage account you can use the following [terraform module](https://github.com/AzBuilder/terraform-azurerm-terrakube-cloud-storage). +#### 3.2 AWS S3 + +Terrakube require an Aws S3 to save the state/output for the jobs and to save the terraform modules when using terraform CLI and it require the following: +- Cors Enable for the UI domain +- ACL Enable + +To create the Aws S3 you can use the following [terraform module]() (Work in Progress). + ### 4. Build Yaml file Once you have completed the above steps you can complete the file values.yaml to deploy the helm chart -Example using Nginx Ingress: +***Example using Nginx Ingress and Azure Storage Account:*** ```yaml ## Global Name @@ -85,7 +95,7 @@ storage: ## API properties api: enabled: true - version: "2.1.4" + version: "2.2.0" replicaCount: "1" serviceType: "ClusterIP" resources: #Optional @@ -105,7 +115,7 @@ api: ## Executor properties executor: enabled: true - version: "1.5.4" + version: "1.6.1" replicaCount: "1" serviceType: "ClusterIP" resources: #Optional @@ -124,7 +134,130 @@ executor: ## Registry properties registry: enabled: true - version: "2.1.4" + version: "2.2.0" + replicaCount: "1" + serviceType: "ClusterIP" + resources: #Optional + limits: + cpu: 500m + memory: 1024Mi + requests: + cpu: 200m + memory: 256Mi + +## UI Properties +ui: + enabled: true + version: "0.7.0" + replicaCount: "1" + serviceType: "ClusterIP" + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + +## Ingress properties +ingress: + useTls: true + ui: + enabled: true + domain: "ui.terrakube.docker.internal" # Replace with the real value + path: "/(.*)" # Replace with the real value + pathType: "Prefix" # Replace with the real value + annotations: # This annotations can change based on requirements. The followin is an example using nginx ingress and lets encrypt + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/use-regex: "true" + cert-manager.io/cluster-issuer: letsencrypt + api: + enabled: true + domain: "api.terrakube.docker.internal" # Replace with the real value + path: "/(.*)" # Replace with the real value + pathType: "Prefix" # Replace with the real value + annotations: # This annotations can change based on requirements. The followin is an example using nginx ingress and lets encrypt + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;" + cert-manager.io/cluster-issuer: letsencrypt + registry: + enabled: true + domain: "registry.terrakube.docker.internal" # Replace with the real value + path: "/(.*)" # Replace with the real value + pathType: "Prefix" # Replace with the real value + annotations: # This annotations can change based on requirements. The followin is an example using nginx ingress and lets encrypt + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/use-regex: "true" + cert-manager.io/cluster-issuer: letsencrypt +``` + +***Example using Nginx Ingress and AWS S3:*** +```yaml +## Global Name +name: "terrakube" + +## Azure Active Directory Security +security: + type: "AZURE" # This is the only value supported righ now + azure: + appIdURI: "XXX" #Replace with values from Step 1 + appClientId: "XXX" + appTenantId: "XXX" + appSecret: "XXX" + +## Terraform Storage +storage: + aws: + accessKey: "XXX" + secretKey: "XXX" + bucketName: "XXX" + region: "XXX" + +## API properties +api: + enabled: true + version: "2.2.0" + replicaCount: "1" + serviceType: "ClusterIP" + resources: #Optional + limits: + cpu: 500m + memory: 1024Mi + requests: + cpu: 200m + memory: 256Mi + properties: + databaseType: "SQL_AZURE" # Replace with "H2" (ONLY FOR TESTING), "SQL_AZURE", "POSTGRESQL" or "MYSQL" + databaseHostname: "mysuperdatabse.database.windows.net" # Replace with the real value + databaseName: "databasename" # Replace with the real value + databaseUser: "databaseuser" # Replace with the real value + databasePassword: "XXX" # Replace with the real value + +## Executor properties +executor: + enabled: true + version: "1.6.1" + replicaCount: "1" + serviceType: "ClusterIP" + resources: #Optional + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 500m + memory: 256Mi + properties: + toolsRepository: "https://github.com/AzBuilder/terrakube-extensions" # Default extension repository + toolsBranch: "main" #Default branch for extensions + terraformStateType: "AwsTerraformStateImpl" + terraformOutputType: "AwsTerraformOutputImpl" + +## Registry properties +registry: + enabled: true + version: "2.2.0" replicaCount: "1" serviceType: "ClusterIP" resources: #Optional @@ -138,7 +271,7 @@ registry: ## UI Properties ui: enabled: true - version: "0.5.0" + version: "0.7.0" replicaCount: "1" serviceType: "ClusterIP" resources: diff --git a/templates/secrets-executor.yaml b/templates/secrets-executor.yaml index f685830..604a215 100644 --- a/templates/secrets-executor.yaml +++ b/templates/secrets-executor.yaml @@ -5,14 +5,10 @@ metadata: name: terrakube-executor-secrets type: Opaque stringData: + # State/Output Type TerraformStateType: '{{ .Values.executor.properties.terraformStateType }}' - AzureTerraformStateResourceGroup: '{{ .Values.storage.azure.storageAccountResourceGroup }}' - AzureTerraformStateStorageAccountName: '{{ .Values.storage.azure.storageAccountName }}' - AzureTerraformStateStorageContainerName: 'tfstate' - AzureTerraformStateStorageAccessKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' TerraformOutputType: '{{ .Values.executor.properties.terraformOutputType }}' - AzureTerraformOutputAccountName: '{{ .Values.storage.azure.storageAccountName }}' - AzureTerraformOutputAccountKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' + # General Settings AzBuilderApiUrl: 'http://terrakube-api-service:8080' AzureAdAppClientId: '{{ .Values.security.azure.appClientId }}' AzureAdAppClientSecret: '{{ .Values.security.azure.appSecret }}' @@ -24,4 +20,24 @@ stringData: TerrakubeToolsBranch: '{{ .Values.executor.properties.toolsBranch }}' TerrakubeEnableSecurity: 'true' TerrakubeRegistryDomain: '{{ .Values.ingress.registry.domain }}' + #Azure Storage + {{- if .Values.storage.azure }} + AzureTerraformStateResourceGroup: '{{ .Values.storage.azure.storageAccountResourceGroup }}' + AzureTerraformStateStorageAccountName: '{{ .Values.storage.azure.storageAccountName }}' + AzureTerraformStateStorageContainerName: 'tfstate' + AzureTerraformStateStorageAccessKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' + AzureTerraformOutputAccountName: '{{ .Values.storage.azure.storageAccountName }}' + AzureTerraformOutputAccountKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' + {{- end }} + #AWS S3 + {{- if .Values.storage.aws }} + AwsTerraformOutputAccessKey: '{{ .Values.storage.aws.accessKey }}' + AwsTerraformOutputSecretKey: '{{ .Values.storage.aws.secretKey }}' + AwsTerraformOutputBucketName: '{{ .Values.storage.aws.bucketName }}' + AwsTerraformOutputRegion: '{{ .Values.storage.aws.region }}' + AwsTerraformStateAccessKey: '{{ .Values.storage.aws.accessKey }}' + AwsTerraformStateSecretKey: '{{ .Values.storage.aws.secretKey }}' + AwsTerraformStateBucketName: '{{ .Values.storage.aws.bucketName }}' + AwsTerraformStateRegion: '{{ .Values.storage.aws.region }}' + {{- end }} {{ end }} \ No newline at end of file diff --git a/templates/secrets-registry.yaml b/templates/secrets-registry.yaml index e0ee989..a5c8568 100644 --- a/templates/secrets-registry.yaml +++ b/templates/secrets-registry.yaml @@ -6,8 +6,6 @@ metadata: type: Opaque stringData: AzBuilderRegistry: 'https://{{ .Values.ingress.registry.domain }}' - AzureAccountName: '{{ .Values.storage.azure.storageAccountName }}' - AzureAccountKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' AzBuilderApiUrl: 'http://terrakube-api-service:8080' AzureAdAppClientId: '{{ .Values.security.azure.appClientId }}' AzureAdAppClientSecret: '{{ .Values.security.azure.appSecret }}' @@ -18,4 +16,18 @@ stringData: AzureAdAppId: '{{ .Values.security.azure.appClientId }}' AzureAdApiIdUri: '{{ .Values.security.azure.appIdURI }}' TerrakubeUiURL: 'https://{{ .Values.ingress.ui.domain }}' + #Azure Storage + {{- if .Values.storage.azure }} + RegistryStorageType: 'AzureStorageImpl' + AzureAccountName: '{{ .Values.storage.azure.storageAccountName }}' + AzureAccountKey: '{{ .Values.storage.azure.storageAccountAccessKey }}' + {{- end }} + #AWS S3 + {{- if .Values.storage.aws }} + RegistryStorageType: 'AwsStorageImpl' + AwsStorageAccessKey: '{{ .Values.storage.aws.accessKey }}' + AwsStorageSecretKey: '{{ .Values.storage.aws.secretKey }}' + AwsStorageBucketName: '{{ .Values.storage.aws.bucketName }}' + AwsStorageRegion: '{{ .Values.storage.aws.region }}' + {{- end }} {{ end }} \ No newline at end of file diff --git a/values.schema.json b/values.schema.json index 4b58abb..e9fdc5e 100644 --- a/values.schema.json +++ b/values.schema.json @@ -39,7 +39,6 @@ }, "storage": { "type": "object", - "required": ["azure"], "properties": { "azure": { "type": "object", @@ -58,6 +57,28 @@ "type": "string" } } + }, + "aws": { + "type": "object", + "required": ["accessKey", "secretKey", "bucketName", "region"], + "properties": { + "accessKey": { + "description": "AWS Access Key", + "type": "string" + }, + "secretKey": { + "description": "AWS Secret Key", + "type": "string" + }, + "bucketName": { + "description": "AWS Bucket name", + "type": "string" + }, + "region": { + "description": "AWS Region", + "type": "string" + } + } } } }, @@ -149,11 +170,11 @@ }, "terraformStateType": { "description": "Terraform State implementation", - "enum": ["AzureTerraformStateImpl"] + "enum": ["AzureTerraformStateImpl", "AwsTerraformStateImpl"] }, "terraformOutputType": { "description": "Terraform Output implementation", - "enum": ["AzureTerraformOutputImpl"] + "enum": ["AzureTerraformOutputImpl", "AwsTerraformOutputImpl"] } } } diff --git a/values.yaml b/values.yaml index 04d7672..109b422 100644 --- a/values.yaml +++ b/values.yaml @@ -16,6 +16,11 @@ storage: storageAccountName: "" storageAccountResourceGroup: "" storageAccountAccessKey: "" + aws: + accessKey: "" + secretKey: "" + bucketName: "" + region: "" ## API properties api: @@ -41,8 +46,8 @@ executor: properties: toolsRepository: "https://github.com/AzBuilder/terrakube-extensions" toolsBranch: "main" - terraformStateType: "AzureTerraformStateImpl" - terraformOutputType: "AzureTerraformOutputImpl" + terraformStateType: "" + terraformOutputType: "" ## Registry properties registry: