Merge pull request #21 from trilogy-group/hybrid-deploy

Hybrid deploy
trilogy-group · Jan 18, 2023 · b78433f · b78433f
2 parents 3992a64 + fa9aef1
commit b78433f
Show file tree

Hide file tree

Showing 26 changed files with 359 additions and 144 deletions.
diff --git a/install/infra/modules/eks/database.tf b/install/infra/modules/eks/database.tf
diff --git a/install/infra/modules/eks/kubernetes.tf b/install/infra/modules/eks/kubernetes.tf
@@ -51,7 +51,6 @@ resource "aws_security_group_rule" "eks-cluster-ingress-node-https" {
   type                     = "ingress"
 }
 
-
 resource "aws_security_group" "nodes" {
   name   = "nodes-sg-${var.cluster_name}"
   vpc_id = module.vpc.vpc_id
@@ -126,7 +125,7 @@ module "eks" {
       subnet_ids                 = module.vpc.public_subnets
       min_size                   = 1
       max_size                   = 4
-      desired_size               = 2
+      desired_size               = 1
       block_device_mappings = [{
         device_name = "/dev/sda1"
 
@@ -179,7 +178,7 @@ module "eks" {
           delete_on_termination = true
         }]
       }]
-      desired_size               = 2
+      desired_size               = 1
       enable_bootstrap_user_data = true
       labels = {
         "gitpod.io/workload_workspace_regular" = true
@@ -202,6 +201,90 @@ module "eks" {
         EOT
     }
 
+    ArmRegularWorkspaces = {
+      instance_types = [var.arm_workspace_machine_type]
+      ami_id         = "ami-04458375d2220b12f"
+      name           = "ws-arm-regular-${var.cluster_name}"
+      iam_role_name  = format("%s-%s", substr("${var.cluster_name}-arm-regular-ws-ng", 0, 58), random_string.ng_role_suffix.result)
+      subnet_ids     = module.vpc.public_subnets
+      min_size       = 1
+      max_size       = 50
+      block_device_mappings = [{
+        device_name = "/dev/sda1"
+
+        ebs = [{
+          volume_size           = 512
+          volume_type           = "gp3"
+          throughput            = 500
+          iops                  = 6000
+          delete_on_termination = true
+        }]
+      }]
+      desired_size               = 1
+      enable_bootstrap_user_data = true
+      labels = {
+        "gitpod.io/workload_arm_workspace_regular" = true
+      }
+
+      tags = {
+        "k8s.io/cluster-autoscaler/enabled" = true
+        "k8s.io/cluster-autoscaler/gitpod"  = "owned"
+      }
+
+      pre_bootstrap_user_data = <<-EOT
+        #!/bin/bash
+        set -ex
+        cat <<-EOF > /etc/profile.d/bootstrap.sh
+        export CONTAINER_RUNTIME="containerd"
+        export USE_MAX_PODS=false
+        EOF
+        # Source extra environment variables in bootstrap script
+        sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh
+        EOT
+    }
+
+    ArmHeadlessWorkspaces = {
+      instance_types = [var.arm_workspace_machine_type]
+      ami_id         = "ami-04458375d2220b12f"
+      name           = "ws-arm-headless-${var.cluster_name}"
+      iam_role_name  = format("%s-%s", substr("${var.cluster_name}-arm-headless-ws-ng", 0, 58), random_string.ng_role_suffix.result)
+      subnet_ids     = module.vpc.public_subnets
+      min_size       = 1
+      max_size       = 50
+      block_device_mappings = [{
+        device_name = "/dev/sda1"
+
+        ebs = [{
+          volume_size           = 512
+          volume_type           = "gp3"
+          throughput            = 500
+          iops                  = 6000
+          delete_on_termination = true
+        }]
+      }]
+      desired_size               = 1
+      enable_bootstrap_user_data = true
+      labels = {
+        "gitpod.io/workload_arm_workspace_headless" = true
+      }
+
+      tags = {
+        "k8s.io/cluster-autoscaler/enabled" = true
+        "k8s.io/cluster-autoscaler/gitpod"  = "owned"
+      }
+
+      pre_bootstrap_user_data = <<-EOT
+        #!/bin/bash
+        set -ex
+        cat <<-EOF > /etc/profile.d/bootstrap.sh
+        export CONTAINER_RUNTIME="containerd"
+        export USE_MAX_PODS=false
+        EOF
+        # Source extra environment variables in bootstrap script
+        sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh
+        EOT
+    }
+
     HeadlessWorkspaces = {
       instance_types = [var.workspace_machine_type]
       name           = "ws-headless-${var.cluster_name}"
@@ -220,7 +303,7 @@ module "eks" {
           delete_on_termination = true
         }]
       }]
-      desired_size               = 2
+      desired_size               = 1
       enable_bootstrap_user_data = true
       labels = {
         "gitpod.io/workload_workspace_headless" = true

diff --git a/install/infra/modules/eks/output.tf b/install/infra/modules/eks/output.tf
@@ -51,15 +51,15 @@ output "name_servers" {
   value = formatlist("%s.", resource.aws_route53_zone.gitpod[0].name_servers)
 }
 
-output "database" {
-  sensitive = true
-  value = try({
-    host     = "${aws_db_instance.gitpod[0].address}"
-    username = "${aws_db_instance.gitpod[0].username}"
-    password = random_password.password[0].result
-    port     = 3306
-  }, "No database created")
-}
+# output "database" {
+#   sensitive = true
+#   value = try({
+#     host     = "${aws_db_instance.gitpod[0].address}"
+#     username = "${aws_db_instance.gitpod[0].username}"
+#     password = random_password.password[0].result
+#     port     = 3306
+#   }, "No database created")
+# }
 
 output "registry" {
   sensitive = true

diff --git a/install/infra/modules/eks/variables.tf b/install/infra/modules/eks/variables.tf
@@ -6,7 +6,7 @@ variable "cluster_name" {
 variable "cluster_version" {
   type        = string
   description = "Kubernetes version to create the cluster with"
-  default     = "1.22"
+  default     = "1.23"
 }
 
 variable "kubeconfig" {
@@ -32,14 +32,20 @@ variable "workspace_machine_type" {
   default     = "m6i.2xlarge"
 }
 
+variable "arm_workspace_machine_type" {
+  type        = string
+  description = "Machine type for ARM workspace workload node pool"
+  default     = "m6g.2xlarge"
+}
+
 variable "region" {
   type    = string
-  default = "eu-west-1"
+  default = "us-east-1"
 }
 
 variable "vpc_availability_zones" {
   type    = list(string)
-  default = ["eu-west-1c", "eu-west-1b"]
+  default = ["us-east-1a", "us-east-1c"]
 }
 
 variable "domain_name" {
@@ -52,7 +58,7 @@ variable "vpc_cidr" {
 }
 
 variable "create_external_database" {
-  default     = true
+  default     = false
   description = "Create a mysql RDS database"
 }
 

diff --git a/install/infra/modules/gke/cluster.tf b/install/infra/modules/gke/cluster.tf
@@ -109,7 +109,7 @@ resource "google_container_node_pool" "regular-workspaces" {
     ]
 
     labels = {
-      "gitpod.io/workload_workspace_regular"  = true
+      "gitpod.io/workload_workspace_regular" = true
     }
 
     preemptible  = false

diff --git a/install/infra/modules/gke/database.tf b/install/infra/modules/gke/database.tf
@@ -1,29 +1,29 @@
 resource "google_service_account" "db_sa" {
-  count    = var.enable_external_database ? 1 : 0
+  count = var.enable_external_database ? 1 : 0
 
   account_id   = local.db_sa
   display_name = "Service Account managed by TF for object storage"
 }
 
 resource "google_project_iam_member" "db-sa-iam" {
-  count    = var.enable_external_database ? 1 : 0
+  count = var.enable_external_database ? 1 : 0
 
   project = var.project
-  role = "roles/cloudsql.client"
+  role    = "roles/cloudsql.client"
 
   member = "serviceAccount:${google_service_account.db_sa[count.index].email}"
 }
 
 resource "google_service_account_key" "db_sa_key" {
-  count    = var.enable_external_database ? 1 : 0
+  count = var.enable_external_database ? 1 : 0
 
   service_account_id = google_service_account.db_sa[count.index].name
 }
 
 resource "random_string" "random" {
-  length           = 4
-  upper            = false
-  special          = false
+  length  = 4
+  upper   = false
+  special = false
 }
 
 resource "google_sql_database_instance" "gitpod" {
@@ -40,8 +40,8 @@ resource "google_sql_database_instance" "gitpod" {
 resource "random_password" "password" {
   count = var.enable_external_database ? 1 : 0
 
-  length           = 16
-  special          = false
+  length  = 16
+  special = false
 }
 
 resource "google_sql_database" "database" {

diff --git a/install/infra/modules/gke/dns.tf b/install/infra/modules/gke/dns.tf
@@ -9,7 +9,7 @@ resource "google_project_iam_member" "dns-sa-iam" {
   count = var.domain_name == null ? 0 : 1
 
   project = var.project
-  role = "roles/dns.admin"
+  role    = "roles/dns.admin"
 
   member = "serviceAccount:${google_service_account.dns_sa[count.index].email}"
 }

diff --git a/install/infra/modules/gke/local.tf b/install/infra/modules/gke/local.tf
@@ -1,21 +1,21 @@
 locals {
-    gke_sa = "gke-sa-${var.cluster_name}"
-    gke_iam_roles = toset([
-        "roles/storage.admin",
-        "roles/logging.logWriter",
-        "roles/monitoring.metricWriter",
-        "roles/container.admin"
-    ])
+  gke_sa = "gke-sa-${var.cluster_name}"
+  gke_iam_roles = toset([
+    "roles/storage.admin",
+    "roles/logging.logWriter",
+    "roles/monitoring.metricWriter",
+    "roles/container.admin"
+  ])
 
-    gke_user_sa = "user-${var.cluster_name}"
+  gke_user_sa = "user-${var.cluster_name}"
 
-    obj_sa = "obj-sa-${var.cluster_name}"
-    obj_iam_roles = var.enable_external_registry ? toset([
-        "roles/storage.admin",
-        "roles/storage.objectAdmin",
-    ]) : []
+  obj_sa = "obj-sa-${var.cluster_name}"
+  obj_iam_roles = var.enable_external_registry ? toset([
+    "roles/storage.admin",
+    "roles/storage.objectAdmin",
+  ]) : []
 
-    db_sa = "db-sa-${var.cluster_name}"
+  db_sa = "db-sa-${var.cluster_name}"
 
-    dns_sa = "dns-sa-${var.cluster_name}"
+  dns_sa = "dns-sa-${var.cluster_name}"
 }
diff --git a/install/infra/modules/gke/main.tf b/install/infra/modules/gke/main.tf
@@ -3,7 +3,7 @@ terraform {
 }
 
 provider "google" {
-  project     = var.project
-  region      = var.region
-  zone        = var.zone
+  project = var.project
+  region  = var.region
+  zone    = var.zone
 }
diff --git a/install/infra/modules/gke/output.tf b/install/infra/modules/gke/output.tf
@@ -24,7 +24,7 @@ output "kubeconfig" {
 
 output "cluster-sa" {
   sensitive = true
-  value = google_service_account_key.gke_sa_key.private_key
+  value     = google_service_account_key.gke_sa_key.private_key
 }
 
 output "database" {
@@ -49,7 +49,7 @@ output "registry" {
 
 output "dns_credentials" {
   sensitive = true
-  value = var.domain_name == null ? "" : base64decode(google_service_account_key.dns_sa_key[0].private_key)
+  value     = var.domain_name == null ? "" : base64decode(google_service_account_key.dns_sa_key[0].private_key)
 }
 
 output "storage" {

diff --git a/install/infra/modules/gke/variables.tf b/install/infra/modules/gke/variables.tf
@@ -23,7 +23,7 @@ variable "zone" {
 variable "cluster_version" {
   type        = string
   description = "Kubernetes version to be setup"
-  default     = "1.22.8-gke.201"
+  default     = "1.23.8-gke.201"
 }
 
 variable "cluster_name" {

diff --git a/install/infra/modules/tools/issuer/main.tf b/install/infra/modules/tools/issuer/main.tf
@@ -16,7 +16,7 @@ resource "kubernetes_secret" "aws_dns_solver" {
 # the following is only for GCP managed DNS setup
 
 resource "kubernetes_secret" "gcp_dns_solver" {
-  count    = var.gcp_credentials == null ? 0 : 1
+  count = var.gcp_credentials == null ? 0 : 1
 
   metadata {
     name      = "clouddns-dns01-solver"

diff --git a/install/infra/modules/tools/issuer/output.tf b/install/infra/modules/tools/issuer/output.tf
@@ -1,3 +1,3 @@
 output "cluster_issuer" {
-    value = var.cluster_issuer_name
+  value = var.cluster_issuer_name
 }