diff --git a/.github/workflows/verify-pr.yaml b/.github/workflows/verify-pr.yaml index ad295df..fda31e8 100644 --- a/.github/workflows/verify-pr.yaml +++ b/.github/workflows/verify-pr.yaml @@ -20,5 +20,5 @@ jobs: ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }} TESTING: ${{ secrets.TESTING }} PX_SPEC: ${{ secrets.PX_SPEC }} - # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} - # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} + GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} + GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} diff --git a/.github/workflows/verify-schedule.yaml b/.github/workflows/verify-schedule.yaml index 26e6fc8..bb5b82c 100644 --- a/.github/workflows/verify-schedule.yaml +++ b/.github/workflows/verify-schedule.yaml @@ -20,8 +20,8 @@ jobs: ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }} TESTING: ${{ secrets.TESTING }} PX_SPEC: ${{ secrets.PX_SPEC }} - # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} - # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} + GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} + GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} notify: diff --git a/.github/workflows/verify-workflow.yaml b/.github/workflows/verify-workflow.yaml index e05964f..1f00053 100644 --- a/.github/workflows/verify-workflow.yaml +++ b/.github/workflows/verify-workflow.yaml @@ -24,10 +24,10 @@ on: required: true PX_SPEC: required: true - #GITOPS_USERNAME: - # required: true - #GITOPS_TOKEN: - # required: true + GITOPS_USERNAME: + required: true + GITOPS_TOKEN: + required: true # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -61,8 +61,8 @@ jobs: TF_VAR_acme_registration_email: ${{ secrets.ACME_EMAIL_SECRET }} TF_VAR_testing: ${{ secrets.TESTING }} TF_VAR_portworx_spec: ${{ secrets.PX_SPEC }} - # TF_VAR_gitops_repo_username: ${{ secrets.GITOPS_USERNAME }} - # TF_VAR_gitops_repo_token: ${{ secrets.GITOPS_TOKEN }} + TF_VAR_gitops_repo_username: ${{ secrets.GITOPS_USERNAME }} + TF_VAR_gitops_repo_token: ${{ secrets.GITOPS_TOKEN }} outputs: status: ${{ job.status }} diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml index caa2560..34453c0 100644 --- a/.github/workflows/verify.yaml +++ b/.github/workflows/verify.yaml @@ -19,8 +19,8 @@ jobs: ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }} TESTING: ${{ secrets.TESTING }} PX_SPEC: ${{ secrets.PX_SPEC }} - # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} - # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} + GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }} + GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }} release: needs: [verify] diff --git a/1-quickstart/200-openshift-gitops/apply.sh b/1-quickstart/200-openshift-gitops/apply.sh new file mode 100755 index 0000000..8d4e15b --- /dev/null +++ b/1-quickstart/200-openshift-gitops/apply.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$(cd $(dirname $0); pwd -P) + +VARIABLES_FILE="${1}" +if [[ -z "${VARIABLES_FILE}" ]]; then + VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml" +fi + +YQ=$(command -v yq4 || command -v yq) +if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then + echo "yq v4 is required" + exit 1 +fi + +if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then + cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup" + rm "${SCRIPT_DIR}/terraform/terraform.tfvars" +fi + +if [[ ! -f "${VARIABLES_FILE}" ]]; then + echo "Variables can be provided in a yaml file passed as the first argument" + echo "" +fi + +TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp" + +echo "variables: []" > ${TMP_VARIABLES_FILE} + +cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do + default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -) + sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -) + description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -) + + variable_name="TF_VAR_${name}" + + environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*="(.*)".*/\1/g') + value="${environment_variable}" + if [[ -f "${VARIABLES_FILE}" ]]; then + value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -) + if [[ -z "${value}" ]]; then + value="${environment_variable}" + fi + fi + + while [[ -z "${value}" ]]; do + echo "Provide a value for '${name}':" + if [[ -n "${description}" ]]; then + echo " ${description}" + fi + sensitive_flag="" + if [[ "${sensitive}" == "true" ]]; then + sensitive_flag="-s" + fi + default_prompt="" + if [[ -n "${default_value}" ]]; then + default_prompt="(${default_value}) " + fi + read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value + value=${value:-$default_value} + done + + echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars" + if [[ "${sensitive}" != "true" ]]; then + NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}" + fi +done + +cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}" +rm "${TMP_VARIABLES_FILE}" + +cd ${SCRIPT_DIR}/terraform +terraform init +terraform apply diff --git a/1-quickstart/200-openshift-gitops/bom.yaml b/1-quickstart/200-openshift-gitops/bom.yaml new file mode 100644 index 0000000..5db4630 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/bom.yaml @@ -0,0 +1,86 @@ +apiVersion: cloud.ibm.com/v1alpha1 +kind: BillOfMaterial +metadata: + name: 200-openshift-gitops + labels: + type: software + code: '200' + annotations: + displayName: OpenShift GitOps Bootstrap + description: >- + Provisions OpenShift GitOps (ArgoCD) into an existing cluster and + bootstraps it to a gitops repository +spec: + modules: + - name: gitops-repo + alias: gitops_repo + version: v1.19.4 + - name: argocd-bootstrap + alias: argocd-bootstrap + version: v1.12.0 + variables: + - name: create_webhook + value: true + - name: prefix + value: maximo + - name: gitops-cluster-config + alias: gitops-cluster-config + version: v1.0.0 + - name: gitops-console-link-job + alias: gitops-console-link-job + version: v1.4.6 + - name: gitops-namespace + alias: toolkit_namespace + version: v1.11.2 + default: true + variables: + - name: name + value: toolkit + - name: ocp-login + alias: cluster + version: v1.3.1 + - name: olm + alias: olm + version: v1.3.2 + - name: sealed-secret-cert + alias: sealed-secret-cert + version: v1.0.1 + variables: + - name: gitops_repo_host + type: string + description: The host for the git repository. + defaultValue: '' + - name: gitops_repo_org + type: string + description: The org/group where the git repository exists/will be provisioned. + defaultValue: '' + - name: gitops_repo_project + type: string + description: >- + The project that will be used for the git repo. (Primarily used for + Azure DevOps repos) + defaultValue: '' + - name: gitops_repo_username + type: string + description: The username of the user with access to the repository + defaultValue: '' + - name: gitops_repo_token + type: string + description: The personal access token used to access the repository + defaultValue: '' + sensitive: true + - name: gitops_repo_repo + type: string + description: >- + The short name of the repository (i.e. the part after the org/group + name) + - name: gitops-cluster-config_banner_text + type: string + description: The text that will appear in the top banner in the cluster + - name: server_url + type: string + description: The url for the OpenShift api + - name: cluster_login_token + type: string + description: Token used for authentication + sensitive: true diff --git a/1-quickstart/200-openshift-gitops/dependencies.dot b/1-quickstart/200-openshift-gitops/dependencies.dot new file mode 100644 index 0000000..774bfca --- /dev/null +++ b/1-quickstart/200-openshift-gitops/dependencies.dot @@ -0,0 +1,22 @@ +digraph { + rankdir="BT" + "gitops_repo (gitops-repo)" -> "sealed-secret-cert (sealed-secret-cert)" +"gitops_repo (gitops-repo)" +"sealed-secret-cert (sealed-secret-cert)" +"argocd-bootstrap (argocd-bootstrap)" -> "cluster (ocp-login)" +"argocd-bootstrap (argocd-bootstrap)" -> "olm (olm)" +"argocd-bootstrap (argocd-bootstrap)" -> "gitops_repo (gitops-repo)" +"argocd-bootstrap (argocd-bootstrap)" -> "sealed-secret-cert (sealed-secret-cert)" +"argocd-bootstrap (argocd-bootstrap)" +"cluster (ocp-login)" +"olm (olm)" -> "cluster (ocp-login)" +"olm (olm)" +"gitops-cluster-config (gitops-cluster-config)" -> "gitops_repo (gitops-repo)" +"gitops-cluster-config (gitops-cluster-config)" -> "toolkit_namespace (gitops-namespace)" +"gitops-cluster-config (gitops-cluster-config)" +"toolkit_namespace (gitops-namespace)" -> "gitops_repo (gitops-repo)" +"toolkit_namespace (gitops-namespace)" +"gitops-console-link-job (gitops-console-link-job)" -> "gitops_repo (gitops-repo)" +"gitops-console-link-job (gitops-console-link-job)" -> "toolkit_namespace (gitops-namespace)" +"gitops-console-link-job (gitops-console-link-job)" + } \ No newline at end of file diff --git a/1-quickstart/200-openshift-gitops/destroy.sh b/1-quickstart/200-openshift-gitops/destroy.sh new file mode 100755 index 0000000..7c27549 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/destroy.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$(cd $(dirname $0); pwd -P) + +cd "${SCRIPT_DIR}/terraform" +terraform init +terraform destroy -auto-approve diff --git a/1-quickstart/200-openshift-gitops/terraform/200-openshift-gitops.auto.tfvars b/1-quickstart/200-openshift-gitops/terraform/200-openshift-gitops.auto.tfvars new file mode 100644 index 0000000..4eeed30 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/200-openshift-gitops.auto.tfvars @@ -0,0 +1,27 @@ +## gitops_repo_host: The host for the git repository. +#gitops_repo_host="" + +## gitops_repo_org: The org/group where the git repository exists/will be provisioned. +#gitops_repo_org="" + +## gitops_repo_project: The project that will be used for the git repo. (Primarily used for Azure DevOps repos) +#gitops_repo_project="" + +## gitops_repo_username: The username of the user with access to the repository +#gitops_repo_username="" + +## gitops_repo_token: The personal access token used to access the repository +#gitops_repo_token="" + +## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name) +#gitops_repo_repo="" + +## gitops-cluster-config_banner_text: The text that will appear in the top banner in the cluster +#gitops-cluster-config_banner_text="" + +## server_url: The url for the OpenShift api +#server_url="" + +## cluster_login_token: Token used for authentication +#cluster_login_token="" + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/argocd-bootstrap.md b/1-quickstart/200-openshift-gitops/terraform/docs/argocd-bootstrap.md new file mode 100644 index 0000000..9677934 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/argocd-bootstrap.md @@ -0,0 +1,52 @@ +# ArgoCD Bootstrap module + +Module that provisions the OpenShift CI/CD tools (ArgoCD, Tekton, and Kube Seal) in the target cluster and bootstraps the ArgoCD environment with a GitOps repository. This module assumes that a direct connection to the cluster is availble in order to deploy the services and configure the ArgoCD instance. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform - v14 + +### Terraform providers + +None + +## Module dependencies + +This module makes use of the output from other modules: + +- Cluster + - github.com/cloud-native-toolkit/terraform-ibm-container-platform + - github.com/cloud-native-toolkit/terraform-ibm-ocp-vpc + - github.com/cloud-native-toolkit/terraform-k8s-ocp-cluster + - github.com/cloud-native-toolkit/terraform-ocp-login +- OLM + - github.com/cloud-native-toolkit/terraform-k8s-olm +- GitOps + - github.com/cloud-native-toolkit/terraform-tools-gitops +- Sealed Secret Cert + - github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert + +## Example usage + +```hcl-terraform +module "argocd-bootsrap" { + source = "github.com/cloud-native-toolkit/terraform-tools-argocd-bootstrap.git" + + cluster_type = module.dev_cluster.platform.type_code + ingress_subdomain = module.dev_cluster.platform.ingress + cluster_config_file = module.dev_cluster.config_file_path + olm_namespace = module.dev_software_olm.olm_namespace + operator_namespace = module.dev_software_olm.target_namespace + gitops_repo_url = module.gitops.config_repo_url + git_username = module.gitops.config_username + git_token = module.gitops.config_token + bootstrap_path = module.gitops.bootstrap_path + sealed_secret_cert = module.cert.cert + sealed_secret_private_key = module.cert.private_key +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/gitops-cluster-config.md b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-cluster-config.md new file mode 100644 index 0000000..8079c97 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-cluster-config.md @@ -0,0 +1,39 @@ +# Cluster config gitops module + +Module to populate a gitops repository with base configuration of the Red Hat OpenShift cluster (notification banner, help menus, etc). + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform - v14 +- kubectl + +### Terraform providers + +None + +## Module dependencies + +This module makes use of the output from other modules: + +- Gitops - github.com/cloud-native-toolkit/terraform-tools-gitops.git +- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git + +## Example usage + +```hcl-terraform +module "cluster-config" { + source = "github.com/cloud-native-toolkit/terraform-gitops-cluster-config.git" + + gitops_config = module.gitops.gitops_config + git_credentials = module.gitops.git_credentials + server_name = module.gitops.server_name + namespace = module.gitops_namespace.name + kubeseal_cert = module.argocd-bootstrap.sealed_secrets_cert + banner_text = var.banner_text +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/gitops-console-link-job.md b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-console-link-job.md new file mode 100644 index 0000000..4d25cc8 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-console-link-job.md @@ -0,0 +1,41 @@ +# Console Link Cronjob module + +Module that populates gitops repository with the Console Link Cronjob chart from https://charts.cloudnativetoolkit.dev. The chart deploys a cron job into a cluster that runs periodically (every 5 minutes by default) looking for matching resources and creating cron jobs and config maps with the information. The matching resources include routes with the `console-link.cloud-native-toolkit.dev/enabled=true` label and `logdna-agent` and `sysdig-agent` daemonsets. + +This module uses the following Helm Charts from toolkit-charts( https://charts.cloudnativetoolkit.dev ) : https://github.com/cloud-native-toolkit/toolkit-charts/blob/main/stable/console-link-cronjob/README.md + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git +- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git.git + +## Example usage + +```hcl-terraform +module "console_link_job" { + source = "github.com/cloud-native-toolkit/terraform-gitops-console-link-job.git" + + config_repo = module.gitops.config_repo + config_token = module.gitops.config_token + config_paths = module.gitops.config_paths + config_projects = module.gitops.config_projects + application_repo = module.gitops.application_repo + application_token = module.gitops.application_token + application_paths = module.gitops.application_paths +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/gitops-namespace.md b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-namespace.md new file mode 100644 index 0000000..374abd1 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-namespace.md @@ -0,0 +1,41 @@ +# Namespace gitops config + +Module to configure a GitOps repo to provision a namespace + + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- git + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git + +## Example usage + +```hcl-terraform +module "gitops_namespace" { + source = "github.com/ibm-garage-cloud/terraform-gitops-namespace.git" + + config_repo = module.gitops.config_repo + config_token = module.gitops.config_token + config_paths = module.gitops.config_paths + application_repo = module.gitops.application_repo + application_token = module.gitops.application_token + application_paths = module.gitops.application_paths + name = var.namespace + create_operator_group = false +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/gitops-repo.md b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-repo.md new file mode 100644 index 0000000..37846fd --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/gitops-repo.md @@ -0,0 +1,56 @@ +# GitOps repo module + +Module that prepares a GitOps repo for use with ArgoCD. If the `provision` flag is `true` then a new git repo will be provisioned. If not, the provided repo name is expected to already exist. + +After cloning the git repo, an initial directory structure is set up along with bootstrap configuration to perform the initial setup of ArgoCD. + +## Supported git servers + +The module supports creating a repository in one of six different git servers: + +- GitHub +- GitHub Enterprise +- Gitlab +- Bitbucket +- Gitea +- Azure DevOps + +The selection of the git server type is determined by the value provided for the `host`. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- git + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- None + +## Example usage + +```hcl-terraform +module "git" { + source = "github.com/cloud-native-toolkit/terraform-tools-gitops" + + host = var.git_host + org = var.git_org + repo = var.git_repo + username = var.git_username + token = var.git_token + project = var.git_project + gitops_namespace = var.gitops_namespace + sealed_secrets_cert = module.cert.cert + strict = var.gitops_strict +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/ocp-login.md b/1-quickstart/200-openshift-gitops/terraform/docs/ocp-login.md new file mode 100644 index 0000000..6e4ad22 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/ocp-login.md @@ -0,0 +1,36 @@ +# OCP Login + +Terraform module to log into a cluster and write the credentials into the kube config file. The file path is output by the module. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform - v0.15 + +### Terraform providers + +None + +## Module dependencies + +None + +## Example usage + +```hcl-terraform +module "dev_tools_argocd" { + source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0" + + cluster_config_file = module.dev_cluster.config_file_path + cluster_type = module.dev_cluster.type + app_namespace = module.dev_cluster_namespaces.tools_namespace_name + ingress_subdomain = module.dev_cluster.ingress_hostname + olm_namespace = module.dev_software_olm.olm_namespace + operator_namespace = module.dev_software_olm.target_namespace + name = "argocd" +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/olm.md b/1-quickstart/200-openshift-gitops/terraform/docs/olm.md new file mode 100644 index 0000000..4616b71 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/olm.md @@ -0,0 +1,29 @@ +# Operator Lifecycle Manager module + +Installs Operator Lifecycle Manager (OLM) into a cluster. However, if the cluster is OpenShift 4.x +and already has OLM installed then the module does not install anything. It can still be used to export +the olm namespaces for use by downstream modules. + +## Example usage + +```hcl-terraform +module "dev_software_olm_release" { + source = "github.com/ibm-garage-cloud/garage-terraform-modules.git//self-managed/software/operator-lifecycle-manager?ref=olm" + + cluster_config_file = "~/.kube/config" + cluster_version = "3.11" + cluster_type = "ocp3" +} +``` + +Another example + +```hcl-terraform +module "dev_software_olm_release" { + source = "github.com/ibm-garage-cloud/garage-terraform-modules.git//self-managed/software/operator-lifecycle-manager?ref=olm" + + cluster_config_file = module.dev_cluster.config_file_path + cluster_version = module.dev_cluster.version + cluster_type = var.cluster_type +} +``` diff --git a/1-quickstart/200-openshift-gitops/terraform/docs/sealed-secret-cert.md b/1-quickstart/200-openshift-gitops/terraform/docs/sealed-secret-cert.md new file mode 100644 index 0000000..7f81a1e --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/docs/sealed-secret-cert.md @@ -0,0 +1,38 @@ +# Sealed Secret Cert module + +Module to collect or create a certificate and private key used with the sealed secrets service. The sealed secrets service +is used to store confidential information in a GitOps repository as encrypted SealedSecret resources. When the SealedSecret +resources are deployed to the cluster, the Kube Seal operator decrypts the contents of the SealedSecret and generates a +Secret. + +In order for the encryption process to work, the SealedSecret content must be encrypted using at public certificate and +the Kube Seal process will decrypt the content using the matching private key that has been provided to the cluster as a +secret. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform - v14 + +### Terraform providers + +- tls provider + +## Module dependencies + +None + +## Example usage + +```hcl-terraform +module "cert" { + source = "github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert.git" + + private_key_file = var.private_key_file + cert_file = var.cert_file +} +``` + diff --git a/1-quickstart/200-openshift-gitops/terraform/main.tf b/1-quickstart/200-openshift-gitops/terraform/main.tf new file mode 100644 index 0000000..5231b00 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/main.tf @@ -0,0 +1,100 @@ +module "argocd-bootstrap" { + source = "github.com/cloud-native-toolkit/terraform-tools-argocd-bootstrap?ref=v1.12.0" + + bootstrap_path = module.gitops_repo.bootstrap_path + bootstrap_prefix = var.argocd-bootstrap_bootstrap_prefix + cluster_config_file = module.cluster.config_file_path + cluster_type = module.cluster.platform.type_code + create_webhook = var.argocd-bootstrap_create_webhook + git_token = module.gitops_repo.config_token + git_username = module.gitops_repo.config_username + gitops_repo_url = module.gitops_repo.config_repo_url + ingress_subdomain = module.cluster.platform.ingress + olm_namespace = module.olm.olm_namespace + operator_namespace = module.olm.target_namespace + sealed_secret_cert = module.sealed-secret-cert.cert + sealed_secret_private_key = module.sealed-secret-cert.private_key +} +module "cluster" { + source = "github.com/cloud-native-toolkit/terraform-ocp-login?ref=v1.3.1" + + ca_cert = var.cluster_ca_cert + ca_cert_file = var.cluster_ca_cert_file + cluster_version = var.cluster_cluster_version + ingress_subdomain = var.cluster_ingress_subdomain + login_password = var.cluster_login_password + login_token = var.cluster_login_token + login_user = var.cluster_login_user + server_url = var.server_url + skip = var.cluster_skip + tls_secret_name = var.cluster_tls_secret_name +} +module "gitops_repo" { + source = "github.com/cloud-native-toolkit/terraform-tools-gitops?ref=v1.19.4" + + branch = var.gitops_repo_branch + gitea_host = var.gitops_repo_gitea_host + gitea_org = var.gitops_repo_gitea_org + gitea_token = var.gitops_repo_gitea_token + gitea_username = var.gitops_repo_gitea_username + gitops_namespace = var.gitops_repo_gitops_namespace + host = var.gitops_repo_host + org = var.gitops_repo_org + project = var.gitops_repo_project + public = var.gitops_repo_public + repo = var.gitops_repo_repo + sealed_secrets_cert = module.sealed-secret-cert.cert + server_name = var.gitops_repo_server_name + strict = var.gitops_repo_strict + token = var.gitops_repo_token + type = var.gitops_repo_type + username = var.gitops_repo_username +} +module "gitops-cluster-config" { + source = "github.com/cloud-native-toolkit/terraform-gitops-cluster-config?ref=v1.0.0" + + banner_background_color = var.gitops-cluster-config_banner_background_color + banner_text = var.gitops-cluster-config_banner_text + banner_text_color = var.gitops-cluster-config_banner_text_color + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + namespace = module.toolkit_namespace.name + server_name = module.gitops_repo.server_name +} +module "gitops-console-link-job" { + source = "github.com/cloud-native-toolkit/terraform-gitops-console-link-job?ref=v1.4.6" + + cluster_ingress_hostname = var.gitops-console-link-job_cluster_ingress_hostname + cluster_type = var.gitops-console-link-job_cluster_type + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + namespace = module.toolkit_namespace.name + server_name = module.gitops_repo.server_name + tls_secret_name = var.gitops-console-link-job_tls_secret_name +} +module "olm" { + source = "github.com/cloud-native-toolkit/terraform-k8s-olm?ref=v1.3.2" + + cluster_config_file = module.cluster.config_file_path + cluster_type = module.cluster.platform.type_code + cluster_version = module.cluster.platform.version +} +module "sealed-secret-cert" { + source = "github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert?ref=v1.0.1" + + cert = var.sealed-secret-cert_cert + cert_file = var.sealed-secret-cert_cert_file + private_key = var.sealed-secret-cert_private_key + private_key_file = var.sealed-secret-cert_private_key_file +} +module "toolkit_namespace" { + source = "github.com/cloud-native-toolkit/terraform-gitops-namespace?ref=v1.11.2" + + argocd_namespace = var.toolkit_namespace_argocd_namespace + ci = var.toolkit_namespace_ci + create_operator_group = var.toolkit_namespace_create_operator_group + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + name = var.toolkit_namespace_name + server_name = module.gitops_repo.server_name +} diff --git a/1-quickstart/200-openshift-gitops/terraform/terragrunt.hcl b/1-quickstart/200-openshift-gitops/terraform/terragrunt.hcl new file mode 100644 index 0000000..3f0a224 --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/terragrunt.hcl @@ -0,0 +1,39 @@ +dependencies { + paths = ["../105-azure-ocp-ipi","../110-azure-acme-certificate"] +} + +dependency "acme-certs" { + config_path = "../110-azure-acme-certificate" + + mock_outputs_allowed_terraform_commands = ["init","validate","plan"] + mock_outputs = { + ca_cert = "fake-ca-cert" + } +} + +dependency "ocp-ipi" { + config_path = "../105-azure-ocp-ipi" + + mock_outputs_allowed_terraform_commands = ["init","validate","plan"] + mock_outputs = { + server_url = "https://fake.url.org:6443" + username = "fakeuser" + password = "fakepassword" + } +} + +inputs = { + cluster_ca_cert = base64encode("${dependency.acme-certs.outputs.ca_cert}") + server_url = dependency.ocp-ipi.outputs.server_url + cluster_login_user = dependency.ocp-ipi.outputs.username + cluster_login_password = dependency.ocp-ipi.outputs.password + cluster_login_token="" +} + +terraform { + # Ensures paralellism never exceed three modules at any time + extra_arguments "reduced_parallelism" { + commands = get_terraform_commands_that_need_parallelism() + arguments = ["-parallelism=3"] + } +} \ No newline at end of file diff --git a/1-quickstart/200-openshift-gitops/terraform/variables.tf b/1-quickstart/200-openshift-gitops/terraform/variables.tf new file mode 100644 index 0000000..9e2f0aa --- /dev/null +++ b/1-quickstart/200-openshift-gitops/terraform/variables.tf @@ -0,0 +1,206 @@ +variable "gitops_repo_host" { + type = string + description = "The host for the git repository." + default = "" +} +variable "gitops_repo_type" { + type = string + description = "[Deprecated] The type of the hosted git repository." + default = "" +} +variable "gitops_repo_org" { + type = string + description = "The org/group where the git repository exists/will be provisioned." + default = "" +} +variable "gitops_repo_project" { + type = string + description = "The project that will be used for the git repo. (Primarily used for Azure DevOps repos)" + default = "" +} +variable "gitops_repo_username" { + type = string + description = "The username of the user with access to the repository" + default = "" +} +variable "gitops_repo_token" { + type = string + description = "The personal access token used to access the repository" + default = "" +} +variable "gitops_repo_gitea_host" { + type = string + description = "The host for the git repository." + default = "" +} +variable "gitops_repo_gitea_org" { + type = string + description = "The org/group where the git repository exists/will be provisioned." + default = "" +} +variable "gitops_repo_gitea_username" { + type = string + description = "The username of the user with access to the repository" + default = "" +} +variable "gitops_repo_gitea_token" { + type = string + description = "The personal access token used to access the repository" + default = "" +} +variable "gitops_repo_repo" { + type = string + description = "The short name of the repository (i.e. the part after the org/group name)" +} +variable "gitops_repo_branch" { + type = string + description = "The name of the branch that will be used. If the repo already exists (provision=false) then it is assumed this branch already exists as well" + default = "main" +} +variable "gitops_repo_public" { + type = bool + description = "Flag indicating that the repo should be public or private" + default = false +} +variable "gitops_repo_gitops_namespace" { + type = string + description = "The namespace where ArgoCD is running in the cluster" + default = "openshift-gitops" +} +variable "gitops_repo_server_name" { + type = string + description = "The name of the cluster that will be configured via gitops. This is used to separate the config by cluster" + default = "default" +} +variable "gitops_repo_strict" { + type = bool + description = "Flag indicating that an error should be thrown if the repo already exists" + default = false +} +variable "argocd-bootstrap_bootstrap_prefix" { + type = string + description = "The prefix used in ArgoCD to bootstrap the application" + default = "" +} +variable "argocd-bootstrap_create_webhook" { + type = bool + description = "Flag indicating that a webhook should be created in the gitops repo to notify argocd of changes" + default = true +} +variable "gitops-cluster-config_banner_background_color" { + type = string + description = "The background color of the top banner. This value can be a named color (e.g. purple, red) or an RGB value (#FF0000)." + default = "purple" +} +variable "gitops-cluster-config_banner_text_color" { + type = string + description = "The text color for the top banner. This value can be a named color (e.g. purple, red) or an RGB value (#FF0000)." + default = "white" +} +variable "gitops-cluster-config_banner_text" { + type = string + description = "The text that will appear in the top banner in the cluster" +} +variable "gitops-console-link-job_cluster_ingress_hostname" { + type = string + description = "Ingress hostname of the IKS cluster." + default = "" +} +variable "gitops-console-link-job_cluster_type" { + type = string + description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)" + default = "ocp4" +} +variable "gitops-console-link-job_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificate values" + default = "" +} +variable "toolkit_namespace_name" { + type = string + description = "The value that should be used for the namespace" + default = "toolkit" +} +variable "toolkit_namespace_ci" { + type = bool + description = "Flag indicating that this namespace will be used for development (e.g. configmaps and secrets)" + default = false +} +variable "toolkit_namespace_create_operator_group" { + type = bool + description = "Flag indicating that an operator group should be created in the namespace" + default = true +} +variable "toolkit_namespace_argocd_namespace" { + type = string + description = "The namespace where argocd has been deployed" + default = "openshift-gitops" +} +variable "server_url" { + type = string + description = "The url for the OpenShift api" +} +variable "cluster_login_user" { + type = string + description = "Username for login" + default = "" +} +variable "cluster_login_password" { + type = string + description = "Password for login" + default = "" +} +variable "cluster_login_token" { + type = string + description = "Token used for authentication" +} +variable "cluster_skip" { + type = bool + description = "Flag indicating that the cluster login has already been performed" + default = false +} +variable "cluster_cluster_version" { + type = string + description = "The version of the cluster (passed through to the output)" + default = "" +} +variable "cluster_ingress_subdomain" { + type = string + description = "The ingress subdomain of the cluster (passed through to the output)" + default = "" +} +variable "cluster_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificates for the ingress subdomain (passed through to the output)" + default = "" +} +variable "cluster_ca_cert" { + type = string + description = "The base64 encoded ca certificate" + default = "" +} +variable "cluster_ca_cert_file" { + type = string + description = "The path to the file that contains the ca certificate" + default = "" +} +variable "sealed-secret-cert_cert" { + type = string + description = "The public key that will be used to encrypt sealed secrets. If not provided, a new one will be generated" + default = "" +} +variable "sealed-secret-cert_private_key" { + type = string + description = "The private key that will be used to decrypt sealed secrets. If not provided, a new one will be generated" + default = "" +} +variable "sealed-secret-cert_cert_file" { + type = string + description = "The file containing the public key that will be used to encrypt the sealed secrets. If not provided a new public key will be generated" + default = "" +} +variable "sealed-secret-cert_private_key_file" { + type = string + description = "The file containin the private key that will be used to encrypt the sealed secrets. If not provided a new private key will be generated" + default = "" +} diff --git a/1-quickstart/210-azure-default-storage/terraform/terragrunt.hcl b/1-quickstart/210-azure-default-storage/terraform/terragrunt.hcl index e69de29..23b21a6 100644 --- a/1-quickstart/210-azure-default-storage/terraform/terragrunt.hcl +++ b/1-quickstart/210-azure-default-storage/terraform/terragrunt.hcl @@ -0,0 +1,3 @@ +dependencies { + paths = ["../105-azure-ocp-ipi"] +} \ No newline at end of file diff --git a/1-quickstart/220-dev-tools/apply.sh b/1-quickstart/220-dev-tools/apply.sh new file mode 100755 index 0000000..8d4e15b --- /dev/null +++ b/1-quickstart/220-dev-tools/apply.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$(cd $(dirname $0); pwd -P) + +VARIABLES_FILE="${1}" +if [[ -z "${VARIABLES_FILE}" ]]; then + VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml" +fi + +YQ=$(command -v yq4 || command -v yq) +if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then + echo "yq v4 is required" + exit 1 +fi + +if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then + cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup" + rm "${SCRIPT_DIR}/terraform/terraform.tfvars" +fi + +if [[ ! -f "${VARIABLES_FILE}" ]]; then + echo "Variables can be provided in a yaml file passed as the first argument" + echo "" +fi + +TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp" + +echo "variables: []" > ${TMP_VARIABLES_FILE} + +cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do + default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -) + sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -) + description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -) + + variable_name="TF_VAR_${name}" + + environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*="(.*)".*/\1/g') + value="${environment_variable}" + if [[ -f "${VARIABLES_FILE}" ]]; then + value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -) + if [[ -z "${value}" ]]; then + value="${environment_variable}" + fi + fi + + while [[ -z "${value}" ]]; do + echo "Provide a value for '${name}':" + if [[ -n "${description}" ]]; then + echo " ${description}" + fi + sensitive_flag="" + if [[ "${sensitive}" == "true" ]]; then + sensitive_flag="-s" + fi + default_prompt="" + if [[ -n "${default_value}" ]]; then + default_prompt="(${default_value}) " + fi + read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value + value=${value:-$default_value} + done + + echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars" + if [[ "${sensitive}" != "true" ]]; then + NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}" + fi +done + +cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}" +rm "${TMP_VARIABLES_FILE}" + +cd ${SCRIPT_DIR}/terraform +terraform init +terraform apply diff --git a/1-quickstart/220-dev-tools/bom.yaml b/1-quickstart/220-dev-tools/bom.yaml new file mode 100644 index 0000000..96a013d --- /dev/null +++ b/1-quickstart/220-dev-tools/bom.yaml @@ -0,0 +1,67 @@ +apiVersion: cloud.ibm.com/v1alpha1 +kind: BillOfMaterial +metadata: + name: 220-dev-tools + labels: + type: software + code: '220' + annotations: + displayName: OpenShift development tools + description: Provisions development tools in an OpenShift cluster + deployment-type/gitops: 'true' +spec: + modules: + - name: gitops-artifactory + alias: gitops-artifactory + version: v1.2.1 + - name: gitops-dashboard + alias: gitops-dashboard + version: v1.6.2 + - name: gitops-namespace + alias: tools_namespace + version: v1.11.2 + default: true + variables: + - name: name + value: tools + - name: gitops-pact-broker + alias: gitops-pact-broker + version: v1.1.7 + - name: gitops-repo + alias: gitops_repo + version: v1.19.4 + - name: gitops-sonarqube + alias: gitops-sonarqube + version: v1.2.6 + - name: gitops-tekton-resources + alias: gitops-tekton-resources + version: v1.1.4 + variables: + - name: gitops_repo_host + type: string + description: The host for the git repository. + defaultValue: '' + - name: gitops_repo_org + type: string + description: The org/group where the git repository exists/will be provisioned. + defaultValue: '' + - name: gitops_repo_project + type: string + description: >- + The project that will be used for the git repo. (Primarily used for + Azure DevOps repos) + defaultValue: '' + - name: gitops_repo_username + type: string + description: The username of the user with access to the repository + defaultValue: '' + - name: gitops_repo_token + type: string + description: The personal access token used to access the repository + defaultValue: '' + sensitive: true + - name: gitops_repo_repo + type: string + description: >- + The short name of the repository (i.e. the part after the org/group + name) diff --git a/1-quickstart/220-dev-tools/dependencies.dot b/1-quickstart/220-dev-tools/dependencies.dot new file mode 100644 index 0000000..34dccc6 --- /dev/null +++ b/1-quickstart/220-dev-tools/dependencies.dot @@ -0,0 +1,21 @@ +digraph { + rankdir="BT" + "gitops-artifactory (gitops-artifactory)" -> "gitops_repo (gitops-repo)" +"gitops-artifactory (gitops-artifactory)" -> "tools_namespace (gitops-namespace)" +"gitops-artifactory (gitops-artifactory)" +"gitops_repo (gitops-repo)" +"tools_namespace (gitops-namespace)" -> "gitops_repo (gitops-repo)" +"tools_namespace (gitops-namespace)" +"gitops-dashboard (gitops-dashboard)" -> "gitops_repo (gitops-repo)" +"gitops-dashboard (gitops-dashboard)" -> "tools_namespace (gitops-namespace)" +"gitops-dashboard (gitops-dashboard)" +"gitops-pact-broker (gitops-pact-broker)" -> "gitops_repo (gitops-repo)" +"gitops-pact-broker (gitops-pact-broker)" -> "tools_namespace (gitops-namespace)" +"gitops-pact-broker (gitops-pact-broker)" +"gitops-sonarqube (gitops-sonarqube)" -> "gitops_repo (gitops-repo)" +"gitops-sonarqube (gitops-sonarqube)" -> "tools_namespace (gitops-namespace)" +"gitops-sonarqube (gitops-sonarqube)" +"gitops-tekton-resources (gitops-tekton-resources)" -> "gitops_repo (gitops-repo)" +"gitops-tekton-resources (gitops-tekton-resources)" -> "tools_namespace (gitops-namespace)" +"gitops-tekton-resources (gitops-tekton-resources)" + } \ No newline at end of file diff --git a/1-quickstart/220-dev-tools/destroy.sh b/1-quickstart/220-dev-tools/destroy.sh new file mode 100755 index 0000000..7c27549 --- /dev/null +++ b/1-quickstart/220-dev-tools/destroy.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$(cd $(dirname $0); pwd -P) + +cd "${SCRIPT_DIR}/terraform" +terraform init +terraform destroy -auto-approve diff --git a/1-quickstart/220-dev-tools/terraform/220-dev-tools.auto.tfvars b/1-quickstart/220-dev-tools/terraform/220-dev-tools.auto.tfvars new file mode 100644 index 0000000..474cfe8 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/220-dev-tools.auto.tfvars @@ -0,0 +1,18 @@ +## gitops_repo_host: The host for the git repository. +#gitops_repo_host="" + +## gitops_repo_org: The org/group where the git repository exists/will be provisioned. +#gitops_repo_org="" + +## gitops_repo_project: The project that will be used for the git repo. (Primarily used for Azure DevOps repos) +#gitops_repo_project="" + +## gitops_repo_username: The username of the user with access to the repository +#gitops_repo_username="" + +## gitops_repo_token: The personal access token used to access the repository +#gitops_repo_token="" + +## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name) +#gitops_repo_repo="" + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-artifactory.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-artifactory.md new file mode 100644 index 0000000..8b8776f --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-artifactory.md @@ -0,0 +1,39 @@ +# Artifactory Gitops module + +Module to populate a gitops repository with the resources to deploy Artifactory. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform - v0.15 +- git + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- GitOps - github.com/cloud-native-toolkit/terraform-tools-gitops.git +- Cluster - github.com/ibm-garage-cloud/terraform-ibm-ocp-vpc.git +- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git + + +## Example usage + +```hcl-terraform +module "gitops_artifactory" { + source = "github.com/cloud-native-toolkit/terraform-gitops-artifactory.git" + + gitops_config = module.gitops.gitops_config + git_credentials = module.gitops.git_credentials + namespace = module.gitops_namespace.name + server_name = module.gitops.server_name +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-dashboard.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-dashboard.md new file mode 100644 index 0000000..663b858 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-dashboard.md @@ -0,0 +1,42 @@ +# Developer Dashboard module + +Module that populates gitops repository with the Developer Dashboard chart from https://charts.cloudnativetoolkit.dev. Developer dashboard displays the links to all the tools installed on the cluster as part of CloudNative toolkit. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- kubectl + +### Terraform providers + +- IBM Cloud provider >= 1.5.3 +- Helm provider >= 1.1.1 (provided by Terraform) + +## Module dependencies + +This module makes use of the output from other modules: + +- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git +- Namespace - github.com/ibm-garage-clout/terraform-cluster-namespace.git +- etc + +## Example usage + +```hcl-terraform +module "dev_tools_argocd" { + source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0" + + cluster_config_file = module.dev_cluster.config_file_path + cluster_type = module.dev_cluster.type + app_namespace = module.dev_cluster_namespaces.tools_namespace_name + ingress_subdomain = module.dev_cluster.ingress_hostname + olm_namespace = module.dev_software_olm.olm_namespace + operator_namespace = module.dev_software_olm.target_namespace + name = "argocd" +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-namespace.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-namespace.md new file mode 100644 index 0000000..374abd1 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-namespace.md @@ -0,0 +1,41 @@ +# Namespace gitops config + +Module to configure a GitOps repo to provision a namespace + + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- git + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git + +## Example usage + +```hcl-terraform +module "gitops_namespace" { + source = "github.com/ibm-garage-cloud/terraform-gitops-namespace.git" + + config_repo = module.gitops.config_repo + config_token = module.gitops.config_token + config_paths = module.gitops.config_paths + application_repo = module.gitops.application_repo + application_token = module.gitops.application_token + application_paths = module.gitops.application_paths + name = var.namespace + create_operator_group = false +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-pact-broker.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-pact-broker.md new file mode 100644 index 0000000..e4724f0 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-pact-broker.md @@ -0,0 +1,37 @@ +# Pact Broker gitops module + +Module to populate a gitops repo with the Pact Broker deployment. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- kubectl + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git +- Namespace - github.com/ibm-garage-clout/terraform-cluster-namespace.git +- etc +## Example usage + +```hcl-terraform +module "gitops_pactbroker" { + source = "github.com/cloud-native-toolkit/terraform-gitops-pactbroker.git" + + gitops_config = module.gitops.gitops_config + git_credentials = module.gitops.git_credentials + namespace = module.gitops_namespace.name + server_name = module.gitops.server_name +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-repo.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-repo.md new file mode 100644 index 0000000..37846fd --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-repo.md @@ -0,0 +1,56 @@ +# GitOps repo module + +Module that prepares a GitOps repo for use with ArgoCD. If the `provision` flag is `true` then a new git repo will be provisioned. If not, the provided repo name is expected to already exist. + +After cloning the git repo, an initial directory structure is set up along with bootstrap configuration to perform the initial setup of ArgoCD. + +## Supported git servers + +The module supports creating a repository in one of six different git servers: + +- GitHub +- GitHub Enterprise +- Gitlab +- Bitbucket +- Gitea +- Azure DevOps + +The selection of the git server type is determined by the value provided for the `host`. + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- git + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- None + +## Example usage + +```hcl-terraform +module "git" { + source = "github.com/cloud-native-toolkit/terraform-tools-gitops" + + host = var.git_host + org = var.git_org + repo = var.git_repo + username = var.git_username + token = var.git_token + project = var.git_project + gitops_namespace = var.gitops_namespace + sealed_secrets_cert = module.cert.cert + strict = var.gitops_strict +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-sonarqube.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-sonarqube.md new file mode 100644 index 0000000..9c0ee35 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-sonarqube.md @@ -0,0 +1,44 @@ +# SonarQube gitops module + +Module to populate a gitops repo with the resources to deploy SonarQube + + + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 +- kubectl + +### Terraform providers + +- IBM Cloud provider >= 1.5.3 +- Helm provider >= 1.1.1 (provided by Terraform) + +## Module dependencies + +This module makes use of the output from other modules: + +- Cluster - github.com/ibm-garage-cloud/terraform-ibm-container-platform.git +- Namespace - github.com/ibm-garage-cloud/terraform-cluster-namespace.git +- etc. + +## Example usage + +```hcl-terraform +module "dev_tools_argocd" { + source = "github.com/ibm-garage-cloud/terraform-tools-argocd.git?ref=v1.0.0" + + cluster_config_file = module.dev_cluster.config_file_path + cluster_type = module.dev_cluster.type + app_namespace = module.dev_cluster_namespaces.tools_namespace_name + ingress_subdomain = module.dev_cluster.ingress_hostname + olm_namespace = module.dev_software_olm.olm_namespace + operator_namespace = module.dev_software_olm.target_namespace + name = "argocd" +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/docs/gitops-tekton-resources.md b/1-quickstart/220-dev-tools/terraform/docs/gitops-tekton-resources.md new file mode 100644 index 0000000..519ca56 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/docs/gitops-tekton-resources.md @@ -0,0 +1,35 @@ +# Tekton Resources GitOps module + +Module to populate a gitops repo with Tekton resources (tasks and pipelines). + +## Software dependencies + +The module depends on the following software components: + +### Command-line tools + +- terraform >= v0.15 + +### Terraform providers + +- None + +## Module dependencies + +This module makes use of the output from other modules: + +- GitOps repo - github.com/cloud-native-toolkit/terraform-tools-gitops.git +- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git + +## Example usage + +```hcl-terraform +module "tekton_resources" { + source = "github.com/cloud-native-toolkit/terraform-gitops-tekton-resources" + + gitops_config = module.gitops.gitops_config + git_credentials = module.gitops.git_credentials + namespace = module.gitops_namespace.name +} +``` + diff --git a/1-quickstart/220-dev-tools/terraform/main.tf b/1-quickstart/220-dev-tools/terraform/main.tf new file mode 100644 index 0000000..79e72b7 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/main.tf @@ -0,0 +1,95 @@ +module "gitops_repo" { + source = "github.com/cloud-native-toolkit/terraform-tools-gitops?ref=v1.19.4" + + branch = var.gitops_repo_branch + gitea_host = var.gitops_repo_gitea_host + gitea_org = var.gitops_repo_gitea_org + gitea_token = var.gitops_repo_gitea_token + gitea_username = var.gitops_repo_gitea_username + gitops_namespace = var.gitops_repo_gitops_namespace + host = var.gitops_repo_host + org = var.gitops_repo_org + project = var.gitops_repo_project + public = var.gitops_repo_public + repo = var.gitops_repo_repo + sealed_secrets_cert = var.gitops_repo_sealed_secrets_cert + server_name = var.gitops_repo_server_name + strict = var.gitops_repo_strict + token = var.gitops_repo_token + type = var.gitops_repo_type + username = var.gitops_repo_username +} +module "gitops-artifactory" { + source = "github.com/cloud-native-toolkit/terraform-gitops-artifactory?ref=v1.2.1" + + cluster_ingress_hostname = var.gitops-artifactory_cluster_ingress_hostname + cluster_type = var.gitops-artifactory_cluster_type + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + namespace = module.tools_namespace.name + persistence = var.gitops-artifactory_persistence + server_name = module.gitops_repo.server_name + storage_class = var.gitops-artifactory_storage_class + tls_secret_name = var.gitops-artifactory_tls_secret_name +} +module "gitops-dashboard" { + source = "github.com/cloud-native-toolkit/terraform-gitops-dashboard?ref=v1.6.2" + + cluster_ingress_hostname = var.gitops-dashboard_cluster_ingress_hostname + cluster_type = var.gitops-dashboard_cluster_type + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + image_tag = var.gitops-dashboard_image_tag + namespace = module.tools_namespace.name + server_name = module.gitops_repo.server_name + tls_secret_name = var.gitops-dashboard_tls_secret_name +} +module "gitops-pact-broker" { + source = "github.com/cloud-native-toolkit/terraform-gitops-pact-broker?ref=v1.1.7" + + cluster_ingress_hostname = var.gitops-pact-broker_cluster_ingress_hostname + cluster_type = var.gitops-pact-broker_cluster_type + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + namespace = module.tools_namespace.name + server_name = module.gitops_repo.server_name + tls_secret_name = var.gitops-pact-broker_tls_secret_name +} +module "gitops-sonarqube" { + source = "github.com/cloud-native-toolkit/terraform-gitops-sonarqube?ref=v1.2.6" + + cluster_ingress_hostname = var.gitops-sonarqube_cluster_ingress_hostname + cluster_type = var.gitops-sonarqube_cluster_type + cluster_version = var.gitops-sonarqube_cluster_version + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + hostname = var.gitops-sonarqube_hostname + kubeseal_cert = module.gitops_repo.sealed_secrets_cert + namespace = module.tools_namespace.name + persistence = var.gitops-sonarqube_persistence + plugins = var.gitops-sonarqube_plugins == null ? null : jsondecode(var.gitops-sonarqube_plugins) + server_name = module.gitops_repo.server_name + service_account_name = var.gitops-sonarqube_service_account_name + storage_class = var.gitops-sonarqube_storage_class + tls_secret_name = var.gitops-sonarqube_tls_secret_name +} +module "gitops-tekton-resources" { + source = "github.com/cloud-native-toolkit/terraform-gitops-tekton-resources?ref=v1.1.4" + + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + namespace = module.tools_namespace.name + server_name = module.gitops_repo.server_name + task_release = var.gitops-tekton-resources_task_release +} +module "tools_namespace" { + source = "github.com/cloud-native-toolkit/terraform-gitops-namespace?ref=v1.11.2" + + argocd_namespace = var.tools_namespace_argocd_namespace + ci = var.tools_namespace_ci + create_operator_group = var.tools_namespace_create_operator_group + git_credentials = module.gitops_repo.git_credentials + gitops_config = module.gitops_repo.gitops_config + name = var.tools_namespace_name + server_name = module.gitops_repo.server_name +} diff --git a/1-quickstart/220-dev-tools/terraform/terragrunt.hcl b/1-quickstart/220-dev-tools/terraform/terragrunt.hcl new file mode 100644 index 0000000..7f3a076 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/terragrunt.hcl @@ -0,0 +1,12 @@ +dependencies { + paths = ["../200-openshift-gitops"] + +} + +terraform { + # Ensures paralellism never exceed three modules at any time + extra_arguments "reduced_parallelism" { + commands = get_terraform_commands_that_need_parallelism() + arguments = ["-parallelism=3"] + } +} \ No newline at end of file diff --git a/1-quickstart/220-dev-tools/terraform/variables.tf b/1-quickstart/220-dev-tools/terraform/variables.tf new file mode 100644 index 0000000..7596c72 --- /dev/null +++ b/1-quickstart/220-dev-tools/terraform/variables.tf @@ -0,0 +1,214 @@ +variable "gitops-artifactory_cluster_ingress_hostname" { + type = string + description = "Ingress hostname of the IKS cluster." + default = "" +} +variable "gitops-artifactory_cluster_type" { + type = string + description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)" + default = "ocp4" +} +variable "gitops-artifactory_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificate values" + default = "" +} +variable "gitops-artifactory_storage_class" { + type = string + description = "The storage class to use for the persistent volume claim" + default = "" +} +variable "gitops-artifactory_persistence" { + type = bool + description = "Flag to indicate if persistence should be enabled" + default = true +} +variable "gitops-dashboard_cluster_type" { + type = string + description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)" + default = "openshift" +} +variable "gitops-dashboard_cluster_ingress_hostname" { + type = string + description = "Ingress hostname of the IKS cluster." + default = "" +} +variable "gitops-dashboard_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificate values" + default = "" +} +variable "gitops-dashboard_image_tag" { + type = string + description = "The image version tag to use" + default = "v1.4.4" +} +variable "tools_namespace_name" { + type = string + description = "The value that should be used for the namespace" + default = "tools" +} +variable "tools_namespace_ci" { + type = bool + description = "Flag indicating that this namespace will be used for development (e.g. configmaps and secrets)" + default = false +} +variable "tools_namespace_create_operator_group" { + type = bool + description = "Flag indicating that an operator group should be created in the namespace" + default = true +} +variable "tools_namespace_argocd_namespace" { + type = string + description = "The namespace where argocd has been deployed" + default = "openshift-gitops" +} +variable "gitops-pact-broker_cluster_type" { + type = string + description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)" + default = "ocp4" +} +variable "gitops-pact-broker_cluster_ingress_hostname" { + type = string + description = "Ingress hostname of the IKS cluster." + default = "" +} +variable "gitops-pact-broker_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificate values" + default = "" +} +variable "gitops_repo_host" { + type = string + description = "The host for the git repository." + default = "" +} +variable "gitops_repo_type" { + type = string + description = "[Deprecated] The type of the hosted git repository." + default = "" +} +variable "gitops_repo_org" { + type = string + description = "The org/group where the git repository exists/will be provisioned." + default = "" +} +variable "gitops_repo_project" { + type = string + description = "The project that will be used for the git repo. (Primarily used for Azure DevOps repos)" + default = "" +} +variable "gitops_repo_username" { + type = string + description = "The username of the user with access to the repository" + default = "" +} +variable "gitops_repo_token" { + type = string + description = "The personal access token used to access the repository" + default = "" +} +variable "gitops_repo_gitea_host" { + type = string + description = "The host for the git repository." + default = "" +} +variable "gitops_repo_gitea_org" { + type = string + description = "The org/group where the git repository exists/will be provisioned." + default = "" +} +variable "gitops_repo_gitea_username" { + type = string + description = "The username of the user with access to the repository" + default = "" +} +variable "gitops_repo_gitea_token" { + type = string + description = "The personal access token used to access the repository" + default = "" +} +variable "gitops_repo_repo" { + type = string + description = "The short name of the repository (i.e. the part after the org/group name)" +} +variable "gitops_repo_branch" { + type = string + description = "The name of the branch that will be used. If the repo already exists (provision=false) then it is assumed this branch already exists as well" + default = "main" +} +variable "gitops_repo_public" { + type = bool + description = "Flag indicating that the repo should be public or private" + default = false +} +variable "gitops_repo_gitops_namespace" { + type = string + description = "The namespace where ArgoCD is running in the cluster" + default = "openshift-gitops" +} +variable "gitops_repo_server_name" { + type = string + description = "The name of the cluster that will be configured via gitops. This is used to separate the config by cluster" + default = "default" +} +variable "gitops_repo_sealed_secrets_cert" { + type = string + description = "The certificate/public key used to encrypt the sealed secrets" + default = "" +} +variable "gitops_repo_strict" { + type = bool + description = "Flag indicating that an error should be thrown if the repo already exists" + default = false +} +variable "gitops-sonarqube_cluster_ingress_hostname" { + type = string + description = "Ingress hostname of the IKS cluster." + default = "" +} +variable "gitops-sonarqube_cluster_type" { + type = string + description = "The cluster type (openshift or ocp3 or ocp4 or kubernetes)" + default = "ocp4" +} +variable "gitops-sonarqube_tls_secret_name" { + type = string + description = "The name of the secret containing the tls certificate values" + default = "" +} +variable "gitops-sonarqube_storage_class" { + type = string + description = "The storage class to use for the persistent volume claim" + default = "" +} +variable "gitops-sonarqube_service_account_name" { + type = string + description = "The name of the service account that should be used for the deployment" + default = "sonarqube-sonarqube" +} +variable "gitops-sonarqube_plugins" { + type = string + description = "The list of plugins that will be installed on SonarQube" + default = "[\"https://github.com/checkstyle/sonar-checkstyle/releases/download/4.33/checkstyle-sonar-plugin-4.33.jar\"]" +} +variable "gitops-sonarqube_hostname" { + type = string + description = "The hostname that will be used for the ingress/route" + default = "sonarqube" +} +variable "gitops-sonarqube_persistence" { + type = bool + description = "Flag indicating that persistence should be enabled for the pods" + default = false +} +variable "gitops-sonarqube_cluster_version" { + type = string + description = "The cluster version" + default = "" +} +variable "gitops-tekton-resources_task_release" { + type = string + description = "The release version of the tekton tasks" + default = "v2.7.1" +} diff --git a/1-quickstart/terraform.tfvars-template b/1-quickstart/terraform.tfvars-template index 81c565b..f3a54fc 100644 --- a/1-quickstart/terraform.tfvars-template +++ b/1-quickstart/terraform.tfvars-template @@ -59,4 +59,22 @@ worker_node_type="Standard_D4s_v3" #api_key_file="/terraform/certs/api-cert.key" ## API Server certificate issuer CA -#api_issuer_ca_file="/terraform/certs/api-issuer-ca.crt" \ No newline at end of file +#api_issuer_ca_file="/terraform/certs/api-issuer-ca.crt" + +###################### +#### Gitops + +## gitops_repo_host: The host for the git repository. +gitops_repo_host="github.com" + +## gitops_repo_type: The type of the hosted git repository (github or gitlab). +#gitops_repo_type="github" + +## gitops_repo_org: The org/group where the git repository exists/will be provisioned. +#gitops_repo_org="" + +## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name) +gitops_repo_repo="PREFIXqs-gitops" + +## config_banner_text: The text that will appear in the top banner in the cluster +gitops-cluster-config_banner_text="Azure Quickstart" \ No newline at end of file diff --git a/credentials.template b/credentials.template index e150689..4f66df0 100644 --- a/credentials.template +++ b/credentials.template @@ -28,3 +28,10 @@ TF_VAR_testing=none # This needs to be a base64 encoded string of the Portworx specification yaml (refer to https://github.com/cloud-native-toolkit/terraform-azure-portworx) # This can be left empty if the portworx spec file path is specified in the terraform.tfvars file. TF_VAR_portworx_spec= + +## The username on github.com that will be used to provision the gitops repository +TF_VAR_gitops_repo_username= +## The personal access token that will be used to authenticate to github.com to provision the gitops repository. (The user should have necessary access in the org to create the repository and the token should have `delete_repo` permission.) +TF_VAR_gitops_repo_token= +## (Optional) The github.com org where the gitops repository will be provisioned. If not provided the org will default to the username. +TF_VAR_gitops_repo_org= diff --git a/terraform.tfvars.template-quickstart b/terraform.tfvars.template-quickstart index 9853982..40bead2 100644 --- a/terraform.tfvars.template-quickstart +++ b/terraform.tfvars.template-quickstart @@ -56,4 +56,22 @@ worker_node_type="Standard_D4s_v3" #api_key_file="/terraform/certs/api-cert.key" ## API Server certificate issuer CA -#api_issuer_ca_file="/terraform/certs/api-issuer-ca.crt" \ No newline at end of file +#api_issuer_ca_file="/terraform/certs/api-issuer-ca.crt" + +###################### +#### Gitops + +## gitops_repo_host: The host for the git repository. +gitops_repo_host="github.com" + +## gitops_repo_type: The type of the hosted git repository (github or gitlab). +#gitops_repo_type="github" + +## gitops_repo_org: The org/group where the git repository exists/will be provisioned. +#gitops_repo_org="" + +## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name) +gitops_repo_repo="PREFIXqs-gitops" + +## config_banner_text: The text that will appear in the top banner in the cluster +gitops-cluster-config_banner_text="Azure Quickstart" \ No newline at end of file