Skip to content

Commit

Permalink
Finalização da Live (#1)
Browse files Browse the repository at this point in the history
* Adicionando o projeto Terraform

* Adicioando as tags no projeto

* Create main.yml

* Pipeline

* Atualização da Documentação

* Alteração na quantidade de nós

* Adicionando Tag

* Pipeline de destroy
  • Loading branch information
fabricioveronez authored May 8, 2024
1 parent a71014a commit 6386ab7
Show file tree
Hide file tree
Showing 10 changed files with 405 additions and 0 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/destroy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: "Terraform destroy"

on:
workflow_dispatch:

jobs:
terraform:
name: "Terraform destroy"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Configurar as credenciais da AWS
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1

- name: Terraform Init
working-directory: ./src
run: terraform init -backend-config="bucket=${{ secrets.AWS_BUCKET_NAME }}" -backend-config="key=${{ secrets.AWS_BUCKET_FILE }}"

- name: Terraform destroy
working-directory: ./src
run: terraform destroy --auto-approve
30 changes: 30 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: "Terraform"

on:
push:
branches: ["main"]
paths: ["src/**"]
workflow_dispatch:

jobs:
terraform:
name: "Terraform Apply"
runs-on: "ubuntu-latest"
steps:
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

- name: Checkout
uses: actions/checkout@v4

- name: Terraform init
working-directory: ./src
run: terraform init -backend-config="bucket=${{ secrets.AWS_BUCKET_NAME }}" -backend-config="key=${{ secrets.AWS_BUCKET_FILE }}"

- name: Terraform Apply
working-directory: ./src
run: terraform apply --auto-approve
66 changes: 66 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Automação com Terraform

## Objetivo do projeto

O objetivo é automatizar o processo de criação e manutenção do ambiente para execução dos projetos de Software da Mr. Fusion Solutions.

## Premissas do Projeto

Para o desenvolvimento do projeto, foram levantadas as seguintes premissas:

+ Utilizar o Terraform como ferramenta de infraestrutura como código.
+ O cluster Kubernetes deve ser criado utilizando o serviço Elastic Kubernetes Service (EKS) da AWS.
+ O projeto deve ser o mais simples e reaproveitável possível.
+ Toda vez que houver alteração no código Terraform na branch main do repositório, a pipeline deve ser executada.
+ Só vai haver um ambiente Kubernetes (os ambientes de desenvolvimento, homologação e produção serão separados por namespace).

## Tecnologias utilizadas no projeto

+ [AWS](https://aws.amazon.com)
+ [S3](https://aws.amazon.com/s3)
+ [EKS](https://aws.amazon.com/eks)
+ [AWS CLI](https://aws.amazon.com/cli/)
+ [Terraform](https://www.terraform.io)
+ [AWS Provider](https://registry.terraform.io/providers/hashicorp/aws)
+ [AWS VPC Terraform module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws)
+ [AWS EKS Terraform module](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws)
+ [GitHub](https://github.com)
+ [GitHub Actions](https://github.com/features/actions)

## Motivações para o uso de cada tecnologia

+ **EKS** - Requisito do projeto.
+ **S3** - Foi adotado para armazenar o estado atual do projeto Terraform. Foi definido o seu uso por ser um serviço da própria AWS e ter controle de versionamento dos arquivos.
+ **GitHub Actions** - Requisito do projeto.

## Instruções para executar

A pipeline de criação ou atualização do projeto é executada sempre que o código Terraform do projeto for alterado na branch main.

## Configurações
As variáveis de configuração do projeto estão no arquivo terraform.tfvars, exceto as variáveis consideradas sensiveis que estão no gerenciador de secrets do GitHub Actions.

**Variáveis armazendas em secrets:**

AWS_ACCESS_KEY_ID => Access Key utilizada para configurar o AWS CLI.

AWS_SECRET_ACCESS_KEY => Secret access Key utilizada para configurar o AWS CLI.

AWS_BUCKET_NAME => Nome do Bucket utilizado para armazenar o estado do projeto Terraform.

AWS_BUCKET_FILE => Nome do arquivo utilizado para armazenar o estado do projeto Terraform.

## Estrutura da solução

![Diagrama do projeto](./diagramas/pipeline.drawio.png)

Explicação do Fluxo

## Possíveis evoluções do projeto

Algumas evoluções que sugiro para o projeto:

+ Separar ambientes dev, homolog e prod utilizando o Terraform Workspace ou Terraform Grunt para criação e gerenciamento desses ambientes.
+ Usar o DynamoDB junto com o S3 para evitar execução paralela do Terraform.

...
Binary file added diagramas/pipeline.drawio.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
34 changes: 34 additions & 0 deletions src/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc
105 changes: 105 additions & 0 deletions src/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 53 additions & 0 deletions src/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.8.1"

name = var.aws_vpc_name
cidr = var.aws_vpc_cidr

azs = var.aws_vpc_azs
private_subnets = var.aws_vpc_private_subnets
public_subnets = var.aws_vpc_public_subnets

enable_nat_gateway = true
enable_vpn_gateway = true

tags = merge(var.aws_project_tags, { "kubernetes.io/cluster/${var.aws_eks_name}" = "shared" })

public_subnet_tags = {
"kubernetes.io/cluster/${var.aws_eks_name}" = "shared"
"kubernetes.io/role/elb" = 1
}

private_subnet_tags = {
"kubernetes.io/cluster/${var.aws_eks_name}" = "shared"
"kubernetes.io/role/internal-elb" = 1
}
}

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.8.5"

cluster_name = var.aws_eks_name
cluster_version = var.aws_eks_version

enable_cluster_creator_admin_permissions = true

subnet_ids = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id

cluster_endpoint_public_access = true

eks_managed_node_groups = {
default = {
min_size = 2
max_size = 2
desired_size = 2
instance_types = var.aws_eks_managed_node_groups_instance_types
tags = var.aws_project_tags
}
}

tags = var.aws_project_tags
}
15 changes: 15 additions & 0 deletions src/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.48.0"
}
}
backend "s3" {

}
}

provider "aws" {
region = var.aws_region
}
15 changes: 15 additions & 0 deletions src/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
aws_region = "us-east-1"
aws_vpc_name = "live-vpc"
aws_vpc_cidr = "10.0.0.0/16"
aws_vpc_azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
aws_vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
aws_vpc_public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
aws_eks_name = "live-eks"
aws_eks_version = "1.29"
aws_eks_managed_node_groups_instance_types = ["t3.small"]
aws_project_tags = {
Terraform = "true"
Environment = "producao"
Project = "live"
Teste = "ok"
}
Loading

0 comments on commit 6386ab7

Please sign in to comment.