Don't use kubernetes-alpha provider (fixes #192)

camptocamp · Nov 4, 2020 · 2fbc93f · 2fbc93f
1 parent f2d27ba
commit 2fbc93f
Show file tree

Hide file tree

Showing 16 changed files with 183 additions and 343 deletions.
diff --git a/argocd/app-of-apps/Chart.yaml b/argocd/app-of-apps/Chart.yaml
@@ -0,0 +1,4 @@
+---
+apiVersion: "v2"
+name: "app-of-apps"
+version: "0"
diff --git a/argocd/app-of-apps/templates/apps.yaml b/argocd/app-of-apps/templates/apps.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
+  name: apps
+  namespace: argocd
+spec:
+  project: default
+  source:
+    path: argocd/apps
+    repoURL: {{ .Values.spec.source.repoURL }}
+    targetRevision: {{ .Values.spec.source.targetRevision }}
+    helm:
+      values: |
+        {{ toYaml .Values | nindent 8 }}
+  destination:
+    namespace: default
+    server: {{ .Values.spec.destination.server }}
+  syncPolicy:
+    automated:
+      selfHeal: true
diff --git a/argocd/app-of-apps/values.yaml b/argocd/app-of-apps/values.yaml
@@ -0,0 +1,7 @@
+---
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ...
+    targetRevision: HEAD
diff --git a/examples/k3os-libvirt-demo-app/terraform/main.tf b/examples/k3os-libvirt-demo-app/terraform/main.tf
@@ -1,6 +1,6 @@
 locals {
   repo_url        = "https://github.com/camptocamp/camptocamp-devops-stack.git"
-  target_revision = "master"
+  target_revision = "HEAD"
 
   base_domain                        = module.cluster.base_domain
   kubernetes_host                    = module.cluster.kubernetes_host
@@ -11,7 +11,7 @@ locals {
 }
 
 module "cluster" {
-  source = "git::https://github.com/camptocamp/camptocamp-devops-stack.git//modules/k3os-libvirt?ref=master"
+  source = "git::https://github.com/camptocamp/camptocamp-devops-stack.git//modules/k3os-libvirt?ref=HEAD"
 
   cluster_name = terraform.workspace
   node_count   = 1
@@ -20,11 +20,14 @@ module "cluster" {
   target_revision = local.target_revision
 }
 
-provider "kubernetes-alpha" {
-  host                   = local.kubernetes_host
-  username               = local.kubernetes_username
-  password               = local.kubernetes_password
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
+provider "helm" {
+  kubernetes {
+    insecure         = true
+    host             = local.kubernetes_host
+    username         = local.kubernetes_username
+    password         = local.kubernetes_password
+    load_config_file = false
+  }
 }
 
 provider "vault" {
@@ -33,47 +36,28 @@ provider "vault" {
   skip_tls_verify = true
 }
 
-resource "kubernetes_manifest" "project_apps" {
-  provider = kubernetes-alpha
-
-  manifest = {
-    "apiVersion" = "argoproj.io/v1alpha1"
-    "kind"       = "Application"
-    "metadata" = {
-      "name"      = "project-apps"
-      "namespace" = "argocd"
-      "annotations" = {
-        "argocd.argoproj.io/sync-wave" = "15"
-      }
-    }
-    "spec" = {
-      "project" = "default"
-      "source" = {
-        "path"           = "examples/k3s-docker-demo-app/argocd/project-apps"
-        "repoURL"        = local.repo_url
-        "targetRevision" = local.target_revision
-        "helm" = {
-          "values" = <<EOT
+resource "helm_release" "project_apps" {
+  name              = "project-apps"
+  chart             = "${path.module}/../argocd/project-apps"
+  namespace         = "argocd"
+  dependency_update = true
+  create_namespace  = true
+
+  values = [
+    <<EOT
 ---
 spec:
   source:
     repoURL: ${local.repo_url}
     targetRevision: ${local.target_revision}
+
 baseDomain: ${local.base_domain}
           EOT
-        }
-      }
-      "destination" = {
-        "namespace" = "default"
-        "server"    = "https://kubernetes.default.svc"
-      }
-      "syncPolicy" = {
-        "automated" = {
-          "selfHeal" = true
-        }
-      }
-    }
-  }
+  ]
+
+  depends_on = [
+    module.cluster,
+  ]
 }
 
 resource "random_password" "superdupersecret" {

diff --git a/examples/k3s-docker-demo-app/terraform/main.tf b/examples/k3s-docker-demo-app/terraform/main.tf
@@ -20,11 +20,14 @@ module "cluster" {
   target_revision = local.target_revision
 }
 
-provider "kubernetes-alpha" {
-  host                   = local.kubernetes_host
-  username               = local.kubernetes_username
-  password               = local.kubernetes_password
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
+provider "helm" {
+  kubernetes {
+    insecure         = true
+    host             = local.kubernetes_host
+    username         = local.kubernetes_username
+    password         = local.kubernetes_password
+    load_config_file = false
+  }
 }
 
 provider "vault" {
@@ -33,27 +36,15 @@ provider "vault" {
   skip_tls_verify = true
 }
 
-resource "kubernetes_manifest" "project_apps" {
-  provider = kubernetes-alpha
-
-  manifest = {
-    "apiVersion" = "argoproj.io/v1alpha1"
-    "kind"       = "Application"
-    "metadata" = {
-      "name"      = "project-apps"
-      "namespace" = "argocd"
-      "annotations" = {
-        "argocd.argoproj.io/sync-wave" = "15"
-      }
-    }
-    "spec" = {
-      "project" = "default"
-      "source" = {
-        "path"           = "examples/k3s-docker-demo-app/argocd/project-apps"
-        "repoURL"        = local.repo_url
-        "targetRevision" = local.target_revision
-        "helm" = {
-          "values" = <<EOT
+resource "helm_release" "project_apps" {
+  name              = "project-apps"
+  chart             = "${path.module}/../argocd/project-apps"
+  namespace         = "argocd"
+  dependency_update = true
+  create_namespace  = true
+
+  values = [
+    <<EOT
 ---
 spec:
   source:
@@ -62,25 +53,11 @@ spec:
 
 baseDomain: ${local.base_domain}
           EOT
-        }
-      }
-      "destination" = {
-        "namespace" = "default"
-        "server"    = "https://kubernetes.default.svc"
-      }
-      "syncPolicy" = {
-        "automated" = {
-          "selfHeal" = true
-        }
-      }
-    }
-  }
+  ]
 
-  lifecycle {
-    ignore_changes = [
-      object,
-    ]
-  }
+  depends_on = [
+    module.cluster,
+  ]
 }
 
 resource "random_password" "superdupersecret" {

diff --git a/modules/eks-aws/main.tf b/modules/eks-aws/main.tf
@@ -44,6 +44,7 @@ provider "helm" {
     host                   = local.kubernetes_host
     cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
     token                  = local.kubernetes_token
+    load_config_file       = false
   }
 }
 
@@ -54,12 +55,6 @@ provider "kubernetes" {
   load_config_file       = false
 }
 
-provider "kubernetes-alpha" {
-  host                   = local.kubernetes_host
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
-  token                  = local.kubernetes_token
-}
-
 locals {
   ingress_worker_group = merge(var.worker_groups.0, { target_group_arns = module.nlb.target_group_arns })
 }
@@ -139,54 +134,30 @@ resource "random_password" "oauth2_cookie_secret" {
   special = false
 }
 
-resource "kubernetes_manifest" "app_of_apps" {
-  provider = kubernetes-alpha
+resource "helm_release" "app_of_apps" {
+  name              = "app-of-apps"
+  chart             = "${path.module}/../../argocd/app-of-apps"
+  namespace         = "argocd"
+  dependency_update = true
+  create_namespace  = true
 
-  manifest = {
-    "apiVersion" = "argoproj.io/v1alpha1"
-    "kind"       = "Application"
-    "metadata" = {
-      "name"      = "apps"
-      "namespace" = "argocd"
-      "annotations" = {
-        "argocd.argoproj.io/sync-wave" = "5"
-      }
-    }
-    "spec" = {
-      "project" = "default"
-      "source" = {
-        "path"           = "argocd/apps"
-        "repoURL"        = var.repo_url
-        "targetRevision" = var.target_revision
-        "helm" = {
-          "parameters" = var.app_of_apps_parameters
-          "values" = templatefile("${path.module}/values.tmpl.yaml",
-            {
-              cluster_name                    = var.cluster_name,
-              base_domain                     = var.base_domain,
-              repo_url                        = var.repo_url,
-              target_revision                 = var.target_revision,
-              aws_default_region              = data.aws_region.current.name,
-              cert_manager_assumable_role_arn = module.iam_assumable_role_cert_manager.this_iam_role_arn,
-              cognito_user_pool_id            = var.cognito_user_pool_id
-              cognito_user_pool_client_id     = aws_cognito_user_pool_client.client.id
-              cognito_user_pool_client_secret = aws_cognito_user_pool_client.client.client_secret
-              cookie_secret                   = random_password.oauth2_cookie_secret.result
-            }
-          )
-        }
-      }
-      "destination" = {
-        "namespace" = "default"
-        "server"    = "https://kubernetes.default.svc"
-      }
-      "syncPolicy" = {
-        "automated" = {
-          "selfHeal" = true
-        }
+  values = [
+    templatefile("${path.module}/values.tmpl.yaml",
+      {
+        cluster_name                    = var.cluster_name,
+        base_domain                     = var.base_domain,
+        repo_url                        = var.repo_url,
+        target_revision                 = var.target_revision,
+        aws_default_region              = data.aws_region.current.name,
+        cert_manager_assumable_role_arn = module.iam_assumable_role_cert_manager.this_iam_role_arn,
+        cognito_user_pool_id            = var.cognito_user_pool_id
+        cognito_user_pool_client_id     = aws_cognito_user_pool_client.client.id
+        cognito_user_pool_client_secret = aws_cognito_user_pool_client.client.client_secret
+        cookie_secret                   = random_password.oauth2_cookie_secret.result
       }
-    }
-  }
+    ),
+    var.app_of_apps_values_overrides,
+  ]
 
   depends_on = [
     helm_release.argocd,

diff --git a/modules/eks-aws/variables.tf b/modules/eks-aws/variables.tf
@@ -50,12 +50,8 @@ variable "cognito_user_pool_id" {
   type        = string
 }
 
-variable "app_of_apps_parameters" {
-  description = "App of apps parameters overrides."
-  type = list(object({
-    name        = string
-    value       = string
-    forceString = bool
-  }))
-  default = []
+variable "app_of_apps_values_overrides" {
+  description = "App of apps values overrides."
+  type        = string
+  default     = ""
 }
diff --git a/modules/eks-aws/versions.tf b/modules/eks-aws/versions.tf
@@ -1,5 +1,9 @@
 terraform {
   required_providers {
+    random = {
+      source  = "hashicorp/random"
+      version = "3.0.0"
+    }
     aws = {
       source  = "hashicorp/aws"
       version = "3.8.0"
@@ -8,6 +12,10 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = "1.13.2"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "1.3.2"
+    }
     local = {
       source  = "hashicorp/local"
       version = "2.0.0"