adding the new cluster creation code

gitpod-io · Jun 24, 2022 · 37a5c53 · 37a5c53
1 parent 7fe2032
commit 37a5c53
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 12 deletions.
diff --git a/.werft/installer-tests.ts b/.werft/installer-tests.ts
@@ -107,17 +107,16 @@ const TEST_CONFIGURATIONS: { [name: string]: TestConfig } = {
         CLOUD: "aws",
         DESCRIPTION: "Create an EKS cluster",
         PHASES: [
-            "STANDARD_GKE_CLUSTER",
-            "STANDARD_EKS_CLUSTER", // this only creates aws dependencies for now
+            "STANDARD_EKS_CLUSTER",
             "CERT_MANAGER",
             "EXTERNALDNS",
             "CLUSTER_ISSUER",
             "ADD_NS_RECORD",
             "GENERATE_KOTS_CONFIG",
+            "RESULTS",
             "INSTALL_GITPOD",
-            // "CHECK_INSTALLATION",
+            "CHECK_INSTALLATION",
             // "RUN_INTEGRATION_TESTS",
-            "RESULTS",
             "DESTROY",
         ],
     },

diff --git a/install/infra/terraform/eks/kubernetes.tf b/install/infra/terraform/eks/kubernetes.tf
@@ -0,0 +1,98 @@
+resource "aws_iam_role" "EKSClusterRole" {
+  name = "${var.cluster_name}-eks-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "eks.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role" "NodeGroupRole" {
+  name = "${var.cluster_name}-node-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.EKSClusterRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.NodeGroupRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.NodeGroupRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.NodeGroupRole.name
+}
+
+resource "aws_eks_cluster" "gitpod-cluster" {
+  name     = "${var.cluster_name}-name"
+  role_arn = aws_iam_role.EKSClusterRole.arn
+  version  = "1.21"
+
+  vpc_config {
+    subnet_ids          = data.aws_subnet_ids.subnet_ids.ids
+
+    security_group_ids  = [ aws_security_group.alb.id ]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
+  ]
+}
+
+resource "aws_eks_node_group" "node-ec2" {
+  cluster_name    = aws_eks_cluster.gitpod-cluster.name
+  node_group_name = "t3_micro-node_group"
+  node_role_arn   = aws_iam_role.NodeGroupRole.arn
+  subnet_ids          = data.aws_subnet_ids.subnet_ids.ids
+
+  scaling_config {
+    desired_size = 2
+    max_size     = 3
+    min_size     = 1
+  }
+
+  ami_type       = "AL2_x86_64"
+  instance_types = ["t3.micro"]
+  capacity_type  = "ON_DEMAND"
+  disk_size      = 20
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
+    aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy
+  ]
+}
+
+resource "null_resource" "example1" {
+  depends_on = [aws_eks_node_group.node-ec2 ]
+  provisioner "local-exec" {
+    command = "aws eks update-kubeconfig --name ${aws_eks_cluster.gitpod-cluster.name} --kubeconfig ${var.kubeconfig}"
+  }
+}
diff --git a/install/infra/terraform/eks/output.tf b/install/infra/terraform/eks/output.tf
@@ -53,7 +53,7 @@ output "database" {
 output "registry" {
   sensitive = true
   value = try({
-    server  = data.aws_ecr_authorization_token.gitpod.proxy_endpoint
+    server  = aws_ecr_repository.gitpod.repository_url
     username = data.aws_ecr_authorization_token.gitpod.user_name
     password = data.aws_ecr_authorization_token.gitpod.password
   }, {})

diff --git a/install/infra/terraform/tools/issuer/azure/main.tf b/install/infra/terraform/tools/issuer/azure/main.tf
@@ -26,8 +26,8 @@ resource "kubernetes_manifest" "clusterissuer_gitpod" {
         "privateKeySecretRef" = {
           "name" = "issuer-account-key"
         }
-        # "server" = "https://acme-v02.api.letsencrypt.org/directory"
-        "server" = "https://acme-staging-v02.api.letsencrypt.org/directory"
+        "server" = "https://acme-v02.api.letsencrypt.org/directory"
+        # "server" = "https://acme-staging-v02.api.letsencrypt.org/directory"
         "solvers" = [
           {
             "dns01" = {

diff --git a/install/tests/Makefile b/install/tests/Makefile
@@ -156,7 +156,7 @@ get-config-aws-storage:
 	yq m -i tmp_config.yml tmp_2_config.yml
 
 get-config-aws-registry:
-	export SERVER=$$(terraform output -json registry | yq r - 'server') && \
+	export SERVER=$$(terraform output -json registry | yq r - 'server' | cut -d / -f 1) && \
 	export PASSWORD=$$(terraform output -json registry | yq r - 'password') && \
 	export USERNAME=$$(terraform output -json registry | yq r - 'username') && \
 	envsubst < ./manifests/kots-config-aws-registry.yaml > tmp_2_config.yml
@@ -174,7 +174,7 @@ license_community_stable := "../licenses/Community.yaml"
 license_community_unstable := "../licenses/Community (Unstable).yaml"
 
 install-kots-cli:
-	curl https://kots.io/install | bash
+	curl https://kots.io/install/1.72.0 | bash
 
 preflights ?= true
 channel ?= unstable

diff --git a/install/tests/main.tf b/install/tests/main.tf
@@ -40,8 +40,9 @@ module "k3s" {
 }
 
 locals {
-  eksmod = try(module.eks, null)
-  aksmod = try(module.aks, null)
+  eksmod = module.eks
+  aksmod = null
+  # aksmod = try(module.aks
   storage = coalesce(try(lookup(local.eksmod, "storage"), null), try(lookup(local.aksmod, "storage"), null))
   database = coalesce(try(lookup(local.eksmod, "database"), null), try(lookup(local.aksmod, "database"), null))
   registry = coalesce(try(lookup(local.eksmod, "registry"), null), try(lookup(local.aksmod, "registry"), null))

diff --git a/install/tests/manifests/kots-config-aws-storage.yaml b/install/tests/manifests/kots-config-aws-storage.yaml
@@ -3,7 +3,7 @@ kind: ConfigValues
 spec:
   values:
       store_provider:
-        value: "S3"
+        value: "s3"
         data: "store_provider"
       store_region:
         value: "${REGION}"