feat: add rds resource

humanitec-architecture · Jan 2, 2024 · 2e51951 · 2e51951
1 parent 4f2b3c2
commit 2e51951
Show file tree

Hide file tree

Showing 18 changed files with 1,012 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 .terraform
 .terraform.lock.hcl
 terraform.tfstate*
+terraform.tfvars
diff --git a/examples/rds/basic-postgres/eks.tf b/examples/rds/basic-postgres/eks.tf
@@ -0,0 +1,100 @@
+module "eks" {
+  source = "terraform-aws-modules/eks/aws"
+
+  cluster_name                   = var.name
+  cluster_version                = "1.28"
+  cluster_endpoint_public_access = true
+
+  cluster_addons = {
+    kube-proxy = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent = true
+    }
+    coredns = {
+      most_recent = true
+      configuration_values = jsonencode({
+        computeType = "Fargate"
+      })
+    }
+  }
+
+  vpc_id                   = module.vpc.vpc_id
+  subnet_ids               = module.vpc.private_subnets
+  control_plane_subnet_ids = module.vpc.intra_subnets
+
+  # Fargate profiles use the cluster primary security group so these are not utilized
+  create_cluster_security_group = false
+  create_node_security_group    = false
+
+  cluster_security_group_additional_rules = {
+    ingress_all = {
+      protocol  = "-1"
+      from_port = 0
+      to_port   = 6555
+      type      = "ingress"
+    }
+    egress_all = {
+      protocol  = "-1"
+      from_port = 0
+      to_port   = 6555
+      type      = "egress"
+    }
+  }
+
+  fargate_profile_defaults = {
+    iam_role_additional_policies = {
+      additional = aws_iam_policy.additional.arn
+    }
+  }
+
+  fargate_profiles = merge(
+    {
+      example = {
+        name = "example"
+        selectors = [
+          {
+            namespace = "*"
+          }
+        ]
+
+        # Using specific subnets instead of the subnets supplied for the cluster itself
+        subnet_ids = [module.vpc.private_subnets[1]]
+
+        tags = {
+          Owner = "secondary"
+        }
+
+        timeouts = {
+          create = "20m"
+          delete = "20m"
+        }
+      }
+    },
+    { for i in range(3) :
+      "kube-system-${element(split("-", local.azs[i]), 2)}" => {
+        selectors = [
+          { namespace = "kube-system" }
+        ]
+        # We want to create a profile per AZ for high availability
+        subnet_ids = [element(module.vpc.private_subnets, i)]
+      }
+    }
+  )
+}
+
+resource "aws_iam_policy" "additional" {
+  name = "${var.name}-additional"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        "Effect" : "Allow"
+        "Action" : "*"
+        "Resource" : "*"
+      },
+    ]
+  })
+}
diff --git a/examples/rds/basic-postgres/humanitec.tf b/examples/rds/basic-postgres/humanitec.tf
@@ -0,0 +1,58 @@
+resource "humanitec_application" "app" {
+  id   = var.name
+  name = var.name
+}
+
+resource "humanitec_resource_definition" "cluster" {
+  id          = "${var.name}-aws-cluster"
+  name        = "${var.name}-aws-cluster"
+  type        = "k8s-cluster"
+  driver_type = "humanitec/k8s-cluster-eks"
+
+  driver_inputs = {
+    values_string = jsonencode({
+      "loadbalancer" = module.eks.cluster_endpoint
+      "name"         = module.eks.cluster_name
+      "region"       = var.region
+    })
+    secrets_string = jsonencode({
+      "credentials" = {
+        "aws_access_key_id" : var.access_key
+        "aws_secret_access_key" : var.secret_key
+      }
+    })
+  }
+}
+
+module "rds" {
+  source = "../../../humanitec-resource-defs/rds/basic"
+
+  prefix                 = "${var.name}-"
+  resource_packs_aws_rev = var.resource_packs_aws_rev
+  resource_packs_aws_url = var.resource_packs_aws_url
+
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = var.region
+
+  name          = "${var.name}-database"
+  database_name = "my_database"
+  username      = "username"
+  password      = "password"
+
+  create_db_subnet_group = true
+  db_subnet_group_name   = "${var.name}-subnet-group"
+  subnet_ids             = module.vpc.private_subnets
+
+  vpc_security_group_ids = [module.vpc.default_security_group_id]
+}
+
+resource "humanitec_resource_definition_criteria" "cluster" {
+  resource_definition_id = humanitec_resource_definition.cluster.id
+  app_id                 = humanitec_application.app.id
+}
+
+resource "humanitec_resource_definition_criteria" "rds" {
+  resource_definition_id = module.rds.id
+  app_id                 = humanitec_application.app.id
+}
diff --git a/examples/rds/basic-postgres/providers.tf b/examples/rds/basic-postgres/providers.tf
@@ -0,0 +1,23 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    humanitec = {
+      source = "humanitec/humanitec"
+    }
+  }
+}
+
+provider "aws" {
+  region     = var.region
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+provider "humanitec" {
+  host   = var.humanitec_host
+  org_id = var.humanitec_org_id
+  token  = var.humanitec_token
+}
diff --git a/examples/rds/basic-postgres/variables.tf b/examples/rds/basic-postgres/variables.tf
@@ -0,0 +1,40 @@
+variable "name" {
+  type = string
+}
+
+variable "access_key" {
+  type = string
+}
+
+variable "secret_key" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "humanitec_org_id" {
+  type = string
+}
+
+variable "humanitec_token" {
+  type = string
+}
+
+variable "resource_packs_aws_url" {
+  description = "AWS Resource Pack git url"
+  type        = string
+  default     = "https://github.com/humanitec-architecture/resource-packs-aws.git"
+}
+
+variable "resource_packs_aws_rev" {
+  description = "AWS Resource Pack git branch"
+  type        = string
+  default     = "refs/heads/main"
+}
+
+variable "humanitec_host" {
+  type    = string
+  default = "https://api.humanitec.io"
+}
diff --git a/examples/rds/basic-postgres/vpc.tf b/examples/rds/basic-postgres/vpc.tf
@@ -0,0 +1,30 @@
+data "aws_availability_zones" "available" {}
+
+locals {
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 4.0"
+
+  name = var.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  public_subnet_tags = {
+    "kubernetes.io/role/elb" = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/role/internal-elb" = 1
+  }
+}
diff --git a/humanitec-resource-defs/rds/basic/README.md b/humanitec-resource-defs/rds/basic/README.md
@@ -0,0 +1,64 @@
+<!-- BEGIN_TF_DOCS -->
+
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| humanitec | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [humanitec_resource_definition.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| access\_key | n/a | `string` | n/a | yes |
+| database\_name | n/a | `string` | n/a | yes |
+| db\_subnet\_group\_name | n/a | `string` | n/a | yes |
+| name | n/a | `string` | n/a | yes |
+| password | n/a | `string` | n/a | yes |
+| prefix | n/a | `string` | n/a | yes |
+| region | n/a | `string` | n/a | yes |
+| secret\_key | n/a | `string` | n/a | yes |
+| subnet\_ids | n/a | `set(string)` | n/a | yes |
+| username | n/a | `string` | n/a | yes |
+| vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes |
+| allocated\_storage | n/a | `number` | `20` | no |
+| backup\_retention\_period | n/a | `number` | `1` | no |
+| backup\_window | n/a | `string` | `null` | no |
+| create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no |
+| create\_db\_subnet\_group | n/a | `bool` | `true` | no |
+| create\_monitoring\_role | n/a | `bool` | `true` | no |
+| deletion\_protection | n/a | `bool` | `false` | no |
+| enabled\_cloudwatch\_logs\_exports | n/a | `set(string)` | `[]` | no |
+| engine | n/a | `string` | `"postgres"` | no |
+| engine\_version | n/a | `string` | `"14"` | no |
+| group\_family | n/a | `string` | `"postgres14"` | no |
+| instance\_class | n/a | `string` | `"db.t4g.large"` | no |
+| maintenance\_window | n/a | `string` | `null` | no |
+| max\_allocated\_storage | n/a | `number` | `100` | no |
+| monitoring\_interval | n/a | `number` | `60` | no |
+| monitoring\_role\_description | n/a | `string` | `"Monitoring role for RDS basic cluster"` | no |
+| monitoring\_role\_name | n/a | `string` | `"rds-basic-monitoring-role"` | no |
+| monitoring\_role\_use\_name\_prefix | n/a | `bool` | `true` | no |
+| multi\_az | n/a | `bool` | `true` | no |
+| parameters | n/a | `set(any)` | <pre>[<br>  {<br>    "name": "autovacuum",<br>    "value": 1<br>  },<br>  {<br>    "name": "client_encoding",<br>    "value": "utf8"<br>  }<br>]</pre> | no |
+| performance\_insights\_enabled | n/a | `bool` | `true` | no |
+| performance\_insights\_retention\_period | n/a | `number` | `7` | no |
+| port | n/a | `number` | `5432` | no |
+| resource\_packs\_aws\_rev | n/a | `string` | `"ref/heads/main"` | no |
+| resource\_packs\_aws\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no |
+| skip\_final\_snapshot | n/a | `bool` | `true` | no |
+| type | n/a | `string` | `"postgres"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | n/a |
+<!-- END_TF_DOCS -->
diff --git a/humanitec-resource-defs/rds/basic/main.tf b/humanitec-resource-defs/rds/basic/main.tf
@@ -0,0 +1,60 @@
+resource "humanitec_resource_definition" "main" {
+  driver_type = "humanitec/terraform"
+  id          = "${var.prefix}rds"
+  name        = "${var.prefix}rds"
+  type        = var.type
+
+  driver_inputs = {
+    secrets_string = jsonencode({
+      variables = {
+        access_key = var.access_key
+        secret_key = var.secret_key
+      }
+    })
+
+    values_string = jsonencode({
+      source = {
+        path = "modules/rds/basic"
+        rev  = var.resource_packs_aws_rev
+        url  = var.resource_packs_aws_url
+      }
+      variables = {
+        region                                = var.region
+        res_id                                = "$${context.res.id}"
+        app_id                                = "$${context.app.id}"
+        env_id                                = "$${context.env.id}"
+        name                                  = var.name
+        database_name                         = var.database_name
+        username                              = var.username
+        password                              = var.password
+        create_db_subnet_group                = var.create_db_subnet_group
+        db_subnet_group_name                  = var.db_subnet_group_name
+        subnet_ids                            = var.subnet_ids
+        vpc_security_group_ids                = var.vpc_security_group_ids
+        port                                  = var.port
+        engine                                = var.engine
+        engine_version                        = var.engine_version
+        group_family                          = var.group_family
+        instance_class                        = var.instance_class
+        allocated_storage                     = var.allocated_storage
+        max_allocated_storage                 = var.max_allocated_storage
+        multi_az                              = var.multi_az
+        maintenance_window                    = var.maintenance_window
+        backup_window                         = var.backup_window
+        backup_retention_period               = var.backup_retention_period
+        create_cloudwatch_log_group           = var.create_cloudwatch_log_group
+        enabled_cloudwatch_logs_exports       = var.enabled_cloudwatch_logs_exports
+        skip_final_snapshot                   = var.skip_final_snapshot
+        deletion_protection                   = var.deletion_protection
+        performance_insights_enabled          = var.performance_insights_enabled
+        performance_insights_retention_period = var.performance_insights_retention_period
+        create_monitoring_role                = var.create_monitoring_role
+        monitoring_interval                   = var.monitoring_interval
+        monitoring_role_name                  = var.monitoring_role_name
+        monitoring_role_use_name_prefix       = var.monitoring_role_use_name_prefix
+        monitoring_role_description           = var.monitoring_role_description
+        parameters                            = var.parameters
+      }
+    })
+  }
+}
diff --git a/humanitec-resource-defs/rds/basic/outputs.tf b/humanitec-resource-defs/rds/basic/outputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = humanitec_resource_definition.main.id
+}
diff --git a/humanitec-resource-defs/rds/basic/providers.tf b/humanitec-resource-defs/rds/basic/providers.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    humanitec = {
+      source = "humanitec/humanitec"
+    }
+  }
+}