Don't use kubernetes-alpha provider (fixes camptocamp#192)

mcanevet · Nov 4, 2020 · edbdba4 · edbdba4
1 parent 66433db
commit edbdba4
Show file tree

Hide file tree

Showing 29 changed files with 700 additions and 131 deletions.
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -9,41 +9,49 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: examples/k3s-docker-demo-app
+        working-directory: tests/k3s-docker-demo-app
     steps:
       - uses: actions/checkout@v2
       - name: Deploy cluster
         run: ../../scripts/provision.sh
         env:
           CLUSTER_NAME: default
+          TF_VAR_repo_url: "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git"
+          TF_VAR_target_revision: ${{ github.base_ref }}
       - name: Destroy cluster
         run: ../../scripts/destroy.sh
         env:
           CLUSTER_NAME: default
+          TF_VAR_repo_url: "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git"
+          TF_VAR_target_revision: ${{ github.base_ref }}
   update:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: examples/k3s-docker-demo-app
+        working-directory: tests/k3s-docker-demo-app
     steps:
       - uses: actions/checkout@v2
         with:
           ref: ${{ github.base_ref }}
       - name: Deploy a cluster with base_ref code
-        run: |
-          ../../scripts/provision.sh
+        run: ../../scripts/provision.sh
         env:
           CLUSTER_NAME: default
+          TF_VAR_repo_url: "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git"
+          TF_VAR_target_revision: ${{ github.base_ref }}
       - uses: actions/checkout@v2
         with:
           ref: ${{ github.ref }}
           clean: false
       - name: Dry-run on ref
-        run: |
-          ../../scripts/plan.sh
+        run: ../../scripts/plan.sh
         env:
           CLUSTER_NAME: default
+          TF_VAR_repo_url: "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git"
+          TF_VAR_target_revision: ${{ github.base_ref }}
       - name: Destroy cluster
         run: ../../scripts/destroy.sh
         env:
           CLUSTER_NAME: default
+          TF_VAR_repo_url: "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git"
+          TF_VAR_target_revision: ${{ github.base_ref }}
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: examples/k3s-docker-demo-app
+        working-directory: tests/k3s-docker-demo-app
     steps:
       - uses: actions/checkout@v2
       - name: Deploy cluster

diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,6 @@ package-lock.json
 examples/*/terraform/dev.log
 examples/*/terraform/kubeconfig.yaml
 examples/*/terraform/terraform.tfstate*
+tests/*/terraform/dev.log
+tests/*/terraform/kubeconfig.yaml
+tests/*/terraform/terraform.tfstate*
diff --git a/argocd/app-of-apps/Chart.yaml b/argocd/app-of-apps/Chart.yaml
@@ -0,0 +1,4 @@
+---
+apiVersion: "v2"
+name: "app-of-apps"
+version: "0"
diff --git a/argocd/app-of-apps/templates/apps.yaml b/argocd/app-of-apps/templates/apps.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
+  name: apps
+  namespace: argocd
+spec:
+  project: default
+  source:
+    path: argocd/apps
+    repoURL: {{ .Values.spec.source.repoURL }}
+    targetRevision: {{ .Values.spec.source.targetRevision }}
+    helm:
+      values: |
+        {{ toYaml .Values | nindent 8 }}
+  destination:
+    namespace: default
+    server: {{ .Values.spec.destination.server }}
+  syncPolicy:
+    automated:
+      selfHeal: true
diff --git a/argocd/app-of-apps/values.yaml b/argocd/app-of-apps/values.yaml
@@ -0,0 +1,7 @@
+---
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ...
+    targetRevision: HEAD
diff --git a/examples/k3s-docker-demo-app/terraform/main.tf b/examples/k3s-docker-demo-app/terraform/main.tf
@@ -20,11 +20,14 @@ module "cluster" {
   target_revision = local.target_revision
 }
 
-provider "kubernetes-alpha" {
-  host                   = local.kubernetes_host
-  username               = local.kubernetes_username
-  password               = local.kubernetes_password
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
+provider "helm" {
+  kubernetes {
+    insecure         = true
+    host             = local.kubernetes_host
+    username         = local.kubernetes_username
+    password         = local.kubernetes_password
+    load_config_file = false
+  }
 }
 
 provider "vault" {
@@ -33,27 +36,15 @@ provider "vault" {
   skip_tls_verify = true
 }
 
-resource "kubernetes_manifest" "project_apps" {
-  provider = kubernetes-alpha
-
-  manifest = {
-    "apiVersion" = "argoproj.io/v1alpha1"
-    "kind"       = "Application"
-    "metadata" = {
-      "name"      = "project-apps"
-      "namespace" = "argocd"
-      "annotations" = {
-        "argocd.argoproj.io/sync-wave" = "15"
-      }
-    }
-    "spec" = {
-      "project" = "default"
-      "source" = {
-        "path"           = "examples/k3s-docker-demo-app/argocd/project-apps"
-        "repoURL"        = local.repo_url
-        "targetRevision" = local.target_revision
-        "helm" = {
-          "values" = <<EOT
+resource "helm_release" "project_apps" {
+  name              = "project-apps"
+  chart             = "${path.module}/../argocd/project-apps"
+  namespace         = "argocd"
+  dependency_update = true
+  create_namespace  = true
+
+  values = [
+    <<EOT
 ---
 spec:
   source:
@@ -62,25 +53,11 @@ spec:
 
 baseDomain: ${local.base_domain}
           EOT
-        }
-      }
-      "destination" = {
-        "namespace" = "default"
-        "server"    = "https://kubernetes.default.svc"
-      }
-      "syncPolicy" = {
-        "automated" = {
-          "selfHeal" = true
-        }
-      }
-    }
-  }
+  ]
 
-  lifecycle {
-    ignore_changes = [
-      object,
-    ]
-  }
+  depends_on = [
+    module.cluster,
+  ]
 }
 
 resource "random_password" "superdupersecret" {

diff --git a/modules/k3s-docker/main.tf b/modules/k3s-docker/main.tf
@@ -1,4 +1,3 @@
-
 locals {
   base_domain                       = format("%s.nip.io", replace(module.cluster.ingress_ip_address, ".", "-"))
   context                           = yamldecode(module.cluster.kubeconfig)
@@ -18,20 +17,6 @@ provider "helm" {
   }
 }
 
-provider "kubernetes" {
-  host                   = local.kubernetes_host
-  username               = local.kubernetes_username
-  password               = local.kubernetes_password
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
-}
-
-provider "kubernetes-alpha" {
-  host                   = local.kubernetes_host
-  username               = local.kubernetes_username
-  password               = local.kubernetes_password
-  cluster_ca_certificate = local.kubernetes_cluster_ca_certificate
-}
-
 provider "vault" {
   address         = format("https://vault.apps.%s", local.base_domain)
   token           = "root"
@@ -83,48 +68,24 @@ server:
   ]
 }
 
-resource "kubernetes_manifest" "app_of_apps" {
-  provider = kubernetes-alpha
-
-  manifest = {
-    "apiVersion" = "argoproj.io/v1alpha1"
-    "kind"       = "Application"
-    "metadata" = {
-      "name"      = "apps"
-      "namespace" = "argocd"
-      "annotations" = {
-        "argocd.argoproj.io/sync-wave" = "5"
-      }
-    }
-    "spec" = {
-      "project" = "default"
-      "source" = {
-        "path"           = "argocd/apps"
-        "repoURL"        = var.repo_url
-        "targetRevision" = var.target_revision
-        "helm" = {
-          "parameters" = var.app_of_apps_parameters
-          "values" = templatefile("${path.module}/values.tmpl.yaml",
-            {
-              cluster_name    = var.cluster_name,
-              base_domain     = local.base_domain,
-              repo_url        = var.repo_url,
-              target_revision = var.target_revision,
-            }
-          )
-        }
-      }
-      "destination" = {
-        "namespace" = "default"
-        "server"    = "https://kubernetes.default.svc"
-      }
-      "syncPolicy" = {
-        "automated" = {
-          "selfHeal" = true
-        }
+resource "helm_release" "app_of_apps" {
+  name              = "app-of-apps"
+  chart             = "${path.module}/../../argocd/app-of-apps"
+  namespace         = "argocd"
+  dependency_update = true
+  create_namespace  = true
+
+  values = [
+    templatefile("${path.module}/values.tmpl.yaml",
+      {
+        cluster_name    = var.cluster_name,
+        base_domain     = local.base_domain,
+        repo_url        = var.repo_url,
+        target_revision = var.target_revision,
       }
-    }
-  }
+    ),
+    var.app_of_apps_values_overrides,
+  ]
 
   depends_on = [
     helm_release.argocd,
@@ -133,7 +94,7 @@ resource "kubernetes_manifest" "app_of_apps" {
 
 resource "null_resource" "wait_for_vault" {
   depends_on = [
-    kubernetes_manifest.app_of_apps,
+    helm_release.app_of_apps,
   ]
 
   provisioner "local-exec" {

diff --git a/modules/k3s-docker/variables.tf b/modules/k3s-docker/variables.tf
@@ -25,12 +25,8 @@ variable "target_revision" {
   type        = string
 }
 
-variable "app_of_apps_parameters" {
-  description = "App of apps parameters overrides."
-  type = list(object({
-    name        = string
-    value       = string
-    forceString = bool
-  }))
-  default = []
+variable "app_of_apps_values_overrides" {
+  description = "App of apps values overrides."
+  type        = string
+  default     = ""
 }
diff --git a/modules/k3s-docker/versions.tf b/modules/k3s-docker/versions.tf
@@ -20,14 +20,6 @@ terraform {
       source  = "hashicorp/null"
       version = "3.0.0"
     }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "1.13.2"
-    }
-    kubernetes-alpha = {
-      source  = "hashicorp/kubernetes-alpha"
-      version = "0.2.1"
-    }
     vault = {
       source  = "hashicorp/vault"
       version = "2.15.0"

diff --git a/scripts/provision.sh b/scripts/provision.sh
@@ -4,13 +4,6 @@ cd terraform || exit
 terraform init -upgrade
 terraform workspace select "$CLUSTER_NAME" || terraform workspace new "$CLUSTER_NAME"
 terraform init -upgrade
-terraform apply --auto-approve \
-	-target module.cluster.module.cluster \
-	-target module.cluster.helm_release.argocd \
-	-target module.cluster.module.iam_assumable_role_cert_manager \
-	-target module.cluster.aws_cognito_user_pool_client.client \
-	-target module.cluster.random_password.oauth2_cookie_secret
-terraform apply --auto-approve -target module.cluster.kubernetes_manifest.app_of_apps
 terraform apply --auto-approve -target module.cluster.null_resource.wait_for_vault
 terraform apply --auto-approve
 terraform plan --detailed-exitcode

diff --git a/tests/k3s-docker-demo-app/Makefile b/tests/k3s-docker-demo-app/Makefile
@@ -0,0 +1,26 @@
+CLUSTER_NAME := default
+
+REMOTE := $(shell git status -sb|sed -Ene's@.. ([^\.]*)\.\.\.([^/]*)/(.*)@\2@p')
+TARGET_REVISION := $(shell git status -sb|sed -Ene's@.. ([^\.]*)\.\.\.([^/]*)/(.*)@\3@p'|cut -f1 -d' ')
+REMOTE_URL := $(shell git remote get-url $(REMOTE))
+ifeq ($(findstring "https",$(REMOTE_URL)),)
+REPO_URL = "https://github.com/$(shell echo $(REMOTE_URL) | sed -Ene's|[email protected]:([^/]*)/(.*).git|\1/\2|p').git"
+else
+REPO_URL = $(REMOTE_URL)
+endif
+
+.PHONY: provision clean
+
+provision: terraform/*.tf
+	CLUSTER_NAME=$(CLUSTER_NAME) TF_VAR_repo_url=$(REPO_URL) TF_VAR_target_revision=$(TARGET_REVISION) ../../scripts/provision.sh
+
+dry-run: terraform/*.tf
+	CLUSTER_NAME=$(CLUSTER_NAME) TF_VAR_repo_url=$(REPO_URL) TF_VAR_target_revision=$(TARGET_REVISION) ../../scripts/plan.sh
+
+clean:
+	CLUSTER_NAME=$(CLUSTER_NAME) TF_VAR_repo_url=$(REPO_URL) TF_VAR_target_revision=$(TARGET_REVISION) ../../scripts/destroy.sh
+
+debug:
+	@echo CLUSTER_NAME=$(CLUSTER_NAME)
+	@echo REPO_URL=$(REPO_URL)
+	@echo TARGET_REVISION=$(TARGET_REVISION)
diff --git a/tests/k3s-docker-demo-app/argocd/demo-app/.helmignore b/tests/k3s-docker-demo-app/argocd/demo-app/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/