diff --git a/examples/eks_argo/argo_events.tf b/examples/eks_argo/argo_events.tf new file mode 100644 index 0000000..69fdd6a --- /dev/null +++ b/examples/eks_argo/argo_events.tf @@ -0,0 +1,5 @@ +module "argo_events" { + depends_on = [helm_release.argo] + source = "./argo_events" + jobs_namespace = "default" +} diff --git a/examples/eks_argo/argo_events/argo-events-helper-chart/.helmignore b/examples/eks_argo/argo_events/argo-events-helper-chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/examples/eks_argo/argo_events/argo-events-helper-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/examples/eks_argo/argo_events/argo-events-helper-chart/Chart.yaml b/examples/eks_argo/argo_events/argo-events-helper-chart/Chart.yaml new file mode 100644 index 0000000..96b4fe2 --- /dev/null +++ b/examples/eks_argo/argo_events/argo-events-helper-chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: argo-events-helper-chart +description: Helper chart that contains EventBus and EventSource definitions. +type: application +version: 0.1.0 +appVersion: "0.1.0" diff --git a/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventbus.yaml b/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventbus.yaml new file mode 100644 index 0000000..e17d92b --- /dev/null +++ b/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventbus.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: default + namespace: {{ .Values.jobsNamespace }} +spec: + jetstream: + version: 2.9.15 + containerTemplate: + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi diff --git a/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventsource.yaml b/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventsource.yaml new file mode 100644 index 0000000..4385129 --- /dev/null +++ b/examples/eks_argo/argo_events/argo-events-helper-chart/templates/eventsource.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventSource +metadata: + name: argo-events-webhook + namespace: {{ .Values.jobsNamespace }} +spec: + template: + container: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 50m + memory: 50Mi + service: + ports: + - port: 12000 + targetPort: 12000 + webhook: + metaflow-event: + port: "12000" + endpoint: /metaflow-event + method: POST diff --git a/examples/eks_argo/argo_events/argo-events-helper-chart/values.yaml b/examples/eks_argo/argo_events/argo-events-helper-chart/values.yaml new file mode 100644 index 0000000..ee85eda --- /dev/null +++ b/examples/eks_argo/argo_events/argo-events-helper-chart/values.yaml @@ -0,0 +1 @@ +jobsNamespace: default diff --git a/examples/eks_argo/argo_events/main.tf b/examples/eks_argo/argo_events/main.tf new file mode 100644 index 0000000..615ee6e --- /dev/null +++ b/examples/eks_argo/argo_events/main.tf @@ -0,0 +1,191 @@ +locals { + argo_events_values = { + "configs" = { + "jetstream" = { + "versions" = [ + { + "configReloaderImage" = "natsio/nats-server-config-reloader:latest" + "metricsExporterImage" = "natsio/prometheus-nats-exporter:latest" + "natsImage" = "nats:latest" + "startCommand" = "/nats-server" + "version" = "latest" + }, + { + "configReloaderImage" = "natsio/nats-server-config-reloader:latest" + "metricsExporterImage" = "natsio/prometheus-nats-exporter:latest" + "natsImage" = "nats:2.9.15" + "startCommand" = "/nats-server" + "version" = "2.9.15" + }, + ] + } + } + "controller" = { + "name" = "controller-manager" + "rbac" = { + "enabled" = true + "namespaced" = false + } + "resources" = { + "limits" = { + "cpu" = "200m" + "memory" = "192Mi" + } + "requests" = { + "cpu" = "200m" + "memory" = "192Mi" + } + } + "serviceAccount" = { + "create" = true + "name" = "argo-events-events-controller-sa" + } + } + "crds" = { + "keep" = true + } + "extraObjects" = [ + { + "apiVersion" = "v1" + "kind" = "ServiceAccount" + "metadata" = { + "name" = "operate-workflow-sa" + "namespace" = var.jobs_namespace + } + }, + { + "apiVersion" = "rbac.authorization.k8s.io/v1" + "kind" = "Role" + "metadata" = { + "name" = "operate-workflow-role" + "namespace" = var.jobs_namespace + } + "rules" = [ + { + "apiGroups" = [ + "argoproj.io", + ] + "resources" = [ + "workflows", + "workflowtemplates", + "cronworkflows", + "clusterworkflowtemplates", + ] + "verbs" = [ + "*", + ] + }, + ] + }, + { + "apiVersion" = "rbac.authorization.k8s.io/v1" + "kind" = "RoleBinding" + "metadata" = { + "name" = "operate-workflow-role-binding" + "namespace" = var.jobs_namespace + } + "roleRef" = { + "apiGroup" = "rbac.authorization.k8s.io" + "kind" = "Role" + "name" = "operate-workflow-role" + } + "subjects" = [ + { + "kind" = "ServiceAccount" + "name" = "operate-workflow-sa" + }, + ] + }, + { + "apiVersion" = "rbac.authorization.k8s.io/v1" + "kind" = "Role" + "metadata" = { + "name" = "view-events-role" + "namespace" = var.jobs_namespace + } + "rules" = [ + { + "apiGroups" = [ + "argoproj.io", + ] + "resources" = [ + "eventsources", + "eventbuses", + "sensors", + ] + "verbs" = [ + "get", + "list", + "watch", + ] + }, + ] + }, + { + "apiVersion" = "rbac.authorization.k8s.io/v1" + "kind" = "RoleBinding" + "metadata" = { + "name" = "view-events-role-binding" + "namespace" = var.jobs_namespace + } + "roleRef" = { + "apiGroup" = "rbac.authorization.k8s.io" + "kind" = "Role" + "name" = "view-events-role" + } + "subjects" = [ + { + "kind" = "ServiceAccount" + "name" = "argo-workflows" + "namespace" = "argo-workflows" + }, + ] + }, + ] + } +} + +resource "kubernetes_namespace" "argo_events" { + metadata { + name = "argo-events" + } +} + +resource "helm_release" "argo_events" { + name = "argo-events" + + repository = "https://argoproj.github.io/argo-helm" + chart = "argo-events" + namespace = kubernetes_namespace.argo_events.metadata[0].name + force_update = true + + values = [ + yamlencode(local.argo_events_values) + ] +} + + +resource "helm_release" "argo_events_helper_chart" { + # We define an EventBus and EventSource in this helper chart. This is one + # of the cleaner workarounds for the chicken-egg problem with CR and CRD definitions + # in "terraform plan". E.g. Terraform tries to validate the kind "EventBus" before it + # has been created in the cluster, causing the validation to fail. + # + # Mega-thread here: https://github.com/hashicorp/terraform-provider-kubernetes/issues/1367 + name = "argo-events-helper-chart" + + depends_on = [helm_release.argo_events] + + chart = "${path.module}/argo-events-helper-chart" + namespace = kubernetes_namespace.argo_events.metadata[0].name + force_update = true + + set { + name = "jobsNamespace" + value = var.jobs_namespace + } +} + +variable "jobs_namespace" { + type = string +} diff --git a/examples/eks_argo/metaflow.tf b/examples/eks_argo/metaflow.tf index 80938a9..578e342 100644 --- a/examples/eks_argo/metaflow.tf +++ b/examples/eks_argo/metaflow.tf @@ -65,3 +65,8 @@ module "metaflow-metadata-service" { standard_tags = local.tags } + +variable "with_public_ip" { + type = bool + default = true +} diff --git a/examples/eks_argo/metaflow_config.tf b/examples/eks_argo/metaflow_config.tf index ecae1ca..b447834 100644 --- a/examples/eks_argo/metaflow_config.tf +++ b/examples/eks_argo/metaflow_config.tf @@ -5,13 +5,17 @@ data "aws_api_gateway_api_key" "metadata_api_key" { resource "local_file" "foo" { content = jsonencode({ "METAFLOW_SERVICE_AUTH_KEY" = data.aws_api_gateway_api_key.metadata_api_key.value - "METAFLOW_DATASTORE_SYSROOT_S3" = module.metaflow-datastore.METAFLOW_DATASTORE_SYSROOT_S3, - "METAFLOW_DATATOOLS_S3ROOT" = module.metaflow-datastore.METAFLOW_DATATOOLS_S3ROOT, - "METAFLOW_SERVICE_URL" = module.metaflow-metadata-service.METAFLOW_SERVICE_URL, - "METAFLOW_KUBERNETES_NAMESPACE" = "default", - "METAFLOW_KUBERNETES_SERVICE_ACCOUNT" = "argo-workflow", - "METAFLOW_DEFAULT_DATASTORE" = "s3", + "METAFLOW_DATASTORE_SYSROOT_S3" = module.metaflow-datastore.METAFLOW_DATASTORE_SYSROOT_S3 + "METAFLOW_DATATOOLS_S3ROOT" = module.metaflow-datastore.METAFLOW_DATATOOLS_S3ROOT + "METAFLOW_SERVICE_URL" = module.metaflow-metadata-service.METAFLOW_SERVICE_URL + "METAFLOW_KUBERNETES_NAMESPACE" = "default" + "METAFLOW_KUBERNETES_SERVICE_ACCOUNT" = "argo-workflow" + "METAFLOW_DEFAULT_DATASTORE" = "s3" "METAFLOW_DEFAULT_METADATA" = "service" + "METAFLOW_ARGO_EVENTS_EVENT_BUS" = "default" + "METAFLOW_ARGO_EVENTS_EVENT_SOURCE" = "argo-events-webhook" + "METAFLOW_ARGO_EVENTS_EVENT" = "metaflow-event" + "METAFLOW_ARGO_EVENTS_WEBHOOK_URL" = "http://argo-events-webhook-eventsource-svc.default:12000/metaflow-event" }) filename = "${path.module}/config.json" }