Add GCS bucket to hold terraform state

yiannistri · yiannistri · commit f0ed4c054326 · 2022-02-13T17:56:29.000Z
diff --git a/cmd/clusters-service/app/server.go b/cmd/clusters-service/app/server.go
@@ -438,7 +438,7 @@ func RunInProcessGateway(ctx context.Context, addr string, setters ...Option) er
 		// Secure `/v1` and `/gitops/api` API routes
 		grpcHttpHandler = auth.WithAPIAuth(grpcHttpHandler, srv)
 		gitopsBrokerHandler = auth.WithAPIAuth(gitopsBrokerHandler, srv)
-		staticAssets = auth.WithAPIAuth(staticAssets, srv)
+		staticAssets = auth.WithWebAuth(staticAssets, srv)
 	}
 
 	commonMiddleware := func(mux http.Handler) http.Handler {
diff --git a/terraform/README.md b/terraform/README.md
@@ -0,0 +1,26 @@
+### Services
+
+#### Production
+- https://gitlab.git.dev.weave.works running on cluster `gitlab-01` on GKE, backed by [repo](https://github.com/wkp-example-org/gitlab-01)
+
+
+
+### How to run Terraform locally
+
+1. Authenticate with GCP using `gcloud`.
+
+```sh
+gcloud auth application-default login
+```
+
+2. Switch to the working directory of your choice and run Terraform.
+```sh
+cd ./environments/dev
+terraform init 
+terraform plan
+```
+
+3. View output variables (optional).
+```sh
+terraform output
+```
diff --git a/terraform/environments/dev/.terraform.lock.hcl b/terraform/environments/dev/.terraform.lock.hcl
diff --git a/terraform/environments/dev/demo-02.tf b/terraform/environments/dev/demo-02.tf
@@ -0,0 +1,27 @@
+module "demo_02" {
+  source = "../../modules/gke-cluster"
+
+  cluster_name = "demo-02"
+  region = "europe-north1"
+  location = "europe-north1-a"
+  machine_type = "n1-standard-2"
+}
+
+output "demo_02_endpoint" {
+  value = module.demo_02.endpoint
+}
+ 
+output "demo_02_client_certificate" {
+  value = module.demo_02.client_certificate
+  sensitive = true
+}
+
+output "demo_02_client_key" {
+  value = module.demo_02.client_key
+  sensitive = true
+}
+
+output "demo_02_cluster_ca_certificate" {
+  value = module.demo_02.cluster_ca_certificate
+  sensitive = true
+}
diff --git a/terraform/environments/dev/dex-01.tf b/terraform/environments/dev/dex-01.tf
@@ -0,0 +1,27 @@
+module "dex_01" {
+  source = "../../modules/gke-cluster"
+
+  cluster_name = "dex-01"
+  region = "europe-north1"
+  location = "europe-north1-a"
+  machine_type = "n1-standard-2"
+}
+
+output "dex_01_endpoint" {
+  value = module.dex_01.endpoint
+}
+ 
+output "dex_01_client_certificate" {
+  value = module.dex_01.client_certificate
+  sensitive = true
+}
+
+output "dex_01_client_key" {
+  value = module.dex_01.client_key
+  sensitive = true
+}
+
+output "dex_01_cluster_ca_certificate" {
+  value = module.dex_01.cluster_ca_certificate
+  sensitive = true
+}
diff --git a/terraform/environments/dev/dns.tf b/terraform/environments/dev/dns.tf
@@ -0,0 +1,22 @@
+# Zone delegation has been setup manually 
+# in the Weave Cloud dev account
+locals {
+  zone_id =  "Z038735537FBV7QQ5O394"
+  zone_name ="wge.dev.weave.works"
+}
+
+resource "aws_route53_record" "demo_02_ingress" {
+  zone_id = local.zone_id
+  name    = "demo-02"
+  type    = "A"
+  ttl     = "300"
+  records = ["35.228.235.99"]
+}
+
+resource "aws_route53_record" "dex_01_ingress" {
+  zone_id = local.zone_id
+  name    = "dex-01"
+  type    = "A"
+  ttl     = "300"
+  records = ["35.228.83.196"]
+}
diff --git a/terraform/environments/dev/terraform.tfvars b/terraform/environments/dev/terraform.tfvars
@@ -0,0 +1,2 @@
+project = "wks-tests"
+region  = "europe-west1"
diff --git a/terraform/environments/dev/versions.tf b/terraform/environments/dev/versions.tf
@@ -0,0 +1,32 @@
+terraform {
+  backend "gcs" {
+    bucket  = "weave-gitops-enterprise-terraform-state"
+    prefix  = "dev"
+  }
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.10.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0.0"
+    }
+  }
+
+  required_version = ">= 1.1.5"
+}
+
+variable "project" {
+  description = "GCP project id"
+}
+
+variable "region" {
+  description = "GCP project region"
+}
+
+provider "google" {
+  project = var.project
+  region = var.region
+}
diff --git a/terraform/environments/prod/.terraform.lock.hcl b/terraform/environments/prod/.terraform.lock.hcl
diff --git a/terraform/environments/prod/gitlab-01.tf b/terraform/environments/prod/gitlab-01.tf
@@ -0,0 +1,27 @@
+module "gitlab_01" {
+  source = "../../modules/gke-cluster"
+
+  cluster_name = "gitlab-01"
+  region = var.region
+  location = "europe-west1-b"
+  machine_type = "n2-standard-4"
+}
+
+output "gitlab_01_endpoint" {
+  value = module.gitlab_01.endpoint
+}
+ 
+output "gitlab_01_client_certificate" {
+  value = module.gitlab_01.client_certificate
+  sensitive = true
+}
+
+output "gitlab_01_client_key" {
+  value = module.gitlab_01.client_key
+  sensitive = true
+}
+
+output "gitlab_01_cluster_ca_certificate" {
+  value = module.gitlab_01.cluster_ca_certificate
+  sensitive = true
+}
diff --git a/terraform/environments/prod/terraform.tfvars b/terraform/environments/prod/terraform.tfvars
@@ -0,0 +1,2 @@
+project = "wks-tests"
+region  = "europe-west1"
diff --git a/terraform/environments/prod/versions.tf b/terraform/environments/prod/versions.tf
@@ -0,0 +1,28 @@
+terraform {
+  backend "gcs" {
+    bucket  = "weave-gitops-enterprise-terraform-state"
+    prefix  = "prod"
+  }
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.10.0"
+    }
+  }
+
+  required_version = ">= 1.1.5"
+}
+
+variable "project" {
+  description = "GCP project id"
+}
+
+variable "region" {
+  description = "GCP project region"
+}
+
+provider "google" {
+  project = var.project
+  region = var.region
+}
diff --git a/terraform/modules/gke-cluster/main.tf b/terraform/modules/gke-cluster/main.tf
@@ -0,0 +1,58 @@
+resource "google_container_cluster" "cluster" {
+  name     = var.cluster_name
+  location = var.location
+  
+  # We can't create a cluster with no node pool defined, but we want to only use
+  # separately managed node pools. So we create the smallest possible default
+  # node pool and immediately delete it.
+  remove_default_node_pool = true
+  initial_node_count       = 1
+
+  master_auth {
+    client_certificate_config {
+      issue_client_certificate = true
+    }
+  }
+
+  network    = google_compute_network.vpc.name
+  subnetwork = google_compute_subnetwork.subnet.name
+}
+
+resource "google_container_node_pool" "cluster_nodes" {
+  name       = "${google_container_cluster.cluster.name}-node-pool"
+  location   = var.location
+  cluster    = google_container_cluster.cluster.name
+  node_count = var.node_count
+
+  node_config {
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+    ]
+
+    # labels = {
+    #   env = var.project_id
+    # }
+
+    # preemptible  = true
+    machine_type = var.machine_type
+    tags         = ["gke-node", "${var.cluster_name}-gke"]
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+  }
+}
+
+# VPC
+resource "google_compute_network" "vpc" {
+  name                    = "${var.cluster_name}-vpc"
+  auto_create_subnetworks = "false"
+}
+
+# Subnet
+resource "google_compute_subnetwork" "subnet" {
+  name          = "${var.cluster_name}-subnet"
+  region        = var.region
+  network       = google_compute_network.vpc.name
+  ip_cidr_range = "10.10.0.0/24"
+}
diff --git a/terraform/modules/gke-cluster/outputs.tf b/terraform/modules/gke-cluster/outputs.tf
@@ -0,0 +1,24 @@
+output "master_version" {
+  description = "The Kubernetes master version."
+  value       = google_container_cluster.cluster.master_version
+}
+
+output "endpoint" {
+  description = "The IP address of the cluster master."
+  value       = google_container_cluster.cluster.endpoint
+}
+
+output "client_certificate" {
+  description = "Public certificate used by clients to authenticate to the cluster endpoint."
+  value       = base64decode(google_container_cluster.cluster.master_auth.0.client_certificate)
+}
+
+output "client_key" {
+  description = "Private key used by clients to authenticate to the cluster endpoint."
+  value       = base64decode(google_container_cluster.cluster.master_auth.0.client_key)
+}
+
+output "cluster_ca_certificate" {
+  description = "The public certificate that is the root of trust for the cluster."
+  value       = base64decode(google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
+}
diff --git a/terraform/modules/gke-cluster/variables.tf b/terraform/modules/gke-cluster/variables.tf
@@ -0,0 +1,23 @@
+variable "region" {
+  default     = "europe-west1"
+  description = "GCP region"
+}
+
+variable "location" {
+  default     = "europe-west1-b"
+  description = "GCP location"
+}
+
+variable "cluster_name" {
+    description = "The name of the cluster"
+}
+
+variable "node_count" {
+  default     = 1
+  description = "The number of the GKE nodes per region"
+}
+
+variable "machine_type" {
+  default = "n1-standard-1"
+  description = "GCP machine type"
+}
diff --git a/terraform/setup/.terraform.lock.hcl b/terraform/setup/.terraform.lock.hcl
diff --git a/terraform/setup/main.tf b/terraform/setup/main.tf
diff --git a/terraform/setup/terraform.tfvars b/terraform/setup/terraform.tfvars

Original file line number	Diff line number	Diff line change
`@@ -438,7 +438,7 @@ func RunInProcessGateway(ctx context.Context, addr string, setters ...Option) er`
`438`	`438`	// Secure `/v1` and `/gitops/api` API routes
`439`	`439`	`grpcHttpHandler = auth.WithAPIAuth(grpcHttpHandler, srv)`
`440`	`440`	`gitopsBrokerHandler = auth.WithAPIAuth(gitopsBrokerHandler, srv)`
`441`		`- staticAssets = auth.WithAPIAuth(staticAssets, srv)`
	`441`	`+ staticAssets = auth.WithWebAuth(staticAssets, srv)`
`442`	`442`	`}`
`443`	`443`
`444`	`444`	`commonMiddleware := func(mux http.Handler) http.Handler {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+project = "wks-tests"`
	`2`	`+region = "europe-west1"`