Add terraform configurations for single-cluster ref arch

Author: nandajavarma

install/infra/modules/gke/main.tf

@@ -17,12 +17,12 @@ provider "google" {
 }
 
 resource "google_compute_network" "vpc" {
-  name                    = "vpc-${var.name}"
+  name                    = "vpc-${var.cluster_name}"
   auto_create_subnetworks = "false"
 }
 
 resource "google_compute_subnetwork" "subnet" {
-  name          = "subnet-${var.name}"
+  name          = "subnet-${var.cluster_name}"
   region        = var.region
   network       = google_compute_network.vpc.name
   ip_cidr_range = "10.255.0.0/16"
@@ -39,7 +39,7 @@ resource "google_compute_subnetwork" "subnet" {
 }
 
 resource "google_container_cluster" "gitpod-cluster" {
-  name     = "gitpod-${var.name}"
+  name     = var.cluster_name
   location = var.zone == null ? var.region : var.zone
 
   cluster_autoscaling {
@@ -112,7 +112,7 @@ resource "google_container_cluster" "gitpod-cluster" {
 }
 
 resource "google_container_node_pool" "workspaces" {
-  name               = "workspaces-${var.name}"
+  name               = "workspaces-${var.cluster_name}"
   location           = google_container_cluster.gitpod-cluster.location
   cluster            = google_container_cluster.gitpod-cluster.name
   version            = var.cluster_version // kubernetes version
@@ -153,7 +153,8 @@ resource "google_container_node_pool" "workspaces" {
 }
 
 resource "google_sql_database_instance" "gitpod" {
-  name             = "sql-${var.name}"
+  count            = var.enable_external_database ? 1 : 0
+  name             = "sql-${var.cluster_name}"
   database_version = "MYSQL_5_7"
   region           = var.region
   settings {
@@ -162,17 +163,43 @@ resource "google_sql_database_instance" "gitpod" {
   deletion_protection = false
 }
 
+resource "random_password" "password" {
+  count = var.enable_external_database ? 1 : 0
+
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
 resource "google_sql_database" "database" {
+  count     = var.enable_external_database ? 1 : 0
   name      = "gitpod"
-  instance  = google_sql_database_instance.gitpod.name
+  instance  = google_sql_database_instance.gitpod[count.index].name
   charset   = "utf8"
   collation = "utf8_general_ci"
 }
 
 resource "google_sql_user" "users" {
-  name     = "gitpod"
-  instance = google_sql_database_instance.gitpod.name
-  password = "gitpod"
+  count    = var.enable_external_database ? 1 : 0
+  name     = "dbuser-${var.cluster_name}-${count.index}"
+  instance = google_sql_database_instance.gitpod[count.index].name
+  password = random_password.password[count.index].result
+}
+
+resource "google_dns_managed_zone" "gitpod-dns-zone" {
+  count = var.domain_name == null ? 0 : 1
+
+  name          = "zone-${var.cluster_name}"
+  dns_name      = "${var.domain_name}."
+  description   = "Terraform managed DNS zone for ${var.cluster_name}"
+  force_destroy = true
+  labels = {
+    app = "gitpod"
+  }
+}
+
+data "google_container_registry_repository" "gitpod" {
+  count = var.enable_external_registry ? 1 : 0
 }
 
 module "gke_auth" {
@@ -182,7 +209,7 @@ module "gke_auth" {
 
   project_id   = var.project
   location     = google_container_cluster.gitpod-cluster.location
-  cluster_name = "gitpod-${var.name}"
+  cluster_name = var.cluster_name
 }
 
 resource "local_file" "kubeconfig" {

install/infra/modules/gke/output.tf

@@ -3,6 +3,10 @@ output "kubernetes_endpoint" {
   value     = module.gke_auth.host
 }
 
+output "name_servers" {
+  value = google_dns_managed_zone.gitpod-dns-zone[0].name_servers
+}
+
 output "client_token" {
   sensitive = true
   value     = module.gke_auth.token
@@ -17,3 +21,32 @@ output "kubeconfig" {
   sensitive = true
   value     = module.gke_auth.kubeconfig_raw
 }
+
+output "database" {
+  sensitive = true
+  value = try({
+    instance            = "${var.project}:${var.region}:${google_sql_database_instance.gitpod[0].name}"
+    username            = "${google_sql_user.users[0].name}"
+    password            = random_password.password[0].result
+    service_account_key = "Upload the JSON file corresponding the service account credentials"
+  }, "No database created")
+}
+
+output "registry" {
+  sensitive = true
+  value = try({
+    url      = data.google_container_registry_repository.gitpod[0].repository_url
+    server   = regex("[^/?#]*", data.google_container_registry_repository.gitpod[0].repository_url)
+    username = "_json_key"
+    password = "Copy paste the content of the service account credentials JSON file"
+  }, "No container registry created")
+}
+
+output "storage" {
+  sensitive = true
+  value = try({
+    region      = var.region
+    project     = var.project
+    credentials = "Upload the JSON file corresponding the service account credentials"
+  }, "No GCS bucket created for object storage")
+}

install/infra/modules/gke/variables.tf

@@ -26,7 +26,7 @@ variable "cluster_version" {
   default     = "1.22.8-gke.201"
 }
 
-variable "name" {
+variable "cluster_name" {
   type        = string
   description = "The name of the cluster."
   default     = "gitpod"
@@ -60,3 +60,23 @@ variable "credentials" {
   description = "Path to the JSON file storing Google service account credentials"
   default     = ""
 }
+
+variable "domain_name" {
+  description = "Domain name register with Cloud DNS, leave empty if you want to manage it yourself"
+  default     = null
+}
+
+variable "enable_external_database" {
+  default     = true
+  description = "Set this to false to avoid creating an RDS database to use with Gitpod instead of incluster mysql"
+}
+
+variable "enable_external_storage" {
+  default     = true
+  description = "Set this to false to avoid creating an s3 storage to use with Gitpod instead of incluster minio"
+}
+
+variable "enable_external_registry" {
+  default     = true
+  description = "Set this to false to create an AWS ECR registry to use with Gitpod(Not officially supported)"
+}

install/infra/modules/tools/cloud-dns-external-dns/main.tf

@@ -8,9 +8,9 @@ data local_file "gcp_credentials" {
 
 provider "google" {
   credentials = var.credentials
-  project = var.gcp_project
-  region  = var.gcp_region
-  zone    = var.gcp_zone
+  project = var.project
+  region  = var.region
+  zone    = var.zone
 }
 
 provider "helm" {
@@ -57,7 +57,7 @@ resource "helm_release" "external-dns" {
   }
   set {
     name  = "google.project"
-    value = var.gcp_project
+    value = var.project
   }
   set {
     name  = "logFormat"

install/infra/modules/tools/cloud-dns-external-dns/variables.tf

@@ -3,17 +3,17 @@ variable "kubeconfig" {
     default = "./kubeconfig"
 }
 
-variable "gcp_project" {
+variable "project" {
     description = "Google cloud Region to perform operations in"
     default = "dns-for-playgrounds"
 }
 
-variable "gcp_region" {
+variable "region" {
     description = "Google cloud Region to perform operations in"
     default = "europe-west1"
 }
 
-variable "gcp_zone" {
+variable "zone" {
     description = "Google cloud Zone to perform operations in"
     default = "europe-west1-d"
 }

install/infra/single-cluster/aws/README.md

@@ -14,7 +14,6 @@ This module will do the following steps:
 
 > 💡 If you would like to create the infrastructure orchestrating the terraform modules by yourself, you can find all the modules we support [here](../../modules/).
 
-
 Since the entire setup requires more than one terraform target to be run due to
 dependencies (eg: helm provider depends on kubernetes cluster config, which is
 not available until the `eks` module finishes), this directory has a `Makefile`
@@ -79,9 +78,6 @@ be used as registry backend. By default `enable_external_storage_for_registry_ba
 is set to `false`. One can re-use the same `S3` bucket for both object storage and registry backend.
 
 The expectation is that you can use the credentials to these setups(provided later
-as terraform outputs) during the setup of Gitpod via UI later in the process.
-Alternatively, one can choose to use incluster dependencies or separately
-created resources of choice.
 
 ### AMI Image ID and Kubernetes version
 

install/infra/single-cluster/aws/terraform.tfvars

@@ -1,4 +1,3 @@
-
 # the cluster_name should be of length less than 16 characters
 cluster_name = "nan"