[azure] Single-cluster usage guide for AKS TF module

Author: nandajavarma

install/infra/modules/aks/database.tf

@@ -1,18 +1,18 @@
 resource "random_integer" "db" {
-  count = var.enable_external_database ? 1 : 0
+  count = var.create_external_database ? 1 : 0
 
   min = 10000
   max = 99999
 }
 
 resource "random_password" "db" {
-  count = var.enable_external_database ? 1 : 0
+  count = var.create_external_database ? 1 : 0
 
   length = 32
 }
 
 resource "azurerm_mysql_server" "db" {
-  count = var.enable_external_database ? 1 : 0
+  count = var.create_external_database ? 1 : 0
 
   name                = "gitpod-${random_integer.db[count.index].result}"
   location            = azurerm_resource_group.gitpod.location
@@ -30,7 +30,7 @@ resource "azurerm_mysql_server" "db" {
 }
 
 resource "azurerm_mysql_firewall_rule" "db" {
-  count = var.enable_external_database ? 1 : 0
+  count = var.create_external_database ? 1 : 0
 
   name                = "Azure_Resource"
   resource_group_name = azurerm_resource_group.gitpod.name
@@ -40,7 +40,7 @@ resource "azurerm_mysql_firewall_rule" "db" {
 }
 
 resource "azurerm_mysql_database" "db" {
-  count = var.enable_external_database ? 1 : 0
+  count = var.create_external_database ? 1 : 0
 
   name                = "gitpod"
   resource_group_name = azurerm_resource_group.gitpod.name

install/infra/modules/aks/kubernetes.tf

@@ -1,13 +1,13 @@
 resource "azurerm_role_assignment" "k8s" {
-  count = var.dns_enabled ? 1 : 0
+  count = local.dns_enabled ? 1 : 0
 
   principal_id         = azurerm_kubernetes_cluster.k8s.kubelet_identity[count.index].object_id
   role_definition_name = "DNS Zone Contributor"
   scope                = azurerm_dns_zone.dns[count.index].id
 }
 
 resource "azurerm_role_assignment" "k8s_reader" {
-  count = var.dns_enabled ? 1 : 0
+  count = local.dns_enabled ? 1 : 0
 
   principal_id         = azurerm_kubernetes_cluster.k8s.kubelet_identity[count.index].object_id
   role_definition_name = "Reader"

install/infra/modules/aks/local.tf

@@ -7,15 +7,12 @@ locals {
     workspace_headless : "gitpod.io/workload_workspace_headless"
   })
   dns_enabled = var.domain_name != null
+
   name_format = join("-", [
-    "test",
+    var.resource_group_name,
     "%s", # name
-    local.workspace_name
-  ])
-  name_format_global = join("-", [
-    "sh-test",
-    local.workspace_name
   ])
+
   workspace_name = replace(terraform.workspace, "/[\\W\\-]/", "") # alphanumeric workspace name
   db       = "GP_Gen5_2"
   location = substr(var.location, 0, 3) # Short code for location

install/infra/modules/aks/main.tf

@@ -14,6 +14,6 @@ provider "azurerm" {
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "gitpod" {
-  name     = local.name_format_global
+  name     = var.resource_group_name
   location = var.location
 }

install/infra/modules/aks/networks.tf

@@ -13,7 +13,7 @@ resource "azurerm_subnet" "network" {
 }
 
 resource "azurerm_dns_zone" "dns" {
-  count = var.dns_enabled ? 1 : 0
+  count = local.dns_enabled ? 1 : 0
 
   name                = var.domain_name
   resource_group_name = azurerm_resource_group.gitpod.name

install/infra/modules/aks/output.tf

@@ -88,16 +88,18 @@ output "region" {
 output "registry" {
   sensitive = true
   value = try({
+    url      = azurerm_container_registry.registry.0.login_server
     server   = azurerm_container_registry.registry.0.login_server
-    password = azurerm_container_registry.registry.0.admin_password
     username = azurerm_container_registry.registry.0.admin_username
+    password = azurerm_container_registry.registry.0.admin_password
   }, {})
 }
 
 output "storage" {
   sensitive = true
   value = try({
-    username = azurerm_storage_account.storage.0.name
-    password = azurerm_storage_account.storage.0.primary_access_key
+    storage_region = var.location
+    account_name   = azurerm_storage_account.storage.0.name
+    account_key    = azurerm_storage_account.storage.0.primary_access_key
   }, {})
 }

install/infra/modules/aks/registry.tf

@@ -1,12 +1,12 @@
 resource "random_integer" "registry" {
-  count = var.enable_external_registry ? 1 : 0
+  count = var.create_external_registry ? 1 : 0
 
   min = 10000
   max = 99999
 }
 
 resource "azurerm_container_registry" "registry" {
-  count = var.enable_external_registry ? 1 : 0
+  count = var.create_external_registry ? 1 : 0
 
   name                = "gitpod${random_integer.registry[count.index].result}"
   resource_group_name = azurerm_resource_group.gitpod.name
@@ -16,7 +16,7 @@ resource "azurerm_container_registry" "registry" {
 }
 
 resource "azurerm_role_assignment" "registry" {
-  count = var.enable_external_registry ? 1 : 0
+  count = var.create_external_registry ? 1 : 0
 
   principal_id                     = azurerm_kubernetes_cluster.k8s.kubelet_identity[0].object_id
   role_definition_name             = "AcrPush"

install/infra/modules/aks/storage.tf

@@ -1,12 +1,12 @@
 resource "random_integer" "storage" {
-  count = var.enable_external_storage ? 1 : 0
+  count = var.create_external_storage ? 1 : 0
 
   min = 10000
   max = 99999
 }
 
 resource "azurerm_storage_account" "storage" {
-  count = var.enable_external_storage ? 1 : 0
+  count = var.create_external_storage ? 1 : 0
 
   name                     = "gitpod${random_integer.storage[count.index].result}"
   resource_group_name      = azurerm_resource_group.gitpod.name

install/infra/modules/aks/variables.tf

@@ -7,15 +7,16 @@ variable "cluster_version" {
   description = "kubernetes version of to create the cluster with"
 }
 
-variable "dns_enabled" {}
 variable "domain_name" {}
-variable "enable_airgapped" {}
-variable "enable_external_database" {}
-variable "enable_external_registry" {}
-variable "enable_external_storage" {}
-variable "workspace_name" {
+variable "enable_airgapped" {
+  default = false
 }
 
+variable "create_external_database" {}
+variable "create_external_registry" {}
+variable "create_external_storage" {}
+variable "resource_group_name" {}
+
 // Azure-specific variables
 variable "location" {
   default = "northeurope"

install/infra/single-cluster/aws/README.md

@@ -67,14 +67,14 @@ If you wish to create cloud specific database, storage and registry backend to b
 with `Gitpod`, leave the following 3 booleans set:
 
 ``` sh
-enable_external_database                     = true
-enable_external_storage                      = true
-enable_external_storage_for_registry_backend = true
+create_external_database                     = true
+create_external_storage                      = true
+create_external_storage_for_registry_backend = true
 ```
 
 The corresponding resources will be created by the terraform script which
 inclustes an `RDS` mysql database, an `S3` bucket and another `S3` bucket to
-be used as registry backend. By default `enable_external_storage_for_registry_backend`
+be used as registry backend. By default `create_external_storage_for_registry_backend`
 is set to `false`. One can re-use the same `S3` bucket for both object storage and registry backend.
 
 The expectation is that you can use the credentials to these setups(provided later
@@ -202,7 +202,7 @@ gitpod         kotsadm-minio-0                            0/1     ContainerCreat
 gitpod         kotsadm-postgres-0                         0/1     Init:0/2            0          2m28s
 ```
 
-This can happen when the wrong `image_id`  was used in the `.tfvars` file. The ID needs to respect both the region as well as the Kubernetes version and can be found [here](https://cloud-images.ubuntu.com/docs/aws/eks/). 
+This can happen when the wrong `image_id`  was used in the `.tfvars` file. The ID needs to respect both the region as well as the Kubernetes version and can be found [here](https://cloud-images.ubuntu.com/docs/aws/eks/).
 
 ### Some pods never start (Init state)
 

install/infra/single-cluster/azure/.env_sample

@@ -0,0 +1,6 @@
+export ARM_CLIENT_ID=
+export ARM_CLIENT_SECRET=
+export ARM_SUBSCRIPTION_ID=
+export ARM_TENANT_ID=
+
+export ARM_ACCESS_KEY= # Access key created for Blob Storage Account

install/infra/single-cluster/azure/Makefile

@@ -0,0 +1,129 @@
+##
+# Terraform AWS reference architecture
+#
+
+.PHONY: init
+init:
+	@terraform init
+
+touch-kubeconfig:
+	@touch kubeconfig
+
+cleanup-kubeconfig:
+	@rm kubeconfig
+
+.PHONY: plan
+plan: touch-kubeconfig plan-cluster plan-cm-edns cleanup-kubeconfig
+
+.PHONY: apply
+apply: apply-cluster apply-tools
+
+.PHONY: destroy
+destroy: destroy-tools destroy-cluster
+
+.PHONY: plan-cluster
+plan-cluster:
+	@terraform plan -target=module.aks
+
+.PHONY: plan-tools
+plan-tools: plan-cm-edns plan-cluster-issuer
+
+.PHONY: plan-cm-edns
+plan-cm-edns:
+	@terraform plan -target=module.certmanager -target=module.externaldns
+
+.PHONY: plan-cluster-issuer
+plan-cluster-issuer:
+	@terraform plan -target=module.cluster-issuer
+
+.PHONY: apply-cluster
+apply-cluster:
+	@terraform apply -target=module.aks --auto-approve
+
+.PHONY: apply-tools
+apply-tools: install-cm-edns install-cluster-issuer
+
+.PHONY: install-cm-edns
+install-cm-edns:
+	@terraform apply -target=module.certmanager -target=module.externaldns --auto-approve
+
+PHONY: install-cluster-issuer
+install-cluster-issuer:
+	@terraform apply -target=module.cluster-issuer  --auto-approve
+
+.PHONY: destroy-cluster
+destroy-cluster:
+	@terraform destroy -target=module.aks --auto-approve
+
+.PHONY: destroy-tools
+destroy-tools: destroy-cluster-issuer destroy-cm-edns
+
+.PHONY: destroy-cm-edns
+destroy-cm-edns:
+	@terraform destroy -target=module.certmanager  -target=module.externaldns --auto-approve
+
+.PHONY: destroy-cluster-issuer
+destroy-cluster-issuer:
+	@terraform destroy -target=module.cluster-issuer  --auto-approve || echo "Could not remove cluster-issuer"
+
+## Output targets
+
+.PHONY: refresh
+refresh:
+	@echo "Refreshing terraform state"
+	@terraform refresh
+	@echo ""
+	@echo "Done!"
+
+.PHONY: output
+output: refresh output-done-msg output-url output-nameservers output-registry output-database output-storage output-issuer
+
+output-done-msg:
+	@echo ""
+	@echo ""
+	@echo "=========================="
+	@echo "🎉🥳🔥🧡🚀"
+	@echo "Your AWS cloud infrastructure is ready to install Gitpod. Please visit"
+	@echo "https://www.gitpod.io/docs/self-hosted/latest/getting-started#step-4-install-gitpod"
+	@echo "for your next steps."
+	@echo "================="
+	@echo "Config Parameters"
+	@echo "================="
+
+output-url:
+	@echo ""
+	@echo "Gitpod domain name:"
+	@echo "================="
+	@terraform output -json url | jq
+
+output-nameservers:
+	@echo ""
+	@echo "Nameservers for the domain(to be added as NS records in your domain provider):"
+	@echo "================="
+	@terraform output -json nameservers | jq
+
+output-storage:
+	@echo ""
+	@echo "Azure Object storage:"
+	@echo "=============="
+	@terraform output -json storage | jq
+
+output-registry:
+	@echo ""
+	@echo "Container registry:"
+	@echo "=================="
+	@terraform output -json registry | jq
+
+output-database:
+	@echo ""
+	@echo "Database:"
+	@echo "========"
+	@terraform output -json database | jq
+
+output-issuer:
+	@echo ""
+	@echo "ClusterIssuer name:"
+	@echo "================="
+	@terraform output -json cluster_issuer | jq
+
+# end