feat: Revamp Cloud (#121)

aneoconsulting · Feb 8, 2024 · eb33756 · eb33756
2 parents 0de11d5 + eba8d9b
commit eb33756
Show file tree

Hide file tree

Showing 155 changed files with 5,064 additions and 1,003 deletions.
diff --git a/.github/workflows/linter-helm.yml b/.github/workflows/linter-helm.yml
@@ -17,21 +17,21 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      
+
       - name: Set up Helm
         uses: azure/setup-helm@v3
         with:
           version: v3.12.1
-      
+
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
           python-version: '3.9'
           check-latest: true
-      
+
       - name: Set up chart-testing
         uses: helm/[email protected]
-      
+
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,36 @@
 
 All notable changes to this project will be documented in this file.
 
-## [main](https://github.com/aneoconsulting/ArmoniK.Infra/tree/main) (2023-08-11)
+## [0.2.2](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.2) (2023-10-19)
+
+Added
+-
+
+* Configure and authorize Artifact Registry service account, Kubernetes service account, Cloud Storage service account and
+  Memorystore for Redis service account to use Cloud KMS key.
+* Add parameters `adapter_class_name` and `adapter_absolute_path` in ActiveMQ module.
+
+## [0.2.1](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.1) (2023-10-09)
+
+Fixed
+-
+
+* Variabilize hostpath in Fluent-bit
+
+## [0.2.2](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.2) (2023-11-17)
+
+Changed
+-
+
+* fix: Optional old GUIs
+
+## [0.2.1](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.1) (2023-09-13)
+
+Changed
+-
+
+* fix: Variabilize fluentbit hostpath
+
 
 ## [0.2.2](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.2) (2023-11-17)
 

diff --git a/container-registry/aws/ecr/examples/README.md b/container-registry/aws/ecr/examples/README.md
@@ -0,0 +1,7 @@
+# Simple AWS ECR
+
+Terraform scripts to create a simple AWS ECR using the [module ecr](..) are defined in folder [simple](simple).
+
+# AWS ECR for AWS EKS
+
+Terraform scripts to create an AWS ECR using the [module ecr](..) are defined in folder [complete](complete).
diff --git a/container-registry/gcp/artifact-registry/README.md b/container-registry/gcp/artifact-registry/README.md
@@ -23,13 +23,15 @@ This module must be used with these constraints:
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_google"></a> [google](#requirement\_google) | >= 4.51.0 |
+| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | >= 4.51.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_google"></a> [google](#provider\_google) | >= 4.51.0 |
+| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | >= 4.51.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
 
 ## Modules
@@ -40,8 +42,10 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [google-beta_google_project_service_identity.kms](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_project_service_identity) | resource |
 | [google_artifact_registry_repository.docker](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/artifact_registry_repository) | resource |
 | [google_artifact_registry_repository_iam_member.artifact_registry_roles](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/artifact_registry_repository_iam_member) | resource |
+| [google_kms_crypto_key_iam_member.kms](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key_iam_member) | resource |
 | [null_resource.copy_images](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
 | [google_project.project](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |

diff --git a/container-registry/gcp/artifact-registry/main.tf b/container-registry/gcp/artifact-registry/main.tf
@@ -1,9 +1,30 @@
 data "google_client_config" "current" {}
+
 data "google_project" "project" {}
 
 locals {
-  labels        = merge(var.labels, { module = "docker-artifact-registry" })
-  docker_images = merge(values({ for key, value in var.docker_images : key => { for element in value : "${key}-${element.image}-${element.tag}" => { name = key, image = element.image, tag = element.tag } } })...)
+  labels = merge(var.labels, { module = "docker-artifact-registry" })
+  docker_images = merge(values({
+    for key, value in var.docker_images : key => {
+      for element in value : "${key}-${element.image}-${element.tag}" => {
+        name = key, image = element.image, tag = element.tag
+      }
+    }
+  })...)
+}
+
+resource "google_project_service_identity" "kms" {
+  count    = can(coalesce(var.kms_key_id)) ? 1 : 0
+  provider = google-beta
+  project  = data.google_client_config.current.project
+  service  = "artifactregistry.googleapis.com"
+}
+
+resource "google_kms_crypto_key_iam_member" "kms" {
+  count         = can(coalesce(var.kms_key_id)) ? 1 : 0
+  crypto_key_id = var.kms_key_id
+  member        = "serviceAccount:${google_project_service_identity.kms[0].email}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 }
 
 resource "null_resource" "copy_images" {
@@ -48,10 +69,19 @@ resource "google_artifact_registry_repository" "docker" {
   docker_config {
     immutable_tags = var.immutable_tags
   }
+  depends_on = [google_kms_crypto_key_iam_member.kms]
 }
 
 resource "google_artifact_registry_repository_iam_member" "artifact_registry_roles" {
-  for_each   = { for role in flatten([for role_key, role in var.iam_roles : [for member in role : { role = role_key, member = member }]]) : "${role.role}.${role.member}" => role }
+  for_each = {
+    for role in flatten([
+      for role_key, role in var.iam_roles : [
+        for member in role : {
+          role = role_key, member = member
+        }
+      ]
+    ]) : "${role.role}.${role.member}" => role
+  }
   project    = data.google_client_config.current.project
   location   = data.google_client_config.current.region
   repository = google_artifact_registry_repository.docker.name

diff --git a/container-registry/gcp/artifact-registry/versions.tf b/container-registry/gcp/artifact-registry/versions.tf
@@ -5,6 +5,10 @@ terraform {
       source  = "hashicorp/google"
       version = ">= 4.51.0"
     }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 4.51.0"
+    }
     null = {
       source  = "hashicorp/null"
       version = ">= 3.2.1"

diff --git a/kubernetes/aws/addons/efs-csi/README.md b/kubernetes/aws/addons/efs-csi/README.md
@@ -0,0 +1,61 @@
+# AWS EFS CSI driver  
+Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file storage so that you can share file data without provisioning or managing storage capacity and performance. The Amazon EFS Container Storage Interface (CSI) driver provides a CSI interface that allows Kubernetes clusters running on AWS to manage the lifecycle of Amazon EFS file systems. This topic shows you how to deploy the Amazon EFS CSI driver to your Amazon EKS cluster.
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.3.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.10.1 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.22.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.3.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.10.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.22.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.efs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [helm_release.efs_csi](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_service_account.efs_csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_csi_driver_image_pull_secrets"></a> [csi\_driver\_image\_pull\_secrets](#input\_csi\_driver\_image\_pull\_secrets) | CSI driver image pull secrets | `string` | n/a | yes |
+| <a name="input_csi_driver_name"></a> [csi\_driver\_name](#input\_csi\_driver\_name) | CSI driver name | `string` | n/a | yes |
+| <a name="input_csi_driver_namespace"></a> [csi\_driver\_namespace](#input\_csi\_driver\_namespace) | CSI driver namespace | `string` | n/a | yes |
+| <a name="input_csi_driver_node_selector"></a> [csi\_driver\_node\_selector](#input\_csi\_driver\_node\_selector) | CSI driver node selector | `any` | n/a | yes |
+| <a name="input_csi_driver_repository"></a> [csi\_driver\_repository](#input\_csi\_driver\_repository) | CSI driver repository | `string` | n/a | yes |
+| <a name="input_csi_driver_version"></a> [csi\_driver\_version](#input\_csi\_driver\_version) | CSI driver version | `string` | n/a | yes |
+| <a name="input_efs_csi_image"></a> [efs\_csi\_image](#input\_efs\_csi\_image) | EFS CSI image | `string` | n/a | yes |
+| <a name="input_efs_csi_tag"></a> [efs\_csi\_tag](#input\_efs\_csi\_tag) | EFS CSI tag | `string` | n/a | yes |
+| <a name="input_external_provisioner_image"></a> [external\_provisioner\_image](#input\_external\_provisioner\_image) | External provisioner image | `string` | n/a | yes |
+| <a name="input_external_provisioner_tag"></a> [external\_provisioner\_tag](#input\_external\_provisioner\_tag) | External provisioner tag | `string` | n/a | yes |
+| <a name="input_livenessprobe_image"></a> [livenessprobe\_image](#input\_livenessprobe\_image) | Livenessprobe image | `string` | n/a | yes |
+| <a name="input_livenessprobe_tag"></a> [livenessprobe\_tag](#input\_livenessprobe\_tag) | Livenessporbe tag | `string` | n/a | yes |
+| <a name="input_node_driver_registrar_image"></a> [node\_driver\_registrar\_image](#input\_node\_driver\_registrar\_image) | Node driver registrar image | `string` | n/a | yes |
+| <a name="input_node_driver_registrar_tag"></a> [node\_driver\_registrar\_tag](#input\_node\_driver\_registrar\_tag) | Node driver registrar tag | `string` | n/a | yes |
+| <a name="input_oidc_arn"></a> [oidc\_arn](#input\_oidc\_arn) | Cluster oidc arn | `string` | n/a | yes |
+| <a name="input_oidc_url"></a> [oidc\_url](#input\_oidc\_url) | Cluster oidc url | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags for EFS CSI driver | `map(string)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_efs_csi_id"></a> [efs\_csi\_id](#output\_efs\_csi\_id) | EFS CSI Id |
+<!-- END_TF_DOCS -->
diff --git a/kubernetes/aws/addons/efs-csi/efs-csi-iam.tf b/kubernetes/aws/addons/efs-csi/efs-csi-iam.tf
@@ -0,0 +1,38 @@
+resource "aws_iam_role" "efs_csi_driver" {
+  name = local.efs_csi_name
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Federated = local.oidc_arn
+        }
+        Action = "sts:AssumeRoleWithWebIdentity"
+        Condition = {
+          StringEquals = {
+            #"${local.oidc_url}:aud" = "sts.amazonaws.com"
+            "${local.oidc_url}:sub" = "system:serviceaccount:${local.efs_csi_namespace}:efs-csi-controller-sa"
+          }
+        }
+      }
+    ]
+  })
+  tags = local.tags
+}
+
+resource "aws_iam_role_policy_attachment" "efs_csi_driver" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy"
+  role       = aws_iam_role.efs_csi_driver.name
+}
+
+resource "kubernetes_service_account" "efs_csi_driver" {
+  metadata {
+    name = "efs-csi-controller-sa"
+    annotations = {
+      "eks.amazonaws.com/role-arn" = aws_iam_role.efs_csi_driver.arn
+    }
+    namespace = local.efs_csi_namespace
+  }
+  depends_on = [aws_iam_role.efs_csi_driver]
+}
diff --git a/kubernetes/aws/addons/efs-csi/examples/README.md b/kubernetes/aws/addons/efs-csi/examples/README.md
@@ -0,0 +1,3 @@
+# Complete AWS EFS CSI driver
+
+Terraform scripts to create a complete AWS EFS CSI driver using the [module efs](..) are defined in folder [complete](complete).
diff --git a/kubernetes/aws/addons/efs-csi/examples/complete/README.md b/kubernetes/aws/addons/efs-csi/examples/complete/README.md
@@ -0,0 +1,66 @@
+# AWS EFS CSI driver
+
+To create a simple AWS VPC:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+To delete all resource:
+
+```bash
+terraform destroy
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.4.0 |
+| <a name="requirement_external"></a> [external](#requirement\_external) | ~> 2.3.1 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.10.1 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.22.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.4.0 |
+| <a name="provider_external"></a> [external](#provider\_external) | ~> 2.3.1 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_efs_csi"></a> [efs\_csi](#module\_efs\_csi) | ../../../efs-csi | n/a |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.timestamp](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+| [external_external.static_timestamp](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_profile"></a> [aws\_profile](#input\_aws\_profile) | Profile of AWS credentials to deploy Terraform sources | `string` | `"default"` | no |
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region where the infrastructure will be deployed | `string` | `"eu-west-3"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_efs_csi_id"></a> [efs\_csi\_id](#output\_efs\_csi\_id) | EFS CSI Id |
+<!-- END_TF_DOCS -->
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Complete AWS EFS CSI driver

		Terraform scripts to create a complete AWS EFS CSI driver using the [module efs](..) are defined in folder [complete](complete).