-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(example): devops-stack on scaleway
chore(scaleway): first example
- Loading branch information
Showing
9 changed files
with
504 additions
and
174 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
## Introduction | ||
The terraform project will instanciated a devops-stack on Scaleway. | ||
|
||
## Installation | ||
|
||
Add your credentials to launch the project. At least the following environement variables are required: `SCW_ACCESS_KEY,SCW_ACCESS_KEY,SCW_DEFAULT_ORGANIZATION_ID,SCW_DEFAULT_PROJECT_ID,SCW_DEFAULT_PROJECT_ID`. | ||
|
||
We also use an environement variable for the variable PROJECT\_ID called `TF_VAR_PROJECT_ID` | ||
|
||
Configure the stack by modifying `inputs.tfvars` (e.g: cluster\_name) and launch the terraform apply with: | ||
|
||
If you want to create a Kapsule cluster, you will have to use the scaleway provider in version 2.33.0. | ||
|
||
If you modify the base\_domain, be sure to add a new star record that points to the load balancer ip address created by the stack in your domain. | ||
|
||
```bash | ||
terraform init | ||
terraform apply -var-file inputs.tfvars | ||
``` | ||
|
||
## Usage | ||
Get the kubeconfig file and the domain name with the following commands: | ||
|
||
```bash | ||
terraform output -raw kubeconfig_file > kubeconfig.json | ||
terraform output base_domain | ||
``` | ||
|
||
Your application are available at the following address: $APP\_NAME.apps.$CLUSTER\_NAME.$BASE\_DOMAIN. | ||
e.g: prometheus.apps.devops-stack.51-51-52-52.np.io | ||
|
||
For authentication on oidc, users and password are available in the output: | ||
```bash | ||
terraform output passwords | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# ################################################### | ||
# Input for module which creates the scaleway cluster | ||
# ################################################### | ||
cluster_name = "devops-stack" | ||
cluster_description = "Devops-stack on cloud provider scaleway" | ||
cluster_tags = ["demo", "dev", "devops-stack", "test", ] | ||
cluster_type = "multicloud" | ||
kubernetes_version = "1.29.1" | ||
admission_plugins = ["PodNodeSelector", ] | ||
node_pools = { | ||
config1 = { | ||
node_type = "DEV1-L" | ||
size = 2 | ||
min_size = 2 | ||
max_size = 2 | ||
autoscaling = true | ||
autohealing = true | ||
container_runtime = "containerd" | ||
wait_for_pool_ready = true | ||
} | ||
} | ||
|
||
# ######################### | ||
# Additional cluster config | ||
# ######################### | ||
base_domain = "gs-fr-dev.camptocamp.com" | ||
lb_name = "devops-stack" | ||
zone = "fr-par-1" | ||
lb_type = "LB-S" | ||
|
||
# Ingress | ||
ingress_enable_service_monitor = false | ||
|
||
# Keycloak | ||
cluster_issuer = "ca-issuer" | ||
|
||
# Cert-manager | ||
cert_manager_enable_service_monitor = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
data "scaleway_account_project" "devops_stack" { | ||
project_id = var.project_id | ||
} | ||
|
||
resource "scaleway_object_bucket" "loki" { | ||
name = "devops-stack-loki-logs" | ||
tags = { | ||
line = "devops-stack" | ||
platform = "scw-devops-stack-example" | ||
} | ||
} | ||
|
||
resource "scaleway_iam_application" "loki" { | ||
name = "devops-stack-example-loki" | ||
description = "Loki access to S3 buckets from Devops Stack example" | ||
} | ||
|
||
resource "scaleway_iam_policy" "loki" { | ||
name = "devops-stack-example-loki" | ||
description = "Loki access to S3 buckets from Devops Stack example" | ||
application_id = scaleway_iam_application.loki.id | ||
|
||
rule { | ||
project_ids = [data.scaleway_account_project.devops_stack.id] | ||
permission_set_names = [ | ||
"ObjectStorageObjectsDelete", | ||
"ObjectStorageObjectsRead", | ||
"ObjectStorageObjectsWrite", | ||
"ObjectStorageBucketsRead", | ||
] | ||
} | ||
} | ||
|
||
resource "scaleway_iam_api_key" "loki" { | ||
application_id = scaleway_iam_application.loki.id | ||
description = "Loki credentials for Devops Stack example" | ||
default_project_id = data.scaleway_account_project.devops_stack.id | ||
} | ||
|
||
locals { | ||
loki_common_settings = { | ||
extraEnv = [ | ||
{ | ||
name = "AWS_ACCESS_KEY_ID" | ||
valueFrom = { | ||
secretKeyRef = { | ||
name = kubernetes_secret.credentials_loki_s3.metadata.0.name | ||
key = "AWS_ACCESS_KEY_ID" | ||
} | ||
} | ||
}, | ||
{ | ||
name = "AWS_SECRET_ACCESS_KEY" | ||
valueFrom = { | ||
secretKeyRef = { | ||
name = kubernetes_secret.credentials_loki_s3.metadata.0.name | ||
key = "AWS_SECRET_ACCESS_KEY" | ||
} | ||
} | ||
}, | ||
] | ||
} | ||
} | ||
|
||
module "loki" { | ||
source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git?ref=v8.1.0" | ||
|
||
app_autosync = {} | ||
|
||
retention = "9000h" | ||
ingress = { | ||
hosts = ["loki.apps.${var.cluster_name}.${var.base_domain}"] | ||
cluster_issuer = var.cluster_issuer | ||
} | ||
|
||
helm_values = [{ | ||
loki-distributed = { | ||
loki = merge({ | ||
structuredConfig = { | ||
auth_enabled = false | ||
compactor = { | ||
retention_delete_delay = "1h" | ||
retention_enabled = false | ||
} | ||
ingester = { | ||
lifecycler = { | ||
ring = { | ||
replication_factor = 1 | ||
} | ||
} | ||
} | ||
} | ||
schemaConfig = { | ||
configs = [ | ||
{ | ||
from = "2023-04-28", | ||
store = "boltdb-shipper" | ||
object_store = "s3" | ||
schema = "v11" | ||
index = { | ||
prefix = "index_" | ||
period = "24h" | ||
} | ||
} | ||
] | ||
} | ||
storageConfig = { | ||
aws = { | ||
bucketnames = scaleway_object_bucket.loki.id | ||
endpoint = scaleway_object_bucket.loki.endpoint | ||
s3forcepathstyle = true | ||
#region = "fr-par" | ||
sse_encryption = false | ||
signature_version = "v2" | ||
} | ||
boltdb_shipper = { | ||
shared_store = "s3" | ||
cache_ttl = "24h" | ||
} | ||
} | ||
}, local.loki_common_settings) | ||
indexGateway = local.loki_common_settings | ||
ingester = merge({ replicas = 1 }, local.loki_common_settings) | ||
compactor = local.loki_common_settings | ||
queryFrontend = local.loki_common_settings | ||
querier = local.loki_common_settings | ||
distributor = local.loki_common_settings | ||
} | ||
promtail = { | ||
updateStrategy = { | ||
type = "RollingUpdate" | ||
rollingUpdate = { | ||
maxUnavailable = 3 | ||
} | ||
} | ||
config = { | ||
clients = [ | ||
{ | ||
url = "http://loki-distributor:3100/loki/api/v1/push" | ||
#tenant_id = 1 | ||
} | ||
] | ||
} | ||
} | ||
}] | ||
} | ||
|
||
resource "kubernetes_secret" "credentials_loki_s3" { | ||
metadata { | ||
namespace = "loki-stack" | ||
name = "credentials-loki-s3" | ||
} | ||
|
||
data = { | ||
AWS_ACCESS_KEY_ID = scaleway_iam_api_key.loki.access_key | ||
AWS_SECRET_ACCESS_KEY = scaleway_iam_api_key.loki.secret_key | ||
} | ||
|
||
} |
Oops, something went wrong.