├── .gitignore ├── README.md ├── argo-apps └── palestra │ ├── cluster-autoscaler │ ├── Chart.yaml │ └── values.yaml │ └── grafana │ ├── Chart.yaml │ └── values.yaml ├── gaia ├── docker-compose.yaml └── nginx.conf ├── modules └── complete │ ├── default.auto.tfvars │ ├── main.tf │ ├── templates │ └── applicationset.yaml.tpl │ └── variables.tf └── pre-talk └── vpc └── main.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | .terraform* 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Include override files you do wish to add to version control using negated pattern 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | 32 | # Ignore CLI configuration files 33 | .terraformrc 34 | terraform.rc 35 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### Platform Engineer Summit @2023 2 | 3 | Bem-vindos! 4 | Esse código é o que foi utilizado para subir os recursos utilizados no show&tell da palestra "Terraform + ArgoCD: sua nova vending-machine de clusters" 5 | 6 | Na pasta `./gaia`, vocês encontrarão o docker-compose para subir o Gaia, plataforma de UI para Terraform modules (e lojinha de cluster!) 7 | 8 | Na pasta `./modules`, vocês encontrarão os módulos simplificados para uso do EKS + ArgoCD 9 | 10 | #VAAAAAAI -------------------------------------------------------------------------------- /argo-apps/palestra/cluster-autoscaler/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-autoscaler 3 | description: Cluster Autoscaler chart 4 | 5 | type: application 6 | version: 0.1.0 7 | appVersion: "1.0" 8 | 9 | dependencies: 10 | - name: cluster-autoscaler 11 | version: 9.28.0 12 | repository: https://kubernetes.github.io/autoscaler -------------------------------------------------------------------------------- /argo-apps/palestra/cluster-autoscaler/values.yaml: -------------------------------------------------------------------------------- 1 | cluster-autoscaler: 2 | # Add any values needed for cluster-autoscaler here 3 | autoDiscovery: 4 | clusterName: my-kubernetes-cluster 5 | extraArgs: 6 | skip-nodes-with-local-storage: "false" 7 | rbac: 8 | create: true 9 | serviceAccount: 10 | create: true 11 | service: 12 | type: ClusterIP -------------------------------------------------------------------------------- /argo-apps/palestra/grafana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: Grafana 3 | description: Grafana chart 4 | 5 | type: application 6 | version: 0.1.0 7 | appVersion: "1.0" 8 | 9 | dependencies: 10 | - name: grafana 11 | version: 6.55.1 12 | repository: https://grafana.github.io/helm-charts -------------------------------------------------------------------------------- /argo-apps/palestra/grafana/values.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | # Add any values needed for Grafana here 3 | adminPassword: my-strong-password 4 | persistence: 5 | enabled: false 6 | service: 7 | type: ClusterIP -------------------------------------------------------------------------------- /gaia/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.9" 2 | services: 3 | gaia: 4 | image: "gaiaapp/gaia" 5 | ports: 6 | - "8080:8080" 7 | environment: 8 | - "GAIA_MONGODB_URI=mongodb://mongo/gaia" 9 | - "GAIA_RUNNER_API_PASSWORD=123456" 10 | - "GAIA_EXTERNAL_URL=http://gaia:8080" 11 | runner: 12 | image: "gaiaapp/runner" 13 | environment: 14 | - "GAIA_URL=http://gaia:8080" 15 | - "GAIA_RUNNER_API_PASSWORD=123456" 16 | volumes: 17 | - "/var/run/docker.sock:/var/run/docker.sock" 18 | mongo: 19 | image: "mongo:4.4.6" 20 | 21 | -------------------------------------------------------------------------------- /gaia/nginx.conf: -------------------------------------------------------------------------------- 1 | location /dashboard { 2 | rewrite ^/dashboard(.*)$ /$1 break; 3 | proxy_pass http://38.45.64.235:8080; 4 | proxy_set_header Host $host; 5 | proxy_set_header X-Real-IP $remote_addr; 6 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 7 | } 8 | location /login { 9 | rewrite ^/login(.*)$ /$1 break; 10 | proxy_pass http://38.45.64.235:8080; 11 | proxy_set_header Host $host; 12 | proxy_set_header X-Real-IP $remote_addr; 13 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 14 | } 15 | location ~ /modules* { 16 | rewrite ^/modules* /$1 break; 17 | proxy_pass http://38.45.64.235:8080; 18 | proxy_set_header Host $host; 19 | proxy_set_header X-Real-IP $remote_addr; 20 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 | } 22 | location ~ /stacks* { 23 | rewrite ^/stacks* /$1 break; 24 | proxy_pass http://38.45.64.235:8080; 25 | proxy_set_header Host $host; 26 | proxy_set_header X-Real-IP $remote_addr; 27 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 28 | } 29 | 30 | location /api/state/ { 31 | rewrite ^/api/state/(.*)$ /$1 break; 32 | proxy_pass http://38.45.64.235:8080; 33 | proxy_set_header Host $host; 34 | proxy_set_header X-Real-IP $remote_addr; 35 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 36 | } 37 | 38 | location ~ /api/state/* { 39 | rewrite /api/state/* /$1 break; 40 | proxy_pass http://38.45.64.235:8080/api/state/$1; 41 | proxy_set_header Host $host; 42 | proxy_set_header X-Real-IP $remote_addr; 43 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 | } 45 | -------------------------------------------------------------------------------- /modules/complete/default.auto.tfvars: -------------------------------------------------------------------------------- 1 | cluster_name = "pes2023" 2 | cluster_version = "1.23" 3 | subnet_ids = ["subnet-09d6f25e0e3f58678", "subnet-018974e77cbc01007", "subnet-061f4651d7a7978f2"] 4 | vpc_id = "vpc-09f96bf1728e3af5f" 5 | app_name = "pes2023" 6 | app_repo_url = "https://github.com/bernardolsp/pes2023.git" 7 | app_repo_path = "argo-apps/palestra/*" 8 | path_app_name = "{{path.basename}}" 9 | path_app = "{{path}}" -------------------------------------------------------------------------------- /modules/complete/main.tf: -------------------------------------------------------------------------------- 1 | ## Usando módulo do Terraform Registry 2 | ## https://github.com/terraform-aws-modules/terraform-aws-eks/ 3 | 4 | terraform { 5 | required_version = ">= 0.13" 6 | required_providers { 7 | aws = ">= 2.0" 8 | helm = ">= 2.0" 9 | kubectl = { 10 | source = "gavinbunney/kubectl" 11 | version = ">= 1.7.0" 12 | } 13 | } 14 | } 15 | 16 | data "aws_eks_cluster_auth" "this" { 17 | name = module.eks.cluster_id 18 | } 19 | 20 | 21 | provider "aws" { 22 | region = "us-east-1" 23 | } 24 | 25 | provider "helm" { 26 | kubernetes { 27 | host = module.eks.cluster_endpoint 28 | cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) 29 | token = data.aws_eks_cluster_auth.this.token 30 | } 31 | } 32 | provider "kubectl" { 33 | host = module.eks.cluster_endpoint 34 | cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) 35 | token = data.aws_eks_cluster_auth.this.token 36 | } 37 | 38 | module "eks" { 39 | source = "terraform-aws-modules/eks/aws" 40 | version = "19.13.1" 41 | cluster_name = var.cluster_name 42 | cluster_version = var.cluster_version 43 | cluster_endpoint_public_access = true 44 | subnet_ids = var.subnet_ids 45 | vpc_id = var.vpc_id 46 | cluster_endpoint_private_access = false 47 | eks_managed_node_group_defaults = { 48 | instance_types = ["t3a.medium", "t3a.large"] 49 | } 50 | eks_managed_node_groups = { 51 | default = { 52 | desired_capacity = 2 53 | max_capacity = 3 54 | min_capacity = 1 55 | } 56 | } 57 | } 58 | 59 | ## Deploying Argo in Helm release 60 | 61 | resource "helm_release" "argo" { 62 | name = "argo" 63 | repository = "https://argoproj.github.io/argo-helm" 64 | chart = "argo-cd" 65 | namespace = "argocd" 66 | timeout = 600 67 | create_namespace = true 68 | lifecycle { 69 | ignore_changes = [ 70 | namespace 71 | ] 72 | } 73 | } 74 | 75 | resource "kubectl_manifest" "applicationset" { 76 | yaml_body = templatefile("${path.module}/templates/applicationset.yaml.tpl", { 77 | app_name = var.app_name 78 | app_repo_url = var.app_repo_url 79 | app_repo_path = var.app_repo_path 80 | path_app_name = var.path_app_name 81 | path_app = var.path_app 82 | }) 83 | depends_on = [ 84 | helm_release.argo 85 | ] 86 | } -------------------------------------------------------------------------------- /modules/complete/templates/applicationset.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ApplicationSet 3 | metadata: 4 | name: ${app_name} 5 | namespace: argocd 6 | spec: 7 | generators: 8 | - git: 9 | repoURL: ${app_repo_url} 10 | revision: HEAD 11 | directories: 12 | - path: ${app_repo_path} 13 | template: 14 | metadata: 15 | name: ${path_app_name} 16 | namespace: argocd 17 | spec: 18 | project: default 19 | source: 20 | repoURL: ${app_repo_url} 21 | targetRevision: HEAD 22 | path: ${path_app} 23 | destination: 24 | server: https://kubernetes.default.svc 25 | namespace: ${path_app_name} 26 | syncPolicy: 27 | automated: {} 28 | syncOptions: 29 | - CreateNamespace=true -------------------------------------------------------------------------------- /modules/complete/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | description = "Name of the EKS cluster to be created" 3 | } 4 | 5 | variable "cluster_version" { 6 | description = "Kubernetes version for the EKS cluster" 7 | } 8 | 9 | variable "subnet_ids" { 10 | description = "List of subnet IDs where the EKS cluster will be deployed" 11 | } 12 | 13 | variable "vpc_id" { 14 | description = "ID of the VPC where the EKS cluster will be deployed" 15 | } 16 | 17 | variable "app_name" { 18 | description = "Name of the application to be deployed" 19 | } 20 | 21 | variable "app_repo_url" { 22 | description = "URL of the Git repository where the application code is hosted" 23 | } 24 | 25 | variable "app_repo_path" { 26 | description = "Path within the Git repository where the application code is located" 27 | } 28 | 29 | variable "path_app_name" { 30 | description = "Name of the application within the Kubernetes manifest" 31 | } 32 | 33 | variable "path_app" { 34 | description = "Path to the Kubernetes manifest that deploys the application" 35 | } 36 | -------------------------------------------------------------------------------- /pre-talk/vpc/main.tf: -------------------------------------------------------------------------------- 1 | module "vpc" { 2 | source = "terraform-aws-modules/vpc/aws" 3 | 4 | name = "platformEngineeringVPC" 5 | cidr = "10.0.0.0/16" 6 | 7 | azs = ["us-east-1a", "us-east-1b", "us-east-1c"] 8 | private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 9 | public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 10 | map_public_ip_on_launch = true 11 | enable_nat_gateway = true 12 | enable_vpn_gateway = false 13 | single_nat_gateway = true 14 | 15 | tags = { 16 | Terraform = "true" 17 | Environment = "dev" 18 | } 19 | } --------------------------------------------------------------------------------