├── .gitignore ├── DEVELOPER.md ├── LICENSE ├── Makefile ├── README.md ├── aws ├── README.md ├── env │ ├── README.md │ ├── dev.tf │ ├── output.tf │ ├── variables.tf │ └── version.tf ├── modules │ ├── eks │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── iam │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── s3 │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── vpc │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf └── scripts │ ├── README.md │ ├── apply.sh │ ├── aws-auth-cm.yaml │ ├── common.sh │ ├── delete_bucket.py │ ├── destroy.sh │ ├── iam_policy.json │ ├── init.sh │ ├── make_bucket.py │ ├── manifest.yaml │ ├── oicd_policy.json │ ├── plan.sh │ └── policy_document.json ├── azure ├── README.md ├── env │ ├── .terraform.lock.hcl │ ├── README.md │ ├── backend.tf │ ├── dev.tf │ ├── outputs.tf │ ├── variables.tf │ └── version.tf ├── modules │ ├── aks │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── iam │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── storage │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── vnet │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf └── scripts │ ├── README.md │ ├── apply.sh │ ├── common.sh │ ├── create_storage_account.py │ ├── delete_storage_account.py │ ├── destroy.sh │ ├── init.sh │ ├── k8ssandra.yaml │ └── plan.sh ├── gcp ├── README.md ├── env │ ├── README.md │ ├── dev.tf │ ├── outputs.tf │ ├── variables.tf │ └── version.tf ├── modules │ ├── gcs │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── gke │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── iam │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variable.tf │ └── vpc │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf └── scripts │ ├── README.md │ ├── apply.sh │ ├── common.sh │ ├── delete_bucket.py │ ├── destroy.sh │ ├── enable.sh │ ├── ingress.yaml │ ├── init.sh │ ├── k8ssandra.yaml │ ├── make_bucket.py │ ├── nodeport.yaml │ └── plan.sh ├── tanzu └── README.md └── test ├── README.md ├── grafana-ingress.yml ├── ingress.yml ├── kube-pods.py ├── lint.sh ├── nodeport.yaml └── reaper-ingress.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | *.terraform.lock.hcl 8 | 9 | # Crash log files 10 | crash.log 11 | 12 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 13 | # .tfvars files are managed as part of configuration and so should be included in 14 | # version control. 15 | # 16 | # example.tfvars 17 | 18 | # Ignore override files as they are usually used to override resources locally and so 19 | # are not checked in 20 | override.tf 21 | override.tf.json 22 | *_override.tf 23 | *_override.tf.json 24 | 25 | # Include override files you do wish to add to version control using negated pattern 26 | # 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | -------------------------------------------------------------------------------- /DEVELOPER.md: -------------------------------------------------------------------------------- 1 | ## Standards 2 | 3 | Terraform resource naming style Guide to follow 4 | https://github.com/jonbrouse/terraform-style-guide/blob/master/README.md#resource-naming 5 | 6 | Linting and Verifications standards to be checked with the following commands depending on the file type: 7 | 8 | ### Terraform 9 | ``` 10 | terraform fmt -check [-recursive] 11 | terraform validate 12 | tfsec 13 | ``` 14 | 15 | ### BASH (.sh files) 16 | ``` 17 | shellcheck [.sh files] 18 | ``` 19 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Datastax LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Make will use bash instead of sh 16 | # Export the required environment variables before using the make command. 17 | SHELL := /usr/bin/env bash 18 | ROOT := ${CURDIR} 19 | provider := ${} 20 | 21 | .PHONY: help 22 | help: 23 | @echo 'Usage:' 24 | @echo ' make init "provider=" Initialize and configure Terraform Backend.' 25 | @echo ' make plan "provider=" Plan all Terraform resources.' 26 | @echo ' make apply "provider=" Create or update Terraform resources.' 27 | @echo ' make destroy "provider=" Destroy all Terraform resources.' 28 | @echo ' make lint Check syntax of all scripts.' 29 | @echo ' make getpods Get running pods IPs and Namespaces run this command after apply' 30 | @echo 31 | 32 | # Before you run this command please export the required variables. 33 | # Initialize the environment variables 34 | .PHONY: init 35 | init: 36 | bash $(ROOT)/$(provider)/scripts/init.sh 37 | 38 | # Plan the Terraform resources 39 | .PHONY: plan 40 | plan: 41 | bash $(ROOT)/$(provider)/scripts/plan.sh 42 | 43 | # Apply the Terraform resources 44 | .PHONY: apply 45 | apply: 46 | bash $(ROOT)/$(provider)/scripts/apply.sh 47 | 48 | # Destroy the terraform resources 49 | .PHONY: destroy 50 | destroy: 51 | bash $(ROOT)/$(provider)/scripts/destroy.sh 52 | 53 | # Get pods details of the running cluster. 54 | .PHONY: getpods 55 | getpods: 56 | python3 ${ROOT}/test/kube-pods.py 57 | 58 | .PHONY: lint 59 | lint: check_shell check_terraform check_shebangs check_trailing_whitespace 60 | 61 | # Shell check 62 | .PHONY: check_shell 63 | check_shell: 64 | source ${ROOT}/test/lint.sh && check_shell 65 | 66 | # Terraform check 67 | .PHONY: check_terraform 68 | check_terraform: 69 | source ${ROOT}/test/lint.sh && check_terraform 70 | 71 | # Shebangs check 72 | .PHONY: check_shebangs 73 | check_shebangs: 74 | source ${ROOT}/test/lint.sh && check_bash 75 | 76 | # Check trailing whitespace 77 | .PHONY: check_trailing_whitespace 78 | check_trailing_whitespace: 79 | source ${ROOT}/test/lint.sh && check_trailing_whitespace 80 | -------------------------------------------------------------------------------- /aws/env/dev.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create Virtual Private Cloud 16 | module "vpc" { 17 | source = "../modules/vpc" 18 | name = local.name_prefix 19 | environment = var.environment 20 | region = var.region 21 | public_cidr_block = var.public_cidr_block 22 | private_cidr_block = var.private_cidr_block 23 | tags = local.tags 24 | } 25 | 26 | # Create Elastic Kubernetes Service 27 | module "eks" { 28 | source = "../modules/eks" 29 | name = local.name_prefix 30 | region = var.region 31 | environment = var.environment 32 | instance_type = var.instance_type 33 | desired_capacity = var.desired_capacity 34 | max_size = var.max_size 35 | min_size = var.min_size 36 | role_arn = module.iam.role_arn 37 | worker_role_arn = module.iam.worker_role_arn 38 | subnet_ids = module.vpc.aws_subnet_private_ids 39 | security_group_id = module.vpc.security_group_id 40 | public_subnets = module.vpc.aws_subnet_public_ids 41 | instance_profile_name = module.iam.iam_instance_profile 42 | tags = local.tags 43 | } 44 | 45 | # Create Identity Access Management 46 | module "iam" { 47 | source = "../modules/iam" 48 | name = local.name_prefix 49 | region = var.region 50 | environment = var.environment 51 | tags = local.tags 52 | bucket_id = module.s3.bucket_id 53 | } 54 | 55 | # Create S3 bucket 56 | module "s3" { 57 | source = "../modules/s3" 58 | name = local.name_prefix 59 | environment = var.environment 60 | tags = local.tags 61 | } 62 | -------------------------------------------------------------------------------- /aws/env/output.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # eks module output attributes 16 | #------------------------------ 17 | output "cluster_name" { 18 | description = "Name of the EKS cluster" 19 | value = module.eks.cluster_name 20 | } 21 | 22 | # Version of the EKS cluster 23 | output "cluster_version" { 24 | description = "Version of the EKS cluster" 25 | value = module.eks.cluster_version 26 | } 27 | 28 | # The endpoint for your EKS Kubernetes API 29 | output "cluster_Endpoint" { 30 | description = "The endpoint for your EKS Kubernetes API" 31 | value = module.eks.cluster_Endpoint 32 | } 33 | 34 | # s3 module output attributes 35 | #----------------------------- 36 | # AWS s3 bucket id 37 | output "bucket_id" { 38 | description = "Bucket Name (aka ID)" 39 | value = module.s3.bucket_id 40 | } 41 | 42 | # Connect AWS cluster 43 | output "connect_cluster" { 44 | description = "Configuring EKS cluster access for kubectl" 45 | value = format("aws eks --region %s update-kubeconfig --name %s", var.region, module.eks.cluster_name) 46 | } 47 | -------------------------------------------------------------------------------- /aws/env/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Variables to pass into the aws terraform modules. 16 | variable "name" { 17 | description = "Name is the prefix to use for resources that needs to be created." 18 | type = string 19 | } 20 | 21 | variable "environment" { 22 | description = "Name of the environment where infrastructure is being built." 23 | type = string 24 | } 25 | 26 | variable "resource_owner" { 27 | description = "The name of the Account Owner" 28 | type = string 29 | } 30 | 31 | variable "region" { 32 | description = "The AWS region where terraform build resources." 33 | type = string 34 | default = "us-east-1" 35 | } 36 | 37 | variable "instance_type" { 38 | description = "Type of instance to be used for the Kubernetes cluster." 39 | type = string 40 | default = "r5d.2xlarge" 41 | } 42 | 43 | variable "desired_capacity" { 44 | description = "Desired capacity for the autoscaling Group." 45 | type = number 46 | default = 3 47 | } 48 | 49 | variable "max_size" { 50 | description = "Maximum number of the instances in autoscaling group" 51 | type = number 52 | default = 5 53 | } 54 | 55 | variable "min_size" { 56 | description = "Minimum number of the instances in autoscaling group" 57 | type = number 58 | default = 3 59 | } 60 | 61 | # Expose Subnet Ssettings 62 | variable "public_cidr_block" { 63 | description = "List of public subnet cidr blocks" 64 | type = list(string) 65 | default = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 66 | } 67 | 68 | variable "private_cidr_block" { 69 | description = "List of private subnet cidr blocks" 70 | type = list(string) 71 | default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 72 | } 73 | 74 | locals { 75 | # Name prefix will be used infront of every resource name. 76 | name_prefix = format("%s-%s", var.environment, var.name) 77 | 78 | # Common Tags to attach all the resources. 79 | tags = { 80 | "Environment" = var.environment 81 | "resource-name" = var.name 82 | "resource-owner" = var.resource_owner 83 | "project-id" = format("%s", data.aws_caller_identity.current.id) 84 | } 85 | } 86 | 87 | data "aws_caller_identity" "current" {} 88 | -------------------------------------------------------------------------------- /aws/env/version.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Terraform and AWS cloud providers 16 | terraform { 17 | required_version = ">= 0.12" 18 | 19 | required_providers { 20 | aws = { 21 | source = "hashicorp/aws" 22 | version = "~> 3.0" 23 | } 24 | } 25 | } 26 | 27 | provider "aws" { 28 | region = var.region 29 | } 30 | -------------------------------------------------------------------------------- /aws/modules/eks/README.md: -------------------------------------------------------------------------------- 1 | # Terraform AWS EKS module 2 | 3 | This is a Dynamic module in terraform to create EKS cluster. This module will be called from [`../env/dev.tf`](../env/dev.tf) modules file, by using this reusable module we will be able to create EKS cluster and Cluster Node Pool. 4 | 5 | * main.tf : contains all the resources which will be created with `terraform apply` command. 6 | * variables.tf : contains all the variables required to create the resources. 7 | * outputs.tf : prints output attributes of the resources. 8 | 9 | ## Requirements 10 | 11 | No requirements. 12 | 13 | ## Providers 14 | 15 | | Name | Version | 16 | |------|---------| 17 | | [aws](#provider\_aws) | n/a | 18 | 19 | ## Modules 20 | 21 | No modules. 22 | 23 | ## Resources 24 | 25 | | Name | Type | 26 | |------|------| 27 | | [aws_eks_cluster.eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource | 28 | | [aws_eks_node_group.eks_node_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource | 29 | 30 | ## Inputs 31 | 32 | | Name | Description | Type | Default | Required | 33 | |------|-------------|------|---------|:--------:| 34 | | [cluster\_version](#input\_cluster\_version) | Version of the EKS cluster. | `string` | `"1.19"` | no | 35 | | [desired\_capacity](#input\_desired\_capacity) | Desired capacity for the auto scaling Group. | `number` | `"3"` | no | 36 | | [environment](#input\_environment) | Name of the environment where infrastructure is being built. | `string` | n/a | yes | 37 | | [instance\_profile\_name](#input\_instance\_profile\_name) | Instance profile name to attach aws launch configuration. | `string` | n/a | yes | 38 | | [instance\_type](#input\_instance\_type) | Type of instance to be used for the Kubernetes cluster. | `string` | n/a | yes | 39 | | [max\_size](#input\_max\_size) | Maximum number of the instances in autoscaling group | `number` | `"5"` | no | 40 | | [min\_size](#input\_min\_size) | Minimum number of the instances in autoscaling group | `number` | `"3"` | no | 41 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 42 | | [public\_subnets](#input\_public\_subnets) | List of public subnets to create the resources. | `any` | n/a | yes | 43 | | [region](#input\_region) | The AWS region where terraform builds resources. | `string` | n/a | yes | 44 | | [role\_arn](#input\_role\_arn) | IAM role ARN to attach the EKS cluster. | `string` | n/a | yes | 45 | | [security\_group\_id](#input\_security\_group\_id) | Security group id to configure EKS cluster. | `string` | n/a | yes | 46 | | [subnet\_ids](#input\_subnet\_ids) | Subnet id to attach the EKS cluster. | `any` | n/a | yes | 47 | | [tags](#input\_tags) | Common tags to attach all the resources create in this project. | `map(string)` | n/a | yes | 48 | | [worker\_role\_arn](#input\_worker\_role\_arn) | IAM worker role ARN to attach the EKS cluster. | `string` | n/a | yes | 49 | 50 | ## Outputs 51 | 52 | | Name | Description | 53 | |------|-------------| 54 | | [cluster\_name](#output\_cluster\_name) | Output attributes of the EKS cluster. | 55 | -------------------------------------------------------------------------------- /aws/modules/eks/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Elastic kubernetes Service Cluster configuration 16 | resource "aws_eks_cluster" "eks_cluster" { 17 | name = format("%s-eks-cluster", var.name) 18 | role_arn = var.role_arn 19 | version = var.cluster_version 20 | vpc_config { 21 | security_group_ids = [var.security_group_id] // from the vpc module 22 | subnet_ids = var.subnet_ids // from the vpc module 23 | } 24 | 25 | tags = var.tags 26 | 27 | provisioner "local-exec" { 28 | command = format("aws eks --region %s update-kubeconfig --name %s", var.region, aws_eks_cluster.eks_cluster.name) 29 | } 30 | 31 | } 32 | 33 | # AWS EKS node group configuration. 34 | resource "aws_eks_node_group" "eks_node_group" { 35 | cluster_name = aws_eks_cluster.eks_cluster.name 36 | node_group_name = format("%s-node-group", var.name) 37 | node_role_arn = var.worker_role_arn 38 | subnet_ids = var.subnet_ids 39 | instance_types = [var.instance_type] 40 | 41 | scaling_config { 42 | desired_size = var.desired_capacity 43 | max_size = var.max_size 44 | min_size = var.min_size 45 | } 46 | depends_on = [ 47 | aws_eks_cluster.eks_cluster 48 | ] 49 | 50 | tags = merge(var.tags, { 51 | "Name" = format("%s-node-group", var.name) 52 | format("kubernetes.io/cluster/%s-eks-cluster", var.name) = "owned" 53 | } 54 | ) 55 | 56 | labels = { 57 | "key" = format("%s", aws_eks_cluster.eks_cluster.name) 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /aws/modules/eks/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attributes of the eks cluster. 16 | # Name of the EKS cluster 17 | output "cluster_name" { 18 | description = "Name of the EKS cluster" 19 | value = aws_eks_cluster.eks_cluster.id 20 | } 21 | 22 | # Version of the EKS cluster 23 | output "cluster_version" { 24 | description = "Version of the EKS cluster" 25 | value = aws_eks_cluster.eks_cluster.version 26 | } 27 | 28 | # The endpoint for your EKS Kubernetes API 29 | output "cluster_Endpoint" { 30 | description = "The endpoint for your EKS Kubernetes API" 31 | value = aws_eks_cluster.eks_cluster.endpoint 32 | } 33 | -------------------------------------------------------------------------------- /aws/modules/eks/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure is being built." 22 | type = string 23 | } 24 | 25 | variable "role_arn" { 26 | description = "IAM role arn to attach the EKS cluster." 27 | type = string 28 | } 29 | 30 | variable "worker_role_arn" { 31 | description = "IAM worker role arn to attach the EKS cluster." 32 | type = string 33 | } 34 | 35 | variable "region" { 36 | description = "The AWS regionwhere terraform builds resources." 37 | type = string 38 | } 39 | 40 | variable "subnet_ids" { 41 | description = "Subnet id to attach the EKS cluster." 42 | } 43 | 44 | variable "security_group_id" { 45 | description = "Security group id to configure EKS cluster." 46 | type = string 47 | } 48 | 49 | variable "public_subnets" { 50 | description = "List of public subnets to create the resources." 51 | } 52 | 53 | variable "tags" { 54 | description = "Common tags to attach all the resources create in this project." 55 | type = map(string) 56 | } 57 | 58 | variable "instance_profile_name" { 59 | description = "Instance profile name to attach aws launch configuration." 60 | type = string 61 | } 62 | 63 | variable "cluster_version" { 64 | description = "Version of the EKS cluster." 65 | type = string 66 | default = "1.20" 67 | } 68 | 69 | variable "instance_type" { 70 | description = "Type of instance to be used for the Kubernetes cluster." 71 | type = string 72 | } 73 | 74 | variable "desired_capacity" { 75 | description = "Desired capacity for the autoscaling Group." 76 | type = number 77 | } 78 | 79 | variable "max_size" { 80 | description = "Maximum number of the instances in autoscaling group" 81 | type = number 82 | } 83 | 84 | variable "min_size" { 85 | description = "Minimum number of the instances in autoscaling group" 86 | type = number 87 | } 88 | -------------------------------------------------------------------------------- /aws/modules/iam/README.md: -------------------------------------------------------------------------------- 1 | # Terraform AWS IAM module 2 | This is a Dynamic module in Terraform to create IAM resources. This module will be called from [`../env/dev.tf`](../env/dev.tf) modules file. This module creates roles, policies. 3 | 4 | * main.tf : contains all the resources, which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : print output attributes of the resources. 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [aws](#provider\_aws) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [aws_iam_instance_profile.iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | 27 | | [aws_iam_role.iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | 28 | | [aws_iam_role.worker_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | 29 | | [aws_iam_role_policy.service_linked_iam_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | 30 | | [aws_iam_role_policy_attachment.CNI_policy_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 31 | | [aws_iam_role_policy_attachment.EC2ContainerRegistryReadOnly_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 32 | | [aws_iam_role_policy_attachment.EKSVPCResourceController_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 33 | | [aws_iam_role_policy_attachment.WorkerNode_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 34 | | [aws_iam_role_policy_attachment.clusterPolicy_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 35 | | [aws_iam_role_policy_attachment.servicePolicy_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | 36 | 37 | ## Inputs 38 | 39 | | Name | Description | Type | Default | Required | 40 | |------|-------------|------|---------|:--------:| 41 | | [environment](#input\_environment) | Name of the environment where infrastructure is being built. | `string` | n/a | yes | 42 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 43 | | [region](#input\_region) | The AWS region where terraform builds resources. | `string` | `"us-east-1"` | no | 44 | | [tags](#input\_tags) | Common tags to attach all the resources create in this project. | `map(string)` | n/a | yes | 45 | 46 | ## Outputs 47 | 48 | | Name | Description | 49 | |------|-------------| 50 | | [iam\_instance\_profile](#output\_iam\_instance\_profile) | IAM instance profile for the EKS worker nodes. | 51 | | [role\_arn](#output\_role\_arn) | IAM role for EKS service. | 52 | | [worker\_role\_arn](#output\_worker\_role\_arn) | IAM role for EKS worker nodes. | 53 | -------------------------------------------------------------------------------- /aws/modules/iam/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create AWS iam role for EKS service. 16 | resource "aws_iam_role" "iam_role" { 17 | name = format("%s-role", var.name) 18 | force_detach_policies = true 19 | tags = var.tags 20 | assume_role_policy = < [aws](#provider\_aws) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [aws_s3_bucket.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | 27 | | [aws_s3_bucket_public_access_block.s3_bucket_public_access_block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |------|-------------|------|---------|:--------:| 33 | | [environment](#input\_environment) | Name of the environment where infrastructure is being built. | `string` | n/a | yes | 34 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 35 | | [region](#input\_region) | The AWS region where terraform builds resources. | `string` | `"us-east-1"` | no | 36 | | [tags](#input\_tags) | Common tags to attach all the resources create in this project. | `map(string)` | n/a | yes | 37 | 38 | ## Outputs 39 | 40 | | Name | Description | 41 | |------|-------------| 42 | | [bucket\_arn](#output\_bucket\_arn) | The arn of the bucket will be in format arn:aws:s3::bucketname | 43 | | [bucket\_id](#output\_bucket\_id) | Bucket Name (aka ID) | 44 | -------------------------------------------------------------------------------- /aws/modules/s3/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create s3 bucket resource 16 | resource "aws_s3_bucket" "s3_bucket" { 17 | bucket = format("%s-s3-bucket", var.name) 18 | tags = var.tags 19 | 20 | # Force destroy bucket if there are any files exists. 21 | force_destroy = true 22 | 23 | # enable version 24 | versioning { 25 | enabled = true 26 | } 27 | 28 | # enable server side encryption on the bucket 29 | server_side_encryption_configuration { 30 | rule { 31 | apply_server_side_encryption_by_default { 32 | sse_algorithm = "AES256" 33 | } 34 | } 35 | } 36 | 37 | lifecycle { 38 | create_before_destroy = true 39 | } 40 | 41 | } 42 | 43 | # Block public access to the bucket 44 | resource "aws_s3_bucket_public_access_block" "s3_bucket_public_access_block" { 45 | bucket = aws_s3_bucket.s3_bucket.id 46 | 47 | block_public_acls = true 48 | block_public_policy = true 49 | ignore_public_acls = true 50 | restrict_public_buckets = true 51 | } 52 | -------------------------------------------------------------------------------- /aws/modules/s3/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attributes of the S3 bucket 16 | # AWS s3 bucket id 17 | output "bucket_id" { 18 | value = aws_s3_bucket.s3_bucket.id 19 | description = "Bucket Name (aka ID)" 20 | } 21 | 22 | # AWS s3 bucket arn 23 | output "bucket_arn" { 24 | value = aws_s3_bucket.s3_bucket.arn 25 | description = "The arn of the bucket will be in format arn:aws:s3::bucketname" 26 | } 27 | -------------------------------------------------------------------------------- /aws/modules/s3/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Variables to create s3 bucket 16 | variable "name" { 17 | description = "Name is the prefix to use for resources that needs to be created." 18 | type = string 19 | } 20 | 21 | variable "environment" { 22 | description = "Name of the environment where infrastructure is being built." 23 | type = string 24 | } 25 | 26 | variable "tags" { 27 | description = "Common tags to attach all the resources create in this project." 28 | type = map(string) 29 | } 30 | 31 | variable "region" { 32 | description = "The AWS region where terraform builds resources." 33 | type = string 34 | default = "us-east-1" 35 | } 36 | -------------------------------------------------------------------------------- /aws/modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attributes for the VPC module 16 | # Output attribute id of the VPC 17 | output "aws_vpc_id" { 18 | value = aws_vpc.vpc.id 19 | } 20 | # Output attribute of the VPC cidr block. 21 | output "aws_vpc_cidr" { 22 | value = aws_vpc.vpc.cidr_block 23 | } 24 | 25 | # Output attributes of the public and private subnets 26 | #---------------------------------------------------- 27 | output "aws_subnet_public_ids" { 28 | value = aws_subnet.public_subnet.*.id 29 | } 30 | 31 | output "aws_subnet_private_ids" { 32 | value = aws_subnet.private_subnet.*.id 33 | } 34 | 35 | # Output atrributes of the route table ids. 36 | #--------------------------------------------- 37 | output "aws_route_table_public_ids" { 38 | value = aws_route_table.public_route_table.id 39 | } 40 | 41 | output "aws_route_table_private_ids" { 42 | value = aws_route_table.private_route_table.*.id 43 | } 44 | 45 | # Output attributes of the NAT gateway 46 | #--------------------------------------- 47 | output "aws_nat_gateway_count" { 48 | value = length(aws_nat_gateway.nat_gateway.*.id) 49 | } 50 | 51 | output "aws_nat_gateway_ids" { 52 | value = aws_nat_gateway.nat_gateway.*.id 53 | } 54 | 55 | # Output attribute of the Elastic IP. 56 | #------------------------------------- 57 | output "aws_eip_nat_ips" { 58 | value = aws_eip.mod_nat_eip.*.public_ip 59 | } 60 | 61 | # Output attributes of the Security Groups. 62 | #----------------------------------------- 63 | output "security_group_id" { 64 | value = aws_security_group.security_group.id 65 | } 66 | 67 | output "worker_security_group_id" { 68 | value = aws_security_group.worker_security_group.id 69 | } 70 | -------------------------------------------------------------------------------- /aws/modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure is being built." 22 | type = string 23 | } 24 | 25 | variable "region" { 26 | description = "The AWS region in where terraform builds resources." 27 | type = string 28 | } 29 | 30 | # Virtual Private Cloud CIDR block 31 | variable "vpc_cidr_block" { 32 | description = "Virtual Private Cloud CIDR block" 33 | type = string 34 | default = "10.0.0.0/16" 35 | } 36 | 37 | # Optional Variables 38 | ## Exposed VPC Settings. 39 | variable "vpc_instance_tenancy" { 40 | type = string 41 | default = "default" 42 | } 43 | 44 | variable "vpc_enable_dns_support" { 45 | type = bool 46 | default = "true" 47 | } 48 | 49 | variable "vpc_enable_dns_hostnames" { 50 | type = bool 51 | default = "true" 52 | } 53 | 54 | variable "vpc_enable_classiclink" { 55 | type = bool 56 | default = "false" 57 | } 58 | 59 | 60 | # Expose Subnet settings. 61 | variable "public_cidr_block" { 62 | description = "List of public subnet CIDR blocks" 63 | type = list(string) 64 | } 65 | 66 | variable "private_cidr_block" { 67 | description = "List of private subnet CIDR blocks" 68 | type = list(string) 69 | } 70 | 71 | # Common tags for the resources. 72 | variable "tags" { 73 | description = "Common tags to attach all the resources create in this project." 74 | type = map(string) 75 | default = {} 76 | } 77 | 78 | # Allow workstation to communicate with the cluster API Server. 79 | # This security group controls networking access to the Kubernetes masters. We configure this with an ingress rule to allow traffic from the worker nodes. 80 | # Allow inbound traffic from your local workstation external IP to the Kubernetes. 81 | variable "cluster_api_cidr" { 82 | description = "Allow workstation to communicate with the cluster API Server" 83 | type = string 84 | default = "10.2.0.0/32" 85 | } 86 | 87 | # Avilability Zones variables. 88 | # Create a NAT gateway in each avilability zone to ensure a zone independent architecture. 89 | variable "multi_az_nat_gateway" { 90 | description = "place a NAT gateway in each AZ" 91 | default = 1 92 | } 93 | 94 | # By default we are using multiple NAT gateways for high avilablility, and zone independent architecture. 95 | variable "single_nat_gateway" { 96 | description = "use a single NAT gateway to serve outbound traffic for all AZs" 97 | default = 0 98 | } 99 | 100 | locals { 101 | # Query on Data to pick up avilability zone automatically based on the length cidr blocks. 102 | pri_avilability_zones = slice(data.aws_availability_zones.availability_zones.names, 0, length(var.private_cidr_block)) 103 | pub_avilability_zones = slice(data.aws_availability_zones.availability_zones.names, 0, length(var.public_cidr_block)) 104 | 105 | # Set local variables number of avilability zones based on the query results. 106 | pub_az_count = length(local.pub_avilability_zones) 107 | pri_az_count = length(local.pri_avilability_zones) 108 | 109 | } 110 | 111 | # This data block help you to get the avilability zone from the region. 112 | data "aws_availability_zones" "availability_zones" { 113 | } 114 | -------------------------------------------------------------------------------- /aws/scripts/README.md: -------------------------------------------------------------------------------- 1 | # Scripts to create and destroy the resources 2 | 3 | ## What's in this folder 4 | 5 | * [apply.sh](./apply.sh): By using this script we can apply changes to the Terraform resources in AWS. 6 | * [common.sh](./common.sh): By using this script we can validate the required packages and variables on your system. This script will be called in `apply.sh`, `init.sh`, `validate.sh`, `destroy.sh`, `plan.sh`. 7 | * [destroy.sh](./destroy.sh): By using this script we can destroy all the resource Created Terraform. 8 | * [init.sh](./init.sh): By using this script we can initialize the modules, Terraform workspace, environment and create terraform State file bucket. 9 | * [make_bucket.py](./make_bucket.py): This script will be used to create terraform state files bucket in AWS. 10 | * [plan.sh](./plan.sh): By using this script we plan the resources by running `terraform plan` command. 11 | * [validate.sh](./validate.sh): By using this script we can validate the Terraform code. 12 | 13 | 14 | **Only use this script to delete state files bucket, This bucket might also contains other environment State files.** 15 | If you delete this bucket terraform will lose track of your environment resources. 16 | [delete_bucket.py](./delete_bucket.py): By using this script we can delete the bucket created in AWS S3. 17 | -------------------------------------------------------------------------------- /aws/scripts/apply.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2154,SC1091 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 18 | set -o errexit 19 | set -o nounset 20 | set -o pipefail 21 | 22 | # Locate the root directory 23 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 24 | 25 | # Run common.sh script for variable declaration and validation 26 | source "${ROOT}/scripts/common.sh" 27 | 28 | # Make apply : this command will apply the infrastructure changes 29 | (cd "${ROOT}/env"; terraform apply -no-color -auto-approve) 30 | 31 | # Get cluster outputs from the cluster. 32 | GET_OUTPUTS="$(terraform output endpoint)" 33 | ${GET_OUTPUTS} 34 | 35 | # Clone k8ssandra repo 36 | git clone https://github.com/k8ssandra/k8ssandra.git 37 | cd k8ssandra 38 | 39 | # Call the existing script to run the E2E testing on the cluster. 40 | make integ-test 41 | -------------------------------------------------------------------------------- /aws/scripts/aws-auth-cm.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # sample config map 16 | apiVersion: v1 17 | kind: ConfigMap 18 | metadata: 19 | name: aws-auth 20 | namespace: kube-system 21 | data: 22 | mapRoles: | 23 | - rolearn: arn:aws:iam::XXXXXXXXXXXX:role/dev1-k8ssandra-worker-role 24 | username: system:node:{{EC2PrivateDNSName}} 25 | groups: 26 | - system:bootstrappers 27 | - system:nodes 28 | - rolearn: arn:aws:iam::XXXXXXXXXXXX:role/role-name 29 | username: poweruser-eks 30 | groups: 31 | - name:eks-console-dashboard-full-access-group 32 | - system:master 33 | -------------------------------------------------------------------------------- /aws/scripts/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # Common commands for all scripts 19 | 20 | # Locate the root directory. Used by scripts that source this one. 21 | # shellcheck disable=SC2034 22 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 23 | 24 | # git is required for this tutorial 25 | # https://git-scm.com/book/en/v2/Getting-Started-Installing-Git 26 | command -v git >/dev/null 2>&1 || { \ 27 | echo >&2 "I require git but it's not installed. Aborting." 28 | echo >&2 "Refer to: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git" 29 | exit 1 30 | } 31 | 32 | # aws cliv2 is required for this tutorial 33 | # https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html 34 | command -v aws >/dev/null 2>&1 || { \ 35 | echo >&2 "I require aws cliv2 but it's not installed. Aborting." 36 | echo >&2 "Refer to: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html" 37 | exit 1 38 | } 39 | 40 | # Make sure kubectl is installed. If not, refer to: 41 | # https://kubernetes.io/docs/tasks/tools/install-kubectl/ 42 | command -v kubectl >/dev/null 2>&1 || { \ 43 | echo >&2 "I require kubectl but it's not installed. Aborting." 44 | echo >&2 "Refer to: https://kubernetes.io/docs/tasks/tools/install-kubectl/" 45 | exit 1 46 | } 47 | 48 | # Make sure Helm is installed. If not, refer to: 49 | # https://helm.sh/docs/intro/install/ 50 | command -v helm >/dev/null 2>&1 || { \ 51 | echo >&2 "I require helm but it's not installed. Aborting." 52 | echo >&2 "Refer to: https://helm.sh/docs/intro/install/" 53 | exit 1 54 | } 55 | 56 | # Make sure Terraform 0.14 or higer versions installed. If not, refer to: 57 | # https://www.terraform.io/docs/cli/install/apt.html 58 | command -v terraform >/dev/null 2>&1 || { \ 59 | echo >&2 "I require terraform 0.14 or higher version but it's not installed. Aborting." 60 | echo >&2 "https://www.terraform.io/docs/cli/install/apt.html" 61 | echo >&2 "Refer to: sudo apt install terraform=0.14.0" 62 | exit 1 63 | } 64 | 65 | # Make sure python is installed. If not, refer to: 66 | # https://www.python.org/downloads/ 67 | command -v python >/dev/null 2>&1 || { \ 68 | echo >&2 "I require python but it's not installed. Aborting." 69 | echo >&2 "https://www.python.org/downloads/" 70 | exit 1 71 | } 72 | 73 | # Make sure pip is installed. if not, refer to: 74 | # run this command to install : sudo apt-get -y install python-pip 75 | command -V pip >/dev/null 2>&1 || { \ 76 | echo >&2 "I require pip but it's not installed. Aborting." 77 | echo >&2 "sudo apt-get -y install python-pip" 78 | exit 1 79 | } 80 | 81 | # Make sure you initialize the following TF_VAR's before you initialize the environment 82 | if [ -z "${TF_VAR_environment}" ] || [ -z "${TF_VAR_name}" ] || [ -z "${TF_VAR_region}" ]; then 83 | printf "This step requires to export the the following variables \nTF_VAR_environment: %s \nTF_VAR_name: %s \nTF_VAR_region: %s" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" 84 | exit 1 85 | else 86 | printf "Following variables are configured \nTF_VAR_environment: %s \nTF_VAR_name: %s \nTF_VAR_region: %s" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" 87 | fi 88 | 89 | # Simple test helpers that avoids eval and complex quoting. Note that stderr is 90 | # redirected to stdout so we can properly handle output. 91 | # Usage: test_des "description" 92 | test_des() { 93 | echo -n "Checking that $1... " 94 | } 95 | 96 | # Usage: test_cmd "$(command string 2>&1)" 97 | test_cmd() { 98 | local result=$? 99 | local output="$1" 100 | 101 | # If command completes successfully, output "pass" and continue. 102 | if [[ $result == 0 ]]; then 103 | echo "pass" 104 | 105 | # If ccommand fails, output the error code, command output and exit. 106 | else 107 | echo -e "fail ($result)\\n" 108 | cat <<<"$output" 109 | exit $result 110 | fi 111 | } 112 | -------------------------------------------------------------------------------- /aws/scripts/delete_bucket.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Delete bucket function is used to delete the state files bucket. 18 | # This bucket will be created at make init run. 19 | # If you want to tear down the complete environment use this this script to delete statefiles bucket. 20 | 21 | import os 22 | import sys 23 | import logging 24 | import boto3 25 | 26 | def delete_bucket(bucket_name): 27 | try: 28 | client = boto3.client('s3') 29 | client.delete_bucket(Bucket=bucket_name) 30 | print("Bucket {} deleted".format(bucket_name)) 31 | except: 32 | print("buckeet does not exists") 33 | 34 | bucket_name = os.getenv("bucket_name") 35 | delete_bucket(bucket_name) 36 | -------------------------------------------------------------------------------- /aws/scripts/destroy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2154,SC1091 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" 25 | 26 | # Run common.sh script for variable declaration and validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | cd "${ROOT}/env" 30 | 31 | # Terraform initinalize the backend bucket 32 | terraform init -input=false 33 | 34 | # Select the environment workspace where you want destroy all your resources 35 | terraform workspace select $"TF_VAR_environment" 36 | 37 | # this will destroy all of your resources in the environment workspace 38 | terraform destroy -no-color -auto-approve 39 | 40 | # Delete terraform workspace. 41 | terraform workspace select default 42 | terraform workspace delete "${TF_VAR_environment}" 43 | -------------------------------------------------------------------------------- /aws/scripts/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2154,SC1091 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 18 | set -o errexit 19 | set -o nounset 20 | set -o pipefail 21 | 22 | # Locate the root directory 23 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 24 | 25 | # Make will use bash instead of sh 26 | # Set environment variables 27 | 28 | # Run common.sh script for validation 29 | source "${ROOT}/scripts/common.sh" 30 | 31 | # Terraform initialize should run on env folder. 32 | cd "${ROOT}/env" 33 | 34 | # Terraform initinalize the backend bucket 35 | terraform init -input=false 36 | 37 | # Validate the Terraform resources. 38 | terraform validate 39 | 40 | # Create workspace based on the environment, by doing this you don't overlap wih the resources in different environments. 41 | terraform workspace new "$TF_VAR_environment" || terraform workspace select "$TF_VAR_environment" 42 | -------------------------------------------------------------------------------- /aws/scripts/make_bucket.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Create AWS s3 storage bucket if it is not exists. 19 | import logging 20 | import boto3 21 | 22 | # Create a new bucket in AWS 23 | def create_bucket(bucket_name): 24 | """Create a new bucket in specific location with storage class""" 25 | s3_client = boto3.client('s3') 26 | s3_client.create_bucket(Bucket=bucket_name) 27 | print("Created bucket {} ".format(bucket_name)) 28 | return bucket_name 29 | 30 | # List all the buckets in the remote 31 | def list_buckets(): 32 | """ List all the buckets created """ 33 | s3 = boto3.client('s3') 34 | buckets = s3.list_buckets() 35 | bucket_list = [] 36 | for bucket in buckets: 37 | bucket_list.append(bucket.name) 38 | return bucket_list 39 | 40 | # Create bucket if it's not exists in the list 41 | def create_bucket_ifnotexist(bucket_name): 42 | """ Only create the bucket if it is not in the list of all buckets""" 43 | bucket_list = list_buckets() 44 | if bucket_name not in bucket_list: 45 | create_bucket(bucket_name) 46 | else: 47 | print("{} Bucket already exists".format(bucket_name)) 48 | 49 | # bucket_name is always starts with environment, resource name and statfiles 50 | bucket_name=os.getenv('bucket_name') 51 | 52 | # Create state files bucket if not exists. 53 | create_bucket_ifnotexist(bucket_name) 54 | -------------------------------------------------------------------------------- /aws/scripts/manifest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: eks-console-dashboard-full-access-clusterrole 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes 10 | - namespaces 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - apiGroups: 16 | - apps 17 | resources: 18 | - deployments 19 | - daemonsets 20 | - statefulsets 21 | - replicasets 22 | verbs: 23 | - get 24 | - list 25 | - apiGroups: 26 | - batch 27 | resources: 28 | - jobs 29 | verbs: 30 | - get 31 | - list 32 | --- 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | kind: ClusterRoleBinding 35 | metadata: 36 | name: eks-console-dashboard-full-access-binding 37 | subjects: 38 | - kind: Group 39 | name: eks-console-dashboard-full-access-group 40 | apiGroup: rbac.authorization.k8s.io 41 | roleRef: 42 | kind: ClusterRole 43 | name: eks-console-dashboard-full-access-clusterrole 44 | apiGroup: rbac.authorization.k8s.io 45 | -------------------------------------------------------------------------------- /aws/scripts/oicd_policy.json: -------------------------------------------------------------------------------- 1 | "Version": "2012-10-17", 2 | "Statement": [ 3 | { 4 | "Sid": "VisualEditor0", 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:ListOpenIDConnectProviderTags", 8 | "iam:UpdateOpenIDConnectProviderThumbprint", 9 | "iam:UntagOpenIDConnectProvider", 10 | "iam:AddClientIDToOpenIDConnectProvider", 11 | "iam:GetOpenIDConnectProvider", 12 | "iam:TagOpenIDConnectProvider", 13 | "iam:CreateOpenIDConnectProvider" 14 | ], 15 | "Resource": "arn:aws:iam::337811753388:oidc-provider/*" 16 | }, 17 | { 18 | "Sid": "VisualEditor1", 19 | "Effect": "Allow", 20 | "Action": "iam:ListOpenIDConnectProviders", 21 | "Resource": "*" 22 | }, 23 | { 24 | "Sid": "VisualEditor2", 25 | "Effect": "Allow", 26 | "Action": [ 27 | "cloudformation:CreateUploadBucket", 28 | "cloudformation:RegisterType", 29 | "cloudformation:DescribeStackDriftDetectionStatus", 30 | "cloudformation:ListExports", 31 | "cloudformation:ListStacks", 32 | "cloudformation:SetTypeDefaultVersion", 33 | "cloudformation:DescribeType", 34 | "cloudformation:ListImports", 35 | "cloudformation:ListTypes", 36 | "cloudformation:DescribeTypeRegistration", 37 | "cloudformation:DeregisterType", 38 | "cloudformation:ListTypeRegistrations", 39 | "cloudformation:EstimateTemplateCost", 40 | "cloudformation:DescribeAccountLimits", 41 | "cloudformation:CreateStackSet", 42 | "cloudformation:ValidateTemplate", 43 | "cloudformation:ListTypeVersions" 44 | ], 45 | "Resource": "*" 46 | }, 47 | { 48 | "Sid": "VisualEditor3", 49 | "Effect": "Allow", 50 | "Action": "cloudformation:*", 51 | "Resource": "arn:aws:cloudformation:*:337811753388:stack/*/*" 52 | } 53 | ] 54 | } 55 | -------------------------------------------------------------------------------- /aws/scripts/plan.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2154,SC1091 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 18 | set -o errexit 19 | set -o nounset 20 | set -o pipefail 21 | 22 | # Locate the root directory 23 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 24 | 25 | # Run common.sh script for variable declaration and validation 26 | source "${ROOT}/scripts/common.sh" 27 | 28 | #make plan : this command will validate the terraform code 29 | cd "${ROOT}"/env 30 | 31 | # Terraform validate before the plan 32 | terraform validate 33 | 34 | # Terraform plan will create a plan file in your current repository. Verify the all the resource it create by using plan. 35 | terraform plan -no-color -out=./plan.json 36 | -------------------------------------------------------------------------------- /azure/README.md: -------------------------------------------------------------------------------- 1 | # K8ssandra Azure Terraform Module 2 | 3 | ## What is Azure Kubernetes Service(AKS)? 4 | [Azure Kubernetes Service](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes) Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading the operational overhead to Azure. As a hosted Kubernetes service, Azure handles critical tasks, like health monitoring and maintenance. Since Kubernetes masters are managed by Azure, you only manage and maintain the agent nodes. Thus, AKS is free; you only pay for the agent nodes within your clusters, not for the masters. 5 | 6 | ## Terraform Resources created 7 | * AKS cluster 8 | * AKS default node pool 9 | * Managed Identity 10 | * Storage Account 11 | * Storage container 12 | * Virtual Network(Vnet) 13 | * Subnets 14 | * Network Security Group 15 | * NAT Gateway 16 | * Public IP 17 | * Route Table 18 | * Route Table association 19 | 20 | ## Project directory Structure 21 | 
 22 | Azure/
 23 |  ├──modules/
 24 |  |  ├──storage
 25 |  |     ├── main.tf 
 26 |  |     └── variables.tf 
 27 |  |     └── outputs.tf 
 28 |  |     └── README.md 
 29 |  |  ├──vnet
 30 |  |     ├── main.tf 
 31 |  |     └── variables.tf 
 32 |  |     └── outputs.tf 
 33 |  |     └── README.md 
 34 |  |  ├──iam
 35 |  |     ├── main.tf 
 36 |  |     └── variables.tf 
 37 |  |     └── outputs.tf 
 38 |  |     └── README.md
 39 |  |  ├──aks
 40 |  |     ├── main.tf 
 41 |  |     └── variables.tf 
 42 |  |     └── outputs.tf 
 43 |  |     └── README.md
 44 |  |
 45 |  ├──env
 46 |  |  ├── dev.tf
 47 |  |  ├── version.tf 
 48 |  |  └── backend.tf 
 49 |  |  └── variables.tf 
 50 |  |  └── outputs.tf
 51 |  |  └── README.md
 52 |  |
 53 |  ├──scripts
 54 |  |  ├── apply.sh
 55 |  |  └── common.sh
 56 |  |  └── delete_storage_account.py
 57 |  |  └── destroy.sh
 58 |  |  └── init.sh
 59 |  |  └── create_storage_account.py
 60 |  |  └── plan.sh
 61 |  |  └── README.md
 62 |  └──README.md
 63 |
64 | 65 | ## Prerequisites 66 | 67 | | NAME | Version | 68 | |---------------------|------------| 69 | | Terraform version | 0.14 | 70 | | Azurerm provider | ~>2.49.0 | 71 | | Helm version | v3.5.3 | 72 | | AZ CLI | ~>2.22.1 | 73 | | kubectl | ~>1.17.17 | 74 | | python | 3 | 75 | 76 | ### Backend 77 | * Terraform uses persistent state data to keep track of the resources it manages. Since it needs the state in order to know which real-world infrastructure objects correspond to the resources in a configuration, everyone working with a given collection of infrastructure resources must be able to access the same state data. 78 | * Terraform backend configuration: 79 | [Configuring your backend in Azure](https://www.terraform.io/docs/language/settings/backends/azurerm.html) 80 | * Terraform state 81 | [How Terraform state works](https://www.terraform.io/docs/language/state/index.html) 82 | 83 | Sample template to configure your backend in Azure Storage Account: 84 | ``` 85 | # example Backend configuration. 86 | terraform { 87 | backend "azurerm" { 88 | resource_group_name = "tf_state" 89 | storage_account_name = "tfstate019" 90 | container_name = "tfstate" 91 | key = "terraform.tfstate" 92 | } 93 | } 94 | 95 | ``` 96 | 97 | ### Tools 98 | 99 | * Access to an existing Azure cloud as a owner or a developer. 100 | * Bash and common command line tools (Make, etc.) 101 | * [Terraform v0.14.0+](https://www.terraform.io/downloads.html) 102 | * [AZ cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt) 103 | * [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) that matches the latest generally-available EKS cluster version. 104 | 105 | #### Install Terraform 106 | 107 | Terraform is used to automate the manipulation of cloud infrastructure. Its [Terraform installation instructions](https://www.terraform.io/intro/getting-started/install.html) are also available online. 108 | 109 | #### Install kubectl 110 | 111 | Kubernetes uses a command line utility called kubectl for communicating with the cluster API server. The kubectl binary is available in many operating system package managers, and this option is often much easier than a manual download and install process. Follow the instructions to install [kubectl installation instructions](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html). 112 | 113 | ### Configure AZ CLI 114 | 115 | After Installing the Azure CLI, Please follow the Installation Instructions to configure cli. [run-the-azure-cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli#run-the-azure-cli) 116 | 117 | ```console 118 | az login 119 | ``` 120 | 121 | ## Test this project locally 122 | 123 | Export the following terraform environment variables(TFVARS) for terraform to create the resources. 124 | ```console 125 | # Environment 126 | export TF_VAR_environment= 127 | ex:- export TF_VAR_environment=dev 128 | 129 | # Resource name prefix 130 | export TF_VAR_name= 131 | ex:- export TF_VAR_name=k8ssandra 132 | 133 | # Location 134 | export TF_VAR_region= 135 | ex:- export TF_VAR_region=eastus 136 | 137 | # Location 138 | export TF_VAR_resource_owner= 139 | ex:- export TF_VAR_resource_owner=k8ssandra 140 | ``` 141 | 142 | Important: Initialize the terraform modules delete the backend file for local testing. 143 | 144 | ```console 145 | cd env/ 146 | terraform init 147 | ```` 148 | 149 | Run the following commands to apply changes to your infrastructure. 150 | 151 | ```console 152 | terraform plan 153 | terraform apply 154 | ``` 155 | 156 | To destroy the resource, use the following instructions: 157 | It is important to export the same values when destroying the resources. Make sure you exported the right environment variables (TF_VAR). 158 | 159 | ```console 160 | terraform plan -destroy 161 | ``` 162 | 163 | Run the following command to destroy all the resources in your local workspace. 164 | 165 | ```console 166 | terraform destroy 167 | ``` 168 | or 169 | ```console 170 | terraform destroy -auto-approve 171 | ``` 172 | -------------------------------------------------------------------------------- /azure/env/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/azurerm" { 5 | version = "2.49.0" 6 | constraints = "2.49.0" 7 | hashes = [ 8 | "h1:baDkApXCCWD8ucjmC8phOdd8lkeI8ejPapxD7V+R1wA=", 9 | "zh:02c5ea5727d23c33bbba4ae6b58ea90ed785a4597d989c9940ed1e215a59c3c8", 10 | "zh:4c22d5422a5475a611b69337203e91531dab009fc2be14ec4ca3585eb581dcc0", 11 | "zh:7a59a0231feabc4285a411272e67e66abcce953a5065ffa005ac73418c5aa367", 12 | "zh:7ea4b26c706cb56f80fb4c177ac6197b65f7784ef8a0ba8e7a821c9b2b509af2", 13 | "zh:85028b955dccbb7a3e73dfde3f59edf05e3fc694d9298c46bd86ddc1045e0e83", 14 | "zh:8ac48666a08169569d2f87288bc46e4a936ff182d303009ebcabdcefb0e81167", 15 | "zh:92fcb8399f1818685891748a0e9ae004488de27f68a06b3747bc30d20e3d780d", 16 | "zh:9d4db323f9e8d7861d928171bef18b0e3bb0c41c8222f2eb81cad39a2901fe3b", 17 | "zh:a30c943ca88197fa0ee0f4fbd5a3677751636a3e1045046df5b1d64f560545e9", 18 | "zh:d4b410bc00e764abcf35133ba8beae053fa2d9dd4fa2745828ea88113ab9af83", 19 | "zh:e8d18c8abe7b131dcc697036debea1303993f870fb7a5a36d4620c2add468981", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /azure/env/backend.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Backend configuration. 16 | terraform { 17 | // backend "azurerm" { 18 | // resource_group_name = "tf_state" 19 | // storage_account_name = "tfstate019" 20 | // container_name = "tfstate" 21 | // key = "terraform.tfstate" 22 | // } 23 | } 24 | -------------------------------------------------------------------------------- /azure/env/dev.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Terraform modules 16 | # Azure Kubernetes service module. 17 | module "aks" { 18 | source = "../modules/aks" 19 | name = local.prefix 20 | environment = var.environment 21 | kubernetes_version = var.kubernetes_version 22 | node_count = var.node_count 23 | max_count = var.max_count 24 | min_count = var.min_count 25 | resource_group_name = module.iam.resource_group_name 26 | location = module.iam.location 27 | private_subnet = module.vnet.private_subnets 28 | user_assigned_id = module.iam.user_id 29 | vm_size = var.vm_size 30 | 31 | 32 | tags = merge(local.tags, { "resource_group" = module.iam.resource_group_name }) 33 | } 34 | 35 | # Azure Virtuval network module 36 | module "vnet" { 37 | source = "../modules/vnet" 38 | name = local.prefix 39 | environment = var.environment 40 | resource_group_name = module.iam.resource_group_name 41 | location = module.iam.location 42 | public_subnet_prefixes = var.public_subnet_prefixes 43 | private_subnet_prefixes = var.private_subnet_prefixes 44 | private_service_endpoints = var.private_service_endpoints 45 | policy_id = module.storage.policy_id 46 | 47 | tags = merge(local.tags, { "resource_group" = module.iam.resource_group_name }) 48 | } 49 | 50 | # Azure Identities module 51 | module "iam" { 52 | source = "../modules/iam" 53 | name = local.prefix 54 | environment = var.environment 55 | location = var.region 56 | tags = local.tags 57 | } 58 | 59 | # Azure Storage Account module 60 | module "storage" { 61 | source = "../modules/storage" 62 | name = local.prefix 63 | environment = var.environment 64 | resource_group_name = module.iam.resource_group_name 65 | location = module.iam.location 66 | 67 | tags = merge(local.tags, { "resource_group" = module.iam.resource_group_name }) 68 | } 69 | -------------------------------------------------------------------------------- /azure/env/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attribute of the Azure Kubernetes Cluster id. 16 | output "aks_id" { 17 | description = "Azure kuberenetes service id." 18 | value = module.aks.azurerm_kubernetes_cluster_id 19 | } 20 | 21 | # Output attribute of the Azure Kubernetes Cluster fqdn. 22 | output "aks_fqdn" { 23 | description = "Azure kuberenetes service fqdn." 24 | value = module.aks.azurerm_kubernetes_cluster_fqdn 25 | } 26 | 27 | # Output attribute of the Resource Group. 28 | output "resource_group" { 29 | description = "The name of the resource group in which the resources will be created." 30 | value = module.iam.resource_group_name 31 | } 32 | 33 | # Output attribute of the Storage Account id. 34 | output "storage_account_id" { 35 | description = "Azure Storage account id." 36 | value = module.storage.storage_account_id 37 | } 38 | 39 | # connection string to connect you Azure Kubernetes cluster. 40 | output "connect_cluster" { 41 | description = "Connection string to be used to configure kubectl." 42 | value = format("az aks get-credentials --resource-group %s --name %s", module.iam.resource_group_name, module.aks.azurerm_kubernetes_cluster_name) 43 | } 44 | -------------------------------------------------------------------------------- /azure/env/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "environment" { 16 | description = "Name of the environment where infrastructure being built." 17 | type = string 18 | } 19 | 20 | variable "name" { 21 | description = "Name is the prefix to use for resources that needs to be created." 22 | type = string 23 | } 24 | 25 | variable "region" { 26 | description = "Azure location where all the resources being created." 27 | type = string 28 | } 29 | 30 | variable "resource_owner" { 31 | description = "The name of the Account Owner" 32 | type = string 33 | } 34 | 35 | variable "kubernetes_version" { 36 | description = "Version of the Azure kubernetes cluster" 37 | default = "1.19.9" 38 | type = string 39 | } 40 | 41 | variable "node_count" { 42 | description = "Number of AKS worker nodes" 43 | type = number 44 | default = 3 45 | } 46 | 47 | variable "min_count" { 48 | description = "Minimum Node Count" 49 | default = 3 50 | type = number 51 | } 52 | 53 | variable "max_count" { 54 | description = "Maximum Node Count" 55 | default = 5 56 | type = number 57 | } 58 | 59 | variable "vm_size" { 60 | description = "Specifies the size of the virtual machine." 61 | default = "Standard_E8_v4" 62 | type = string 63 | } 64 | 65 | variable "public_subnet_prefixes" { 66 | description = "value" 67 | type = list(string) 68 | default = ["10.1.0.0/24"] 69 | } 70 | 71 | variable "private_subnet_prefixes" { 72 | description = "value" 73 | type = list(string) 74 | default = ["10.1.1.0/24"] 75 | } 76 | 77 | variable "private_service_endpoints" { 78 | description = "service endpoints to attach Private Subnets." 79 | type = list(string) 80 | default = ["Microsoft.Storage"] 81 | } 82 | 83 | variable "public_service_endpoints" { 84 | description = "service endpoints to attche public Subnets." 85 | type = list(string) 86 | default = [] 87 | } 88 | 89 | locals { 90 | # Prefix of the resourecs. 91 | prefix = format("%s-%s", lower(var.environment), lower(var.name)) 92 | 93 | tags = { 94 | "environment" = var.environment 95 | "resource-owner" = var.resource_owner 96 | "location" = var.region 97 | "subscription_id" = data.azurerm_subscription.current.display_name 98 | } 99 | } 100 | 101 | # Current subscription id. 102 | data "azurerm_subscription" "current" { 103 | } 104 | -------------------------------------------------------------------------------- /azure/env/version.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Terraform and Azurerm provider configuration. 16 | terraform { 17 | required_version = ">= 0.14" 18 | 19 | required_providers { 20 | azurerm = { 21 | source = "hashicorp/azurerm" 22 | version = "2.49.0" 23 | } 24 | } 25 | } 26 | 27 | provider "azurerm" { 28 | features {} 29 | } 30 | -------------------------------------------------------------------------------- /azure/modules/aks/README.md: -------------------------------------------------------------------------------- 1 | # AKS Clusters Terraform Module 2 | This is a Dynamic module in terraform to create GKE cluster. This module will be called from ../env/dev.tf modules file, by using this reusable module we will be able to create AKS cluster and Cluster default node pool. 3 | 4 | * main.tf : contains all the resources which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : prints output attributes of the resources. 7 | 8 | ## Azure cloud resources created 9 | * AKS cluster 10 | * Default node pool 11 | * AKS cluster is required to configure the default node pool. 12 | 13 | ## Resource Naming Limitations 14 | * The AKS cluster default node pool only allows name with 12 characters long, does not allow any special characters. 15 | * Format of node pool name `nodepool`. 16 | 17 | ## Providers 18 | 19 | | Name | Version | 20 | |------|---------| 21 | | [azurerm](#provider\_azurerm) | n/a | 22 | 23 | ## Modules 24 | 25 | No modules. 26 | 27 | ## Resources 28 | 29 | | Name | Type | 30 | |------|------| 31 | | [azurerm_kubernetes_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) | resource | 32 | 33 | ## Inputs 34 | 35 | | Name | Description | Type | Default | Required | 36 | |------|-------------|------|---------|:--------:| 37 | | [dns\_service\_ip](#input\_dns\_service\_ip) | CNI DNS service IP | `string` | `"10.2.0.10"` | no | 38 | | [docker\_bridge\_cidr](#input\_docker\_bridge\_cidr) | CNI Docker bridge CIDR | `string` | `"172.17.0.1/16"` | no | 39 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 40 | | [kubernetes\_version](#input\_kubernetes\_version) | Version of the AKS cluster. | `string` | n/a | yes | 41 | | [location](#input\_location) | Azure location where all the resources being created. | `string` | n/a | yes | 42 | | [max\_count](#input\_max\_count) | Maximum Node Count | `number` | n\a | yes | 43 | | [min\_count](#input\_min\_count) | Minimum Node Count | `number` | n\a | yes | 44 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 45 | | [network\_plugin](#input\_network\_plugin) | Network plugin type | `string` | `"azure"` | no | 46 | | [node\_count](#input\_node\_count) | Number of nodes to deploy | `number` | n\a | yes | 47 | | [private\_subnet](#input\_private\_subnet) | The subnet id of the virtual network where the virtual machines will reside. | `string` | n/a | yes | 48 | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the resources will be created. | `string` | n/a | yes | 49 | | [service\_cidr](#input\_service\_cidr) | CNI service CIDR | `string` | `"10.2.0.0/24"` | no | 50 | | [tags](#input\_tags) | A map of the tags to use on the resources that are deployed with this module. | `map(string)` | `{}` | no | 51 | | [vm\_size](#input\_vm\_size) | Specifies the size of the virtual machine. | `string` | `"Standard_DS2_v2"` | no | 52 | 53 | ## Outputs 54 | 55 | | Name | Description | 56 | |------|-------------| 57 | | [azurerm\_kubernetes\_cluster\_fqdn](#output\_azurerm\_kubernetes\_cluster\_fqdn) | Azure Kubernetes cluster fqdn. | 58 | | [azurerm\_kubernetes\_cluster\_id](#output\_azurerm\_kubernetes\_cluster\_id) | Azure Kubernetes cluster id | 59 | | [azurerm\_kubernetes\_cluster\_name](#output\_azurerm\_kubernetes\_cluster\_name) | Azure Kubernetes cluster name. | 60 | -------------------------------------------------------------------------------- /azure/modules/aks/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure Kubernetes Cluster Service(AKS) configuration 16 | resource "azurerm_kubernetes_cluster" "kubernetes_cluster" { 17 | name = format("%s-aks-cluster", var.name) 18 | kubernetes_version = var.kubernetes_version 19 | location = var.location 20 | resource_group_name = var.resource_group_name 21 | dns_prefix = var.name 22 | 23 | # Configure default node pool, it is mandatory to configure this block. 24 | default_node_pool { 25 | # The node pool only allows name with 12 characters, does not allow any special characters. 26 | name = format("%spool", var.environment) 27 | node_count = var.node_count 28 | vm_size = var.vm_size 29 | # The type of node pool which should be created. 30 | type = "VirtualMachineScaleSets" 31 | # Route Table must be configured at this subnet. 32 | vnet_subnet_id = var.private_subnet 33 | availability_zones = [1, 2, 3] 34 | # Enableing autoscaling requires that the type is set to "VirtualMachineScaleSets." 35 | enable_auto_scaling = true 36 | min_count = var.min_count 37 | max_count = var.max_count 38 | tags = var.tags 39 | } 40 | 41 | identity { 42 | # The type of identity used for the manages cluster. 43 | type = "UserAssigned" 44 | user_assigned_identity_id = var.user_assigned_id 45 | } 46 | 47 | network_profile { 48 | load_balancer_sku = "Standard" 49 | # Network plugin to use for the networking, supported values "azure" and "Kubenet". 50 | # When the Network Plugin type set to azure the "vnet_subnet_id" feild in the default node pool must be set. 51 | network_plugin = var.network_plugin 52 | network_policy = "azure" # Sets Networkpolicy to be used with azure CNI. 53 | # following feild should all the set or should all be empty 54 | docker_bridge_cidr = var.docker_bridge_cidr 55 | dns_service_ip = var.dns_service_ip 56 | # This range should not be used by any network element on or connected to thid "VNet". 57 | # It must be smaller then /12. 58 | service_cidr = var.service_cidr 59 | } 60 | 61 | lifecycle { 62 | # This life cycle policy to prevent the cluster being destroy. It set to false. 63 | prevent_destroy = false 64 | 65 | create_before_destroy = true 66 | } 67 | 68 | provisioner "local-exec" { 69 | command = format("az aks get-credentials --resource-group %s --name %s-aks-cluster --overwrite-existing", var.resource_group_name, var.name) 70 | } 71 | 72 | } 73 | -------------------------------------------------------------------------------- /azure/modules/aks/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure Kubernetes Cluster output attributes. 16 | output "azurerm_kubernetes_cluster_id" { 17 | description = "Azure Kubernetes cluster id" 18 | value = azurerm_kubernetes_cluster.kubernetes_cluster.id 19 | } 20 | 21 | output "azurerm_kubernetes_cluster_name" { 22 | description = "Azure Kubernetes cluster resource name." 23 | value = format("%s-aks-cluster", var.name) 24 | } 25 | 26 | output "azurerm_kubernetes_cluster_fqdn" { 27 | description = "Azure Kubernetes cluster fqdn." 28 | value = azurerm_kubernetes_cluster.kubernetes_cluster.fqdn 29 | } 30 | -------------------------------------------------------------------------------- /azure/modules/aks/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Common variables. 16 | variable "location" { 17 | description = "Azure location where all the resources being created." 18 | type = string 19 | } 20 | 21 | variable "name" { 22 | description = "Name is the prefix to use for resources that needs to be created." 23 | type = string 24 | } 25 | 26 | variable "environment" { 27 | description = "Name of the environment where infrastructure being built." 28 | type = string 29 | } 30 | 31 | # Kubernetes cluster configuration variables 32 | variable "kubernetes_version" { 33 | description = "Version of the AKS cluster." 34 | type = string 35 | } 36 | 37 | variable "resource_group_name" { 38 | description = "The name of the resource group in which the resources will be created." 39 | type = string 40 | } 41 | 42 | variable "user_assigned_id" { 43 | description = "The name of the user identity in which the resources will be created." 44 | type = string 45 | } 46 | 47 | # Variables for the default node_pool. 48 | variable "private_subnet" { 49 | description = "The subnet id of the virtual network where the virtual machines will reside." 50 | type = string 51 | } 52 | 53 | variable "vm_size" { 54 | description = "Specifies the size of the virtual machine." 55 | type = string 56 | } 57 | 58 | variable "node_count" { 59 | description = "Number of nodes to deploy" 60 | type = number 61 | } 62 | 63 | variable "min_count" { 64 | description = "Minimum Node Count" 65 | type = number 66 | } 67 | variable "max_count" { 68 | description = "Maximum Node Count" 69 | type = number 70 | } 71 | 72 | # variables for AKS network profile. network_plugin, docker_bridge_cidr, dns_service_ip, service_cidr. 73 | # Set all the values or unset all the values, cidr ranges must not overlap with subnet's. 74 | # service_cidr for the AKS cluster, defaults to 10.0.0.0/16. 75 | variable "network_plugin" { 76 | description = "Network plugin type" 77 | default = "azure" 78 | type = string 79 | } 80 | variable "docker_bridge_cidr" { 81 | description = "CNI Docker bridge CIDR" 82 | default = "172.17.0.1/16" 83 | type = string 84 | } 85 | 86 | variable "dns_service_ip" { 87 | description = "CNI DNS service IP" 88 | default = "10.2.0.10" 89 | type = string 90 | } 91 | 92 | variable "service_cidr" { 93 | description = "CNI service CIDR" 94 | default = "10.2.0.0/24" 95 | type = string 96 | } 97 | 98 | # tags 99 | variable "tags" { 100 | description = "A map of the tags to use on the resources that are deployed with this module." 101 | type = map(string) 102 | default = {} 103 | } 104 | -------------------------------------------------------------------------------- /azure/modules/iam/README.md: -------------------------------------------------------------------------------- 1 | # Azure Managed Identities module 2 | This is a Dynamic module in Terraform to create Identities and policies. This module will be called from ../env/dev.tf modules file. 3 | 4 | * main.tf : contains all the resources, which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : print output attributes of the resources. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [azurerm](#provider\_azurerm) | n/a | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [azurerm_resource_group.resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | 23 | | [azurerm_user_assigned_identity.user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 30 | | [location](#input\_location) | Azure location where all the resources being created. | `string` | n/a | yes | 31 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 32 | | [tags](#input\_tags) | A map of the tags to use on the resources that are deployed with this module. | `map(string)` | n/a | yes | 33 | 34 | ## Outputs 35 | 36 | | Name | Description | 37 | |------|-------------| 38 | | [location](#output\_location) | Azure location where all the resources being created. | 39 | | [principal\_id](#output\_principal\_id) | Azure Managed identity principal id. | 40 | | [resource\_group\_name](#output\_resource\_group\_name) | The name of the resource group in which the resources will be created. | 41 | | [user\_id](#output\_user\_id) | Azure Managed Identity id. | 42 | -------------------------------------------------------------------------------- /azure/modules/iam/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure User assigned identity 16 | resource "azurerm_user_assigned_identity" "user_assigned_identity" { 17 | resource_group_name = azurerm_resource_group.resource_group.name 18 | location = azurerm_resource_group.resource_group.location 19 | 20 | name = format("%s-user-identity", var.name) 21 | tags = var.tags 22 | } 23 | 24 | # Azure Resource group 25 | resource "azurerm_resource_group" "resource_group" { 26 | name = format("%s-resource-group", var.name) 27 | location = var.location 28 | tags = var.tags 29 | } 30 | -------------------------------------------------------------------------------- /azure/modules/iam/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attribute of the Managed Identities 16 | output "user_id" { 17 | description = "Azure Managed Identity id." 18 | value = azurerm_user_assigned_identity.user_assigned_identity.id 19 | } 20 | 21 | output "principal_id" { 22 | description = "Azure Managed identity principal id." 23 | value = azurerm_user_assigned_identity.user_assigned_identity.principal_id 24 | } 25 | 26 | # Output attributes of the resource group 27 | output "resource_group_name" { 28 | description = "The name of the resource group in which the resources will be created." 29 | value = azurerm_resource_group.resource_group.name 30 | } 31 | 32 | output "location" { 33 | description = "Azure location where all the resources being created." 34 | value = azurerm_resource_group.resource_group.location 35 | } 36 | -------------------------------------------------------------------------------- /azure/modules/iam/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #variables 16 | variable "location" { 17 | description = "Azure location where all the resources being created." 18 | type = string 19 | } 20 | 21 | variable "name" { 22 | description = "Name is the prefix to use for resources that needs to be created." 23 | type = string 24 | } 25 | 26 | variable "environment" { 27 | description = "Name of the environment where infrastructure being built." 28 | type = string 29 | } 30 | 31 | variable "tags" { 32 | description = "A map of the tags to use on the resources that are deployed with this module." 33 | type = map(string) 34 | } -------------------------------------------------------------------------------- /azure/modules/storage/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Azure cloud storage module 2 | This is a Dynamic modules in Terraform to create Azure Storage Account in a subnet. 3 | 4 | * main.tf : contains all the resources which will be created with `terraform apply` command. 5 | * variables.tf : contains all variables required to create the resources. 6 | * outputs.tf : contains output attributes of the resources. 7 | 8 | ## Azure cloud resources created 9 | * Azure Storage Account 10 | * Network profile( configured a subnet_id, let subnet resources will be able to communicate with the storage account privately.) 11 | * Azure Storage Container 12 | 13 | ## Resource Naming Limitations 14 | * Azure Storage Account only allows name with 24 characters long and letters and numbers, does not allow any special characters. 15 | * Format of storage account name `k8ssandrastorageaccount`. 16 | 17 | ## Providers 18 | 19 | | Name | Version | 20 | |------|---------| 21 | | [azurerm](#provider\_azurerm) | n/a | 22 | 23 | ## Modules 24 | 25 | No modules. 26 | 27 | ## Resources 28 | 29 | | Name | Type | 30 | |------|------| 31 | | [azurerm_storage_account.storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | 32 | | [azurerm_storage_container.storage_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | 33 | 34 | ## Inputs 35 | 36 | | Name | Description | Type | Default | Required | 37 | |------|-------------|------|---------|:--------:| 38 | | [account\_tier](#input\_account\_tier) | The Storage Acount tier. | `string` | `"standard"` | no | 39 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 40 | | [location](#input\_location) | Azure location where all the resources being created. | `string` | n/a | yes | 41 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 42 | | [private\_subnet](#input\_private\_subnet) | The subnet id of the virtual network where the virtual machines will reside. | `string` | n/a | yes | 43 | | [replication\_type](#input\_replication\_type) | The Storage Account Replication type. | `string` | `"LRS"` | no | 44 | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the resources will be created. | `string` | n/a | yes | 45 | | [tags](#input\_tags) | A map of the tags to use on the resources that are deployed with this module. | `map(string)` | `{}` | no | 46 | 47 | ## Outputs 48 | 49 | | Name | Description | 50 | |------|-------------| 51 | | [storage\_account\_id](#output\_storage\_account\_id) | Azure Storage account id. | 52 | | [storage\_container\_id](#output\_storage\_container\_id) | Azure storage container id | 53 | -------------------------------------------------------------------------------- /azure/modules/storage/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure Storage Account 16 | resource "azurerm_storage_account" "storage_account" { 17 | name = format("%sk8ssandrastorage", var.environment) 18 | # Storage account name only allows 24 character long, and doesn't allow any special characters. 19 | resource_group_name = var.resource_group_name 20 | location = var.location 21 | # Account tier type defaulted to standard. 22 | account_tier = var.account_tier 23 | # Account replication type Locally redundant storage(LRS) 24 | account_replication_type = var.replication_type 25 | 26 | 27 | tags = var.tags 28 | } 29 | 30 | # Azure subnet Service endpoint storage policy to let Kubernetes cluster nodes to communicate with the storage account. 31 | resource "azurerm_subnet_service_endpoint_storage_policy" "subnet_service_endpoint_policy" { 32 | name = format("%s-storage-policy", var.name) 33 | resource_group_name = var.resource_group_name 34 | location = var.location 35 | definition { 36 | name = format("%s-storage-policy1", var.name) 37 | description = "subnet service endpoint storage policy" 38 | service_resources = [ 39 | azurerm_storage_account.storage_account.id 40 | ] 41 | } 42 | 43 | depends_on = [ 44 | azurerm_storage_account.storage_account, 45 | azurerm_storage_container.storage_container 46 | ] 47 | 48 | tags = var.tags 49 | } 50 | 51 | # Azure Storage Container 52 | resource "azurerm_storage_container" "storage_container" { 53 | name = format("%s-storage-container", var.name) 54 | storage_account_name = azurerm_storage_account.storage_account.name 55 | # Storge container access type is private always. 56 | container_access_type = "private" 57 | } 58 | -------------------------------------------------------------------------------- /azure/modules/storage/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure Kubernetes Cluster output attributes. 16 | output "storage_account_id" { 17 | description = "Azure Storage account id." 18 | value = azurerm_storage_account.storage_account.id 19 | } 20 | 21 | output "storage_container_id" { 22 | description = "Azure storage container id" 23 | value = azurerm_storage_container.storage_container.id 24 | } 25 | 26 | output "policy_id" { 27 | description = "subnet service storage endpoint policy id." 28 | value = azurerm_subnet_service_endpoint_storage_policy.subnet_service_endpoint_policy.id 29 | } 30 | -------------------------------------------------------------------------------- /azure/modules/storage/variables.tf: -------------------------------------------------------------------------------- 1 | # Common variables. 2 | variable "location" { 3 | description = "Azure location where all the resources being created." 4 | type = string 5 | } 6 | 7 | variable "name" { 8 | description = "Name is the prefix to use for resources that needs to be created." 9 | type = string 10 | } 11 | 12 | variable "environment" { 13 | description = "Name of the environment where infrastructure being built." 14 | type = string 15 | } 16 | 17 | variable "resource_group_name" { 18 | description = "The name of the resource group in which the resources will be created." 19 | type = string 20 | } 21 | 22 | # Storage Account variables. 23 | variable "account_tier" { 24 | description = "The Storage Acount tier." 25 | default = "standard" 26 | type = string 27 | } 28 | 29 | variable "replication_type" { 30 | description = "The Storage Account Replication type." 31 | default = "LRS" 32 | type = string 33 | } 34 | 35 | # tags 36 | variable "tags" { 37 | description = "A map of the tags to use on the resources that are deployed with this module." 38 | type = map(string) 39 | default = {} 40 | } 41 | -------------------------------------------------------------------------------- /azure/modules/vnet/README.md: -------------------------------------------------------------------------------- 1 | # Azure Virtual Network 2 | This is a Dynamic module in Terraform to create Virtual Network(Vnet). This module will be called from the ./env/dev.tf file. 3 | 4 | * main.tf : contains all the resources, which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : print output attributes of the resources. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [azurerm](#provider\_azurerm) | n/a | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [azurerm_nat_gateway.nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway) | resource | 23 | | [azurerm_nat_gateway_public_ip_association.nat_gateway_public_ip_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association) | resource | 24 | | [azurerm_network_security_group.ssh_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | 25 | | [azurerm_public_ip.public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | 26 | | [azurerm_route.private_route](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route) | resource | 27 | | [azurerm_route.public_route](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route) | resource | 28 | | [azurerm_route_table.private_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource | 29 | | [azurerm_route_table.public_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource | 30 | | [azurerm_subnet.private_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | 31 | | [azurerm_subnet.public_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | 32 | | [azurerm_subnet_nat_gateway_association.subnet_nat_gateway_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource | 33 | | [azurerm_subnet_network_security_group_association.subnet_network_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | 34 | | [azurerm_subnet_route_table_association.private_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | 35 | | [azurerm_subnet_route_table_association.public_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | 36 | | [azurerm_virtual_network.virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | 37 | 38 | ## Inputs 39 | 40 | | Name | Description | Type | Default | Required | 41 | |------|-------------|------|---------|:--------:| 42 | | [address\_space](#input\_address\_space) | The address space that is used by the virtual network. | `list(string)` | 
[
  "10.1.0.0/16"
]
| no | 43 | | [dns\_servers](#input\_dns\_servers) | The DNS servers to be used with vNet. | `list(string)` | `[]` | no | 44 | | [endpoint\_network\_policies](#input\_endpoint\_network\_policies) | A map of subnet name to enable/disable private link endpoint network policies on the subnet. | `bool` | `true` | no | 45 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 46 | | [location](#input\_location) | Azure location where all the resources being created. | `string` | n/a | yes | 47 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 48 | | [nsg\_ids](#input\_nsg\_ids) | A map of subnet name to Network Security Group IDs | `map(string)` | `{}` | no | 49 | | [policy\_id](#input\_policy\_id) | subnet service storage endpoint policy id. | `string` | n/a | yes | 50 | | [private\_service\_endpoints](#input\_private\_service\_endpoints) | A map of subnet name to service endpoints to add to the subnet. | `list(string)` | `[]` | no | 51 | | [private\_subnet\_prefixes](#input\_private\_subnet\_prefixes) | The address prefix to use for the subnet. | `list(string)` | n/a | yes | 52 | | [public\_service\_endpoints](#input\_public\_service\_endpoints) | A map of subnet name to service endpoints to add to the subnet. | `list(string)` | `[]` | no | 53 | | [public\_subnet\_prefixes](#input\_public\_subnet\_prefixes) | The address prefix to use for the subnet. | `list(string)` | n/a | yes | 54 | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the resources will be created. | `string` | n/a | yes | 55 | | [service\_network\_policies](#input\_service\_network\_policies) | A map of subnet name to enable/disable private link service network policies on the subnet. | `bool` | `true` | no | 56 | | [tags](#input\_tags) | The tags to associate with your network and subnets. | `map(string)` | n/a | yes | 57 | 58 | ## Outputs 59 | 60 | | Name | Description | 61 | |------|-------------| 62 | | [private\_subnets](#output\_private\_subnets) | The ids of subnets created inside the newl virtual\_network | 63 | | [public\_subnets](#output\_public\_subnets) | The ids of subnets created inside the newl virtual\_network | 64 | | [virtual\_network\_address\_space](#output\_virtual\_network\_address\_space) | The address space of the newly created virtual\_network | 65 | | [virtual\_network\_id](#output\_virtual\_network\_id) | The id of the newly created virtual\_network | 66 | | [virtual\_network\_location](#output\_virtual\_network\_location) | The location of the newly created virtual\_network | 67 | | [virtual\_network\_name](#output\_virtual\_network\_name) | The Name of the newly created virtual\_network | 68 | -------------------------------------------------------------------------------- /azure/modules/vnet/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Azure Virtual Network 16 | resource "azurerm_virtual_network" "virtual_network" { 17 | name = format("%s-vnet", var.name) 18 | resource_group_name = var.resource_group_name 19 | location = var.location 20 | address_space = var.address_space 21 | dns_servers = var.dns_servers 22 | tags = var.tags 23 | 24 | lifecycle { 25 | create_before_destroy = true 26 | } 27 | } 28 | 29 | # Azure Subnets 30 | ###################### 31 | ## Public subnet 32 | resource "azurerm_subnet" "public_subnet" { 33 | name = format("%s-public-subnet", var.name) 34 | resource_group_name = var.resource_group_name 35 | virtual_network_name = azurerm_virtual_network.virtual_network.name 36 | address_prefixes = var.public_subnet_prefixes 37 | service_endpoints = var.public_service_endpoints 38 | 39 | lifecycle { 40 | create_before_destroy = true 41 | } 42 | } 43 | 44 | ## Private Subnet 45 | resource "azurerm_subnet" "private_subnet" { 46 | name = format("%s-private-subnet", var.name) 47 | resource_group_name = var.resource_group_name 48 | virtual_network_name = azurerm_virtual_network.virtual_network.name 49 | address_prefixes = var.private_subnet_prefixes 50 | service_endpoints = var.private_service_endpoints 51 | 52 | enforce_private_link_endpoint_network_policies = true 53 | enforce_private_link_service_network_policies = true 54 | # Storage account endpoint id. 55 | service_endpoint_policy_ids = [var.policy_id] 56 | 57 | lifecycle { 58 | create_before_destroy = true 59 | } 60 | 61 | } 62 | 63 | # Azure Network Security Group 64 | resource "azurerm_network_security_group" "ssh_network_security_group" { 65 | name = format("%s-ssh", var.name) 66 | resource_group_name = var.resource_group_name 67 | location = var.location 68 | tags = var.tags 69 | 70 | security_rule { 71 | name = format("%s-ssh-security-rule", var.name) 72 | priority = 100 73 | direction = "Inbound" 74 | access = "Allow" 75 | protocol = "Tcp" 76 | source_port_range = "*" 77 | destination_port_range = "22" 78 | source_address_prefix = "*" 79 | destination_address_prefix = "*" 80 | } 81 | } 82 | 83 | # Azure subnet network security group association 84 | resource "azurerm_subnet_network_security_group_association" "subnet_network_security_group_association" { 85 | subnet_id = azurerm_subnet.public_subnet.id 86 | network_security_group_id = azurerm_network_security_group.ssh_network_security_group.id 87 | } 88 | 89 | # Azure public route table. 90 | resource "azurerm_route_table" "public_route_table" { 91 | name = format("%s-public-route-table", var.name) 92 | resource_group_name = var.resource_group_name 93 | location = var.location 94 | tags = var.tags 95 | } 96 | 97 | # Azure public route 98 | resource "azurerm_route" "public_route" { 99 | name = format("%s-public_route", var.name) 100 | resource_group_name = var.resource_group_name 101 | route_table_name = azurerm_route_table.public_route_table.name 102 | address_prefix = "0.0.0.0/0" 103 | next_hop_type = "Internet" 104 | } 105 | 106 | # Azure private route table 107 | resource "azurerm_route_table" "private_route_table" { 108 | name = format("%s-private-route-table", var.name) 109 | resource_group_name = var.resource_group_name 110 | location = var.location 111 | tags = var.tags 112 | } 113 | 114 | # Azure private route. 115 | resource "azurerm_route" "private_route" { 116 | name = format("%s-private_route", var.name) 117 | resource_group_name = var.resource_group_name 118 | route_table_name = azurerm_route_table.private_route_table.name 119 | address_prefix = azurerm_subnet.private_subnet.address_prefix 120 | next_hop_type = "VnetLocal" 121 | } 122 | 123 | # Azure subnet route table association. 124 | resource "azurerm_subnet_route_table_association" "public_subnet_route_table_association" { 125 | subnet_id = azurerm_subnet.public_subnet.id 126 | route_table_id = azurerm_route_table.public_route_table.id 127 | } 128 | 129 | # Private subnet route table association. 130 | resource "azurerm_subnet_route_table_association" "private_subnet_route_table_association" { 131 | subnet_id = azurerm_subnet.private_subnet.id 132 | route_table_id = azurerm_route_table.private_route_table.id 133 | } 134 | 135 | # Network watcher couldn't be able to create. 136 | ################## 137 | /*resource "azurerm_network_watcher" "network_watcher" { 138 | name = format("%s-azure-network-watcher", var.name) 139 | location = var.location 140 | resource_group_name = var.resource_group_name 141 | 142 | tags = var.tags 143 | } 144 | */ 145 | 146 | # Azure public IP adress to attach NAT gateway 147 | resource "azurerm_public_ip" "public_ip" { 148 | name = format("%s-public-ip", var.name) 149 | location = var.location 150 | resource_group_name = var.resource_group_name 151 | allocation_method = "Static" 152 | sku = "Standard" 153 | 154 | tags = var.tags 155 | } 156 | 157 | # NAT gateway 158 | resource "azurerm_nat_gateway" "nat_gateway" { 159 | name = format("%s-nat-Gateway", var.name) 160 | location = var.location 161 | resource_group_name = var.resource_group_name 162 | sku_name = "Standard" 163 | idle_timeout_in_minutes = 10 164 | tags = var.tags 165 | } 166 | 167 | # NAT gateway public IP association. 168 | resource "azurerm_nat_gateway_public_ip_association" "nat_gateway_public_ip_association" { 169 | nat_gateway_id = azurerm_nat_gateway.nat_gateway.id 170 | public_ip_address_id = azurerm_public_ip.public_ip.id 171 | } 172 | 173 | # Azure subnet NAT gateway association. 174 | resource "azurerm_subnet_nat_gateway_association" "subnet_nat_gateway_association" { 175 | subnet_id = azurerm_subnet.public_subnet.id 176 | nat_gateway_id = azurerm_nat_gateway.nat_gateway.id 177 | } 178 | -------------------------------------------------------------------------------- /azure/modules/vnet/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output attributes of Vnet resources. 16 | output "virtual_network_id" { 17 | description = "The id of the newly created virtual_network" 18 | value = azurerm_virtual_network.virtual_network.id 19 | } 20 | 21 | output "virtual_network_name" { 22 | description = "The Name of the newly created virtual_network" 23 | value = azurerm_virtual_network.virtual_network.name 24 | } 25 | 26 | output "virtual_network_location" { 27 | description = "The location of the newly created virtual_network" 28 | value = azurerm_virtual_network.virtual_network.location 29 | } 30 | 31 | output "virtual_network_address_space" { 32 | description = "The address space of the newly created virtual_network" 33 | value = azurerm_virtual_network.virtual_network.address_space 34 | } 35 | 36 | # Output attributes of the subnet ids. 37 | output "public_subnets" { 38 | description = "The ids of subnets created inside the newl virtual_network" 39 | value = azurerm_subnet.public_subnet.id 40 | } 41 | 42 | output "private_subnets" { 43 | description = "The ids of subnets created inside the newl virtual_network" 44 | value = azurerm_subnet.private_subnet.id 45 | } 46 | -------------------------------------------------------------------------------- /azure/modules/vnet/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Common variables. 16 | variable "location" { 17 | description = "Azure location where all the resources being created." 18 | type = string 19 | } 20 | 21 | variable "name" { 22 | description = "Name is the prefix to use for resources that needs to be created." 23 | type = string 24 | } 25 | 26 | variable "environment" { 27 | description = "Name of the environment where infrastructure being built." 28 | type = string 29 | } 30 | 31 | variable "resource_group_name" { 32 | description = "The name of the resource group in which the resources will be created." 33 | type = string 34 | } 35 | 36 | # Vnet address space 37 | variable "address_space" { 38 | type = list(string) 39 | description = "The address space that is used by the virtual network." 40 | default = ["10.1.0.0/16"] 41 | } 42 | 43 | # If no values specified, this defaults to Azure DNS 44 | variable "dns_servers" { 45 | description = "The DNS servers to be used with vNet." 46 | type = list(string) 47 | default = [] 48 | } 49 | 50 | variable "public_subnet_prefixes" { 51 | description = "The address prefix to use for the subnet." 52 | type = list(string) 53 | } 54 | 55 | variable "private_subnet_prefixes" { 56 | description = "The address prefix to use for the subnet." 57 | type = list(string) 58 | } 59 | 60 | variable "public_service_endpoints" { 61 | description = "A map of subnet name to service endpoints to add to the subnet." 62 | type = list(string) 63 | default = [] 64 | } 65 | 66 | variable "private_service_endpoints" { 67 | description = "A map of subnet name to service endpoints to add to the subnet." 68 | type = list(string) 69 | default = [] 70 | } 71 | 72 | variable "policy_id" { 73 | description = "subnet service storage endpoint policy id." 74 | type = string 75 | } 76 | 77 | variable "endpoint_network_policies" { 78 | description = "A map of subnet name to enable/disable private link endpoint network policies on the subnet." 79 | type = bool 80 | default = true 81 | } 82 | 83 | variable "service_network_policies" { 84 | description = "A map of subnet name to enable/disable private link service network policies on the subnet." 85 | type = bool 86 | default = true 87 | } 88 | 89 | variable "nsg_ids" { 90 | description = "A map of subnet name to Network Security Group IDs" 91 | type = map(string) 92 | default = {} 93 | } 94 | 95 | variable "tags" { 96 | description = "The tags to associate with your network and subnets." 97 | type = map(string) 98 | } 99 | -------------------------------------------------------------------------------- /azure/scripts/README.md: -------------------------------------------------------------------------------- 1 | # Scripts to create and destroy the resources 2 | 3 | ## What's in this folder 4 | 5 | * [apply.sh](./apply.sh): By using this script we can apply changes to the Terraform resources in Azure. 6 | * [common.sh](./common.sh): By using this script we can validate the required packages and variables on your system. This script will be called in `apply.sh`, `init.sh`, `validate.sh`, `destroy.sh`, `plan.sh`. 7 | * [create_storage_account.py](./create_storage_account.py): By using this script you can create a storage account and storage container in Azure, 8 | * following components needs to be installed before using this script: 9 | * install azure-identity 10 | * install azure-mgmt-resource 11 | * install azure-mgmt-storage 12 | * install azure-storage-blob 13 | * [delete_storage_account.py](./delete_storage_account.py): By using this script we can delete the storage account created for terraform state files. 14 | * [destroy.sh](./destroy.sh): By using this script we can destroy all the resource created by Terraform. 15 | * [init.sh](./init.sh): By using this script we can initialize the modules, Terraform workspace, environment and create terraform State files bucket. 16 | * [plan.sh](./plan.sh): By using this script we plan the resources by running `terraform plan` command. 17 | -------------------------------------------------------------------------------- /azure/scripts/apply.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | # Run common.sh script for variable declaration and validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | # Make apply : this command will apply the infrastructure changes 30 | (cd "${ROOT}/env"; terraform apply -no-color -auto-approve) 31 | 32 | # Get cluster outputs from the cluster. 33 | GET_OUTPUTS="$(terraform output connect_cluster)" 34 | ${GET_OUTPUTS} 35 | 36 | # Clone k8ssandra repo 37 | git clone https://github.com/k8ssandra/k8ssandra.git 38 | cd k8ssandra 39 | 40 | # Call the existing script to run the E2E testing on the cluster. 41 | make integ-test 42 | -------------------------------------------------------------------------------- /azure/scripts/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # Common commands for all scripts 19 | 20 | # Locate the root directory. Used by scripts that source this one. 21 | # shellcheck disable=SC2034 22 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 23 | 24 | # git is required for this tutorial 25 | # https://git-scm.com/book/en/v2/Getting-Started-Installing-Git 26 | command -v git >/dev/null 2>&1 || { \ 27 | echo >&2 "I require git but it's not installed. Aborting." 28 | echo >&2 "Refer to: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git" 29 | exit 1 30 | } 31 | 32 | 33 | # Make sure kubectl is installed. If not, refer to: 34 | # https://kubernetes.io/docs/tasks/tools/install-kubectl/ 35 | command -v kubectl >/dev/null 2>&1 || { \ 36 | echo >&2 "I require kubectl but it's not installed. Aborting." 37 | echo >&2 "Refer to: https://kubernetes.io/docs/tasks/tools/install-kubectl/" 38 | exit 1 39 | } 40 | 41 | # Make sure Helm is installed. If not, refer to: 42 | # https://helm.sh/docs/intro/install/ 43 | command -v helm >/dev/null 2>&1 || { \ 44 | echo >&2 "I require helm but it's not installed. Aborting." 45 | echo >&2 "Refer to: https://helm.sh/docs/intro/install/" 46 | exit 1 47 | } 48 | 49 | # Make sure Az CLI(Azure) is installed. If not, refer to: 50 | # https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt 51 | command -v az >/dev/null 2>&1 || { \ 52 | echo >&2 "I require AZ cli but it's not installed. Aborting." 53 | echo >&2 "Refer to: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt" 54 | exit 1 55 | } 56 | 57 | # Make sure Terraform0.14 is installed. If not, refer to: 58 | # https://www.terraform.io/docs/cli/install/apt.html 59 | command -v terraform >/dev/null 2>&1 || { \ 60 | echo >&2 "I require terraform 0.14 but it's not installed. Aborting." 61 | echo >&2 "https://www.terraform.io/docs/cli/install/apt.html" 62 | echo >&2 "Refer to: sudo apt install terraform=0.14.0" 63 | exit 1 64 | } 65 | 66 | # Make sure python is installed. If not, refer to: 67 | # https://www.python.org/downloads/ 68 | command -v python >/dev/null 2>&1 || { \ 69 | echo >&2 "I require python but it's not installed. Aborting." 70 | echo >&2 "https://www.python.org/downloads/" 71 | exit 1 72 | } 73 | 74 | # Make sure you initialize the following TF_VAR's before you initialize the environment 75 | if [ -z "${TF_VAR_environment}" ] || [ -z "${TF_VAR_name}" ] || [ -z "${TF_VAR_region}" ] || [ -z "${TF_VAR_resource_owner}" ]; then 76 | printf "This step requires to export the the following variables \n TF_VAR_environment: %s \n TF_VAR_name: %s \n TF_VAR_region: %s \n TF_VAR_resource_owner: %s \n" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" "${TF_VAR_resource_owner}" 77 | exit 1 78 | else 79 | printf "Following variables are configured \nTF_VAR_environment: %s \nTF_VAR_name: %s \nTF_VAR_region: %s \n TF_VAR_resource_owner: %s \n" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" "${TF_VAR_resource_owner}" 80 | fi 81 | 82 | # Simple test helpers that avoids eval and complex quoting. Note that stderr is 83 | # redirected to stdout so we can properly handle output. 84 | # Usage: test_des "description" 85 | test_des() { 86 | echo -n "Checking that $1... " 87 | } 88 | 89 | # Usage: test_cmd "$(command string 2>&1)" 90 | test_cmd() { 91 | local result=$? 92 | local output="$1" 93 | 94 | # If command completes successfully, output "pass" and continue. 95 | if [[ $result == 0 ]]; then 96 | echo "pass" 97 | 98 | # If ccommand fails, output the error code, command output and exit. 99 | else 100 | echo -e "fail ($result)\\n" 101 | cat <<<"$output" 102 | exit $result 103 | fi 104 | } 105 | -------------------------------------------------------------------------------- /azure/scripts/create_storage_account.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Create Google cloud storage bucket if it is not exists 18 | from azure.identity import ClientSecretCredential 19 | from azure.mgmt.resource import ResourceManagementClient 20 | from azure.mgmt.storage import StorageManagementClient 21 | from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient, _version_ 22 | from azure.mgmt.storage.models import ( 23 | StorageAccountCreateParameters, 24 | StorageAccountUpdateParameters, 25 | Sku, 26 | SkuName, 27 | Kind 28 | ) 29 | import os 30 | import sys 31 | # Following Credentials needs to be passed as environment variables. 32 | credential = ClientSecretCredential( 33 | tenant_id = os.getenv('tenant_id'), 34 | client_id = os.getenv('client_id'), 35 | client_secret = os.getenv('client_secret') 36 | ) 37 | subscription_id = os.getenv('subscription_id') 38 | # Create a new bucket in specific Location with storage class 39 | def create_storage_account(storage_account_name, resource_group_name, Location): 40 | storage_client = StorageManagementClient(credential, subscription_id) 41 | availability_result = storage_client.storage_accounts.check_name_availability( 42 | { "name": storage_account_name } 43 | ) 44 | if not availability_result.name_available: 45 | print(f"Storage name {storage_account_name} is already in use. Try another name.") 46 | exit() 47 | poller = storage_client.storage_accounts.begin_create(resource_group_name, storage_account_name, 48 | { 49 | "location" : Location, 50 | "kind": "StorageV2", 51 | "sku": {"name": "Standard_LRS"} 52 | } 53 | ) 54 | account_result = poller.result() 55 | print(f"Provisioned storage account {account_result.name}") 56 | keys = storage_client.storage_accounts.list_keys(resource_group_name, storage_account_name) 57 | print(f"Primary key for storage account: {keys.keys[0].value}") 58 | conn_string = f"DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName={storage_account_name};AccountKey={keys.keys[0].value}" 59 | print(f"Connection string: {conn_string}") 60 | return conn_string 61 | 62 | def list_storage_accounts(): 63 | """ List all the Storage Accounts created in the resource group """ 64 | #credential = DefaultAzureCredential() 65 | #subscription_id = "dc5ee5b1-4fc2-463e-a56b-ff54dd38b879" 66 | storage_client = StorageManagementClient(credential, subscription_id) 67 | storage_accounts = storage_client.storage_accounts.list() 68 | storage_accounts_list = [] 69 | for storage_account in storage_accounts: 70 | storage_accounts_list.append(storage_account.name) 71 | return storage_accounts_list 72 | 73 | # Create Storage Account, if it's not existed in the Storage Accounts list. 74 | def create_storage_account_ifnotexist(storage_account_name, resource_group_name, Location, storage_container_name): 75 | """ Only create the Storage Account and Storage Container, if it is not in the list of all buckets""" 76 | storage_accounts_list = list_storage_accounts() 77 | print(storage_accounts_list) 78 | if storage_account_name not in storage_accounts_list: 79 | connection_string = create_storage_account(storage_account_name, resource_group_name, Location) 80 | # Create storage account container. 81 | blob_service_client = BlobServiceClient.from_connection_string(connection_string) 82 | blob_service_client.create_container(storage_container_name) 83 | else: 84 | print("{} Storage Account Name already exists".format(storage_account_name)) 85 | 86 | # Get the environment variables. 87 | storage_account_name=os.getenv('storage_account_name') 88 | location=os.getenv('TF_VAR_location') 89 | resource_group_name=os.getenv('resource_group_name') 90 | storage_container_name=os.getenv('storage_container_name') 91 | 92 | # Create state files bucket if not exists. 93 | create_storage_account_ifnotexist(storage_account_name, resource_group_name, location, storage_container_name) -------------------------------------------------------------------------------- /azure/scripts/delete_storage_account.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Delete Storage Account function is used to delete the Storage Account created for the terraform state files.. 18 | from azure.identity import ClientSecretCredential 19 | from azure.mgmt.storage import StorageManagementClient 20 | import os 21 | import sys 22 | 23 | # Following Credentials needs to be passed as environment variables. 24 | credential = ClientSecretCredential( 25 | tenant_id = os.getenv('tenant_id'), 26 | client_id = os.getenv('client_id'), 27 | client_secret = os.getenv('client_secret') 28 | ) 29 | subscription_id = os.getenv('subscription_id') 30 | 31 | def delete_storage_account(resource_group_name, storage_account_name): 32 | storage_client = StorageManagementClient(credential, subscription_id) 33 | """ delete the Storage Account created for the terraform state files. """ 34 | try: 35 | storage_client.storage_accounts.delete(resource_group_name, storage_account_name) 36 | print("storage Account {} deleted".format(storage_account_name)) 37 | except: 38 | print("Storage Account does not exists") 39 | 40 | # Get environment variables 41 | resource_group_name=os.getenv('resource_group_name') 42 | storage_account_name=os.getenv('storage_account_name') 43 | 44 | # Delete 45 | delete_storage_account(resource_group_name, storage_account_name) 46 | -------------------------------------------------------------------------------- /azure/scripts/destroy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091,SC2154 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" 25 | 26 | # Run common.sh script for variable declaration and validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | # Terraform initialize should run on env folder. 30 | cd "${ROOT}/env" 31 | 32 | # Terraform initinalize the backend bucket 33 | terraform init -input=false 34 | 35 | # this will destroy all of your resources in the environment workspace. 36 | terraform destroy -no-color -auto-approve 37 | 38 | # Delete terraform workspace. 39 | terraform workspace select default 40 | terraform workspace delete "${TF_VAR_environment}" 41 | -------------------------------------------------------------------------------- /azure/scripts/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091,SC2154 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | # Run common.sh script for validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | # Make will use bash instead of sh 30 | # Set environment variables 31 | 32 | # Terraform initialize should run on env folder. 33 | cd "${ROOT}/env" 34 | 35 | # Terraform initinalize the backend bucket 36 | terraform init -input=false 37 | 38 | # Validate the Terraform resources. 39 | terraform validate 40 | 41 | # Create workspace based on the environment, by doing this you don't overlap wih the resources in different environments. 42 | terraform workspace new "$TF_VAR_environment" || terraform workspace select "$TF_VAR_environment" 43 | -------------------------------------------------------------------------------- /azure/scripts/k8ssandra.yaml: -------------------------------------------------------------------------------- 1 | cassandra: 2 | version: "3.11.10" 3 | cassandraLibDirVolume: 4 | storageClass: default 5 | size: 5Gi 6 | allowMultipleNodesPerWorker: true 7 | heap: 8 | size: 1G 9 | newGenSize: 1G 10 | resources: 11 | requests: 12 | cpu: 1000m 13 | memory: 2Gi 14 | limits: 15 | cpu: 1000m 16 | memory: 2Gi 17 | datacenters: 18 | - name: dc1 19 | size: 1 20 | racks: 21 | - name: default 22 | kube-prometheus-stack: 23 | grafana: 24 | adminUser: admin 25 | adminPassword: admin123 26 | stargate: 27 | enabled: true 28 | replicas: 1 29 | heapMB: 256 30 | cpuReqMillicores: 200 31 | cpuLimMillicores: 1000 32 | -------------------------------------------------------------------------------- /azure/scripts/plan.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | # Run common.sh script for variable declaration and validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | #make plan : this command will validate the terraform code 30 | cd "${ROOT}"/env 31 | 32 | # Terraform validate before the plan 33 | terraform validate 34 | 35 | # Terraform plan will create a plan file in your current repository. Verify the all the resource it create by using plan. 36 | terraform plan -no-color -out=./plan.json 37 | -------------------------------------------------------------------------------- /gcp/env/dev.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create google compute network(VPC). 16 | module "vpc" { 17 | source = "../modules/vpc" 18 | name = local.prefix 19 | environment = var.environment 20 | region = var.region 21 | project_id = var.project_id 22 | } 23 | 24 | # Create GKE cluster. 25 | module "gke" { 26 | source = "../modules/gke" 27 | environment = var.environment 28 | name = local.prefix 29 | region = var.region 30 | project_id = var.project_id 31 | initial_node_count = var.initial_node_count 32 | machine_type = var.machine_type 33 | network_link = module.vpc.network_selflink 34 | subnetwork_link = module.vpc.subnetwork_selflink 35 | service_account = module.iam.service_account 36 | } 37 | 38 | # Create Service Account and IAM roles in GCP. 39 | module "iam" { 40 | source = "../modules/iam" 41 | name = local.prefix 42 | region = var.region 43 | project_id = var.project_id 44 | service_account_custom_iam_roles = var.service_account_custom_iam_roles 45 | service_account_iam_roles = var.service_account_iam_roles 46 | project_services = var.project_services 47 | } 48 | 49 | # Create GCS bucket 50 | module "gcs" { 51 | source = "../modules/gcs" 52 | name = format("%s-storage-bucket", local.prefix) 53 | environment = var.environment 54 | region = var.region 55 | project_id = var.project_id 56 | service_account = module.iam.service_account 57 | } 58 | -------------------------------------------------------------------------------- /gcp/env/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # gke module output attributes 16 | #------------------------------ 17 | # Print GKE cluster endpoint. 18 | output "endpoint" { 19 | description = "Endpoint for the GKE cluster" 20 | value = module.gke.endpoint 21 | } 22 | 23 | # Print GKE cluster version. 24 | output "master_version" { 25 | description = "Master version of GKE cluster" 26 | value = module.gke.master_version 27 | } 28 | 29 | # gcs module output attributes 30 | #----------------------------- 31 | output "bucket_name" { 32 | description = "The name of the GCS bucket." 33 | value = module.gcs.bucket_name 34 | } 35 | 36 | # Google cloud service account 37 | #----------------------------- 38 | output "service_account" { 39 | description = "The E-mail id of the service account." 40 | value = module.iam.service_account 41 | } 42 | 43 | output "service_account_key" { 44 | description = "The service Account Key to configure Medusa backups to use GCS bucket" 45 | value = module.iam.service_account_key 46 | sensitive = true 47 | } 48 | 49 | # Configuring GKE cluster access for kubectl. 50 | #----------------------- 51 | output "connect_cluster" { 52 | description = "Configuring GKE cluster access for kubectl" 53 | value = format("gcloud container clusters get-credentials %s --region %s --project %s", module.gke.cluster_name, var.region, var.project_id) 54 | } 55 | -------------------------------------------------------------------------------- /gcp/env/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure being built." 22 | type = string 23 | } 24 | 25 | variable "region" { 26 | description = "The region in which to create the VPC network" 27 | type = string 28 | } 29 | 30 | variable "project_id" { 31 | description = "The GCP project in which the components are created." 32 | type = string 33 | } 34 | 35 | variable "zone" { 36 | description = "The zone in which to create the Kubernetes cluster. Must match the region" 37 | type = string 38 | default = "us-central-1a" 39 | } 40 | 41 | variable "k8s_namespace" { 42 | description = "The namespace to use for the deployment and workload identity binding" 43 | type = string 44 | default = "default" 45 | } 46 | 47 | variable "initial_node_count" { 48 | description = "Node count to define number of nodes per Zone, each region by default creates three nodes." 49 | type = number 50 | default = 1 51 | } 52 | 53 | variable "machine_type" { 54 | description = "Type of machines which are used by cluster node pool" 55 | type = string 56 | default = "e2-highmem-8" 57 | } 58 | 59 | variable "service_account_iam_roles" { 60 | type = list(string) 61 | 62 | default = [ 63 | "roles/logging.logWriter", 64 | "roles/monitoring.metricWriter", 65 | "roles/monitoring.viewer", 66 | "roles/stackdriver.resourceMetadata.writer", 67 | ] 68 | description = "List of the default IAM roles to attach to the service account on the GKE Nodes." 69 | } 70 | 71 | variable "service_account_custom_iam_roles" { 72 | type = list(string) 73 | default = [] 74 | 75 | description = <<-EOF 76 | List of arbitrary additional IAM roles to attach to the service account on 77 | the GKE nodes. 78 | EOF 79 | } 80 | 81 | variable "project_services" { 82 | type = list(string) 83 | 84 | default = [ 85 | "cloudresourcemanager.googleapis.com", 86 | "servicenetworking.googleapis.com", 87 | "container.googleapis.com", 88 | "compute.googleapis.com", 89 | "iam.googleapis.com", 90 | "logging.googleapis.com", 91 | "monitoring.googleapis.com", 92 | "sqladmin.googleapis.com", 93 | "securetoken.googleapis.com", 94 | ] 95 | description = "The GCP APIs that should be enabled in this project." 96 | } 97 | 98 | locals { 99 | prefix = format("%s-%s", lower(var.environment), lower(var.name)) 100 | } -------------------------------------------------------------------------------- /gcp/env/version.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Terraform provider 16 | terraform { 17 | required_version = ">= 0.14" 18 | 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = "~> 3.0" 23 | } 24 | } 25 | } 26 | 27 | # Google beta provider 28 | # Necessary for creating and managing Private subnets. 29 | provider "google-beta" { 30 | alias = "google-beta" 31 | project = var.project_id 32 | region = var.region 33 | zone = var.zone 34 | } 35 | -------------------------------------------------------------------------------- /gcp/modules/gcs/README.md: -------------------------------------------------------------------------------- 1 | # Terraform google cloud storage module 2 | This is a Dynamic modules in Terraform to create a GCS bucket and assign basic permissions to the users. 3 | 4 | * main.tf : contains all the resources which will be created with `terraform apply` command. 5 | * variables.tf : contains all variables required to create the resources. 6 | * outputs.tf : contains output attributes of the resources. 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [google](#provider\_google) | 3.0 | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [google_storage_bucket.storage_bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | 27 | | [google_storage_bucket_iam_member.storage_bucket_iam_member](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |------|-------------|------|---------|:--------:| 33 | | [bucket\_policy\_only](#input\_bucket\_policy\_only) | Enables Bucket Policy Only access to a bucket. | `bool` | `true` | no | 34 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 35 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 36 | | [project\_id](#input\_project\_id) | The ID of the project to create the bucket in. | `string` | n/a | yes | 37 | | [region](#input\_region) | The region where terraform builds resources. | `string` | n/a | yes | 38 | | [role](#input\_role) | Role of the google storage bucket iam member | `string` | `"roles/storage.admin"` | no | 39 | | [service\_account](#input\_service\_account) | service account email address | `string` | n/a | yes | 40 | | [storage\_class](#input\_storage\_class) | Storage class for the gcs bucket | `string` | `null` | no | 41 | 42 | ## Outputs 43 | 44 | | Name | Description | 45 | |------|-------------| 46 | | [bucket\_name](#output\_bucket\_name) | name of the google cloud storage bucket | 47 | -------------------------------------------------------------------------------- /gcp/modules/gcs/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | # Google storage bucket with standared storage class 17 | resource "google_storage_bucket" "storage_bucket" { 18 | name = var.name 19 | project = var.project_id 20 | location = var.region 21 | storage_class = var.storage_class 22 | uniform_bucket_level_access = var.bucket_policy_only 23 | force_destroy = true 24 | 25 | } 26 | 27 | # Google Storage bucket IAM member resource 28 | resource "google_storage_bucket_iam_member" "storage_bucket_iam_member" { 29 | bucket = google_storage_bucket.storage_bucket.name 30 | role = "roles/storage.admin" 31 | member = format("serviceAccount:%s", var.service_account) 32 | } 33 | -------------------------------------------------------------------------------- /gcp/modules/gcs/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output bucket name of the google cloud storage. 16 | output "bucket_name" { 17 | description = "name of the google cloud storage bucket" 18 | value = google_storage_bucket.storage_bucket.name 19 | } 20 | -------------------------------------------------------------------------------- /gcp/modules/gcs/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure being built." 22 | type = string 23 | } 24 | 25 | variable "project_id" { 26 | description = "The ID of the project to create the bucket in." 27 | type = string 28 | } 29 | 30 | variable "region" { 31 | description = "The region where terraform builds resources." 32 | type = string 33 | } 34 | 35 | variable "storage_class" { 36 | description = "Storage class for the gcs bucket" 37 | type = string 38 | default = null 39 | } 40 | 41 | variable "bucket_policy_only" { 42 | description = "Enables Bucket Policy Only access to a bucket." 43 | type = bool 44 | default = true 45 | } 46 | 47 | variable "role" { 48 | description = "Role of the google storage bucket iam member" 49 | type = string 50 | default = "roles/storage.admin" 51 | } 52 | 53 | variable "service_account" { 54 | description = "service account email address" 55 | type = string 56 | } 57 | -------------------------------------------------------------------------------- /gcp/modules/gke/README.md: -------------------------------------------------------------------------------- 1 | # GKE Clusters Terraform Module 2 | This is a Dynamic module in terraform to create GKE cluster. This module will be called from ../env/dev.tf modules file, by using this reusable module we will be able to create GKE cluster and Cluster Node Pool. 3 | 4 | * main.tf : contains all the resources which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : prints output attributes of the resources. 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [google](#provider\_google) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [google_container_cluster.container_cluster](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | 27 | | [google_container_node_pool.container_node_pool](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |------|-------------|------|---------|:--------:| 33 | | [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | 34 | | [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | 35 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 36 | | [initial\_node\_count](#input\_initial\_node\_count) | n/a | `number` | n/a | yes | 37 | | [machine\_type](#input\_machine\_type) | Type of machines which are used by cluster node pool | `string` | `"e2-highmem-8"` | no | 38 | | [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. | `string` | `"10.0.0.0/28"` | no | 39 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 40 | | [network\_link](#input\_network\_link) | network link variable from vpc module outputs | `string` | `""` | no | 41 | | [project\_id](#input\_project\_id) | The project ID where all resources will be launched. | `string` | n/a | yes | 42 | | [region](#input\_region) | The location of the GKE cluster. | `string` | n/a | yes | 43 | | [service\_account](#input\_service\_account) | The name of the custom service account used for the GKE cluster. This parameter is limited to a maximum of 28 characters | `string` | `""` | no | 44 | | [subnetwork\_link](#input\_subnetwork\_link) | subnetwork link variable from vpc module outputs | `string` | `""` | no | 45 | 46 | ## Outputs 47 | 48 | | Name | Description | 49 | |------|-------------| 50 | | [cluster\_name](#output\_cluster\_name) | GKE cluster name | 51 | | [endpoint](#output\_endpoint) | End point of the google container cluster | 52 | | [master\_version](#output\_master\_version) | Master version of Kubernetes cluster | 53 | -------------------------------------------------------------------------------- /gcp/modules/gke/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Google container cluster(GKE) configuration 16 | resource "google_container_cluster" "container_cluster" { 17 | name = var.name 18 | project = var.project_id 19 | description = format("%s-gke-cluster", var.name) 20 | location = var.region 21 | remove_default_node_pool = true 22 | initial_node_count = var.initial_node_count 23 | 24 | # VPC and Sub-network self links. 25 | network = var.network_link 26 | subnetwork = var.subnetwork_link 27 | 28 | master_auth { 29 | # Setting an empty username and password explicitly disables basic auth 30 | username = "" 31 | password = "" 32 | 33 | # Whether client certificate authorization is enabled for this cluster. 34 | client_certificate_config { 35 | issue_client_certificate = false 36 | } 37 | } 38 | 39 | # Private Cluster configuration 40 | private_cluster_config { 41 | enable_private_endpoint = var.enable_private_endpoint 42 | enable_private_nodes = var.enable_private_nodes 43 | } 44 | 45 | # Resource lables 46 | resource_labels = { 47 | environment = format("%s", var.environment) 48 | } 49 | 50 | # Creates Internal Load Balancer 51 | addons_config { 52 | http_load_balancing { 53 | disabled = false 54 | } 55 | } 56 | 57 | # Provisioner to connect the GEK cluster. 58 | provisioner "local-exec" { 59 | command = format("gcloud container clusters get-credentials %s --region %s --project %s", google_container_cluster.container_cluster.name, google_container_cluster.container_cluster.location, var.project_id) 60 | } 61 | 62 | } 63 | 64 | # Google container node pool configuration 65 | resource "google_container_node_pool" "container_node_pool" { 66 | name = format("%s-node-pool", var.name) 67 | project = var.project_id 68 | location = var.region 69 | cluster = google_container_cluster.container_cluster.name 70 | node_count = var.initial_node_count 71 | 72 | # Node configuration 73 | node_config { 74 | machine_type = var.machine_type 75 | preemptible = true 76 | tags = ["http", "ssh"] 77 | 78 | metadata = { 79 | disable-legacy-endpoints = "true" 80 | } 81 | 82 | 83 | service_account = var.service_account 84 | oauth_scopes = [ 85 | "https://www.googleapis.com/auth/devstorage.read_write", 86 | "https://www.googleapis.com/auth/logging.write", 87 | "https://www.googleapis.com/auth/monitoring", 88 | "https://www.googleapis.com/auth/compute", 89 | "https://www.googleapis.com/auth/servicecontrol", 90 | "https://www.googleapis.com/auth/service.management.readonly", 91 | "https://www.googleapis.com/auth/trace.append", 92 | "https://www.googleapis.com/auth/logging.write", 93 | "https://www.googleapis.com/auth/monitoring", 94 | ] 95 | } 96 | 97 | depends_on = [ 98 | google_container_cluster.container_cluster 99 | ] 100 | } 101 | 102 | # TODO : Go program to replace this. 103 | # Test the connectivity to GKE cluster that just got created. 104 | -------------------------------------------------------------------------------- /gcp/modules/gke/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # End point of the google container cluster. 16 | output "endpoint" { 17 | description = "End point of the google container cluster" 18 | value = google_container_cluster.container_cluster.endpoint 19 | } 20 | 21 | # Master version of Kubernetes cluster. 22 | output "master_version" { 23 | description = "Master version of Kubernetes cluster" 24 | value = google_container_cluster.container_cluster.master_version 25 | } 26 | 27 | # GKE cluster name. 28 | output "cluster_name" { 29 | description = "GKE cluster name" 30 | value = google_container_cluster.container_cluster.name 31 | } 32 | -------------------------------------------------------------------------------- /gcp/modules/gke/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure being built." 22 | type = string 23 | } 24 | 25 | variable "project_id" { 26 | description = "The project ID where all resources will be launched." 27 | type = string 28 | } 29 | 30 | variable "initial_node_count" { 31 | description = "Node count to define number of nodes per Zone, each region by default creates three nodes." 32 | type = number 33 | } 34 | 35 | variable "machine_type" { 36 | description = "Type of machines which are used by cluster node pool" 37 | type = string 38 | default = "e2-highmem-8" 39 | } 40 | 41 | variable "region" { 42 | description = "The location of the GKE cluster." 43 | type = string 44 | } 45 | 46 | variable "network_link" { 47 | description = "network link variable from vpc module outputs" 48 | default = "" 49 | } 50 | 51 | variable "subnetwork_link" { 52 | description = "subnetworking link variable from vpc module outputs" 53 | default = "" 54 | } 55 | 56 | variable "service_account" { 57 | description = "The name of the custom service account used for the GKE cluster. This parameter is limited to a maximum of 28 characters" 58 | default = "" 59 | } 60 | 61 | variable "enable_private_endpoint" { 62 | description = "(Beta) Whether the master's internal IP address is used as the cluster endpoint" 63 | default = false 64 | type = bool 65 | } 66 | 67 | variable "enable_private_nodes" { 68 | description = "(Beta) Whether nodes have internal IP addresses only" 69 | default = false 70 | type = bool 71 | } 72 | 73 | variable "master_ipv4_cidr_block" { 74 | description = "The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network." 75 | default = "10.0.0.0/28" 76 | } 77 | -------------------------------------------------------------------------------- /gcp/modules/iam/README.md: -------------------------------------------------------------------------------- 1 | # Google Identity Access Management module 2 | This is a Dynamic module in Terraform to create IAM resources. This module will be called from ../env/dev.tf modules file. This module creates a Services Account and IAM memebers and roles. 3 | 4 | * main.tf : contains all the resources, which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : print output attributes of the resources. 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [google](#provider\_google) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [google_project_iam_member.service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | 27 | | [google_project_iam_member.service_account_custom](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | 28 | | [google_project_service.project_services](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource | 29 | | [google_service_account.service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | 30 | | [google_service_account_key.service_account_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | 31 | 32 | ## Inputs 33 | 34 | | Name | Description | Type | Default | Required | 35 | |------|-------------|------|---------|:--------:| 36 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 37 | | [project\_id](#input\_project\_id) | The project in which to hold the components | `string` | n/a | yes | 38 | | [project\_services](#input\_project\_services) | n/a | `list(string)` | `[]` | no | 39 | | [region](#input\_region) | The region in which to create the VPC network | `string` | n/a | yes | 40 | | [service\_account\_custom\_iam\_roles](#input\_service\_account\_custom\_iam\_roles) | service account custom iam roles | `list(string)` | `[]` | no | 41 | | [service\_account\_iam\_roles](#input\_service\_account\_iam\_roles) | service account custom iam roles | `list(string)` | n/a | yes | 42 | 43 | ## Outputs 44 | 45 | | Name | Description | 46 | |------|-------------| 47 | | [service\_account](#output\_service\_account) | Service Account Email-id | 48 | | [service\_account\_key](#output\_service\_account\_key) | The service Account Key to configure Medusa backups to use GCS bucket | 49 | -------------------------------------------------------------------------------- /gcp/modules/iam/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create Google Service Account 16 | resource "google_service_account" "service_account" { 17 | account_id = format("%s-sa", var.name) 18 | display_name = "GKE Security Service Account" 19 | project = var.project_id 20 | } 21 | 22 | resource "google_service_account_key" "service_account_key" { 23 | service_account_id = format(google_service_account.service_account.name) 24 | } 25 | 26 | # Add the service account to the project 27 | resource "google_project_iam_member" "service_account" { 28 | count = length(var.service_account_iam_roles) 29 | project = var.project_id 30 | role = element(var.service_account_iam_roles, count.index) 31 | member = format("serviceAccount:%s", google_service_account.service_account.email) 32 | } 33 | 34 | 35 | # Add user-specified roles 36 | resource "google_project_iam_member" "service_account_custom" { 37 | count = length(var.service_account_custom_iam_roles) 38 | project = var.project_id 39 | role = element(var.service_account_custom_iam_roles, count.index) 40 | member = format("serviceAccount:%s", google_service_account.service_account.email) 41 | } 42 | 43 | # Allows management of single API service for an existing Google Cloud Platform project. 44 | resource "google_project_service" "project_services" { 45 | count = length(var.project_services) 46 | project = var.project_id 47 | service = element(var.project_services, count.index) 48 | disable_on_destroy = false 49 | disable_dependent_services = false 50 | } 51 | -------------------------------------------------------------------------------- /gcp/modules/iam/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output variable for the service account email. 16 | output "service_account" { 17 | description = "Service Account Email-id" 18 | value = google_service_account.service_account.email 19 | } 20 | 21 | # Output variable for the service account key. 22 | output "service_account_key" { 23 | description = "The service Account Key to configure Medusa backups to use GCS bucket" 24 | value = base64decode(google_service_account_key.service_account_key.private_key) 25 | sensitive = true 26 | } 27 | -------------------------------------------------------------------------------- /gcp/modules/iam/variable.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "project_id" { 21 | description = "The project in which to hold the components" 22 | type = string 23 | } 24 | 25 | variable "service_account_custom_iam_roles" { 26 | description = "service account custom iam roles" 27 | type = list(string) 28 | default = [] 29 | } 30 | 31 | variable "region" { 32 | description = "The region in which to create the VPC network" 33 | type = string 34 | } 35 | 36 | variable "service_account_iam_roles" { 37 | description = "service account custom iam roles" 38 | type = list(string) 39 | } 40 | 41 | variable "project_services" { 42 | type = list(string) 43 | default = [] 44 | } 45 | -------------------------------------------------------------------------------- /gcp/modules/vpc/README.md: -------------------------------------------------------------------------------- 1 | # Google Compute Network 2 | This is a Dynamic module in Terraform to create compute Network(VPC). This module will be called from the ./env/dev.tf file. 3 | 4 | * main.tf : contains all the resources, which will be created with `terraform apply` command. 5 | * variables.tf : contains all the variables required to create the resources. 6 | * outputs.tf : print output attributes of the resources. 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [google](#provider\_google) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [google_compute_firewall.http_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 27 | | [google_compute_firewall.https_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 28 | | [google_compute_firewall.rdp_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 29 | | [google_compute_firewall.ssh_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | 30 | | [google_compute_network.compute_network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource | 31 | | [google_compute_router.vpc_compute_router](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router) | resource | 32 | | [google_compute_router_nat.compute_router_nat](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_nat) | resource | 33 | | [google_compute_subnetwork.compute_subnetwork](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | 34 | 35 | ## Inputs 36 | 37 | | Name | Description | Type | Default | Required | 38 | |------|-------------|------|---------|:--------:| 39 | | [cidr\_block](#input\_cidr\_block) | The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27. | `string` | `"10.0.0.0/16"` | no | 40 | | [cidr\_subnetwork\_spacing](#input\_cidr\_subnetwork\_spacing) | How many subnetwork-mask sized spaces to leave between each subnetwork type. | `number` | `0` | no | 41 | | [cidr\_subnetwork\_width\_delta](#input\_cidr\_subnetwork\_width\_delta) | The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4. | `number` | `4` | no | 42 | | [cloud\_nat\_logging\_filter](#input\_cloud\_nat\_logging\_filter) | What filtering should be applied to logs for this NAT. Valid values are: 'ERRORS\_ONLY', 'TRANSLATIONS\_ONLY', 'ALL'. Defaults to 'ERRORS\_ONLY'. | `string` | `"ERRORS_ONLY"` | no | 43 | | [enable\_cloud\_nat](#input\_enable\_cloud\_nat) | Whether to enable Cloud NAT. This can be used to allow private cluster nodes to accesss the internet. Defaults to 'true' | `bool` | `true` | no | 44 | | [enable\_cloud\_nat\_logging](#input\_enable\_cloud\_nat\_logging) | Whether the NAT should export logs. Defaults to 'true'. | `bool` | `true` | no | 45 | | [environment](#input\_environment) | Name of the environment where infrastructure being built. | `string` | n/a | yes | 46 | | [name](#input\_name) | Name is the prefix to use for resources that needs to be created. | `string` | n/a | yes | 47 | | [project\_id](#input\_project\_id) | The project in which to hold the components | `string` | n/a | yes | 48 | | [region](#input\_region) | The region in which to create the VPC network | `string` | n/a | yes | 49 | | [secondary\_cidr\_block](#input\_secondary\_cidr\_block) | The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27. | `string` | `"10.1.0.0/16"` | no | 50 | | [secondary\_cidr\_subnetwork\_spacing](#input\_secondary\_cidr\_subnetwork\_spacing) | How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges. | `number` | `0` | no | 51 | | [secondary\_cidr\_subnetwork\_width\_delta](#input\_secondary\_cidr\_subnetwork\_width\_delta) | The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4. | `number` | `4` | no | 52 | 53 | ## Outputs 54 | 55 | | Name | Description | 56 | |------|-------------| 57 | | [network\_selflink](#output\_network\_selflink) | variable for the vpc network selflink | 58 | | [subnetwork\_selflink](#output\_subnetwork\_selflink) | variable for the subnetwork selflink | 59 | -------------------------------------------------------------------------------- /gcp/modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Create Compute Network for GKE 16 | resource "google_compute_network" "compute_network" { 17 | name = format("%s-network", var.name) 18 | project = var.project_id 19 | # Always define custom subnetworks- one subnetwork per region isn't useful for an opinional setup 20 | auto_create_subnetworks = "false" 21 | 22 | # A global routing mode can have an unexpected impact on load balancers; always use a regional mode 23 | routing_mode = "REGIONAL" 24 | } 25 | 26 | 27 | # This Cloud Router is used only for the Cloud NAT. 28 | resource "google_compute_router" "vpc_compute_router" { 29 | # Only create the Cloud NAT if it is enabled. 30 | depends_on = [ 31 | google_compute_network.compute_network 32 | ] 33 | count = var.enable_cloud_nat ? 1 : 0 34 | name = format("%s-router", var.name) 35 | project = var.project_id 36 | region = var.region 37 | network = google_compute_network.compute_network.self_link 38 | } 39 | 40 | 41 | # create compute router NAT service 42 | resource "google_compute_router_nat" "compute_router_nat" { 43 | # Only create the Cloud NAT if it is enabled. 44 | count = var.enable_cloud_nat ? 1 : 0 45 | name = format("%s-nat", var.name) 46 | project = var.project_id 47 | // Because router has the count attribute set we have to use [0] here to 48 | // refer to its attributes. 49 | router = google_compute_router.vpc_compute_router[0].name 50 | region = google_compute_router.vpc_compute_router[0].region 51 | 52 | nat_ip_allocate_option = "AUTO_ONLY" 53 | 54 | # Apply NAT to all IP ranges in the subnetwork. 55 | source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" 56 | 57 | log_config { 58 | enable = var.enable_cloud_nat_logging 59 | filter = var.cloud_nat_logging_filter 60 | } 61 | } 62 | 63 | 64 | // Create a public subnets config 65 | resource "google_compute_subnetwork" "compute_subnetwork" { 66 | name = format("%s-subnet", var.name) 67 | project = var.project_id 68 | network = google_compute_network.compute_network.self_link 69 | region = var.region 70 | 71 | private_ip_google_access = true 72 | ip_cidr_range = cidrsubnet(var.cidr_block, var.cidr_subnetwork_width_delta, 0) 73 | 74 | secondary_ip_range { 75 | range_name = format("%s-subnet", var.name) 76 | ip_cidr_range = cidrsubnet( 77 | var.secondary_cidr_block, 78 | var.secondary_cidr_subnetwork_width_delta, 79 | 0 80 | ) 81 | } 82 | } 83 | 84 | # Firewall rules 85 | # Allow http traffic 86 | resource "google_compute_firewall" "http_compute_firewall" { 87 | name = format("%s-fw-allow-http", var.name) 88 | network = google_compute_network.compute_network.name 89 | project = var.project_id 90 | allow { 91 | protocol = "tcp" 92 | ports = ["80"] 93 | } 94 | target_tags = ["http"] 95 | } 96 | 97 | # Allow https traffic 98 | resource "google_compute_firewall" "https_compute_firewall" { 99 | name = format("%s-fw-allow-https", var.name) 100 | network = google_compute_network.compute_network.name 101 | project = var.project_id 102 | allow { 103 | protocol = "tcp" 104 | ports = ["443"] 105 | } 106 | target_tags = ["https"] 107 | } 108 | 109 | # Allow ssh traffic 110 | resource "google_compute_firewall" "ssh_compute_firewall" { 111 | name = format("%s-fw-allow-ssh", var.name) 112 | network = google_compute_network.compute_network.name 113 | project = var.project_id 114 | allow { 115 | protocol = "tcp" 116 | ports = ["22"] 117 | } 118 | target_tags = ["ssh"] 119 | } 120 | 121 | # Allow rdp traffic 122 | resource "google_compute_firewall" "rdp_compute_firewall" { 123 | name = format("%s-fw-allow-rdp", var.name) 124 | network = google_compute_network.compute_network.name 125 | project = var.project_id 126 | allow { 127 | protocol = "tcp" 128 | ports = ["3389"] 129 | } 130 | target_tags = ["rdp"] 131 | } 132 | -------------------------------------------------------------------------------- /gcp/modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Output variable for the vpc network selflink. 16 | output "network_selflink" { 17 | description = "variable for the vpc network selflink" 18 | value = google_compute_network.compute_network.self_link 19 | } 20 | 21 | # Output variable for the subnetwork selflink. 22 | output "subnetwork_selflink" { 23 | description = "variable for the subnetwork selflink" 24 | value = google_compute_subnetwork.compute_subnetwork.self_link 25 | } 26 | -------------------------------------------------------------------------------- /gcp/modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2021 DataStax, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "name" { 16 | description = "Name is the prefix to use for resources that needs to be created." 17 | type = string 18 | } 19 | 20 | variable "environment" { 21 | description = "Name of the environment where infrastructure being built." 22 | type = string 23 | } 24 | 25 | variable "project_id" { 26 | description = "The project in which to hold the components" 27 | type = string 28 | } 29 | 30 | variable "region" { 31 | description = "The region in which to create the VPC network" 32 | type = string 33 | } 34 | 35 | 36 | variable "cidr_block" { 37 | description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." 38 | default = "10.0.0.0/16" 39 | type = string 40 | } 41 | 42 | variable "cidr_subnetwork_width_delta" { 43 | description = "The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4." 44 | type = number 45 | default = 4 46 | } 47 | 48 | variable "cidr_subnetwork_spacing" { 49 | description = "How many subnetwork-mask sized spaces to leave between each subnetwork type." 50 | type = number 51 | default = 0 52 | } 53 | 54 | variable "secondary_cidr_block" { 55 | description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." 56 | type = string 57 | default = "10.1.0.0/16" 58 | } 59 | 60 | variable "secondary_cidr_subnetwork_width_delta" { 61 | description = "The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4." 62 | type = number 63 | default = 4 64 | } 65 | 66 | variable "secondary_cidr_subnetwork_spacing" { 67 | description = "How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges." 68 | type = number 69 | default = 0 70 | } 71 | 72 | # Router variables 73 | variable "enable_cloud_nat" { 74 | type = bool 75 | default = true 76 | description = "Whether to enable Cloud NAT. This can be used to allow private cluster nodes to accesss the internet. Defaults to 'true'" 77 | } 78 | 79 | variable "enable_cloud_nat_logging" { 80 | type = bool 81 | default = true 82 | description = " Whether the NAT should export logs. Defaults to 'true'." 83 | } 84 | 85 | variable "cloud_nat_logging_filter" { 86 | type = string 87 | default = "ERRORS_ONLY" 88 | description = " What filtering should be applied to logs for this NAT. Valid values are: 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. Defaults to 'ERRORS_ONLY'." 89 | } 90 | -------------------------------------------------------------------------------- /gcp/scripts/README.md: -------------------------------------------------------------------------------- 1 | # Scripts to create and destroy the resources 2 | 3 | ## What's in this folder 4 | 5 | * [apply.sh](./apply.sh): By using this script we can apply changes to the Terraform resources in GCP. 6 | * [common.sh](./common.sh): By using this script we can validate the required packages and variables on your system. This script will be called in `apply.sh`, `init.sh`, `validate.sh`, `destroy.sh`, `plan.sh`. 7 | * [delete_bucket.py](./delete_bucket.py): By using this script we can delete the Google Storage Bucket by passing values like `bucket_name`. ex:- export bucket_name="your-bucket-name". 8 | * [destroy.sh](./destroy.sh): By using this script we can destroy all the resource Created Terraform. 9 | * [enable.sh](./enable.sh): By using this script we can enable the google api's 10 | * [init.sh](./init.sh): By using this script we can initialize the modules, Terraform workspace, environment and create terraform statefile bucket. 11 | * [make_bucket.py](./make_bucket.py): By using this script you can create Google Compute Storage bucket by passing values like `bucket_name`. ex:- export bucket_name="your-bucket-name". 12 | * [plan.sh](./plan.sh): By using this script we plan the resources by running `terraform plan` command. 13 | -------------------------------------------------------------------------------- /gcp/scripts/apply.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 18 | set -o errexit 19 | set -o nounset 20 | set -o pipefail 21 | 22 | # Locate the root directory 23 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 24 | 25 | # Run common.sh script for variable declaration and validation 26 | source "${ROOT}/scripts/common.sh" 27 | 28 | # Make apply : this command will apply the infrastructure changes 29 | (cd "${ROOT}/env"; terraform apply -auto-approve) 30 | 31 | # Get cluster outputs from the gke cluster. 32 | GET_OUTPUTS="$(terraform output endpoint master_version)" 33 | ${GET_OUTPUTS} 34 | 35 | # Clone k8ssandra repo 36 | git clone https://github.com/k8ssandra/k8ssandra.git 37 | cd k8ssandra 38 | 39 | # Call the existing script to run the E2E testing on the gke cluster. 40 | make integ-test 41 | -------------------------------------------------------------------------------- /gcp/scripts/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # Common commands for all scripts 19 | 20 | # Locate the root directory. Used by scripts that source this one. 21 | # shellcheck disable=SC2034 22 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 23 | 24 | # git is required for this tutorial 25 | # https://git-scm.com/book/en/v2/Getting-Started-Installing-Git 26 | command -v git >/dev/null 2>&1 || { \ 27 | echo >&2 "I require git but it's not installed. Aborting." 28 | echo >&2 "Refer to: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git" 29 | exit 1 30 | } 31 | 32 | # glcoud is required for this tutorial 33 | # https://cloud.google.com/sdk/install 34 | command -v gcloud >/dev/null 2>&1 || { \ 35 | echo >&2 "I require gcloud but it's not installed. Aborting." 36 | echo >&2 "Refer to: https://cloud.google.com/sdk/install" 37 | exit 1 38 | } 39 | 40 | # Make sure kubectl is installed. If not, refer to: 41 | # https://kubernetes.io/docs/tasks/tools/install-kubectl/ 42 | command -v kubectl >/dev/null 2>&1 || { \ 43 | echo >&2 "I require kubectl but it's not installed. Aborting." 44 | echo >&2 "Refer to: https://kubernetes.io/docs/tasks/tools/install-kubectl/" 45 | exit 1 46 | } 47 | 48 | # Make sure Helm is installed. If not, refer to: 49 | # https://helm.sh/docs/intro/install/ 50 | command -v helm >/dev/null 2>&1 || { \ 51 | echo >&2 "I require helm but it's not installed. Aborting." 52 | echo >&2 "Refer to: https://helm.sh/docs/intro/install/" 53 | exit 1 54 | } 55 | 56 | # Make sure Terraform0.14 is installed. If not, refer to: 57 | # https://www.terraform.io/docs/cli/install/apt.html 58 | command -v terraform >/dev/null 2>&1 || { \ 59 | echo >&2 "I require terraform 0.14 but it's not installed. Aborting." 60 | echo >&2 "https://www.terraform.io/docs/cli/install/apt.html" 61 | echo >&2 "Refer to: sudo apt install terraform=0.14.0" 62 | exit 1 63 | } 64 | 65 | # Make sure python is installed. If not, refer to: 66 | # https://www.python.org/downloads/ 67 | command -v python >/dev/null 2>&1 || { \ 68 | echo >&2 "I require python but it's not installed. Aborting." 69 | echo >&2 "https://www.python.org/downloads/" 70 | exit 1 71 | } 72 | 73 | # Make sure you initialize the following TF_VAR's before you initialize the environment 74 | if [ -z "${TF_VAR_environment}" ] || [ -z "${TF_VAR_project_id}" ] || [ -z "${TF_VAR_name}" ] || [ -z "${TF_VAR_region}" ]; then 75 | printf "This step requires to export the the following variables \nTF_VAR_environment: %s \nTF_VAR_name: %s \nTF_VAR_region: %s \nTF_VAR_project_id: %s\n" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" "${TF_VAR_project_id}" 76 | exit 1 77 | else 78 | printf "Following variables are configured \nTF_VAR_environment: %s \nTF_VAR_name: %s \nTF_VAR_region: %s \nTF_VAR_project_id: %s\n" "${TF_VAR_environment}" "${TF_VAR_name}" "${TF_VAR_region}" "${TF_VAR_project_id}" 79 | fi 80 | 81 | # Simple test helpers that avoids eval and complex quoting. Note that stderr is 82 | # redirected to stdout so we can properly handle output. 83 | # Usage: test_des "description" 84 | test_des() { 85 | echo -n "Checking that $1... " 86 | } 87 | 88 | # Usage: test_cmd "$(command string 2>&1)" 89 | test_cmd() { 90 | local result=$? 91 | local output="$1" 92 | 93 | # If command completes successfully, output "pass" and continue. 94 | if [[ $result == 0 ]]; then 95 | echo "pass" 96 | 97 | # If ccommand fails, output the error code, command output and exit. 98 | else 99 | echo -e "fail ($result)\\n" 100 | cat <<<"$output" 101 | exit $result 102 | fi 103 | } 104 | -------------------------------------------------------------------------------- /gcp/scripts/delete_bucket.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Delete bucket function is used to delete the state files bucket. 18 | # This bucket will be created at make init run. 19 | # To delete 20 | from google.cloud import storage 21 | import os 22 | import sys 23 | 24 | def delete_bucket(bucket_name): 25 | storage_client = storage.Client() 26 | bucket = storage_client.get_bucket(bucket_name) 27 | try: 28 | bucket.delete() 29 | print("Bucket {} deleted".format(bucket.name)) 30 | except: 31 | print("buckeet does not exists") 32 | 33 | bucket_name = os.getenv("bucket_name") 34 | delete_bucket(bucket_name) 35 | -------------------------------------------------------------------------------- /gcp/scripts/destroy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091,SC2154 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 18 | set -o errexit 19 | set -o nounset 20 | set -o pipefail 21 | 22 | # Locate the root directory 23 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 24 | 25 | # Run common.sh script for variable declaration and validation 26 | source "${ROOT}/scripts/common.sh" 27 | 28 | # Terraform initialize should run on env folder. 29 | cd "${ROOT}/env" 30 | 31 | # Terraform initinalize the backend bucket. 32 | terraform init -input=false 33 | 34 | # Select the environment workspace where you want destroy all your resources 35 | terraform workspace select $"TF_VAR_environment" 36 | 37 | # this will destroy all of your resources in the environment workspace 38 | terraform destroy -input=flase -auto-approve 39 | 40 | # Delete terraform workspace. 41 | terraform workspace select default 42 | terraform workspace delete "${TF_VAR_environment}" 43 | -------------------------------------------------------------------------------- /gcp/scripts/enable.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 DataStax, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # enable services api's 18 | gcloud services enable compute.googleapis.com 19 | gcloud services enable container.googleapis.com 20 | gcloud services enable cloudresourcemanager.googleapis.com 21 | -------------------------------------------------------------------------------- /gcp/scripts/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: reaper 5 | namespace: default 6 | spec: 7 | rules: 8 | - http: 9 | paths: 10 | - backend: 11 | serviceName: reaper-nodeport 12 | servicePort: 8080 13 | path: /webui/* 14 | pathType: ImplementationSpecific 15 | - backend: 16 | serviceName: grafana-nodeport 17 | servicePort: 80 18 | path: /* 19 | pathType: ImplementationSpecific 20 | -------------------------------------------------------------------------------- /gcp/scripts/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091,SC2154 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | # Run common.sh script for validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | # Set environment variables 30 | # Create a gcs bucket through cli to store terraform statefiles 31 | # Create google storage bucket for the terraform backend. 32 | 33 | # Terraform initialize should run on env folder. 34 | cd "${ROOT}/env" 35 | 36 | # Terraform initinalize the backend bucket 37 | terraform init -input=false 38 | 39 | # Create workspace based on the environment, by doing this you don't overlap wih the resources in different environments. 40 | terraform workspace new "$TF_VAR_environment" || terraform workspace select "$TF_VAR_environment" 41 | 42 | #make validate : this command will validate the terraform code 43 | terraform validate 44 | 45 | # Functions Script to enable google api's 46 | source "${ROOT}/scripts/enable.sh" 47 | -------------------------------------------------------------------------------- /gcp/scripts/k8ssandra.yaml: -------------------------------------------------------------------------------- 1 | cassandra: 2 | version: "3.11.10" 3 | cassandraLibDirVolume: 4 | storageClass: standard-rwo 5 | size: 5Gi 6 | allowMultipleNodesPerWorker: true 7 | heap: 8 | size: 1G 9 | newGenSize: 1G 10 | resources: 11 | requests: 12 | cpu: 1000m 13 | memory: 2Gi 14 | limits: 15 | cpu: 1000m 16 | memory: 2Gi 17 | datacenters: 18 | - name: dc1 19 | size: 1 20 | racks: 21 | - name: default 22 | kube-prometheus-stack: 23 | grafana: 24 | adminUser: admin 25 | adminPassword: admin123 26 | stargate: 27 | enabled: true 28 | replicas: 1 29 | heapMB: 256 30 | cpuReqMillicores: 200 31 | cpuLimMillicores: 1000 32 | -------------------------------------------------------------------------------- /gcp/scripts/make_bucket.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Create Google cloud storage bucket if it is not exists 19 | from google.cloud import storage 20 | import os 21 | import sys 22 | 23 | # Create a new bucket in specific location with storage class 24 | def create_bucket(bucket_name): 25 | """Create a new bucket in specific location with storage class""" 26 | storage_client = storage.Client() 27 | bucket = storage_client.bucket(bucket_name) 28 | bucket.storage_class = "STANDARD" 29 | new_bucket = storage_client.create_bucket(bucket, location="us") 30 | print("Created bucket {} in {} with storage class {}".format(new_bucket.name, new_bucket.location, new_bucket.storage_class)) 31 | return new_bucket 32 | 33 | # List all the buckets in the remote 34 | def list_buckets(): 35 | """ List all the buckets created """ 36 | storage_client = storage.Client() 37 | buckets = storage_client.list_buckets() 38 | bucket_list = [] 39 | for bucket in buckets: 40 | bucket_list.append(bucket.name) 41 | return bucket_list 42 | 43 | # Create bucket if it's not exists in the list 44 | def create_bucket_ifnotexist(bucket_name): 45 | """ Only create the bucket if it is not in the list of all buckets""" 46 | bucket_list = list_buckets() 47 | if bucket_name not in bucket_list: 48 | create_bucket(bucket_name) 49 | else: 50 | print("{} Bucket already exists".format(bucket_name)) 51 | 52 | # bucket_name is always starts with environment, resource name and statfiles 53 | bucket_name=os.getenv('bucket_name') 54 | 55 | # Create state files bucket if not exists. 56 | create_bucket_ifnotexist(bucket_name) 57 | -------------------------------------------------------------------------------- /gcp/scripts/nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cloud.google.com/v1 2 | kind: BackendConfig 3 | metadata: 4 | name: my-backendconfig 5 | spec: 6 | healthCheck: 7 | checkIntervalSec: 60 8 | port: 30335 9 | type: HTTP 10 | timeoutSec: 60 11 | requestPath: /webui 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: grafana-nodeport 17 | spec: 18 | type: NodePort 19 | selector: 20 | app.kubernetes.io/instance: test 21 | app.kubernetes.io/name: grafana 22 | ports: 23 | - name: app-grafana 24 | port: 80 25 | protocol: TCP 26 | targetPort: 3000 27 | --- 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | name: reaper-nodeport 32 | annotations: 33 | beta.cloud.google.com/backend-config: '{"default": "my-backendconfig"}' 34 | spec: 35 | type: NodePort 36 | selector: 37 | app.kubernetes.io/managed-by: reaper-operator 38 | reaper.cassandra-reaper.io/reaper: test-reaper 39 | ports: 40 | - name: app 41 | port: 8080 42 | protocol: TCP 43 | targetPort: 8080 44 | -------------------------------------------------------------------------------- /gcp/scripts/plan.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | # Copyright 2021 DataStax, Inc. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | # Bash safeties: exit on error, no unset variables, pipelines can't hide errors 19 | set -o errexit 20 | set -o nounset 21 | set -o pipefail 22 | 23 | # Locate the root directory 24 | ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 25 | 26 | # Run common.sh script for variable declaration and validation 27 | source "${ROOT}/scripts/common.sh" 28 | 29 | #make plan : this command will validate the terraform code 30 | cd "${ROOT}"/env 31 | 32 | # Terraform validate before the plan 33 | terraform validate 34 | 35 | # Terraform plan will create a plan file in your current repository. Verify the all the resource it create by using plan. 36 | terraform plan -no-color 37 | -------------------------------------------------------------------------------- /tanzu/README.md: -------------------------------------------------------------------------------- 1 | # K8ssandra TANZU Terrraform Module 2 | -------------------------------------------------------------------------------- /test/README.md: -------------------------------------------------------------------------------- 1 | # Test scripts 2 | 3 | This folder the contains [lint.sh](./lint.sh) script. To check the linting on all type project files on this repository. 4 | 5 | 6 | -------------------------------------------------------------------------------- /test/grafana-ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: reaper-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: alb 7 | alb.ingress.kubernetes.io/scheme: internet-facing 8 | alb.ingress.kubernetes.io/target-type: instance 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /webui/* 14 | backend: 15 | service: 16 | name: reaper-nodeport 17 | port: 18 | number: 8080 19 | -------------------------------------------------------------------------------- /test/ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress 5 | annotations: 6 | kubernetes.io/ingress.class: alb 7 | alb.ingress.kubernetes.io/scheme: internet-facing 8 | alb.ingress.kubernetes.io/target-type: instance 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /* 14 | service: 15 | name: grafana-nodeport 16 | port: 17 | number: 80 18 | pathType: ImplementationSpecific 19 | --- 20 | apiVersion: extensions/v1beta1 21 | kind: Ingress 22 | metadata: 23 | name: reaper-ingress 24 | annotations: 25 | kubernetes.io/ingress.class: alb 26 | alb.ingress.kubernetes.io/scheme: internet-facing 27 | alb.ingress.kubernetes.io/target-type: instance 28 | spec: 29 | rules: 30 | - http: 31 | paths: 32 | - path: /webui/* 33 | backend: 34 | service: 35 | name: reaper-nodeport 36 | port: 37 | number: 8080 38 | pathType: ImplementationSpecific 39 | -------------------------------------------------------------------------------- /test/kube-pods.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.7 2 | 3 | # Copyright 2021 Datastax LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # Get the pods running inside the cluster with IP_address, Name spaces. 19 | 20 | from kubernetes import client, config 21 | 22 | config.load_kube_config() 23 | 24 | v1=client.CoreV1Api() 25 | print("Listing pods with their IPs:") 26 | ret = v1.list_pod_for_all_namespaces(watch=False) 27 | for i in ret.items: 28 | print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name)) 29 | -------------------------------------------------------------------------------- /test/lint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 Datastax LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -ex 18 | # This function checks to make sure that every 19 | # shebang has a '- e' flag, which causes it 20 | # to exit on error 21 | 22 | function check_bash() { 23 | find . -name "*.sh" | while IFS= read -d '' -r file; 24 | do 25 | if [[ "$file" != *"bash -e"* ]]; 26 | then 27 | echo "$file is missing shebang with -e"; 28 | exit 1; 29 | fi; 30 | done; 31 | } 32 | 33 | # This function runs 'terraform validate' against all 34 | # files ending in '.tf' 35 | function check_terraform() { 36 | echo "Running terraform validate" 37 | REPO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" 38 | cd "${REPO_ROOT}/gcp/env/" || exit 39 | terraform init 40 | terraform validate 41 | } 42 | 43 | # This function runs the shellcheck linter on every 44 | # file ending in '.sh' 45 | function check_shell() { 46 | echo "Running shellcheck" 47 | find . -name "*.sh" -exec shellcheck -x {} \; 48 | } 49 | 50 | # This function makes sure that there is no trailing whitespace 51 | # in any files in the project. 52 | # There are some exclusions 53 | function check_trailing_whitespace() { 54 | echo "The following lines have trailing whitespace" 55 | grep -r '[[:blank:]]$' --exclude-dir=".terraform" --exclude="*.png" --exclude-dir=".git" --exclude="*.md" . 56 | rc=$? 57 | if [ $rc = 0 ]; then 58 | exit 1 59 | fi 60 | } 61 | -------------------------------------------------------------------------------- /test/nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana-nodeport 5 | spec: 6 | type: NodePort 7 | selector: 8 | app.kubernetes.io/instance: test 9 | app.kubernetes.io/name: grafana 10 | ports: 11 | - name: app-grafana 12 | port: 80 13 | protocol: TCP 14 | targetPort: 3000 15 | --- 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: reaper-nodeport 20 | spec: 21 | type: NodePort 22 | selector: 23 | app.kubernetes.io/managed-by: reaper-operator 24 | reaper.cassandra-reaper.io/reaper: test-reaper 25 | ports: 26 | - name: app 27 | port: 8080 28 | protocol: TCP 29 | targetPort: 8080 30 | -------------------------------------------------------------------------------- /test/reaper-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: reaper-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: alb 7 | alb.ingress.kubernetes.io/scheme: internet-facing 8 | alb.ingress.kubernetes.io/target-type: instance 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /webui/* 14 | backend: 15 | serviceName: reaper-nodeport 16 | servicePort: 8080 17 | --------------------------------------------------------------------------------