├── .DS_Store ├── .gitignore ├── argo ├── argocd-values-2.yaml └── argocd-values.yaml ├── eksctl ├── .gitignore └── cluster.yaml ├── helm ├── .DS_Store ├── .gitignore ├── dev │ └── values.yaml ├── go-demo-9 │ ├── .DS_Store │ ├── .gitignore │ ├── Chart.yaml │ ├── requirements.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── istio.yaml │ │ └── service.yaml │ └── values.yaml ├── my-app │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml └── staging │ └── values.yaml ├── k8s └── silly-pv.yaml ├── keptn └── ingress.yaml ├── knative └── istio │ ├── devops-toolkit.yaml │ ├── istio-operator.yaml │ └── peer-auth.yaml ├── monitoring └── grafana-loki.yaml ├── terraform-aci ├── .gitignore ├── docker-compose.yaml.tmpl ├── main.tf ├── output.tf └── variables.tf ├── terraform-af ├── .gitignore ├── main.tf ├── output.tf └── variables.tf ├── terraform-aks ├── .gitignore ├── acr │ ├── .gitignore │ ├── README.md │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── files │ ├── backend.tf │ ├── k8s-control-plane.tf │ ├── k8s-worker-nodes.tf │ ├── output.tf │ ├── provider.tf │ ├── storage.tf │ └── variables.tf ├── minimal │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── simple-versioned │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf └── simple │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── terraform-dok ├── .DS_Store └── simple │ ├── .gitignore │ ├── main.tf │ └── variables.tf ├── terraform-ecs-fargate ├── app │ ├── .gitignore │ ├── devops-toolkit-series.json │ ├── main.tf │ └── variables.tf └── cluster │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── terraform-eks ├── .DS_Store ├── .gitignore ├── files │ ├── backend.tf │ ├── k8s-control-plane.tf │ ├── k8s-worker-nodes.tf │ ├── output.tf │ ├── provider.tf │ ├── storage.tf │ └── variables.tf ├── minimal │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── simple-versioned │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf └── simple │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── terraform-gcf ├── .gitignore ├── main.tf ├── output.tf └── variables.tf ├── terraform-gcr ├── .gitignore ├── main.tf ├── output.tf └── variables.tf ├── terraform-gke ├── .gitignore ├── files │ ├── backend.tf │ ├── k8s-control-plane.tf │ ├── k8s-worker-nodes.tf │ ├── output.tf │ ├── provider.tf │ ├── storage.tf │ └── variables.tf ├── minimal │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── no-scaling │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── simple-versioned │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf └── simple │ ├── .gitignore │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── terraform-lke ├── simple-versioned │ ├── .gitignore │ ├── main.tf │ └── variables.tf └── simple │ ├── .gitignore │ ├── main.tf │ └── variables.tf └── terraform.tfstate /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/devops-catalog-code/a79e35f933a57cf5ac15d744bd15691eec6f6fb5/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /creds 2 | /*secret* 3 | -------------------------------------------------------------------------------- /argo/argocd-values-2.yaml: -------------------------------------------------------------------------------- 1 | server: 2 | ingress: 3 | enabled: true 4 | configs: 5 | params: 6 | "server.insecure": true 7 | installCRDs: false 8 | -------------------------------------------------------------------------------- /argo/argocd-values.yaml: -------------------------------------------------------------------------------- 1 | server: 2 | ingress: 3 | enabled: true 4 | ingressClassName: nginx 5 | installCRDs: false 6 | configs: 7 | params: 8 | "server.insecure": true 9 | -------------------------------------------------------------------------------- /eksctl/.gitignore: -------------------------------------------------------------------------------- 1 | /kubeconfig.yaml 2 | /creds 3 | -------------------------------------------------------------------------------- /eksctl/cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eksctl.io/v1alpha5 2 | kind: ClusterConfig 3 | metadata: 4 | name: devops-catalog 5 | region: eu-west-1 6 | version: "1.27" 7 | managedNodeGroups: 8 | - name: primary 9 | instanceType: t2.medium 10 | minSize: 3 11 | maxSize: 6 12 | spot: true 13 | -------------------------------------------------------------------------------- /helm/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/devops-catalog-code/a79e35f933a57cf5ac15d744bd15691eec6f6fb5/helm/.DS_Store -------------------------------------------------------------------------------- /helm/.gitignore: -------------------------------------------------------------------------------- 1 | /*.tgz 2 | -------------------------------------------------------------------------------- /helm/dev/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: latest 3 | pullPolicy: Always 4 | hpa: 5 | enabled: false 6 | go-demo-9-db: 7 | replicaSet: 8 | enabled: false 9 | persistence: 10 | enabled: false 11 | -------------------------------------------------------------------------------- /helm/go-demo-9/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/devops-catalog-code/a79e35f933a57cf5ac15d744bd15691eec6f6fb5/helm/go-demo-9/.DS_Store -------------------------------------------------------------------------------- /helm/go-demo-9/.gitignore: -------------------------------------------------------------------------------- 1 | /mongodb* 2 | /requirements.lock 3 | /charts/* 4 | /*.tgz -------------------------------------------------------------------------------- /helm/go-demo-9/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart 3 | name: go-demo-9 4 | version: 0.0.1 5 | appVersion: 0.0.1 6 | -------------------------------------------------------------------------------- /helm/go-demo-9/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: mongodb 3 | alias: go-demo-9-db 4 | version: 14.4.3 5 | repository: https://charts.bitnami.com/bitnami 6 | 7 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | Get the application URL by running these commands: 3 | 4 | kubectl get ingress {{ template "fullname" . }} 5 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ template "fullname" . }} 7 | labels: 8 | app: {{ template "fullname" . }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: {{ template "fullname" . }} 13 | template: 14 | metadata: 15 | labels: 16 | app: {{ template "fullname" . }} 17 | {{- if .Values.podAnnotations }} 18 | annotations: 19 | {{ toYaml .Values.podAnnotations | indent 8 }} 20 | {{- end }} 21 | spec: 22 | containers: 23 | - name: {{ .Chart.Name }} 24 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 25 | imagePullPolicy: {{ .Values.image.pullPolicy }} 26 | env: 27 | - name: DB 28 | #value: {{ template "name" . }}-mongodb 29 | value: mongodb://{{ template "name" . }}-{{ template "name" . }}-db 30 | - name: VERSION 31 | value: {{ .Values.image.tag }} 32 | ports: 33 | - containerPort: {{ .Values.service.internalPort }} 34 | livenessProbe: 35 | httpGet: 36 | path: {{ .Values.probePath }} 37 | port: {{ .Values.service.internalPort }} 38 | initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} 39 | periodSeconds: {{ .Values.livenessProbe.periodSeconds }} 40 | successThreshold: {{ .Values.livenessProbe.successThreshold }} 41 | timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} 42 | readinessProbe: 43 | httpGet: 44 | path: {{ .Values.probePath }} 45 | port: {{ .Values.service.internalPort }} 46 | periodSeconds: {{ .Values.readinessProbe.periodSeconds }} 47 | successThreshold: {{ .Values.readinessProbe.successThreshold }} 48 | timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} 49 | resources: 50 | {{ toYaml .Values.resources | indent 12 }} 51 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} 52 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | {{- if .Values.hpa.enabled }} 4 | apiVersion: autoscaling/v2 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: {{ template "fullname" . }} 8 | labels: 9 | app: {{ template "fullname" . }} 10 | spec: 11 | scaleTargetRef: 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | name: {{ template "fullname" . }} 15 | minReplicas: {{ .Values.hpa.minReplicas }} 16 | maxReplicas: {{ .Values.hpa.maxReplicas }} 17 | metrics: 18 | - type: Resource 19 | resource: 20 | name: cpu 21 | target: 22 | type: Utilization 23 | averageUtilization: {{ .Values.hpa.cpuTargetAverageUtilization }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | target: 28 | type: Utilization 29 | averageUtilization: {{ .Values.hpa.memoryTargetAverageUtilization }} 30 | {{- end }} 31 | 32 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.istio.enabled }} 2 | {{- else }} 3 | --- 4 | 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ template "fullname" . }} 9 | annotations: 10 | kubernetes.io/ingress.class: nginx 11 | spec: 12 | rules: 13 | - host: {{ .Values.ingress.host }} 14 | http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: {{ template "fullname" . }} 21 | port: 22 | number: {{ .Values.service.externalPort }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/istio.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.istio.enabled }} 2 | --- 3 | 4 | apiVersion: networking.istio.io/v1alpha3 5 | kind: VirtualService 6 | metadata: 7 | name: {{ template "fullname" . }} 8 | spec: 9 | hosts: 10 | - {{ .Values.ingress.host }} 11 | - {{ template "fullname" . }} 12 | gateways: 13 | - {{ template "fullname" . }} 14 | http: 15 | - route: 16 | - destination: 17 | host: {{ template "fullname" . }} 18 | port: 19 | number: 80 20 | 21 | --- 22 | 23 | apiVersion: networking.istio.io/v1alpha3 24 | kind: DestinationRule 25 | metadata: 26 | name: {{ template "fullname" . }} 27 | spec: 28 | host: {{ template "fullname" . }} 29 | 30 | --- 31 | 32 | apiVersion: networking.istio.io/v1alpha3 33 | kind: Gateway 34 | metadata: 35 | name: {{ template "fullname" . }} 36 | spec: 37 | selector: 38 | istio: ingressgateway 39 | servers: 40 | - port: 41 | number: 80 42 | name: http 43 | protocol: HTTP 44 | hosts: 45 | - {{ .Values.ingress.host }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /helm/go-demo-9/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ template "fullname" . }} 7 | labels: 8 | {{- if .Values.service.annotations }} 9 | annotations: 10 | {{ toYaml .Values.service.annotations | indent 4 }} 11 | {{- end }} 12 | spec: 13 | type: {{ .Values.service.type }} 14 | ports: 15 | - port: {{ .Values.service.externalPort }} 16 | targetPort: {{ .Values.service.internalPort }} 17 | protocol: TCP 18 | name: http 19 | selector: 20 | app: {{ template "fullname" . }} 21 | -------------------------------------------------------------------------------- /helm/go-demo-9/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: vfarcic/go-demo-9 3 | tag: 0.0.1 4 | pullPolicy: IfNotPresent 5 | 6 | service: 7 | type: ClusterIP 8 | externalPort: 80 9 | internalPort: 8080 10 | annotations: 11 | prometheus.io/scrape: "true" 12 | prometheus.io/port: "8080" 13 | resources: 14 | limits: 15 | cpu: 100m 16 | memory: 256Mi 17 | requests: 18 | cpu: 80m 19 | memory: 128Mi 20 | probePath: / 21 | livenessProbe: 22 | initialDelaySeconds: 60 23 | periodSeconds: 10 24 | successThreshold: 1 25 | timeoutSeconds: 1 26 | readinessProbe: 27 | failureThreshold: 1 28 | periodSeconds: 10 29 | successThreshold: 1 30 | timeoutSeconds: 1 31 | 32 | ingress: 33 | host: go-demo-9.acme.com 34 | 35 | hpa: 36 | enabled: true 37 | minReplicas: 3 38 | maxReplicas: 6 39 | cpuTargetAverageUtilization: 80 40 | memoryTargetAverageUtilization: 80 41 | 42 | istio: 43 | enabled: false 44 | 45 | go-demo-9-db: 46 | auth: 47 | enabled: false -------------------------------------------------------------------------------- /helm/my-app/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm/my-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-app 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /helm/my-app/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "my-app.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "my-app.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "my-app.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "my-app.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /helm/my-app/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "my-app.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "my-app.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "my-app.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "my-app.labels" -}} 37 | helm.sh/chart: {{ include "my-app.chart" . }} 38 | {{ include "my-app.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "my-app.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "my-app.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "my-app.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "my-app.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /helm/my-app/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "my-app.fullname" . }} 5 | labels: 6 | {{- include "my-app.labels" . | nindent 4 }} 7 | spec: 8 | {{- if not .Values.autoscaling.enabled }} 9 | replicas: {{ .Values.replicaCount }} 10 | {{- end }} 11 | selector: 12 | matchLabels: 13 | {{- include "my-app.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | {{- with .Values.podAnnotations }} 17 | annotations: 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | labels: 21 | {{- include "my-app.selectorLabels" . | nindent 8 }} 22 | spec: 23 | {{- with .Values.imagePullSecrets }} 24 | imagePullSecrets: 25 | {{- toYaml . | nindent 8 }} 26 | {{- end }} 27 | serviceAccountName: {{ include "my-app.serviceAccountName" . }} 28 | securityContext: 29 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 30 | containers: 31 | - name: {{ .Chart.Name }} 32 | securityContext: 33 | {{- toYaml .Values.securityContext | nindent 12 }} 34 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 35 | imagePullPolicy: {{ .Values.image.pullPolicy }} 36 | ports: 37 | - name: http 38 | containerPort: 80 39 | protocol: TCP 40 | livenessProbe: 41 | httpGet: 42 | path: / 43 | port: http 44 | readinessProbe: 45 | httpGet: 46 | path: / 47 | port: http 48 | resources: 49 | {{- toYaml .Values.resources | nindent 12 }} 50 | {{- with .Values.nodeSelector }} 51 | nodeSelector: 52 | {{- toYaml . | nindent 8 }} 53 | {{- end }} 54 | {{- with .Values.affinity }} 55 | affinity: 56 | {{- toYaml . | nindent 8 }} 57 | {{- end }} 58 | {{- with .Values.tolerations }} 59 | tolerations: 60 | {{- toYaml . | nindent 8 }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /helm/my-app/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "my-app.fullname" . }} 6 | labels: 7 | {{- include "my-app.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "my-app.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /helm/my-app/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "my-app.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | labels: 20 | {{- include "my-app.labels" . | nindent 4 }} 21 | {{- with .Values.ingress.annotations }} 22 | annotations: 23 | {{- toYaml . | nindent 4 }} 24 | {{- end }} 25 | spec: 26 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 27 | ingressClassName: {{ .Values.ingress.className }} 28 | {{- end }} 29 | {{- if .Values.ingress.tls }} 30 | tls: 31 | {{- range .Values.ingress.tls }} 32 | - hosts: 33 | {{- range .hosts }} 34 | - {{ . | quote }} 35 | {{- end }} 36 | secretName: {{ .secretName }} 37 | {{- end }} 38 | {{- end }} 39 | rules: 40 | {{- range .Values.ingress.hosts }} 41 | - host: {{ .host | quote }} 42 | http: 43 | paths: 44 | {{- range .paths }} 45 | - path: {{ .path }} 46 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 47 | pathType: {{ .pathType }} 48 | {{- end }} 49 | backend: 50 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 51 | service: 52 | name: {{ $fullName }} 53 | port: 54 | number: {{ $svcPort }} 55 | {{- else }} 56 | serviceName: {{ $fullName }} 57 | servicePort: {{ $svcPort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /helm/my-app/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "my-app.fullname" . }} 5 | labels: 6 | {{- include "my-app.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "my-app.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /helm/my-app/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "my-app.serviceAccountName" . }} 6 | labels: 7 | {{- include "my-app.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /helm/my-app/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "my-app.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "my-app.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "my-app.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /helm/my-app/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for my-app. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: nginx 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | service: 40 | type: ClusterIP 41 | port: 80 42 | 43 | ingress: 44 | enabled: false 45 | className: "" 46 | annotations: {} 47 | # kubernetes.io/ingress.class: nginx 48 | # kubernetes.io/tls-acme: "true" 49 | hosts: 50 | - host: chart-example.local 51 | paths: 52 | - path: / 53 | pathType: ImplementationSpecific 54 | tls: [] 55 | # - secretName: chart-example-tls 56 | # hosts: 57 | # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | autoscaling: 72 | enabled: false 73 | minReplicas: 1 74 | maxReplicas: 100 75 | targetCPUUtilizationPercentage: 80 76 | # targetMemoryUtilizationPercentage: 80 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /helm/staging/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: 0.0.2 3 | ingress: 4 | host: staging.go-demo-9.acme.com 5 | hpa: 6 | minReplicas: 2 7 | -------------------------------------------------------------------------------- /k8s/silly-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: test 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | 14 | --- 15 | 16 | kind: Deployment 17 | apiVersion: apps/v1 18 | metadata: 19 | name: test 20 | spec: 21 | selector: 22 | matchLabels: 23 | app: test 24 | template: 25 | metadata: 26 | labels: 27 | app: test 28 | spec: 29 | containers: 30 | - name: test 31 | image: alpine 32 | command: 33 | - sleep 34 | args: 35 | - "3600" 36 | volumeMounts: 37 | - mountPath: /tmp 38 | name: test 39 | volumes: 40 | - name: test 41 | persistentVolumeClaim: 42 | claimName: test 43 | -------------------------------------------------------------------------------- /keptn/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: keptn 5 | labels: 6 | app: keptn 7 | annotations: 8 | kubernetes.io/ingress.class: "nginx" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - backend: 14 | serviceName: api-gateway-nginx 15 | servicePort: 80 16 | host: keptn.acme.com 17 | 18 | -------------------------------------------------------------------------------- /knative/istio/devops-toolkit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: devops-toolkit 5 | spec: 6 | template: 7 | metadata: 8 | annotations: 9 | autoscaling.knative.dev/minScale: "0" 10 | autoscaling.knative.dev/maxScale: "3" 11 | spec: 12 | containerConcurrency: 100 13 | containers: 14 | - image: vfarcic/devops-toolkit-series 15 | ports: 16 | - containerPort: 80 17 | resources: 18 | limits: 19 | memory: 256Mi 20 | cpu: 100m 21 | -------------------------------------------------------------------------------- /knative/istio/istio-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | global: 6 | proxy: 7 | autoInject: enabled 8 | useMCP: false 9 | jwtPolicy: first-party-jwt 10 | 11 | addonComponents: 12 | pilot: 13 | enabled: true 14 | prometheus: 15 | enabled: false 16 | 17 | components: 18 | ingressGateways: 19 | - name: istio-ingressgateway 20 | enabled: true 21 | - name: cluster-local-gateway 22 | enabled: true 23 | label: 24 | istio: cluster-local-gateway 25 | app: cluster-local-gateway 26 | k8s: 27 | service: 28 | type: ClusterIP 29 | ports: 30 | - port: 15020 31 | name: status-port 32 | - port: 80 33 | name: http2 34 | - port: 443 35 | name: https 36 | -------------------------------------------------------------------------------- /knative/istio/peer-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: default 5 | namespace: knative-serving 6 | spec: 7 | mtls: 8 | mode: PERMISSIVE 9 | 10 | -------------------------------------------------------------------------------- /monitoring/grafana-loki.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | service: 4 | type: LoadBalancer 5 | datasources: 6 | datasources.yaml: 7 | apiVersion: 1 8 | datasources: 9 | - name: Loki 10 | type: loki 11 | url: http://loki:3100 12 | access: proxy 13 | isDefault: true 14 | - name: Prometheus 15 | type: prometheus 16 | url: http://prometheus-server 17 | access: proxy 18 | 19 | -------------------------------------------------------------------------------- /terraform-aci/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /terraform.tfstate* 3 | /docker-compose.yaml 4 | -------------------------------------------------------------------------------- /terraform-aci/docker-compose.yaml.tmpl: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | frontend: 4 | image: MY_IMAGE 5 | ports: 6 | - "80:80" 7 | -------------------------------------------------------------------------------- /terraform-aci/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | resource "random_string" "main" { 6 | length = 8 7 | special = false 8 | upper = false 9 | } 10 | 11 | resource "azurerm_resource_group" "main" { 12 | name = var.resource_group != "" ? var.resource_group : "${random_string.main.result}" 13 | location = var.region 14 | } 15 | 16 | resource "azurerm_container_registry" "main" { 17 | name = var.registry_name != "" ? var.registry_name : "${random_string.main.result}" 18 | resource_group_name = azurerm_resource_group.main.name 19 | location = azurerm_resource_group.main.location 20 | sku = "Premium" 21 | admin_enabled = true 22 | } 23 | 24 | data "azurerm_client_config" "main" { } -------------------------------------------------------------------------------- /terraform-aci/output.tf: -------------------------------------------------------------------------------- 1 | output "region" { 2 | value = var.region 3 | } 4 | 5 | output "subscription_id" { 6 | value = data.azurerm_client_config.main.subscription_id 7 | } 8 | 9 | output "resource_group" { 10 | value = azurerm_resource_group.main.name 11 | } 12 | 13 | output "registry_name" { 14 | value = azurerm_container_registry.main.name 15 | } -------------------------------------------------------------------------------- /terraform-aci/variables.tf: -------------------------------------------------------------------------------- 1 | variable "resource_group" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "registry_name" { 7 | type = string 8 | default = "" 9 | } 10 | 11 | variable "region" { 12 | type = string 13 | default = "eastus" 14 | } -------------------------------------------------------------------------------- /terraform-af/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /terraform.tfstate* -------------------------------------------------------------------------------- /terraform-af/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | resource "random_string" "main" { 6 | length = 8 7 | special = false 8 | upper = false 9 | } 10 | 11 | resource "azurerm_resource_group" "main" { 12 | name = var.resource_group != "" ? var.resource_group : "${random_string.main.result}" 13 | location = var.region 14 | } 15 | 16 | data "azurerm_client_config" "main" { } -------------------------------------------------------------------------------- /terraform-af/output.tf: -------------------------------------------------------------------------------- 1 | output "region" { 2 | value = var.region 3 | } 4 | 5 | output "subscription_id" { 6 | value = data.azurerm_client_config.main.subscription_id 7 | } 8 | 9 | output "resource_group" { 10 | value = azurerm_resource_group.main.name 11 | } -------------------------------------------------------------------------------- /terraform-af/variables.tf: -------------------------------------------------------------------------------- 1 | variable "resource_group" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "region" { 7 | type = string 8 | default = "eastus" 9 | } -------------------------------------------------------------------------------- /terraform-aks/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform* 2 | /*.tfstate* 3 | /kubeconfig 4 | /account.json 5 | /*.tf 6 | -------------------------------------------------------------------------------- /terraform-aks/acr/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /*.tfstate* 3 | /kubeconfig 4 | access-key.json 5 | /creds 6 | -------------------------------------------------------------------------------- /terraform-aks/acr/README.md: -------------------------------------------------------------------------------- 1 | ## Create a cluster and a registry 2 | 3 | ```bash 4 | export RANDOM_STRING=$(date +%Y%m%d%H%M%S) 5 | 6 | export RESOURCE_GROUP=rg-$RANDOM_STRING 7 | 8 | export ACR_NAME=acr$RANDOM_STRING 9 | 10 | export CLUSTER_NAME=aks-$RANDOM_STRING 11 | 12 | # NOTE: Using `az`, but it should be `terraform` 13 | 14 | az group create \ 15 | --name $RESOURCE_GROUP \ 16 | --location eastus 17 | 18 | az acr create \ 19 | --name $ACR_NAME \ 20 | --resource-group $RESOURCE_GROUP \ 21 | --sku basic 22 | 23 | az aks get-versions --location eastus 24 | 25 | export K8S_VERSION=[...] 26 | 27 | az aks create \ 28 | --name $CLUSTER_NAME \ 29 | --resource-group $RESOURCE_GROUP \ 30 | --generate-ssh-keys \ 31 | --attach-acr $ACR_NAME \ 32 | --node-count 3 \ 33 | --node-vm-size Standard_A2_v2 \ 34 | --enable-cluster-autoscaler \ 35 | --max-count 6 36 | --min-count 3 37 | 38 | az aks get-credentials \ 39 | --resource-group $RESOURCE_GROUP \ 40 | --name $CLUSTER_NAME \ 41 | --file kubeconfig 42 | 43 | export KUBECONFIG=$PWD/kubeconfig 44 | 45 | kubectl get nodes 46 | ``` 47 | 48 | ## Test the registry from a laptop 49 | 50 | ```bash 51 | export ACR_SERVER=$ACR_NAME.azurecr.io 52 | 53 | az acr login --name $ACR_NAME 54 | 55 | docker image pull alpine 56 | 57 | docker image tag alpine $ACR_SERVER/alpine 58 | 59 | docker image push $ACR_SERVER/alpine 60 | ``` 61 | 62 | ## Test the registry from the cluster 63 | 64 | ```bash 65 | kubectl run alpine \ 66 | --image $ACR_SERVER/alpine \ 67 | --generator run-pod/v1 \ 68 | -- sleep 10000 69 | 70 | kubectl get pods 71 | ``` 72 | 73 | ## Install JX 74 | 75 | ```bash 76 | git clone \ 77 | https://github.com/jenkins-x/jenkins-x-boot-config.git \ 78 | environment-$CLUSTER_NAME-dev 79 | 80 | cd environment-$CLUSTER_NAME-dev 81 | 82 | export GH_OWNER=[...] # Replace `[...]` with the GitHub owner 83 | 84 | cat jx-requirements.yml \ 85 | | sed -e "s@clusterName: \"\"@clusterName: $CLUSTER_NAME@g" \ 86 | | sed -e "s@environmentGitOwner: \"\"@environmentGitOwner: $GH_OWNER@g" \ 87 | | sed -e "s@provider: gke@provider: kubernetes\\ 88 | registry: $ACR_SERVER@g" \ 89 | | tee jx-requirements.yml 90 | 91 | cat ~/.docker/config.json 92 | 93 | export REGISTRY_AUTH=[...] # Replace `[...]` with the `auth` value from `~/.docker/config.json` 94 | 95 | export REGISTRY_IDENTITYTOKEN=[...] # Replace `[...]` with the `identitytoken` value from `~/.docker/config.json` 96 | 97 | mkdir -p ~/.jx/localSecrets/$CLUSTER_NAME 98 | 99 | echo "registry_auth: \"$REGISTRY_AUTH\" 100 | registry_identitytoken: \"$REGISTRY_IDENTITYTOKEN\"" \ 101 | | tee ~/.jx/localSecrets/$CLUSTER_NAME/registry.yaml 102 | 103 | echo "jenkins-x-platform: 104 | PipelineSecrets: 105 | DockerConfig: |- 106 | { 107 | \"auths\":{ 108 | \"$ACR_SERVER\": 109 | { 110 | \"auth\": {{ .Parameters.registry.registry_auth | quote}}, 111 | \"identitytoken\": {{ .Parameters.registry.registry_identitytoken | quote}} 112 | } 113 | } 114 | } 115 | docker-registry: 116 | enabled: false" \ 117 | | tee kubeProviders/kubernetes/values.tmpl.yaml 118 | 119 | # TODO: Switch to `env/values.tmpl.yaml` 120 | 121 | # The `env/parameters.yaml` file does not exist. 122 | # It is created only after the boot is run so we cannot modify it right away. 123 | # TODO: Provide means to add values to `env/parameters.yaml` without running `jx boot`. 124 | 125 | jx boot 126 | 127 | # It will fail in the `install-jenkins-x` step 128 | 129 | echo "registry: 130 | registry_auth: local:$CLUSTER_NAME/registry:registry_auth 131 | registry_identitytoken: local:$CLUSTER_NAME/registry:registry_identitytoken" \ 132 | | tee -a env/parameters.yaml 133 | 134 | jx boot --start-step install-jenkins-x 135 | 136 | # Subsequential executions of the boot eliminate the additions to `env/parameters.yaml`. 137 | # TODO: Figure out a different way to provide that info, or stop recreating `env/parameters.yaml`. 138 | ``` 139 | 140 | ## Validate JX setup 141 | 142 | ```bash 143 | kubectl get secret jenkins-docker-cfg -o yaml 144 | 145 | export CONFIG_JSON=[...] # Replace `[...]` with the `config.json` value 146 | 147 | echo $CONFIG_JSON | base64 -d 148 | 149 | cat ~/.docker/config.json 150 | 151 | # Compare the two outputs 152 | 153 | cd .. 154 | 155 | jx create quickstart \ 156 | --filter golang-http \ 157 | --project-name jx-go \ 158 | --batch-mode 159 | 160 | jx get activities \ 161 | --filter jx-go \ 162 | --watch 163 | 164 | jx get activities \ 165 | --filter environment-$CLUSTER_NAME-staging \ 166 | --watch 167 | 168 | kubectl --namespace jx-staging get pods 169 | 170 | export ADDR=$(kubectl \ 171 | --namespace jx-staging \ 172 | get ing jx-go \ 173 | --output jsonpath="{.spec.rules[0].host}") 174 | 175 | curl $ADDR 176 | ``` -------------------------------------------------------------------------------- /terraform-aks/acr/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | resource "random_string" "main" { 6 | length = 8 7 | special = false 8 | upper = false 9 | } 10 | 11 | resource "azurerm_resource_group" "main" { 12 | name = var.resource_group != "" ? var.resource_group : "${random_string.main.result}" 13 | location = var.region 14 | } 15 | 16 | resource "azurerm_kubernetes_cluster" "main" { 17 | name = var.cluster_name 18 | location = var.region 19 | resource_group_name = azurerm_resource_group.main.name 20 | dns_prefix = var.dns_prefix != "" ? var.dns_prefix : "${random_string.main.result}" 21 | kubernetes_version = var.k8s_version 22 | default_node_pool { 23 | name = var.cluster_name 24 | vm_size = var.machine_type 25 | enable_auto_scaling = true 26 | max_count = var.max_node_count 27 | min_count = var.min_node_count 28 | } 29 | identity { 30 | type = "SystemAssigned" 31 | } 32 | } 33 | 34 | resource "azurerm_container_registry" "main" { 35 | name = var.container_registry_name != "" ? var.container_registry_name : "${random_string.main.result}" 36 | resource_group_name = azurerm_resource_group.main.name 37 | admin_enabled = true 38 | location = var.region 39 | sku = "Premium" 40 | } 41 | 42 | resource "azurerm_role_assignment" "acrpull_role" { 43 | scope = azurerm_container_registry.main.id 44 | role_definition_name = "AcrPull" 45 | principal_id = azuread_service_principal.main.object_id 46 | depends_on = [ 47 | azurerm_container_registry.main, 48 | azuread_application.main 49 | ] 50 | } 51 | 52 | # resource "azurerm_role_assignment" "acrpull_role" { 53 | # scope = "${data.azurerm_subscription.main.id}/resourceGroups/${azurerm_resource_group.main.name}" 54 | # role_definition_name = "AcrPull" 55 | # principal_id = "${azuread_service_principal.server.id}" 56 | # skip_service_principal_aad_check = true 57 | # } 58 | 59 | resource "azuread_application" "main" { 60 | name = azurerm_kubernetes_cluster.main.name 61 | } 62 | 63 | # resource "azurerm_role_assignment" "acrpull_role" { 64 | # scope = data.azurerm_subscription.main.id 65 | # role_definition_name = "AcrPull" 66 | # principal_id = azurerm_kubernetes_cluster.main.identity.0.principal_id 67 | # skip_service_principal_aad_check = true 68 | # } 69 | 70 | resource "azuread_service_principal" "main" { 71 | application_id = azuread_application.main.application_id 72 | app_role_assignment_required = false 73 | } 74 | 75 | data "azurerm_subscription" "main" { } 76 | 77 | resource "null_resource" "kubeconfig" { 78 | provisioner "local-exec" { 79 | command = "KUBECONFIG=$PWD/kubeconfig az aks get-credentials --name ${var.cluster_name} --resource-group ${azurerm_resource_group.main.name} --file $PWD/kubeconfig" 80 | } 81 | depends_on = [ 82 | azurerm_kubernetes_cluster.main, 83 | ] 84 | } 85 | 86 | resource "null_resource" "destroy-kubeconfig" { 87 | provisioner "local-exec" { 88 | when = destroy 89 | command = "rm -f $PWD/kubeconfig" 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /terraform-aks/acr/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = var.cluster_name 3 | } 4 | 5 | output "region" { 6 | value = var.region 7 | } 8 | 9 | output "resource_group" { 10 | value = azurerm_resource_group.main.name 11 | } 12 | 13 | output "registry_server" { 14 | value = azurerm_container_registry.main.login_server 15 | } 16 | 17 | output "registry_name" { 18 | value = azurerm_container_registry.main.name 19 | } -------------------------------------------------------------------------------- /terraform-aks/acr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "eastus" 4 | } 5 | 6 | variable "resource_group" { 7 | type = string 8 | default = "" 9 | } 10 | 11 | variable "cluster_name" { 12 | type = string 13 | default = "docatalog" 14 | } 15 | 16 | variable "dns_prefix" { 17 | type = string 18 | default = "" 19 | } 20 | 21 | # Get the version with `az aks get-versions --location eastus` 22 | variable "k8s_version" { 23 | type = string 24 | } 25 | 26 | variable "min_node_count" { 27 | type = number 28 | default = 3 29 | } 30 | 31 | variable "max_node_count" { 32 | type = number 33 | default = 9 34 | } 35 | 36 | variable "machine_type" { 37 | type = string 38 | default = "Standard_A2_v2" 39 | } 40 | 41 | variable "container_registry_name" { 42 | type = string 43 | default = "" 44 | } 45 | -------------------------------------------------------------------------------- /terraform-aks/files/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "azurerm" { 3 | resource_group_name = "devops-catalog-aks" 4 | storage_account_name = "devopscatalog" 5 | container_name = "devopscatalog" 6 | key = "terraform.tfstate" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform-aks/files/k8s-control-plane.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_kubernetes_cluster" "primary" { 2 | name = var.cluster_name 3 | location = var.region 4 | resource_group_name = var.resource_group 5 | dns_prefix = var.dns_prefix 6 | kubernetes_version = var.k8s_version 7 | default_node_pool { 8 | name = var.cluster_name 9 | vm_size = var.machine_type 10 | enable_auto_scaling = true 11 | max_count = var.max_node_count 12 | min_count = var.min_node_count 13 | } 14 | identity { 15 | type = "SystemAssigned" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /terraform-aks/files/k8s-worker-nodes.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_kubernetes_cluster_node_pool" "secondary" { 2 | name = "${var.cluster_name}2" 3 | kubernetes_cluster_id = azurerm_kubernetes_cluster.primary.id 4 | vm_size = var.machine_type 5 | enable_auto_scaling = true 6 | max_count = var.max_node_count 7 | min_count = var.min_node_count 8 | } 9 | -------------------------------------------------------------------------------- /terraform-aks/files/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = var.cluster_name 3 | } 4 | 5 | output "region" { 6 | value = var.region 7 | } 8 | 9 | output "resource_group" { 10 | value = var.resource_group 11 | } 12 | -------------------------------------------------------------------------------- /terraform-aks/files/provider.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | -------------------------------------------------------------------------------- /terraform-aks/files/storage.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_storage_account" "state" { 2 | name = "devopscatalog" 3 | resource_group_name = var.resource_group 4 | location = var.region 5 | account_tier = "Standard" 6 | account_replication_type = "LRS" 7 | allow_blob_public_access = true 8 | } 9 | 10 | resource "azurerm_storage_container" "state" { 11 | name = "devopscatalog" 12 | storage_account_name = azurerm_storage_account.state.name 13 | container_access_type = "blob" 14 | } 15 | -------------------------------------------------------------------------------- /terraform-aks/files/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "eastus" 4 | } 5 | 6 | variable "resource_group" { 7 | type = string 8 | default = "devops-catalog-aks" 9 | } 10 | 11 | variable "cluster_name" { 12 | type = string 13 | default = "docatalog" 14 | } 15 | 16 | variable "dns_prefix" { 17 | type = string 18 | default = "docatalog" 19 | } 20 | 21 | variable "k8s_version" { 22 | type = string 23 | } 24 | 25 | variable "min_node_count" { 26 | type = number 27 | default = 3 28 | } 29 | 30 | variable "max_node_count" { 31 | type = number 32 | default = 9 33 | } 34 | 35 | variable "machine_type" { 36 | type = string 37 | default = "Standard_D2_v2" 38 | } 39 | -------------------------------------------------------------------------------- /terraform-aks/minimal/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /*.tfstate* 3 | /kubeconfig 4 | access-key.json 5 | /creds 6 | -------------------------------------------------------------------------------- /terraform-aks/minimal/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | terraform { 6 | backend "azurerm" { 7 | resource_group_name = "devops-catalog-aks" 8 | storage_account_name = "devopscatalog" 9 | container_name = "devopscatalog" 10 | key = "terraform.tfstate" 11 | } 12 | } 13 | 14 | resource "azurerm_kubernetes_cluster" "primary" { 15 | name = var.cluster_name 16 | location = var.region 17 | resource_group_name = var.resource_group 18 | dns_prefix = var.dns_prefix 19 | kubernetes_version = var.k8s_version 20 | default_node_pool { 21 | name = var.cluster_name 22 | vm_size = var.machine_type 23 | enable_auto_scaling = true 24 | max_count = var.max_node_count 25 | min_count = var.min_node_count 26 | } 27 | identity { 28 | type = "SystemAssigned" 29 | } 30 | } 31 | 32 | resource "azurerm_storage_account" "state" { 33 | name = "devopscatalog" 34 | resource_group_name = var.resource_group 35 | location = var.region 36 | account_tier = "Standard" 37 | account_replication_type = "LRS" 38 | allow_blob_public_access = true 39 | } 40 | 41 | resource "azurerm_storage_container" "state" { 42 | name = "devopscatalog" 43 | storage_account_name = azurerm_storage_account.state.name 44 | container_access_type = "blob" 45 | } 46 | 47 | -------------------------------------------------------------------------------- /terraform-aks/minimal/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = var.cluster_name 3 | } 4 | 5 | output "region" { 6 | value = var.region 7 | } 8 | 9 | output "resource_group" { 10 | value = var.resource_group 11 | } 12 | -------------------------------------------------------------------------------- /terraform-aks/minimal/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "eastus" 4 | } 5 | 6 | variable "resource_group" { 7 | type = string 8 | default = "devops-catalog-aks" 9 | } 10 | 11 | variable "cluster_name" { 12 | type = string 13 | default = "docatalog" 14 | } 15 | 16 | variable "dns_prefix" { 17 | type = string 18 | default = "docatalog" 19 | } 20 | 21 | variable "k8s_version" { 22 | type = string 23 | } 24 | 25 | variable "min_node_count" { 26 | type = number 27 | default = 3 28 | } 29 | 30 | variable "max_node_count" { 31 | type = number 32 | default = 9 33 | } 34 | 35 | variable "machine_type" { 36 | type = string 37 | default = "Standard_D2_v2" 38 | } 39 | -------------------------------------------------------------------------------- /terraform-aks/simple-versioned/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /*.tfstate* 3 | /kubeconfig 4 | access-key.json 5 | /creds 6 | .terraform* 7 | 8 | -------------------------------------------------------------------------------- /terraform-aks/simple-versioned/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | resource "random_string" "main" { 6 | length = 8 7 | special = false 8 | upper = false 9 | } 10 | 11 | resource "azurerm_resource_group" "main" { 12 | name = var.resource_group != "" ? var.resource_group : random_string.main.result 13 | location = var.region 14 | } 15 | 16 | resource "azurerm_kubernetes_cluster" "primary" { 17 | name = var.cluster_name 18 | location = var.region 19 | resource_group_name = azurerm_resource_group.main.name 20 | dns_prefix = var.dns_prefix 21 | kubernetes_version = var.k8s_version 22 | default_node_pool { 23 | name = var.cluster_name 24 | vm_size = var.machine_type 25 | enable_auto_scaling = true 26 | max_count = var.max_node_count 27 | min_count = var.min_node_count 28 | orchestrator_version = var.k8s_version 29 | } 30 | identity { 31 | type = "SystemAssigned" 32 | } 33 | } 34 | 35 | resource "null_resource" "kubeconfig" { 36 | provisioner "local-exec" { 37 | command = "az aks get-credentials --name ${var.cluster_name} --resource-group ${azurerm_resource_group.main.name} --file $PWD/kubeconfig" 38 | } 39 | depends_on = [ 40 | azurerm_kubernetes_cluster.primary, 41 | ] 42 | } 43 | 44 | resource "null_resource" "destroy-kubeconfig" { 45 | provisioner "local-exec" { 46 | when = destroy 47 | command = "rm -f $PWD/kubeconfig" 48 | } 49 | } 50 | 51 | resource "null_resource" "ingress-nginx" { 52 | count = var.ingress_nginx == true ? 1 : 0 53 | provisioner "local-exec" { 54 | command = "KUBECONFIG=$PWD/kubeconfig kubectl apply --filename https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/cloud/deploy.yaml" 55 | } 56 | depends_on = [ 57 | null_resource.kubeconfig, 58 | ] 59 | } 60 | 61 | resource "null_resource" "istio" { 62 | count = var.istio == true ? 1 : 0 63 | provisioner "local-exec" { 64 | command = "KUBECONFIG=$PWD/kubeconfig istioctl install --skip-confirmation" 65 | } 66 | depends_on = [ 67 | null_resource.kubeconfig, 68 | ] 69 | } 70 | 71 | -------------------------------------------------------------------------------- /terraform-aks/simple-versioned/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = var.cluster_name 3 | } 4 | 5 | output "region" { 6 | value = var.region 7 | } 8 | 9 | output "resource_group" { 10 | value = azurerm_resource_group.main.name 11 | } 12 | -------------------------------------------------------------------------------- /terraform-aks/simple-versioned/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "eastus" 4 | } 5 | 6 | variable "resource_group" { 7 | type = string 8 | default = "" 9 | } 10 | 11 | variable "cluster_name" { 12 | type = string 13 | default = "docatalog" 14 | } 15 | 16 | variable "dns_prefix" { 17 | type = string 18 | default = "docatalog" 19 | } 20 | 21 | variable "min_node_count" { 22 | type = number 23 | default = 3 24 | } 25 | 26 | variable "max_node_count" { 27 | type = number 28 | default = 9 29 | } 30 | 31 | variable "machine_type" { 32 | type = string 33 | default = "Standard_D2_v2" 34 | } 35 | 36 | variable "ingress_nginx" { 37 | type = bool 38 | default = false 39 | } 40 | 41 | variable "istio" { 42 | type = bool 43 | default = false 44 | } 45 | 46 | variable "k8s_version" { 47 | type = string 48 | } 49 | 50 | -------------------------------------------------------------------------------- /terraform-aks/simple/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /*.tfstate* 3 | /kubeconfig 4 | access-key.json 5 | /creds 6 | .terraform* 7 | 8 | -------------------------------------------------------------------------------- /terraform-aks/simple/main.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | features {} 3 | } 4 | 5 | resource "random_string" "main" { 6 | length = 8 7 | special = false 8 | upper = false 9 | } 10 | 11 | resource "azurerm_resource_group" "main" { 12 | name = var.resource_group != "" ? var.resource_group : random_string.main.result 13 | location = var.region 14 | } 15 | 16 | resource "azurerm_kubernetes_cluster" "primary" { 17 | name = var.cluster_name 18 | location = var.region 19 | resource_group_name = azurerm_resource_group.main.name 20 | dns_prefix = var.dns_prefix 21 | kubernetes_version = var.k8s_version 22 | default_node_pool { 23 | name = var.cluster_name 24 | vm_size = var.machine_type 25 | enable_auto_scaling = true 26 | max_count = var.max_node_count 27 | min_count = var.min_node_count 28 | orchestrator_version = var.k8s_version 29 | } 30 | identity { 31 | type = "SystemAssigned" 32 | } 33 | } 34 | 35 | resource "null_resource" "kubeconfig" { 36 | provisioner "local-exec" { 37 | command = "az aks get-credentials --name ${var.cluster_name} --resource-group ${azurerm_resource_group.main.name} --file $PWD/kubeconfig" 38 | } 39 | depends_on = [ 40 | azurerm_kubernetes_cluster.primary, 41 | ] 42 | } 43 | 44 | resource "null_resource" "destroy-kubeconfig" { 45 | provisioner "local-exec" { 46 | when = destroy 47 | command = "rm -f $PWD/kubeconfig" 48 | } 49 | } 50 | 51 | resource "null_resource" "ingress-nginx" { 52 | count = var.ingress_nginx == true ? 1 : 0 53 | provisioner "local-exec" { 54 | command = "KUBECONFIG=$PWD/kubeconfig kubectl apply --filename https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/cloud/deploy.yaml" 55 | } 56 | depends_on = [ 57 | null_resource.kubeconfig, 58 | ] 59 | } 60 | 61 | resource "null_resource" "istio" { 62 | count = var.istio == true ? 1 : 0 63 | provisioner "local-exec" { 64 | command = "KUBECONFIG=$PWD/kubeconfig istioctl install --skip-confirmation" 65 | } 66 | depends_on = [ 67 | null_resource.kubeconfig, 68 | ] 69 | } 70 | 71 | -------------------------------------------------------------------------------- /terraform-aks/simple/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | value = var.cluster_name 3 | } 4 | 5 | output "region" { 6 | value = var.region 7 | } 8 | 9 | output "resource_group" { 10 | value = azurerm_resource_group.main.name 11 | } 12 | -------------------------------------------------------------------------------- /terraform-aks/simple/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "eastus" 4 | } 5 | 6 | variable "resource_group" { 7 | type = string 8 | default = "" 9 | } 10 | 11 | variable "cluster_name" { 12 | type = string 13 | default = "docatalog" 14 | } 15 | 16 | variable "dns_prefix" { 17 | type = string 18 | default = "docatalog" 19 | } 20 | 21 | variable "min_node_count" { 22 | type = number 23 | default = 3 24 | } 25 | 26 | variable "max_node_count" { 27 | type = number 28 | default = 9 29 | } 30 | 31 | variable "machine_type" { 32 | type = string 33 | default = "Standard_D2_v2" 34 | } 35 | 36 | variable "ingress_nginx" { 37 | type = bool 38 | default = false 39 | } 40 | 41 | variable "istio" { 42 | type = bool 43 | default = false 44 | } 45 | 46 | variable "k8s_version" { 47 | type = string 48 | default = "1.19.9" 49 | } 50 | 51 | -------------------------------------------------------------------------------- /terraform-dok/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/devops-catalog-code/a79e35f933a57cf5ac15d744bd15691eec6f6fb5/terraform-dok/.DS_Store -------------------------------------------------------------------------------- /terraform-dok/simple/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform* 2 | /*.tfstate* 3 | /kubeconfig.yaml 4 | /creds 5 | -------------------------------------------------------------------------------- /terraform-dok/simple/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | digitalocean = { 4 | source = "digitalocean/digitalocean" 5 | version = "2.34.0" 6 | } 7 | } 8 | } 9 | 10 | provider "digitalocean" {} 11 | 12 | resource "digitalocean_kubernetes_cluster" "primary" { 13 | name = var.name 14 | region = "nyc1" 15 | version = var.k8s_version 16 | node_pool { 17 | name = "primary" 18 | size = var.pool_size 19 | auto_scale = true 20 | min_nodes = var.min_nodes 21 | max_nodes = var.max_nodes 22 | } 23 | } 24 | 25 | resource "null_resource" "ingress-nginx" { 26 | count = var.ingress_nginx == true ? 1 : 0 27 | provisioner "local-exec" { 28 | command = "KUBECONFIG=$PWD/kubeconfig.yaml kubectl apply --filename https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml" 29 | } 30 | depends_on = [ 31 | null_resource.kubeconfig, 32 | ] 33 | } 34 | 35 | resource "null_resource" "kubeconfig" { 36 | provisioner "local-exec" { 37 | command = "echo '${digitalocean_kubernetes_cluster.primary.kube_config[0].raw_config}' | tee kubeconfig.yaml" 38 | } 39 | depends_on = [ 40 | digitalocean_kubernetes_cluster.primary, 41 | ] 42 | } 43 | 44 | resource "null_resource" "destroy-kubeconfig" { 45 | provisioner "local-exec" { 46 | when = destroy 47 | command = "rm -f $PWD/kubeconfig.yaml" 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /terraform-dok/simple/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | default = "devops-toolkit" 4 | } 5 | 6 | variable "pool_size" { 7 | type = string 8 | default = "s-2vcpu-4gb" 9 | } 10 | 11 | variable "k8s_version" { 12 | type = string 13 | default = "1.24.4-do.0" 14 | } 15 | 16 | variable "ingress_nginx" { 17 | type = bool 18 | default = false 19 | } 20 | 21 | variable "min_nodes" { 22 | type = number 23 | default = 3 24 | } 25 | 26 | variable "max_nodes" { 27 | type = number 28 | default = 6 29 | } 30 | -------------------------------------------------------------------------------- /terraform-ecs-fargate/app/.gitignore: -------------------------------------------------------------------------------- 1 | /.terraform 2 | /terraform.tfstate* 3 | -------------------------------------------------------------------------------- /terraform-ecs-fargate/app/devops-toolkit-series.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "devops-toolkit-series", 4 | "image": "vfarcic/devops-toolkit-series", 5 | "portMappings": [ 6 | { 7 | "containerPort": 80, 8 | "hostPort": 80 9 | } 10 | ], 11 | "logConfiguration": { 12 | "logDriver": "awslogs", 13 | "options": { 14 | "awslogs-group" : "/ecs/devops-toolkit-series", 15 | "awslogs-region": "us-east-1", 16 | "awslogs-stream-prefix": "ecs" 17 | } 18 | } 19 | } 20 | ] 21 | -------------------------------------------------------------------------------- /terraform-ecs-fargate/app/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ecs_task_definition" "dts" { 2 | family = "devops-toolkit-series" 3 | requires_compatibilities = ["FARGATE"] 4 | container_definitions = file("devops-toolkit-series.json") 5 | network_mode = "awsvpc" 6 | memory = var.memory 7 | cpu = var.cpu 8 | execution_role_arn = data.aws_iam_role.ecs_task_execution_role.arn 9 | } 10 | 11 | resource "aws_ecs_service" "dts" { 12 | name = "devops-toolkit-series" 13 | launch_type = "FARGATE" 14 | task_definition = aws_ecs_task_definition.dts.arn 15 | cluster = var.cluster_id 16 | desired_count = var.desired_count 17 | network_configuration { 18 | subnets = var.subnet_ids 19 | security_groups = [var.security_group_id] 20 | } 21 | load_balancer { 22 | target_group_arn = var.lb_arn 23 | container_name = "devops-toolkit-series" 24 | container_port = var.port 25 | } 26 | } 27 | 28 | data "aws_iam_role" "ecs_task_execution_role" { 29 | name = "ecsTaskExecutionRole" 30 | } 31 | -------------------------------------------------------------------------------- /terraform-ecs-fargate/app/variables.tf: -------------------------------------------------------------------------------- 1 | variable "desired_count" { 2 | type = number 3 | default = 1 4 | } 5 | 6 | variable "memory" { 7 | type = string 8 | default = "512" 9 | } 10 | 11 | variable "cpu" { 12 | type = string 13 | default = "256" 14 | } 15 | 16 | variable "port" { 17 | type = number 18 | default = 80 19 | } 20 | 21 | variable "lb_arn" { 22 | type = string 23 | } 24 | 25 | variable "security_group_id" { 26 | type = string 27 | } 28 | 29 | variable "subnet_ids" { 30 | type = list(string) 31 | } 32 | 33 | variable "cluster_id" { 34 | type = string 35 | } 36 | -------------------------------------------------------------------------------- /terraform-ecs-fargate/cluster/.gitignore: -------------------------------------------------------------------------------- 1 | /creds 2 | /.terraform 3 | /terraform.tfstate* 4 | /darwin_amd64 -------------------------------------------------------------------------------- /terraform-ecs-fargate/cluster/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | ####### 6 | # ECS # 7 | ####### 8 | 9 | resource "aws_ecs_cluster" "main" { 10 | name = "catalog-ecs" 11 | capacity_providers = ["FARGATE", "FARGATE_SPOT"] 12 | } 13 | 14 | ################### 15 | # Everything Else # 16 | ################### 17 | 18 | # Uncomment if `ecsTaskExecutionRole` does not already exist 19 | 20 | # resource "aws_iam_role" "ecs_task" { 21 | # name = "ecsTaskExecutionRole" 22 | # assume_role_policy = <