Add helm to CI

Orbitalize · Dec 19, 2023 · 2922f51 · 2922f51
1 parent a6ea2a3
commit 2922f51
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 14 deletions.
diff --git a/deploy/infrastructure/dependencies/terraform-commons-dss/main.tf b/deploy/infrastructure/dependencies/terraform-commons-dss/main.tf
@@ -65,4 +65,4 @@ resource "local_file" "get_credentials" {
     get_credentials_cmd = var.kubernetes_get_credentials_cmd
   })
   filename = "${local.workspace_location}/get-credentials.sh"
-}
+}
diff --git a/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf b/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf
@@ -2,4 +2,66 @@ output "generated_files_location" {
   value = <<-EOT
   Workspace location with generated files: ${local.workspace_location}
   EOT
-}
+}
+
+output "helm_chart_dss_values" {
+  value = {
+    cockroachdb = {
+      fullnameOverride = "dss-cockroachdb"
+
+      conf = {
+        join         = var.crdb_external_nodes
+        cluster-name = "dss-aws-1"
+        single-node  = false
+        locality     = "zone=${var.crdb_locality}"
+      }
+
+      statefulset = {
+        args = [
+          "--locality-advertise-addr=zone=${var.crdb_locality}@$(hostname -f)",
+          "--advertise-addr=$${HOSTNAME##*-}.${var.crdb_hostname_suffix}"
+        ]
+      }
+
+      storage = {
+        persistentVolume = {
+          storageClass = var.kubernetes_storage_class
+        }
+      }
+    }
+
+    loadBalancers = {
+      cockroachdbNodes = [
+      for ip in var.crdb_internal_nodes[*].ip :
+      {
+        ip     = ip
+        subnet = var.workload_subnet
+      }
+      ]
+
+      dssGateway = {
+        ip       = var.ip_gateway
+        subnet   = var.workload_subnet
+        certName = var.gateway_cert_name
+      }
+    }
+
+    dss = {
+      image = var.image
+
+      conf = {
+        pubKeys      = [
+          "/test-certs/auth2.pem"
+        ]
+        jwksEndpoint = var.authorization.jwks != null ? var.authorization.jwks.endpoint : ""
+        jwksKeyIds   = var.authorization.jwks != null ? [var.authorization.jwks.key_id] : []
+        hostname     = var.app_hostname
+        enableScd    = var.enable_scd
+      }
+    }
+
+    global = {
+      cloudProvider = var.kubernetes_cloud_provider_name
+    }
+  }
+}
diff --git a/deploy/operations/Dockerfile b/deploy/operations/Dockerfile
@@ -1,7 +1,7 @@
 FROM ubuntu:22.04
 
 RUN  apt-get update \
-&& apt-get install -y unzip curl gnupg lsb-release
+&& apt-get install -y unzip curl gnupg lsb-release apt-transport-https ca-certificates
 
 # Terraform CLI
 RUN curl -s https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \
@@ -15,8 +15,16 @@ RUN  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv
 && unzip awscliv2.zip \
 && rm awscliv2.zip \
 && ./aws/install
+#
+## Kubectl && Helm
+#RUN curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null \
+#&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list \
+#&& curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg \
+#&& echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list \
+#&& apt-get update \
+#&& apt-get install -y kubectl helm
 
 # Clean up apt
-RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
 
-RUN terraform --version
+RUN terraform --version
diff --git a/deploy/operations/ci/aws-1/main.tf b/deploy/operations/ci/aws-1/main.tf
@@ -8,14 +8,14 @@ terraform {
 
 module "terraform-aws-kubernetes" {
   # See variables.tf for variables description.
-  cluster_name         = var.cluster_name
-  aws_region           = var.aws_region
-  app_hostname         = var.app_hostname
-  crdb_hostname_suffix = var.crdb_hostname_suffix
-  aws_instance_type    = var.aws_instance_type
-  aws_route53_zone_id  = var.aws_route53_zone_id
+  cluster_name                 = var.cluster_name
+  aws_region                   = var.aws_region
+  app_hostname                 = var.app_hostname
+  crdb_hostname_suffix         = var.crdb_hostname_suffix
+  aws_instance_type            = var.aws_instance_type
+  aws_route53_zone_id          = var.aws_route53_zone_id
   aws_iam_permissions_boundary = var.aws_iam_permissions_boundary
-  node_count           = var.node_count
+  node_count                   = var.node_count
 
   source = "../../../infrastructure/dependencies/terraform-aws-kubernetes"
 }
@@ -42,3 +42,19 @@ module "terraform-commons-dss" {
 
   source = "../../../infrastructure/dependencies/terraform-commons-dss"
 }
+
+resource "helm_release" "dss" {
+  chart  = "../../../services/helm-charts/dss"
+  name   = "ci-aws-1"
+  values = [
+    yamlencode(module.terraform-commons-dss.helm_chart_dss_values)
+  ]
+
+  # Atomic can't be used because of https://github.com/cockroachdb/helm-charts/issues/287
+  atomic = false
+  dependency_update = true
+}
+
+output "helm_chart_dss_values" {
+  value = module.terraform-commons-dss.helm_chart_dss_values
+}
diff --git a/deploy/operations/ci/aws-1/providers.tf b/deploy/operations/ci/aws-1/providers.tf
@@ -17,3 +17,11 @@ provider kubernetes {
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data)
   token                  = data.aws_eks_cluster_auth.kubernetes_cluster.token
 }
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.kubernetes_cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority[0].data)
+    token = data.aws_eks_cluster_auth.kubernetes_cluster.token
+  }
+}
diff --git a/deploy/operations/ci/aws-1/test.sh b/deploy/operations/ci/aws-1/test.sh
@@ -20,7 +20,5 @@ clean () {
 terraform init
 clean
 terraform apply -auto-approve
-# TODO: Deploy the DSS
 # TODO: Test the deployment of the DSS
 clean
-