From 50b091cc277552efe9b07c8c19be12b74f350773 Mon Sep 17 00:00:00 2001 From: gatici Date: Wed, 31 Jan 2024 13:46:15 +0300 Subject: [PATCH 1/2] Add the Terraform module Signed-off-by: gatici --- .gitignore | 55 ++++++++++++++++++++---- terraform/CONTRIBUTING.md | 86 ++++++++++++++++++++++++++++++++++++++ terraform/README.md | 72 +++++++++++++++++++++++++++++++ terraform/main.tf | 40 ++++++++++++++++++ terraform/outputs.tf | 4 ++ terraform/terraform.tf | 11 +++++ terraform/terraform.tfvars | 7 ++++ terraform/variables.tf | 23 ++++++++++ 8 files changed, 291 insertions(+), 7 deletions(-) create mode 100644 terraform/CONTRIBUTING.md create mode 100644 terraform/README.md create mode 100644 terraform/main.tf create mode 100644 terraform/outputs.tf create mode 100644 terraform/terraform.tf create mode 100644 terraform/terraform.tfvars create mode 100644 terraform/variables.tf diff --git a/.gitignore b/.gitignore index 2aa0330..ef310eb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,52 @@ +*.idea +.vscode/ +.coverage +.tox/ venv/ build/ -*.charm -.tox/ -.coverage -__pycache__/ -*.py[cod] -.idea -.vscode/ + +# Python +**/venv/** +*.pyc +.python-version .mypy_cache/ __pycache__/ + +# Charmcraft +*.charm + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl diff --git a/terraform/CONTRIBUTING.md b/terraform/CONTRIBUTING.md new file mode 100644 index 0000000..9a421a2 --- /dev/null +++ b/terraform/CONTRIBUTING.md @@ -0,0 +1,86 @@ +# Contributing + +## Development environment + +### Prerequisites + +Make sure the following software and tools are installed in the development +environment. + +- `microk8s` +- `juju` +- `terraform` + +### Prepare Development Environment + +Install Microk8s: + +```console +sudo snap install microk8s --channel=1.27-strict/stable +sudo usermod -a -G snap_microk8s $USER +newgrp snap_microk8s +``` + +Enable `storage` plugin for Microk8s: + +```console +sudo microk8s enable hostpath-storage +``` + +Install Juju: + +```console +sudo snap install juju --channel=3.1/stable +``` + +Install Terraform: + +```console +sudo snap install --classic terraform +``` + +Bootstrap the Juju Controller using Microk8s: + +```console +juju bootstrap microk8s +``` + +Add a Juju model: + +```console +juju add model +```` + +### Terraform provider + +The Terraform module uses the Juju provider to provision Juju resources. Please refer to the [Juju provider documentation](https://registry.terraform.io/providers/juju/juju/latest/docs) for more information. + +A Terraform working directory needs to be initialized at the beginning. + +Initialise the provider: + +```console +terraform init +``` + +## Testing + +Terraform CLI provides various ways to do formatting and validation. + +Formats to a canonical format and style: + +```console +terraform fmt +``` + +Check the syntactical validation: + +```console +terraform validate +``` + +Preview the changes: + +```console +terraform plan +``` diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..0cddc60 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,72 @@ +# SD-Core NRF K8s Terraform Module + +This SD-Core NRF K8s Terraform module aims to deploy the [sdcore-nrf-k8s charm](https://charmhub.io/sdcore-nrf-k8s) via Terraform. + +## Getting Started + +### Prerequisites + +The following software and tools needs to be installed and should be running in the local environment. + +- `microk8s` +- `juju 3.x` +- `terrafom` + +### Deploy the sdcore-nrf-k8s charm using Terraform + +Make sure that `storage` plugin is enabled for Microk8s: + +```console +sudo microk8s enable hostpath-storage +``` + +Add a Juju model: + +```console +juju add model +``` + +Initialise the provider: + +```console +terraform init +``` + +Customize the configuration inputs under `terraform.tfvars` file according to requirement. + +Replace the values in the `terraform.tfvars` file: + +```yaml +# Mandatory Config Options +model_name = "put your model-name here" +db_application_name = "put your mongodb app name here" +certs_application_name = "put your self-signed-certificates app name here" +``` + +Run Terraform Plan by providing var-file: + +```console +terraform plan -var-file="terraform.tfvars" +``` + +Deploy the resources, skip the approval: + +```console +terraform apply -auto-approve +``` + +### Check the Output + +Run `juju switch ` to switch to the target Juju model and observe the status of the application. + +```console +juju status --relations +``` + +### Clean up + +Remove the application: + +```console +terraform destroy -auto-approve +``` diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..c89bab8 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,40 @@ +resource "juju_application" "nrf" { + name = "nrf" + model = var.model_name + + charm { + name = "sdcore-nrf-k8s" + channel = var.channel + } + units = 1 + trust = true +} + +resource "juju_integration" "nrf-db" { + model = var.model_name + + application { + name = juju_application.nrf.name + endpoint = "database" + } + + application { + name = var.db_application_name + endpoint = "database" + } +} + +resource "juju_integration" "nrf-certs" { + model = var.model_name + + application { + name = juju_application.nrf.name + endpoint = "certificates" + } + + application { + name = var.certs_application_name + endpoint = "certificates" + } +} + diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..cbfbbb9 --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,4 @@ +output "nrf_application_name" { + description = "Name of the deployed application." + value = juju_application.nrf.name +} \ No newline at end of file diff --git a/terraform/terraform.tf b/terraform/terraform.tf new file mode 100644 index 0000000..4f60bb4 --- /dev/null +++ b/terraform/terraform.tf @@ -0,0 +1,11 @@ +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. + +terraform { + required_providers { + juju = { + source = "juju/juju" + version = "~> 0.10.1" + } + } +} diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars new file mode 100644 index 0000000..fa5483c --- /dev/null +++ b/terraform/terraform.tfvars @@ -0,0 +1,7 @@ +# Mandatory Config Options +model_name = "put your model-name here" +db_application_name = "put your mongodb app name here" +certs_application_name = "put your self-signed-certificates app name here" + +# Optional Configuration +channel = "put the charm channel here" diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..542ec02 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,23 @@ +variable "model_name" { + description = "Name of Juju model to deploy application to." + type = string + default = "" +} + +variable "channel" { + description = "The channel to use when deploying a charm." + type = string + default = "1.3/edge" +} + +variable "db_application_name" { + description = "The name of the application providing the `database` endpoint." + type = string + default = "" +} + +variable "certs_application_name" { + description = "Name of the application providing the `certificates` integration endpoint." + type = string + default = "" +} From 77deada6298774292368489e748f368aa9d9208f Mon Sep 17 00:00:00 2001 From: gatici Date: Mon, 5 Feb 2024 15:40:55 +0300 Subject: [PATCH 2/2] Add the Github workflow for the Terraform checks Signed-off-by: gatici --- .github/ISSUE_TEMPLATE/bug_report.md | 1 + .github/workflows/main.yaml | 3 + terraform/CONTRIBUTING.md | 86 -------------------------- terraform/README.md | 91 +++++++++++----------------- terraform/main.tf | 34 ++--------- terraform/outputs.tf | 24 +++++++- terraform/terraform.tfvars | 7 --- terraform/variables.tf | 17 +++--- 8 files changed, 73 insertions(+), 190 deletions(-) delete mode 100644 terraform/CONTRIBUTING.md delete mode 100644 terraform/terraform.tfvars diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 584d35d..1d9e946 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -32,6 +32,7 @@ assignees: '' - Juju version (output from `juju --version`): - Cloud Environment: - Kubernetes version (output from `kubectl version --short`): +- Terraform version (output from `terraform version`): #### Additional context diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 097cc01..08050c2 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -18,6 +18,9 @@ jobs: lint-report: uses: canonical/sdcore-github-workflows/.github/workflows/lint-report.yaml@main + terraform-check: + uses: canonical/sdcore-github-workflows/.github/workflows/terraform.yaml@main + static-analysis: uses: canonical/sdcore-github-workflows/.github/workflows/static-analysis.yaml@main diff --git a/terraform/CONTRIBUTING.md b/terraform/CONTRIBUTING.md deleted file mode 100644 index 9a421a2..0000000 --- a/terraform/CONTRIBUTING.md +++ /dev/null @@ -1,86 +0,0 @@ -# Contributing - -## Development environment - -### Prerequisites - -Make sure the following software and tools are installed in the development -environment. - -- `microk8s` -- `juju` -- `terraform` - -### Prepare Development Environment - -Install Microk8s: - -```console -sudo snap install microk8s --channel=1.27-strict/stable -sudo usermod -a -G snap_microk8s $USER -newgrp snap_microk8s -``` - -Enable `storage` plugin for Microk8s: - -```console -sudo microk8s enable hostpath-storage -``` - -Install Juju: - -```console -sudo snap install juju --channel=3.1/stable -``` - -Install Terraform: - -```console -sudo snap install --classic terraform -``` - -Bootstrap the Juju Controller using Microk8s: - -```console -juju bootstrap microk8s -``` - -Add a Juju model: - -```console -juju add model -```` - -### Terraform provider - -The Terraform module uses the Juju provider to provision Juju resources. Please refer to the [Juju provider documentation](https://registry.terraform.io/providers/juju/juju/latest/docs) for more information. - -A Terraform working directory needs to be initialized at the beginning. - -Initialise the provider: - -```console -terraform init -``` - -## Testing - -Terraform CLI provides various ways to do formatting and validation. - -Formats to a canonical format and style: - -```console -terraform fmt -``` - -Check the syntactical validation: - -```console -terraform validate -``` - -Preview the changes: - -```console -terraform plan -``` diff --git a/terraform/README.md b/terraform/README.md index 0cddc60..7f6bb31 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1,72 +1,53 @@ # SD-Core NRF K8s Terraform Module -This SD-Core NRF K8s Terraform module aims to deploy the [sdcore-nrf-k8s charm](https://charmhub.io/sdcore-nrf-k8s) via Terraform. +This folder contains a base [Terraform][Terraform] module for the sdcore-nrf-k8s charm. -## Getting Started +The module uses the [Terraform Juju provider][Terraform Juju provider] to model the charm deployment onto any Kubernetes environment managed by [Juju][Juju]. -### Prerequisites +The base module is not intended to be deployed in separation (it is possible though), but should rather serve as a building block for higher level modules. -The following software and tools needs to be installed and should be running in the local environment. +## Module structure -- `microk8s` -- `juju 3.x` -- `terrafom` +- **main.tf** - Defines the Juju application to be deployed. +- **variables.tf** - Allows customization of the deployment options (Juju model name, channel or application name). +- **output.tf** - Responsible for integrating the module with other Terraform modules, primarily by defining potential integration endpoints (charm integrations), but also by exposing the application name. +- **terraform.tf** - Defines the Terraform provider. -### Deploy the sdcore-nrf-k8s charm using Terraform +## Using sdcore-nrf-k8s base module in higher level modules -Make sure that `storage` plugin is enabled for Microk8s: +If you want to use `sdcore-nrf-k8s` base module as part of your Terraform module, import it like shown below. -```console -sudo microk8s enable hostpath-storage +```text +module "sdcore-nrf-k8s" { + source = "git::https://github.com/canonical/sdcore-nrf-k8s-operator//terraform" + model_name = "juju_model_name" + # Optional Configurations + # channel = "put the Charm channel here" + # app_name = "put the application name here" +} ``` -Add a Juju model: +Create the integrations, for instance: -```console -juju add model -``` - -Initialise the provider: - -```console -terraform init -``` - -Customize the configuration inputs under `terraform.tfvars` file according to requirement. +```text +resource "juju_integration" "nrf-db" { + model = var.model_name -Replace the values in the `terraform.tfvars` file: + application { + name = module.nrf.app_name + endpoint = module.nrf.database_endpoint + } -```yaml -# Mandatory Config Options -model_name = "put your model-name here" -db_application_name = "put your mongodb app name here" -certs_application_name = "put your self-signed-certificates app name here" + application { + name = module.mongodb.app_name + endpoint = module.mongodb.database_endpoint + } +} ``` -Run Terraform Plan by providing var-file: +The complete list of available integrations can be found [here][nrf-integrations]. -```console -terraform plan -var-file="terraform.tfvars" -``` - -Deploy the resources, skip the approval: - -```console -terraform apply -auto-approve -``` - -### Check the Output - -Run `juju switch ` to switch to the target Juju model and observe the status of the application. - -```console -juju status --relations -``` - -### Clean up - -Remove the application: - -```console -terraform destroy -auto-approve -``` +[Terraform]: https://www.terraform.io/ +[Terraform Juju provider]: https://registry.terraform.io/providers/juju/juju/latest +[Juju]: https://juju.is +[nrf-integrations]: https://charmhub.io/sdcore-nrf-k8s/integrations diff --git a/terraform/main.tf b/terraform/main.tf index c89bab8..3332591 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,5 +1,8 @@ -resource "juju_application" "nrf" { - name = "nrf" +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. + +resource "juju_application" "sdcore-nrf-k8s" { + name = var.app_name model = var.model_name charm { @@ -10,31 +13,4 @@ resource "juju_application" "nrf" { trust = true } -resource "juju_integration" "nrf-db" { - model = var.model_name - - application { - name = juju_application.nrf.name - endpoint = "database" - } - - application { - name = var.db_application_name - endpoint = "database" - } -} - -resource "juju_integration" "nrf-certs" { - model = var.model_name - - application { - name = juju_application.nrf.name - endpoint = "certificates" - } - - application { - name = var.certs_application_name - endpoint = "certificates" - } -} diff --git a/terraform/outputs.tf b/terraform/outputs.tf index cbfbbb9..9d5ec52 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,4 +1,22 @@ -output "nrf_application_name" { +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. + +output "app_name" { description = "Name of the deployed application." - value = juju_application.nrf.name -} \ No newline at end of file + value = juju_application.sdcore-nrf-k8s.name +} + +output "database_endpoint" { + description = "Name of the endpoint to integrate with MongoDB using mongodb_client interface." + value = "database" +} + +output "certificates_endpoint" { + description = "Name of the endpoint to get the X.509 certificate using tls-certificates interface." + value = "certificates" +} + +output "fiveg_nrf_endpoint" { + description = "Name of the endpoint to provide fiveg_nrf interface." + value = "fiveg-nrf" +} diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars deleted file mode 100644 index fa5483c..0000000 --- a/terraform/terraform.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -# Mandatory Config Options -model_name = "put your model-name here" -db_application_name = "put your mongodb app name here" -certs_application_name = "put your self-signed-certificates app name here" - -# Optional Configuration -channel = "put the charm channel here" diff --git a/terraform/variables.tf b/terraform/variables.tf index 542ec02..67614d7 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,3 +1,6 @@ +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. + variable "model_name" { description = "Name of Juju model to deploy application to." type = string @@ -10,14 +13,8 @@ variable "channel" { default = "1.3/edge" } -variable "db_application_name" { - description = "The name of the application providing the `database` endpoint." +variable "app_name" { + description = "Name of the application in the Juju model" type = string - default = "" -} - -variable "certs_application_name" { - description = "Name of the application providing the `certificates` integration endpoint." - type = string - default = "" -} + default = "nrf" +} \ No newline at end of file