Merge pull request #71 from dasmeta/DMVP-2544-api-gw-crd

DMVP-2544: Create API Gateway integration
dasmeta · Sep 30, 2023 · 54ca367 · 54ca367
2 parents 42c7f1c + 39ecb9b
commit 54ca367
Show file tree

Hide file tree

Showing 11 changed files with 192 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -235,6 +235,7 @@ worker_groups = {
 | <a name="input_adot_version"></a> [adot\_version](#input\_adot\_version) | The version of the AWS Distro for OpenTelemetry addon to use. | `string` | `"v0.78.0-eksbuild.1"` | no |
 | <a name="input_alb_log_bucket_name"></a> [alb\_log\_bucket\_name](#input\_alb\_log\_bucket\_name) | n/a | `string` | `""` | no |
 | <a name="input_alb_log_bucket_path"></a> [alb\_log\_bucket\_path](#input\_alb\_log\_bucket\_path) | ALB-INGRESS-CONTROLLER | `string` | `""` | no |
+| <a name="input_api_gateway_resources"></a> [api\_gateway\_resources](#input\_api\_gateway\_resources) | Nested map containing API, Stage, and VPC Link resources | <pre>list(object({<br>    namespace = string<br>    api = object({<br>      name         = string<br>      protocolType = string<br>    })<br>    stages = optional(list(object({<br>      name        = string<br>      namespace   = string<br>      apiRef_name = string<br>      stageName   = string<br>      autoDeploy  = bool<br>      description = string<br>    })))<br>    vpc_links = optional(list(object({<br>      name      = string<br>      namespace = string<br>    })))<br>  }))</pre> | n/a | yes |
 | <a name="input_api_gw_deploy_region"></a> [api\_gw\_deploy\_region](#input\_api\_gw\_deploy\_region) | Region in which API gatewat will be configured | `string` | `""` | no |
 | <a name="input_autoscaler_image_patch"></a> [autoscaler\_image\_patch](#input\_autoscaler\_image\_patch) | The patch number of autoscaler image | `number` | `0` | no |
 | <a name="input_autoscaler_limits"></a> [autoscaler\_limits](#input\_autoscaler\_limits) | n/a | <pre>object({<br>    cpu    = string<br>    memory = string<br>  })</pre> | <pre>{<br>  "cpu": "100m",<br>  "memory": "600Mi"<br>}</pre> | no |

diff --git a/main.tf b/main.tf
@@ -395,4 +395,8 @@ module "api-gw-controller" {
   cluster_name     = var.cluster_name
   cluster_oidc_arn = module.eks-cluster[0].oidc_provider_arn
   deploy_region    = var.api_gw_deploy_region
+
+  api_gateway_resources = var.api_gateway_resources
+  vpc_id                = var.api_gateway_resources[0].vpc_links != null ? module.vpc[0].id : null
+  subnet_ids            = var.api_gateway_resources[0].vpc_links != null ? (var.vpc.create.private_subnets != {} ? module.vpc[0].private_subnets : var.vpc.link.private_subnet_ids) : null
 }
diff --git a/modules/api-gw/README.md b/modules/api-gw/README.md
@@ -43,19 +43,28 @@ No modules.
 |------|------|
 | [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_security_group.api-gw-sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [helm_release.api-gw-release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_manifest.api](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.stage](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.vpc_link](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_service_account.servciceaccount](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
 | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_subnet.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_api_gateway_resources"></a> [api\_gateway\_resources](#input\_api\_gateway\_resources) | Nested map containing API, Stage, and VPC Link resources | <pre>list(object({<br>    namespace = string<br>    api = object({<br>      name         = string<br>      protocolType = string<br>    })<br>    stages = optional(list(object({<br>      namespace   = string<br>      name        = string<br>      apiRef_name = string<br>      stageName   = string<br>      autoDeploy  = bool<br>      description = string<br>    })))<br>    vpc_links = optional(list(object({<br>      namespace = string<br>      name      = string<br>    })))<br>  }))</pre> | n/a | yes |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Chart version of api-gw | `string` | `"0.0.17"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Cluster name to pass to role | `string` | n/a | yes |
 | <a name="input_cluster_oidc_arn"></a> [cluster\_oidc\_arn](#input\_cluster\_oidc\_arn) | Cluster OIDC arn to pass to policy | `string` | n/a | yes |
 | <a name="input_deploy_region"></a> [deploy\_region](#input\_deploy\_region) | Region in which API gatewat will be configured | `string` | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | n/a | `list(string)` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/modules/api-gw/apis.tf b/modules/api-gw/apis.tf
@@ -0,0 +1,15 @@
+resource "kubernetes_manifest" "api" {
+  for_each = { for index, api in var.api_gateway_resources : index => api }
+  manifest = {
+    apiVersion = "apigatewayv2.services.k8s.aws/v1alpha1"
+    kind       = "API"
+    metadata = {
+      name      = each.value.api.name
+      namespace = each.value.namespace
+    }
+    spec = {
+      name         = each.value.api.name
+      protocolType = each.value.api.protocolType
+    }
+  }
+}
diff --git a/modules/api-gw/stages.tf b/modules/api-gw/stages.tf
@@ -0,0 +1,22 @@
+resource "kubernetes_manifest" "stage" {
+  #for_each =  { for api in flatten([for api in var.api_gateway_resources : api.stages]) : api.name => api }
+  for_each = { for stage in flatten([for api in var.api_gateway_resources : api.stages != null ? api.stages : []]) : stage.name => stage }
+  manifest = {
+    apiVersion = "apigatewayv2.services.k8s.aws/v1alpha1"
+    kind       = "Stage"
+    metadata = {
+      name      = each.value.name
+      namespace = each.value.namespace != null ? each.value.namespace : "default"
+    }
+    spec = {
+      apiRef = {
+        from = {
+          name = each.value.apiRef_name
+        }
+      }
+      stageName   = each.value.stageName
+      autoDeploy  = each.value.autoDeploy
+      description = each.value.description
+    }
+  }
+}
diff --git a/modules/api-gw/tests/basic/0-setup.tf b/modules/api-gw/tests/basic/0-setup.tf
@@ -0,0 +1,6 @@
+# data
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
diff --git a/modules/api-gw/tests/basic/1-example.tf b/modules/api-gw/tests/basic/1-example.tf
@@ -0,0 +1,3 @@
+module "basic" {
+  source = "../.."
+}
diff --git a/modules/api-gw/tests/basic/README.md b/modules/api-gw/tests/basic/README.md
@@ -0,0 +1,29 @@
+# basic
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_basic"></a> [basic](#module\_basic) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/api-gw/variables.tf b/modules/api-gw/variables.tf
@@ -18,3 +18,34 @@ variable "deploy_region" {
   description = "Region in which API gatewat will be configured"
   type        = string
 }
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "subnet_ids" {
+  type = list(string)
+}
+
+variable "api_gateway_resources" {
+  description = "Nested map containing API, Stage, and VPC Link resources"
+  type = list(object({
+    namespace = string
+    api = object({
+      name         = string
+      protocolType = string
+    })
+    stages = optional(list(object({
+      namespace   = string
+      name        = string
+      apiRef_name = string
+      stageName   = string
+      autoDeploy  = bool
+      description = string
+    })))
+    vpc_links = optional(list(object({
+      namespace = string
+      name      = string
+    })))
+  }))
+}
diff --git a/modules/api-gw/vpc-links.tf b/modules/api-gw/vpc-links.tf
@@ -0,0 +1,50 @@
+data "aws_region" "this" {}
+
+data "aws_subnet" "selected" {
+  count = var.api_gateway_resources[0].vpc_links != null ? length(local.subnet_ids) : 0
+  id    = local.subnet_ids[count.index]
+}
+
+resource "kubernetes_manifest" "vpc_link" {
+  #for_each = { for link in flatten([for api in var.api_gateway_resources : api.vpc_links]) : link.name => link }
+  for_each = { for link in flatten([for api in var.api_gateway_resources : api.vpc_links != null ? api.vpc_links : []]) : link.name => link }
+  manifest = {
+    apiVersion = "apigatewayv2.services.k8s.aws/v1alpha1"
+    kind       = "VPCLink"
+    metadata = {
+      name      = each.value.name
+      namespace = each.value.namespace != null ? each.value.namespace : "default"
+    }
+    spec = {
+      name             = each.value.name
+      securityGroupIDs = [aws_security_group.api-gw-sg[0].id]
+      subnetIDs        = var.subnet_ids
+    }
+  }
+}
+
+resource "aws_security_group" "api-gw-sg" {
+  count       = var.api_gateway_resources[0].vpc_links != null ? 1 : 0
+  vpc_id      = var.vpc_id
+  name        = "aws-api-gw-${var.cluster_name}-${data.aws_region.this.name}-sg"
+  description = "Allow traffic from EKS to API gateway"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = local.cidrs
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+locals {
+  subnet_ids = var.subnet_ids
+  cidrs      = [for s in data.aws_subnet.selected : s.cidr_block]
+}
diff --git a/variables.tf b/variables.tf
@@ -368,6 +368,28 @@ variable "api_gw_deploy_region" {
   default     = ""
 }
 
+variable "api_gateway_resources" {
+  description = "Nested map containing API, Stage, and VPC Link resources"
+  type = list(object({
+    namespace = string
+    api = object({
+      name         = string
+      protocolType = string
+    })
+    stages = optional(list(object({
+      name        = string
+      namespace   = string
+      apiRef_name = string
+      stageName   = string
+      autoDeploy  = bool
+      description = string
+    })))
+    vpc_links = optional(list(object({
+      name      = string
+      namespace = string
+    })))
+  }))
+}
 variable "enable_node_problem_detector" {
   type    = bool
   default = true