feat: add drone config for e2e

Add drone config for e2e testing from talos repo. Also add tfdocs generation. Signed-off-by: Noel Georgi <[email protected]>
siderolabs · Aug 11, 2023 · d73d98c · d73d98c
1 parent 43ecfa1
commit d73d98c
Show file tree

Hide file tree

Showing 14 changed files with 654 additions and 19 deletions.
diff --git a/.drone.yaml b/.drone.yaml
@@ -0,0 +1,117 @@
+---
+kind: pipeline
+name: default
+type: kubernetes
+
+steps:
+  - name: tf-apply
+    image: autonomy/build-container:latest
+    pull: always
+    environment:
+      ARM_SUBSCRIPTION_ID:
+        from_secret: 'azure_subscription_id'
+      AZURE_STORAGE_ACCOUNT:
+        from_secret: 'az_storage_account'
+      ARM_CLIENT_ID:
+        from_secret: 'az_storage_user'
+      ARM_CLIENT_SECRET:
+        from_secret: 'az_storage_pass'
+      ARM_TENANT_ID:
+        from_secret: 'azure_tenant_id'
+      AWS_ACCESS_KEY_ID:
+        from_secret: 'aws_access_key_id'
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: 'aws_secret_access_key'
+    commands:
+      - apk add --no-cache terraform
+      - mkdir -p _out
+      - cp hack/backend.tf examples/terraform/${TYPE}/backend.tf
+      - az login --service-principal -u "$${ARM_CLIENT_ID}" -p "$${ARM_CLIENT_SECRET}" --tenant "$${ARM_TENANT_ID}"
+      - az storage blob download-batch --overwrite -d _out --pattern "e2e-$${TYPE}-generated/*" -s ${BUCKET_PATH}
+      # copying the downloaded vars
+      - mv _out/e2e-${TYPE}-generated/* examples/terraform/${TYPE}
+      - terraform -chdir=examples/terraform/${TYPE} init -backend-config="resource_group_name=General" -backend-config="storage_account_name=$${AZURE_STORAGE_ACCOUNT}" -backend-config="container_name=${BUCKET_PATH}" -backend-config="key=${TYPE}-terraform.tfstate"
+      # - terraform -chdir=examples/terraform/${TYPE} plan -var-file="vars.json"
+      - terraform -chdir=examples/terraform/${TYPE} apply -auto-approve -var-file="vars.json"
+      - terraform -chdir=examples/terraform/${TYPE} output -raw talosconfig > talosconfig
+      - terraform -chdir=examples/terraform/${TYPE} output -raw kubeconfig > kubeconfig
+      - az storage blob upload --overwrite -f talosconfig -n e2e-${TYPE}-talosconfig -c ${BUCKET_PATH}
+      - az storage blob upload --overwrite -f kubeconfig -n e2e-${TYPE}-kubeconfig -c ${BUCKET_PATH}
+    when:
+      event:
+        - promote
+      target:
+        - e2e-talos-tf-apply
+  - name: tf-destroy
+    image: autonomy/build-container:latest
+    pull: always
+    environment:
+      ARM_SUBSCRIPTION_ID:
+        from_secret: 'azure_subscription_id'
+      AZURE_STORAGE_ACCOUNT:
+        from_secret: 'az_storage_account'
+      ARM_CLIENT_ID:
+        from_secret: 'az_storage_user'
+      ARM_CLIENT_SECRET:
+        from_secret: 'az_storage_pass'
+      ARM_TENANT_ID:
+        from_secret: 'azure_tenant_id'
+      AWS_ACCESS_KEY_ID:
+        from_secret: 'aws_access_key_id'
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: 'aws_secret_access_key'
+    commands:
+      - apk add --no-cache terraform
+      - cp hack/backend.tf examples/terraform/${TYPE}/backend.tf
+      - terraform -chdir=examples/terraform/${TYPE} init -backend-config="resource_group_name=General" -backend-config="storage_account_name=$${AZURE_STORAGE_ACCOUNT}" -backend-config="container_name=${BUCKET_PATH}" -backend-config="key=${TYPE}-terraform.tfstate"
+      # lets remove the talosconfig/kubeconfig data source so destroy is not blocked
+      - terraform -chdir=examples/terraform/${TYPE} state rm data.talos_client_configuration.this data.talos_cluster_kubeconfig.this
+      - terraform -chdir=examples/terraform/${TYPE} apply -destroy -auto-approve
+    when:
+      event:
+        - promote
+      target:
+        - e2e-talos-tf-destroy
+
+trigger:
+  event:
+    exclude:
+      - tag
+      - push
+      - pull_request
+  branch:
+    exclude:
+    - renovate/*
+    - dependabot/*
+
+---
+kind: pipeline
+type: kubernetes
+name: notify
+
+clone:
+  disable: true
+
+steps:
+  - name: slack
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: slack_webhook
+      channel: proj-talos-maintainers
+    when:
+      status:
+        - success
+        - failure
+
+trigger:
+  branch:
+    exclude:
+    - renovate/*
+    - dependabot/*
+  status:
+  - success
+  - failure
+
+depends_on:
+  - default
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -13,6 +13,10 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_wrapper: false
+      - name: Setup TF docs
+        uses: jaxxstorm/[email protected]
+        with:
+          repo: terraform-docs/terraform-docs
       - name: dirty-check
         run: |
           make check-dirty
diff --git a/Makefile b/Makefile
@@ -1,5 +1,7 @@
 TAG ?= $(shell git describe --tag --always --dirty)
 
+TF_PROJECTS := $(shell find examples/terraform/ -name '.terraform' -prune -o -name 'main.tf' -exec dirname {} \;)
+
 # renovate: datasource=helm depName=aws-cloud-controller-manager
 AWS_CCM_HELM_CHART_VERSION ?= 0.0.7
 # renovate: datasource=github-releases depName=kubernetes/cloud-provider-aws
@@ -10,7 +12,10 @@ fmt:
 	terraform fmt -recursive
 
 .PHONY: generate
-generate: aws-ccm
+generate: aws-ccm tfdocs
+
+tfdocs:
+	$(foreach project,$(TF_PROJECTS),terraform-docs markdown --output-file README.md --output-mode inject $(project);)
 
 .PHONY: check-dirty
 check-dirty: fmt generate ## Verifies that source tree is not dirty

diff --git a/examples/terraform/advanced/README.md b/examples/terraform/advanced/README.md
@@ -19,3 +19,73 @@ If different configurations are required, override them through command line wit
 Destroying the cluster should, again, be a simple `terraform destroy`.
 
 Getting the kubeconfig and talosconfig for this cluster can be done with `terraform output -raw kubeconfig > <desired-path-and-filename>` and `terraform output -raw talosconfig > <desired-path-and-filename>`.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) | 0.7.1 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.5.1 |
+| <a name="requirement_talos"></a> [talos](#requirement\_talos) | 0.2.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | 4.0.4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) | 0.7.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
+| <a name="provider_talos"></a> [talos](#provider\_talos) | 0.2.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.4 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_bootstrap_token"></a> [bootstrap\_token](#module\_bootstrap\_token) | ./modules/bootstrap_token | n/a |
+| <a name="module_trustdinfo_token"></a> [trustdinfo\_token](#module\_trustdinfo\_token) | ./modules/bootstrap_token | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [libvirt_domain.cp](https://registry.terraform.io/providers/dmacvicar/libvirt/0.7.1/docs/resources/domain) | resource |
+| [libvirt_volume.cp](https://registry.terraform.io/providers/dmacvicar/libvirt/0.7.1/docs/resources/volume) | resource |
+| [random_id.cluster_id](https://registry.terraform.io/providers/hashicorp/random/3.5.1/docs/resources/id) | resource |
+| [random_id.cluster_secret](https://registry.terraform.io/providers/hashicorp/random/3.5.1/docs/resources/id) | resource |
+| [random_id.secretbox_encryption_secret](https://registry.terraform.io/providers/hashicorp/random/3.5.1/docs/resources/id) | resource |
+| [talos_machine_bootstrap.this](https://registry.terraform.io/providers/siderolabs/talos/0.2.0/docs/resources/machine_bootstrap) | resource |
+| [talos_machine_configuration_apply.this](https://registry.terraform.io/providers/siderolabs/talos/0.2.0/docs/resources/machine_configuration_apply) | resource |
+| [tls_cert_request.client_csr](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/cert_request) | resource |
+| [tls_cert_request.k8s_client_csr](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/cert_request) | resource |
+| [tls_locally_signed_cert.client_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/locally_signed_cert) | resource |
+| [tls_locally_signed_cert.k8s_client_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/locally_signed_cert) | resource |
+| [tls_private_key.client_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.etcd_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.k8s_aggregator_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.k8s_client_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.k8s_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.k8s_serviceaccount_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_private_key.os_key](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/private_key) | resource |
+| [tls_self_signed_cert.etcd_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/self_signed_cert) | resource |
+| [tls_self_signed_cert.k8s_aggregator_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/self_signed_cert) | resource |
+| [tls_self_signed_cert.k8s_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/self_signed_cert) | resource |
+| [tls_self_signed_cert.os_cert](https://registry.terraform.io/providers/hashicorp/tls/4.0.4/docs/resources/self_signed_cert) | resource |
+| [talos_client_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/0.2.0/docs/data-sources/client_configuration) | data source |
+| [talos_machine_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/0.2.0/docs/data-sources/machine_configuration) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | A name to provide for the Talos cluster | `string` | n/a | yes |
+| <a name="input_iso_path"></a> [iso\_path](#input\_iso\_path) | Path to the Talos ISO | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_kubeconfig"></a> [kubeconfig](#output\_kubeconfig) | n/a |
+| <a name="output_talosconfig"></a> [talosconfig](#output\_talosconfig) | n/a |
+<!-- END_TF_DOCS -->
diff --git a/examples/terraform/advanced/modules/bootstrap_token/README.md b/examples/terraform/advanced/modules/bootstrap_token/README.md
@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.5.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_string.token_prefix](https://registry.terraform.io/providers/hashicorp/random/3.5.1/docs/resources/string) | resource |
+| [random_string.token_suffix](https://registry.terraform.io/providers/hashicorp/random/3.5.1/docs/resources/string) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_bootstrap_token"></a> [bootstrap\_token](#output\_bootstrap\_token) | n/a |
+<!-- END_TF_DOCS -->
diff --git a/examples/terraform/aws/README.md b/examples/terraform/aws/README.md
@@ -1,19 +1,75 @@
-# AWS Terraform Example
+<!-- BEGIN_TF_DOCS -->
+## Requirements
 
-This example will create a load-balanced, HA Talos cluster on AWS.
-It will use the official Sidero Labs AMI of Talos that is present and should result in a stable, maintainable cluster.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
+| <a name="requirement_talos"></a> [talos](#requirement\_talos) | 0.3.0-beta.0 |
 
-## Prereqs
+## Providers
 
-Ensure your AWS environment is configured correctly (see https://registry.terraform.io/providers/hashicorp/aws/latest/docs#environment-variables and https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html for details).
-From this directory, issue `terraform init` to ensure the proper providers are pulled down.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
+| <a name="provider_talos"></a> [talos](#provider\_talos) | 0.3.0-beta.0 |
 
-## Usage
+## Modules
 
-To create a default cluster, this should be as simple as `terraform apply`.
-This will create a cluster called `talos-aws-example` with 3 control plane nodes and a single worker in the default AWS region.
-By default, the instances will be `c5.large`, with 2 VPU and 4GB RAM each.
-If different specs or regions are required, override them through command line with the `-var` flag or by creating a varsfile and overriding with `-var-file`.
-Destroying the cluster should, again, be a simple `terraform destroy`.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cluster_sg"></a> [cluster\_sg](#module\_cluster\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_elb_k8s_elb"></a> [elb\_k8s\_elb](#module\_elb\_k8s\_elb) | terraform-aws-modules/elb/aws | ~> 4.0 |
+| <a name="module_kubernetes_api_sg"></a> [kubernetes\_api\_sg](#module\_kubernetes\_api\_sg) | terraform-aws-modules/security-group/aws//modules/https-443 | ~> 4.0 |
+| <a name="module_talos_control_plane_nodes"></a> [talos\_control\_plane\_nodes](#module\_talos\_control\_plane\_nodes) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
+| <a name="module_talos_worker_group"></a> [talos\_worker\_group](#module\_talos\_worker\_group) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
+| <a name="module_talos_worker_nodes"></a> [talos\_worker\_nodes](#module\_talos\_worker\_nodes) | terraform-aws-modules/ec2-instance/aws | ~> 4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
-Getting the kubeconfig and talosconfig for this cluster can be done with `terraform output -raw kubeconfig > <desired-path-and-filename>` and `terraform output -raw talosconfig > <desired-path-and-filename>`
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.control_plane_ccm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.worker_ccm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [talos_machine_bootstrap.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/resources/machine_bootstrap) | resource |
+| [talos_machine_configuration_apply.controlplane](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/resources/machine_configuration_apply) | resource |
+| [talos_machine_configuration_apply.worker](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/resources/machine_configuration_apply) | resource |
+| [talos_machine_configuration_apply.worker_group](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/resources/machine_configuration_apply) | resource |
+| [talos_machine_secrets.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/resources/machine_secrets) | resource |
+| [aws_ami.talos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [talos_client_configuration.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/data-sources/client_configuration) | data source |
+| [talos_cluster_kubeconfig.this](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/data-sources/cluster_kubeconfig) | data source |
+| [talos_machine_configuration.controlplane](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/data-sources/machine_configuration) | data source |
+| [talos_machine_configuration.worker](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/data-sources/machine_configuration) | data source |
+| [talos_machine_configuration.worker_group](https://registry.terraform.io/providers/siderolabs/talos/0.3.0-beta.0/docs/data-sources/machine_configuration) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ami_id"></a> [ami\_id](#input\_ami\_id) | AMI ID to use for talos nodes, if not set the latest talos release ami id will be looked up | `string` | `""` | no |
+| <a name="input_ccm"></a> [ccm](#input\_ccm) | Whether to deploy aws cloud controller manager | `bool` | `false` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of cluster | `string` | `"talos-aws-example"` | no |
+| <a name="input_config_patch_files"></a> [config\_patch\_files](#input\_config\_patch\_files) | Path to talos config path files that applies to all nodes | `list(string)` | `[]` | no |
+| <a name="input_config_patch_files_control_plane"></a> [config\_patch\_files\_control\_plane](#input\_config\_patch\_files\_control\_plane) | Path to talos config path files that applies to all control plane nodes | `list(string)` | `[]` | no |
+| <a name="input_config_patch_files_worker"></a> [config\_patch\_files\_worker](#input\_config\_patch\_files\_worker) | Path to talos config path files that applies to all worker nodes | `list(string)` | `[]` | no |
+| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) | Extra tags to add to the cluster cloud resources | `map(string)` | `{}` | no |
+| <a name="input_instance_type_control_plane"></a> [instance\_type\_control\_plane](#input\_instance\_type\_control\_plane) | Instance type to use for the control plane nodes | `string` | `"c5.large"` | no |
+| <a name="input_instance_type_worker"></a> [instance\_type\_worker](#input\_instance\_type\_worker) | Instance type to use for the worker nodes | `string` | `"c5.large"` | no |
+| <a name="input_kubernetes_api_allowed_cidr"></a> [kubernetes\_api\_allowed\_cidr](#input\_kubernetes\_api\_allowed\_cidr) | The CIDR from which to allow to access the Kubernetes API | `string` | `"0.0.0.0/0"` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the cluster, if not set the k8s version shipped with the talos sdk version will be used | `string` | `null` | no |
+| <a name="input_num_control_planes"></a> [num\_control\_planes](#input\_num\_control\_planes) | Number of control plane nodes to create | `number` | `3` | no |
+| <a name="input_num_workers"></a> [num\_workers](#input\_num\_workers) | Number of worker nodes to create | `number` | `1` | no |
+| <a name="input_talos_api_allowed_cidr"></a> [talos\_api\_allowed\_cidr](#input\_talos\_api\_allowed\_cidr) | The CIDR from which to allow to access the Talos API | `string` | `"0.0.0.0/0"` | no |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"172.16.0.0/16"` | no |
+| <a name="input_worker_groups"></a> [worker\_groups](#input\_worker\_groups) | List of node worker node groups to create | <pre>list(object({<br>    name               = string<br>    instance_type      = string<br>    num_instances      = optional(number, 1)<br>    instance_profile   = optional(string, null)<br>    kubernetes_version = optional(string, null)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  }))</pre> | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_kubeconfig"></a> [kubeconfig](#output\_kubeconfig) | The generated kubeconfig. |
+| <a name="output_talosconfig"></a> [talosconfig](#output\_talosconfig) | The generated talosconfig. |
+<!-- END_TF_DOCS -->