gitpod-io · roboquat · Sep 27, 2022 · Sep 9, 2022 · adrienthebo · Sep 21, 2022
@@ -4,6 +4,25 @@ output "database" {
     instance            = "${var.gcp_project}:${var.gcp_region}:${google_sql_database_instance.gitpod.name}"
     username            = "${google_sql_user.users.name}"
     password            = random_password.password.result
-    service_account_key = "Upload the JSON file corresponding the service account credentials"
+    service_account_key_path = var.credentials
   }, "No database created")
 }
+
+output "registry" {
+  sensitive = true
+  value = try({
+    url      = "gcr.io/${var.gcp_project}"
+    server   = "gcr.io"
+    username = "_json_key"
+    password_file_path = var.credentials
+  }, "No container registry created")
+}
+
+output "storage" {
+  sensitive = true
+  value = try({
+    region      = var.gcp_region
+    project     = var.gcp_project
+    service_account_key_path = var.credentials
+  }, "No GCS bucket created for object storage")
+}
@@ -0,0 +1,123 @@
+##
+# Terraform AWS reference architecture
+#
+
+.PHONY: init
+init:
+	@terraform init
+
+touch-kubeconfig:
+	@touch kubeconfig
+
+cleanup-kubeconfig:
+	@rm kubeconfig
+
+.PHONY: plan
+plan: touch-kubeconfig plan-cluster plan-cm-edns cleanup-kubeconfig
+
+.PHONY: apply
+apply: apply-cluster apply-tools
+
+.PHONY: destroy
+destroy: destroy-tools destroy-cluster
+
+.PHONY: refresh
+refresh:
+	@echo "Refreshing terraform state"
+	@terraform refresh
+	@echo ""
+	@echo "Done!"
+
+.PHONY: output
+output: refresh output-done-msg output-url output-registry output-database output-storage output-issuer
+
+output-done-msg:
+	@echo ""
+	@echo ""
+	@echo "=========================="
+	@echo "🎉🥳🔥🧡🚀"
+	@echo "Your cloud infrastructure is ready to install Gitpod. Please visit"
+	@echo "https://www.gitpod.io/docs/self-hosted/latest/getting-started#step-4-install-gitpod"
+	@echo "for your next steps."
+	@echo "================="
+	@echo "Config Parameters"
+	@echo "================="
+
+output-url:
+	@echo ""
+	@echo "Gitpod domain name:"
+	@echo "================="
+	@terraform output -json url | jq
+
+output-storage:
+	@echo ""
+	@echo "Object storage:"
+	@echo "=============="
+	@terraform output -json storage | jq
+
+output-registry:
+	@echo ""
+	@echo "GCR registry:"
+	@echo "=================="
+	@terraform output -json registry | jq
+
+output-database:
+	@echo ""
+	@echo "Database:"
+	@echo "========"
+	@echo "Tick the option 'Use Google Cloud SQL Proxy' if using this database"
+	@terraform output -json database | jq
+	@echo ""
+
+output-issuer:
+	@echo ""
+	@echo "ClusterIssuer name:"
+	@echo "================="
+	@terraform output -json cluster_issuer | jq
+
+.PHONY: plan-cluster
+plan-cluster:
+	@terraform plan -target=module.k3s
+
+.PHONY: plan-tools
+plan-tools: plan-cm-edns plan-cluster-issuer
+
+.PHONY: plan-cm-edns
+plan-cm-edns:
+	@terraform plan -target=module.certmanager -target=module.externaldns
+
+.PHONY: plan-cluster-issuer
+plan-cluster-issuer:
+	@terraform plan -target=module.cluster-issuer
+
+.PHONY: apply-cluster
+apply-cluster:
+	@terraform apply -target=module.k3s --auto-approve
+
+.PHONY: apply-tools
+apply-tools: install-cm-edns install-cluster-issuer
+
+.PHONY: install-cm-edns
+install-cm-edns:
+	@terraform apply -target=module.certmanager -target=module.externaldns --auto-approve
+
+.PHONY: install-cluster-issuer
+install-cluster-issuer:
+	@terraform apply -target=module.cluster-issuer  --auto-approve
+
+.PHONY: destroy-cluster
+destroy-cluster:
+	@terraform destroy -target=module.k3s --auto-approve
+
+.PHONY: destroy-tools
+destroy-tools: destroy-cluster-issuer destroy-cm-edns
+
+.PHONY: destroy-cm-edns
+destroy-cm-edns:
+	@terraform destroy -target=module.certmanager  -target=module.externaldns --auto-approve
+
+.PHONY: destroy-cluster-issuer
+destroy-cluster-issuer:
+	@terraform destroy -target=module.cluster-issuer  --auto-approve || echo "Could not remove cluster-issuer"
+
+# end
@@ -0,0 +1,16 @@
+module "k3s" {
+  source = "../../modules/k3s"
+
+  name             = var.name
+  gcp_project      = var.project
+  gcp_region       = var.region
+  gcp_zone         = var.zone
+  credentials      = var.credentials_path
+  kubeconfig       = var.kubeconfig
+  dns_sa_creds     = var.credentials_path
-  credentials      = var.credentials_path
-  kubeconfig       = var.kubeconfig
-  dns_sa_creds     = var.credentials_path
+  credentials      = local.credentials
+  kubeconfig       = var.kubeconfig
+  dns_sa_creds     = local.credentials
-  credentials      = var.credentials_path
-  kubeconfig       = var.kubeconfig
-  dns_sa_creds     = var.credentials_path
+  credentials      = local.credentials
+  kubeconfig       = var.kubeconfig
+  dns_sa_creds     = local.credentials
+  dns_project      = var.project
+  managed_dns_zone = var.managed_dns_zone
+  domain_name      = var.domain_name
+  cluster_version  = var.cluster_version
+  image_id         = var.image_id
+}
@@ -0,0 +1,3 @@
+locals {
+  credentials = "${file(var.credentials_path)}"
+}
@@ -0,0 +1,20 @@
+terraform {
+  backend "gcs" {
+    bucket = "gitpod-tf"
+    prefix = "k3s/terraform.state"
+  }
+
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+
+    helm = {
+      source = "hashicorp/helm"
+    }
+  }
+}
@@ -0,0 +1,22 @@
+output "database" {
+    sensitive = true
+    value = module.k3s.database
+}
+
+output "registry" {
+    sensitive = true
+    value = module.k3s.registry
+}
+
+output "storage" {
+    sensitive = true
+    value = module.k3s.storage
+}
+
+output "url" {
+  value = var.domain_name
+}
+
+output "cluster_issuer" {
+  value     = module.cluster-issuer.cluster_issuer
+}
@@ -0,0 +1,16 @@
+name = "gitpod"
+
+domain_name =
+
+region      = "europe-west1"
+zone        = "europe-west1-b"
+project     =
+credentials_path = "key.json"
+
+cluster_version = "v1.22.12+k3s1"
+
+image_id = "ubuntu-2204-jammy-v20220712a"
+
+kubeconfig = "./kubeconfig"
+
+managed_dns_zone =
@@ -0,0 +1,19 @@
+module "certmanager" {
+  source = "../../modules/tools/cert-manager"
+
+  kubeconfig  = var.kubeconfig
+}
+
+module "cluster-issuer" {
+  source              = "../../modules/tools/issuer"
+  kubeconfig          = var.kubeconfig
+  gcp_credentials     = local.credentials
+  issuer_name         = "cloudDNS"
+  cert_manager_issuer = {
+    project                 = var.project
+    serviceAccountSecretRef = {
+      name = "clouddns-dns01-solver"
+      key  = "keys.json"
+    }
+  }
+}
@@ -0,0 +1,48 @@
+variable "kubeconfig" {
+  description = "The KUBECONFIG file path to store the resulting KUBECONFIG file to"
+  default     = "./kubeconfig"
+}
+
+variable "project" {
+  description = "Google cloud Region to perform operations in"
+}
+
+variable "region" {
+  description = "Google cloud Region to perform operations in"
+  default     = "europe-west1"
+}
+
+variable "zone" {
+  description = "Google cloud Zone to perform operations in"
+  default     = "europe-west1-b"
+}
+
+variable "credentials_path" {
+  description = "Path to the JSON file storing Google service account credentials"
+  default     = ""
+}
+
+variable "name" {
+  description = "Prefix name for the nodes and firewall"
+  default     = "k3s"
+}
+
+variable "image_id" {
+  description = "Node image ID to be used to provision EC2 instances"
+  default     = "ubuntu-2004-focal-v20220419"
+}
+
+variable "cluster_version" {
+  description = "Kubernetes version to use to provision the cluster"
+  default     = "v1.22.12+k3s1"
+}
+
+variable "domain_name" {
+  description = "Domain name to add to add DNS map to"
+  default     = null
+}
+
+variable "managed_dns_zone" {
+  description = "The Cloud DNS managed zone where Gitpod A records will be created"
+  default     = null
+}