feat: add local environment

Author: iverly

.gitignore

@@ -1,2 +1,3 @@
 .terraform
 terraform.tfvars
+.vscode/

ansible/create_cluster/k3d_config_local.yaml

@@ -0,0 +1,11 @@
+apiVersion: k3d.io/v1alpha4
+kind: Simple
+metadata:
+  name: kube-polycode-local
+network: host
+options:
+  k3s:
+    extraArgs:
+      - arg: --disable=traefik
+        nodeFilters:
+          - servers:*

charts/argo-cd/chart/templates/argocd-server/deployment.yaml

@@ -42,6 +42,9 @@ spec:
         imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
         command:
         - argocd-server
+        {{ if .Values.server.insecure }}
+        - --insecure
+        {{ end }}
         {{ if .Values.server.staticAssets.enabled }}
         - --staticassets
         - /shared/app

charts/argo-cd/local.values.yml

@@ -0,0 +1,99 @@
+server:
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+    hosts:
+      - argo.polycode.127.0.0.1.sslip.io
+  insecure: true # disable force tls from argo
+  additionalApplications:
+    - name: local-frontend
+      namespace: argo-cd
+      project: local
+      source:
+        repoURL: [email protected]:do-polycode/frontend.git
+        targetRevision: HEAD
+        path: helm/chart
+        helm:
+          releaseName: frontend
+          valueFiles:
+            - ../local.values.yaml
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: polycode
+    - name: local-api
+      namespace: argo-cd
+      project: local
+      source:
+        repoURL: [email protected]:do-polycode/backend.git
+        targetRevision: HEAD
+        path: helm/api/chart
+        helm:
+          releaseName: backend
+          valueFiles:
+            - ../local.values.yaml
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: polycode 
+    - name: local-runner
+      namespace: argo-cd
+      project: local
+      source:
+        repoURL: [email protected]:do-polycode/backend.git
+        targetRevision: HEAD
+        path: helm/runner/chart
+        helm:
+          releaseName: runner
+          valueFiles:
+            - ../local.values.yaml
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: polycode 
+    - name: postgresql
+      namespace: argo-cd
+      project: default
+      source:
+        repoURL: 'https://github.com/bitnami/charts.git'
+        path: bitnami/postgresql-ha
+        targetRevision: HEAD
+      destination:
+        server: 'https://kubernetes.default.svc'
+        namespace: polycode
+      helm:
+        releaseName: postgresql
+    - name: mongodb
+      namespace: argo-cd
+      project: default
+      source:
+        repoURL: 'https://github.com/bitnami/charts.git'
+        path: bitnami/mongodb
+        targetRevision: HEAD
+      destination:
+        server: 'https://kubernetes.default.svc'
+        namespace: polycode
+      helm:
+        releaseName: mongodb
+
+  additionalProjects:
+    - name: local
+      namespace: argo-cd
+      description: Polycode Local Project
+      sourceRepos:
+        - [email protected]:do-polycode/frontend.git
+        - [email protected]:do-polycode/backend.git
+      destinations:
+        - namespace: polycode
+          server: https://kubernetes.default.svc
+configs:
+  repositories:
+    frontend:
+      url: [email protected]:do-polycode/frontend.git
+      name: frontend
+    backend:
+      url: [email protected]:do-polycode/backend.git
+      name: backend
+  knownHosts:
+    data:
+      ssh_known_hosts: |
+        gitlab.polytech.umontpellier.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwrfX+ORYpnJXbL147VngSjRh581nL2pC5acEC9p9Zz
+        gitlab.polytech.umontpellier.fr ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLdTyDhj8idM5LvRVraa3Hcy877xd8T8q0xDzIYI+GdEbKOc+eN4Gqf9QlrKqfSHNo4ydzM8Wwoah+xehGUrYrM=

charts/ingress-nginx/local.values.yml

@@ -0,0 +1,8 @@
+grafana:
+  adminPassword: polycode-grafana
+  ingress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+    hosts:
+      - grafana.polycode.127.0.0.1.sslip.io

charts/kube-prometheus-stack/local.values.yml

@@ -0,0 +1,29 @@
+resource "helm_release" "argo_cd_release" {
+  name      = "argo-cd"
+  namespace = kubernetes_namespace.argo_cd_namespace.metadata[0].name
+
+  chart  = "../../../charts/argo-cd/chart"
+  values = ["${file("../../../charts/argo-cd/local.values.yml")}"]
+
+  set_sensitive {
+    name  = "configs.secret.argocdServerAdminPassword"
+    # This value need to be bcrypt hashed
+    # To hash it you can run : htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'
+    value = var.argo_cd_admin_password
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.frontend.sshPrivateKey"
+    value = var.gitlab_deploy_key
+  }
+
+  set_sensitive {
+    name  = "configs.repositories.backend.sshPrivateKey"
+    value = var.gitlab_deploy_key
+  }
+
+  depends_on = [
+    kubernetes_namespace.argo_cd_namespace,
+    helm_release.ingress_nginx_release
+  ]
+}

terraform/local/k8s-cluster/.terraform.lock.hcl

@@ -0,0 +1,11 @@
+resource "helm_release" "ingress_nginx_release" {
+  name      = "ingress-nginx"
+  namespace = kubernetes_namespace.ingress_nginx_namespace.metadata[0].name
+
+  chart  = "../../../charts/ingress-nginx/chart"
+  values = ["${file("../../../charts/ingress-nginx/local.values.yml")}"]
+
+  depends_on = [
+    kubernetes_namespace.ingress_nginx_namespace
+  ]
+}

terraform/local/k8s-cluster/deployment.tf

@@ -0,0 +1,17 @@
+resource "helm_release" "kube_prometheus_stack_release" {
+  name      = "kube-prometheus-stack"
+  namespace = kubernetes_namespace.kube_prometheus_stack_namespace.metadata[0].name
+
+  chart  = "../../../charts/kube-prometheus-stack/chart"
+  values = ["${file("../../../charts/kube-prometheus-stack/local.values.yml")}"]
+
+  set_sensitive {
+    name  = "grafana.adminPassword"
+    value = var.grafana_admin_password
+  }
+
+  depends_on = [
+    kubernetes_namespace.kube_prometheus_stack_namespace,
+    helm_release.ingress_nginx_release
+  ]
+}

terraform/local/k8s-cluster/ingress.tf

@@ -0,0 +1,23 @@
+resource "kubernetes_namespace" "polycode_namespace" {
+  metadata {
+    name = "polycode"
+  }
+}
+
+resource "kubernetes_namespace" "ingress_nginx_namespace" {
+  metadata {
+    name = "ingress-nginx"
+  }
+}
+
+resource "kubernetes_namespace" "kube_prometheus_stack_namespace" {
+  metadata {
+    name = "kube-prometheus-stack"
+  }
+}
+
+resource "kubernetes_namespace" "argo_cd_namespace" {
+  metadata {
+    name = "argo-cd"
+  }
+}

terraform/local/k8s-cluster/monitoring.tf

@@ -0,0 +1,11 @@
+provider "kubernetes" {
+  config_path    = var.kubeconfig_path
+  config_context = var.kubeconfig_context_name
+}
+
+provider "helm" {
+  kubernetes {
+    config_path    = var.kubeconfig_path
+    config_context = var.kubeconfig_context_name
+  }
+}

terraform/local/k8s-cluster/namespaces.tf

@@ -0,0 +1,24 @@
+resource "kubernetes_secret" "gitlab_registry_pull_secret" {
+  metadata {
+    name      = "registry-credentials"
+    namespace = kubernetes_namespace.polycode_namespace.metadata[0].name
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+
+  data = {
+    ".dockerconfigjson" = <<EOF
+      {
+        "auths" : {
+          "https://docker.repo.nexus.polycode.do-2021.fr" : {
+            "username" : "local-docker-pull",
+            "password" : "${var.container_registry_password}",
+            "email" : "[email protected]",
+            "auth" : "${base64encode("local-docker-pull:${var.container_registry_password}")}"
+          }
+        }
+      }
+      EOF
+  }
+}
+

terraform/local/k8s-cluster/providers.tf

@@ -0,0 +1,35 @@
+variable "kubeconfig_context_name" {
+  type    = string
+  default = "k3d-kube-polycode-local"
+}
+
+variable "kubeconfig_path" {
+  type    = string
+  default = "~/.kube/config"
+}
+
+variable "grafana_admin_password" {
+  type        = string
+  description = "Grafana admin password"
+  default     = "admin"
+  sensitive   = true
+}
+
+variable "argo_cd_admin_password" {
+  type        = string
+  description = "Argo CD bcrypt hashed admin password"
+  default     = "$2y$10$adCiprUiugTubOEkA49aierhMbxym5Q3T5M3FAXLZ3qKpq3q1gWyS"
+  sensitive   = true
+}
+
+variable "gitlab_deploy_key" {
+  type        = string
+  description = "The path to the private key used to connect to the Gitlab repositories"
+  sensitive   = true
+}
+
+variable "container_registry_password" {
+  type        = string
+  description = "The password generated by the deploy token used to access the container registry"
+  sensitive   = true
+}

terraform/local/k8s-cluster/secrets.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.11.0"
+    }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.5.1"
+    }
+  }
+}