Gatekeeper Deployment (#358)

ajaymare · web-flow · commit e62101e168ea · 2024-03-07T10:18:00.000+05:30
Added Gatekeeper Deployment MP and CP Cluster
diff --git a/modules/addons/gatekeeper/main.tf b/modules/addons/gatekeeper/main.tf
@@ -0,0 +1,36 @@
+provider "helm" {
+  kubernetes {
+    host                   = var.k8s_host
+    cluster_ca_certificate = base64decode(var.k8s_cluster_ca_certificate)
+    token                  = var.k8s_client_token
+  }
+}
+
+provider "kubectl" {
+  host                   = var.k8s_host
+  cluster_ca_certificate = base64decode(var.k8s_cluster_ca_certificate)
+  token                  = var.k8s_client_token
+  load_config_file       = false
+}
+
+provider "kubernetes" {
+  host                   = var.k8s_host
+  cluster_ca_certificate = base64decode(var.k8s_cluster_ca_certificate)
+  token                  = var.k8s_client_token
+}
+
+# Gatekeeper Deployment using helm chart
+resource "helm_release" "gatekeeper" {
+  count             = var.gatekeeper_enabled == true ? 1 : 0
+  name              = "gatekeeper"
+  repository        = "https://open-policy-agent.github.io/gatekeeper/charts"
+  chart             = "gatekeeper"
+  version           =  var.gatekeeper_version
+  create_namespace  = true
+  namespace         = "gatekeeper-system"
+  timeout           =  240
+  
+  values = [
+    file("${path.module}/manifests/gatekeeper-values.yaml")
+  ]
+}
diff --git a/modules/addons/gatekeeper/manifests/gatekeeper-values.yaml b/modules/addons/gatekeeper/manifests/gatekeeper-values.yaml
@@ -0,0 +1 @@
+replicas: 1
diff --git a/modules/addons/gatekeeper/providers.tf b/modules/addons/gatekeeper/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "alekc/kubectl"
+      version = "2.0.3"
+    }
+  }
+}
diff --git a/modules/addons/gatekeeper/variable.tf b/modules/addons/gatekeeper/variable.tf
@@ -0,0 +1,18 @@
+variable "cluster_name" {
+}
+
+variable "k8s_host" {
+}
+
+variable "k8s_cluster_ca_certificate" {
+}
+
+variable "k8s_client_token" {
+}
+
+variable "gatekeeper_enabled" {
+}
+
+variable "gatekeeper_version" {
+  default = "3.15.0"
+}
diff --git a/modules/tsb/mp/main.tf b/modules/tsb/mp/main.tf
@@ -130,3 +130,4 @@ data "kubernetes_service" "tsb" {
   }
   depends_on = [time_sleep.wait_240_seconds]
 }
+
diff --git a/modules/tsb/mp/variables.tf b/modules/tsb/mp/variables.tf
@@ -66,4 +66,3 @@ variable "es_cacert" {
 
 
 
-
diff --git a/terraform-advanced.tfvars.json.sample b/terraform-advanced.tfvars.json.sample
@@ -19,6 +19,9 @@
                     },
                     "tsb-monitoring": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled" : true
                     }
                 }
             }
@@ -41,6 +44,9 @@
                     },
                     "tsb-monitoring": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled" : true
                     }
                 }
             }
@@ -63,6 +69,9 @@
                     },
                     "tsb-monitoring": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled" : true
                     }
                 }
             }
diff --git a/terraform-basic.tfvars.json.sample b/terraform-basic.tfvars.json.sample
@@ -9,6 +9,9 @@
                 "addons": {
                     "argocd": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled" : true
                     }
                 }
             }
@@ -22,6 +25,9 @@
                 "addons": {
                     "argocd": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled": true
                     }
                 }
             }
@@ -35,6 +41,9 @@
                 "addons": {
                     "argocd": {
                         "enabled": true
+                    },
+                    "gatekeeper": {
+                        "enabled": true
                     }
                 }
             }
diff --git a/tsb/cp/main.tf b/tsb/cp/main.tf
@@ -37,6 +37,15 @@ module "ratelimit" {
   enabled                    = var.ratelimit_enabled
 }
 
+module "gatekeeper" {
+  source                     = "../../modules/addons/gatekeeper"
+  cluster_name               = data.terraform_remote_state.infra.outputs.cluster_name
+  k8s_host                   = data.terraform_remote_state.infra.outputs.host
+  k8s_cluster_ca_certificate = data.terraform_remote_state.infra.outputs.cluster_ca_certificate
+  k8s_client_token           = data.terraform_remote_state.k8s_auth.outputs.token
+  gatekeeper_enabled         = local.cluster.tetrate.management_plane ? false : local.cluster.addons.gatekeeper
+}
+
 module "tsb_cp" {
   source                       = "../../modules/tsb/cp"
   cloud                        = local.cluster.cloud
diff --git a/tsb/cp/variables.tf b/tsb/cp/variables.tf
@@ -9,6 +9,11 @@ variable "cluster" {
       control_plane    = optional(bool)
       management_plane = optional(bool)
     })
+    addons = object({
+      gatekeeper = object({
+        enabled = optional(bool)
+      })     
+    })
     version   = optional(string)
     workspace = string
   })
@@ -21,6 +26,9 @@ locals {
       management_plane = false
     }
     version = "1.27"
+    addons = {
+      gatekeeper = false
+    }
   }
   cluster = {
     cloud  = var.cluster.cloud
@@ -33,6 +41,10 @@ locals {
     }
     version   = coalesce(var.cluster.version, local.cluster_defaults.version)
     workspace = var.cluster.workspace
+    addons = {
+      gatekeeper  = coalesce(var.cluster.addons.gatekeeper.enabled,local.cluster_defaults.addons.gatekeeper)
+    }
+    
   }
 }
 
diff --git a/tsb/mp/main.tf b/tsb/mp/main.tf
@@ -30,6 +30,15 @@ module "es" {
   es_version                 = local.tetrate.es_version
 }
 
+module "gatekeeper" {
+  source                     = "../../modules/addons/gatekeeper"
+  cluster_name               = data.terraform_remote_state.infra.outputs.cluster_name
+  k8s_host                   = data.terraform_remote_state.infra.outputs.host
+  k8s_cluster_ca_certificate = data.terraform_remote_state.infra.outputs.cluster_ca_certificate
+  k8s_client_token           = data.terraform_remote_state.k8s_auth.outputs.token
+  gatekeeper_enabled         = local.cluster.addons.gatekeeper
+}
+
 module "tsb_mp" {
   source                       = "../../modules/tsb/mp"
   name_prefix                  = var.name_prefix
@@ -53,4 +62,4 @@ module "tsb_mp" {
   k8s_host                     = data.terraform_remote_state.infra.outputs.host
   k8s_cluster_ca_certificate   = data.terraform_remote_state.infra.outputs.cluster_ca_certificate
   k8s_client_token             = data.terraform_remote_state.k8s_auth.outputs.token
-}
+}
diff --git a/tsb/mp/variables.tf b/tsb/mp/variables.tf
@@ -9,6 +9,11 @@ variable "cluster" {
       control_plane    = optional(bool)
       management_plane = optional(bool)
     })
+    addons = object({
+      gatekeeper = object({
+        enabled = optional(bool)
+      }) 
+    })
     version   = optional(string)
     workspace = string
   })
@@ -21,6 +26,9 @@ locals {
       management_plane = false
     }
     version = "1.27"
+    addons = {
+      gatekeeper = false
+    }
   }
   cluster = {
     cloud  = var.cluster.cloud
@@ -33,6 +41,10 @@ locals {
     }
     version   = coalesce(var.cluster.version, local.cluster_defaults.version)
     workspace = var.cluster.workspace
+    addons = {
+      gatekeeper  = coalesce(var.cluster.addons.gatekeeper.enabled,local.cluster_defaults.addons.gatekeeper)
+    }
+    
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -130,3 +130,4 @@ data "kubernetes_service" "tsb" {`
`130`	`130`	`}`
`131`	`131`	`depends_on = [time_sleep.wait_240_seconds]`
`132`	`132`	`}`
	`133`	`+`
Original file line number	Diff line number	Diff line change
`@@ -66,4 +66,3 @@ variable "es_cacert" {`
`66`	`66`
`67`	`67`
`68`	`68`
`69`		`-`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,9 @@`
`19`	`19`	`},`
`20`	`20`	`"tsb-monitoring": {`
`21`	`21`	`"enabled": true`
	`22`	`+ },`
	`23`	`+ "gatekeeper": {`
	`24`	`+ "enabled" : true`
`22`	`25`	`}`
`23`	`26`	`}`
`24`	`27`	`}`
`@@ -41,6 +44,9 @@`
`41`	`44`	`},`
`42`	`45`	`"tsb-monitoring": {`
`43`	`46`	`"enabled": true`
	`47`	`+ },`
	`48`	`+ "gatekeeper": {`
	`49`	`+ "enabled" : true`
`44`	`50`	`}`
`45`	`51`	`}`
`46`	`52`	`}`
`@@ -63,6 +69,9 @@`
`63`	`69`	`},`
`64`	`70`	`"tsb-monitoring": {`
`65`	`71`	`"enabled": true`
	`72`	`+ },`
	`73`	`+ "gatekeeper": {`
	`74`	`+ "enabled" : true`
`66`	`75`	`}`
`67`	`76`	`}`
`68`	`77`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,9 @@`
`9`	`9`	`"addons": {`
`10`	`10`	`"argocd": {`
`11`	`11`	`"enabled": true`
	`12`	`+ },`
	`13`	`+ "gatekeeper": {`
	`14`	`+ "enabled" : true`
`12`	`15`	`}`
`13`	`16`	`}`
`14`	`17`	`}`
`@@ -22,6 +25,9 @@`
`22`	`25`	`"addons": {`
`23`	`26`	`"argocd": {`
`24`	`27`	`"enabled": true`
	`28`	`+ },`
	`29`	`+ "gatekeeper": {`
	`30`	`+ "enabled": true`
`25`	`31`	`}`
`26`	`32`	`}`
`27`	`33`	`}`
`@@ -35,6 +41,9 @@`
`35`	`41`	`"addons": {`
`36`	`42`	`"argocd": {`
`37`	`43`	`"enabled": true`
	`44`	`+ },`
	`45`	`+ "gatekeeper": {`
	`46`	`+ "enabled": true`
`38`	`47`	`}`
`39`	`48`	`}`
`40`	`49`	`}`