Skip to content

Commit

Permalink
Add deploy-csb pipeline, ported from deploy-cf; add docproxy terraform
Browse files Browse the repository at this point in the history
Compliment to PR: cloud-gov/deploy-cf#944

Reiterating the reasoning from that commit:

The set-self step on deploy-cf blocks when the deploy-cf-* jobs (or any other jobs in the pipeline) are running. This means that the deploy-apps- jobs may have to wait hours to get updated with changes merged to main. Moving the jobs to a separate pipeline will fix this issue. This will also focus each pipeline on a single responsibility. Lastly, developers will be able to set the deploy-csb pipeline to watch a topic branch for faster iteration without affecting CF deployments.

This also includes some code for deploying the docproxy.
  • Loading branch information
jameshochadel committed Dec 23, 2024
1 parent dd3dc8e commit 43e847a
Show file tree
Hide file tree
Showing 14 changed files with 915 additions and 2 deletions.
411 changes: 411 additions & 0 deletions ci/pipeline.yml

Large diffs are not rendered by default.

89 changes: 89 additions & 0 deletions ci/terraform/module/csb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
resource "random_password" "csb_app_password" {
length = 32
special = false
min_special = 0
min_upper = 5
min_numeric = 5
min_lower = 5
}

resource "cloudfoundry_app" "csb" {
name = "csb"
org_name = var.org_name
space_name = var.space_name

docker_image = "${var.docker_image_name}${var.docker_image_version}"
docker_credentials = {
"username" = var.ecr_access_key_id
"password" = var.ecr_secret_access_key
}

command = "/app/csb serve"
instances = var.instances
memory = "1G"
disk_quota = "7G"

environment = {
# General broker configuration.
# Configuration spec: https://github.com/cloudfoundry/cloud-service-broker/blob/main/docs/configuration.md
BROKERPAK_UPDATES_ENABLED = true
DB_HOST = var.rds_host
DB_NAME = var.rds_name
DB_PASSWORD = var.rds_password
DB_PORT = var.rds_port
DB_TLS = true
DB_USERNAME = var.rds_name
SECURITY_USER_NAME = "broker"
SECURITY_USER_PASSWORD = random_password.csb_app_password.result
TERRAFORM_UPGRADES_ENABLED = true

# Access keys for managing resources provisioned by brokerpaks
AWS_ACCESS_KEY_ID_GOVCLOUD = var.aws_access_key_id_govcloud
AWS_SECRET_ACCESS_KEY_GOVCLOUD = var.aws_secret_access_key_govcloud
AWS_REGION_GOVCLOUD = var.aws_region_govcloud
AWS_ACCESS_KEY_ID_COMMERCIAL = var.aws_access_key_id_commercial
AWS_SECRET_ACCESS_KEY_COMMERCIAL = var.aws_secret_access_key_commercial
AWS_REGION_COMMERCIAL = var.aws_region_commercial

# Other values that are used by convention by all brokerpaks
CLOUD_GOV_ENVIRONMENT = var.stack_name

# Brokerpak-specific variables
BP_AWS_SES_DEFAULT_ZONE = var.aws_ses_default_zone
}

readiness_health_check_type = "http"
readiness_health_check_http_endpoint = "/ready"
}

data "cloudfoundry_domain" "brokers_domain" {
name = var.broker_route_domain
}

resource "cloudfoundry_route" "csb" {
space = data.cloudfoundry_space.brokers.id
domain = data.cloudfoundry_domain.brokers_domain.id
host = "csb"

destinations = [{
app_id = cloudfoundry_app.csb.id
}]
}

resource "cloudfoundry_route" "csb_docs" {
space = data.cloudfoundry_space.brokers.id
domain = data.cloudfoundry_domain.brokers_domain.id
host = "csb"
path = "docs"

destinations = [{
app_id = cloudfoundry_app.csb.id
}]
}

resource "cloudfoundry_service_broker" "csb" {
name = "csb"
password = random_password.csb_app_password.result
url = "https://${cloudfoundry_route.csb.url}"
username = "broker"
}
52 changes: 52 additions & 0 deletions ci/terraform/module/docproxy.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
resource "cloudfoundry_app" "docproxy" {
name = "docproxy"
org_name = var.org_name
space_name = var.space_name

docker_image = "${var.docproxy_docker_image_name}${var.docproxy_docker_image_version}"
docker_credentials = {
"username" = var.ecr_access_key_id
"password" = var.ecr_secret_access_key
}

command = "/app/docproxy"
instances = var.docproxy_instances
memory = "128M"

environment = {
"BROKER_URL" = cloudfoundry_route.csb.url
"PORT" = 8080
}
}

data "cloudfoundry_domain" "cloudgov_platform_domain" {
name = var.docproxy_domain
}

resource "cloudfoundry_route" "docproxy" {
domain = data.cloudfoundry_domain.cloudgov_platform_domain.id
space = data.cloudfoundry_space.brokers.id
host = "services"

destinations = [{
app_id = cloudfoundry_app.docproxy.id
}]
}

data "cloudfoundry_service_plans" "external_domain" {
service_offering_name = "external-domain"
name = "domain"
service_broker_name = "external-domain-broker"
}

resource "cloudfoundry_service_instance" "docproxy_external_domain" {
name = "docproxy-domain"
space = data.cloudfoundry_space.brokers.id
type = "managed"

service_plan = data.cloudfoundry_service_plans.external_domain.service_plans[0].id

parameters = jsonencode({
domains = ["services.${var.docproxy_domain}"]
})
}
8 changes: 8 additions & 0 deletions ci/terraform/module/shared.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
data "cloudfoundry_org" "platform" {
name = var.org_name
}

data "cloudfoundry_space" "brokers" {
name = var.space_name
org = data.cloudfoundry_org.platform.id
}
133 changes: 133 additions & 0 deletions ci/terraform/module/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
variable "stack_name" {
type = string
description = "Like development, staging, or production."
}

# CSB CF Application Configuration

variable "org_name" {
type = string
description = "The name of the Cloud Foundry organization in which the broker will be deployed."
}

variable "space_name" {
type = string
description = "The name of the Cloud Foundry space in which the broker will be deployed."
}

variable "docker_image_name" {
type = string
description = "Full name (but not tag or SHA) of the Docker image the broker will use."
}

variable "docker_image_version" {
type = string
description = "Tag or SHA of the Docker image the broker will use. For example, ':latest' or '@sha256:abc123...'."
default = ":latest"
}

variable "ecr_access_key_id" {
description = "For pulling the CSB image from ECR."
type = string
}

variable "ecr_secret_access_key" {
description = "For pulling the CSB image from ECR."
sensitive = true
type = string
}

variable "instances" {
description = "Number of instances of the CSB app to run."
type = number
}

variable "broker_route_domain" {
type = string
description = "The domain under which the broker's route will be created. For example, 'fr.cloud.gov'."
}

# Database credentials

variable "rds_host" {
type = string
description = "Hostname of the RDS instance for the Cloud Service Broker."
}

variable "rds_port" {
type = string
description = "Port of the RDS instance for the Cloud Service Broker."
}

variable "rds_name" {
type = string
description = "Database name within the RDS instance for the Cloud Service Broker."
}

variable "rds_username" {
type = string
description = "Database username of the RDS instance for the Cloud Service Broker."
}

variable "rds_password" {
type = string
sensitive = true
description = "Database password of the RDS instance for the Cloud Service Broker."
}

# CSB Configuration

variable "aws_ses_default_zone" {
type = string
description = "When the user does not provide a domain, a subdomain will be created for them under this DNS zone."
}

variable "aws_access_key_id_govcloud" {
type = string
}

variable "aws_secret_access_key_govcloud" {
type = string
sensitive = true
}

variable "aws_region_govcloud" {
type = string
}

variable "aws_access_key_id_commercial" {
type = string
}

variable "aws_secret_access_key_commercial" {
type = string
sensitive = true
}

variable "aws_region_commercial" {
type = string
}

# Docproxy configuration

variable "docproxy_domain" {
type = string
description = "The parent domain in CF under which the docproxy will be routed. For example, to serve it on services.fr.cloud.gov, set this to fr.cloud.gov. The subdomain is always 'services'."
}

variable "docproxy_docker_image_name" {
type = string
description = "Full name (but not tag or SHA) of the Docker image the broker will use."
}

variable "docproxy_docker_image_version" {
type = string
description = "Tag or SHA of the Docker image the broker will use. For example, ':latest' or '@sha256:abc123...'."
default = ":latest"

}

variable "docproxy_instances" {
type = number
description = "Number of instances of the docproxy app to run."
}
9 changes: 9 additions & 0 deletions ci/terraform/module/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_version = "< 2.0.0"
required_providers {
cloudfoundry = {
source = "cloudfoundry/cloudfoundry"
version = "< 2.0"
}
}
}
35 changes: 35 additions & 0 deletions ci/terraform/stack/apps.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
module "csb" {
source = "../module"

count = var.stack_name == "development" ? 1 : 0

stack_name = var.stack_name

rds_host = data.terraform_remote_state.iaas.outputs.csb.rds.host
rds_port = data.terraform_remote_state.iaas.outputs.csb.rds.port
rds_name = data.terraform_remote_state.iaas.outputs.csb.rds.name
rds_username = data.terraform_remote_state.iaas.outputs.csb.rds.username
rds_password = data.terraform_remote_state.iaas.outputs.csb.rds.password

ecr_access_key_id = data.terraform_remote_state.iaas.outputs.csb.ecr_user.access_key_id_curr
ecr_secret_access_key = data.terraform_remote_state.iaas.outputs.csb.ecr_user.secret_access_key_curr
instances = 1
aws_ses_default_zone = var.csb_aws_ses_default_zone
aws_access_key_id_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.access_key_id_curr
aws_secret_access_key_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.secret_access_key_curr
aws_region_govcloud = var.csb_aws_region_govcloud
aws_access_key_id_commercial = data.terraform_remote_state.external.outputs.csb.broker_user.access_key_id_curr
aws_secret_access_key_commercial = data.terraform_remote_state.external.outputs.csb.broker_user.secret_access_key_curr
aws_region_commercial = var.csb_aws_region_commercial

org_name = var.csb_org_name
space_name = var.csb_space_name
docker_image_name = var.csb_docker_image_name
docker_image_version = var.csb_docker_image_version
broker_route_domain = var.csb_broker_route_domain

docproxy_domain = var.csb_docproxy_domain
docproxy_instances = var.csb_docproxy_instances
docproxy_docker_image_name = var.csb_docproxy_docker_image_name
docproxy_docker_image_version = var.csb_docproxy_docker_image_version
}
18 changes: 18 additions & 0 deletions ci/terraform/stack/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
data "terraform_remote_state" "iaas" {
backend = "s3"
config = {
bucket = var.remote_state_bucket_iaas
key = "${var.stack_name}/terraform.tfstate"
}
}

data "terraform_remote_state" "external" {
backend = "s3"
config = {
access_key = var.external_remote_state_reader_access_key_id
secret_key = var.external_remote_state_reader_secret_access_key
region = var.external_remote_state_reader_region
bucket = var.remote_state_bucket_external
key = "${var.external_stack_name}/terraform.tfstate"
}
}
7 changes: 7 additions & 0 deletions ci/terraform/stack/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
terraform {
backend "s3" {
}
}

provider "cloudfoundry" {
}
Loading

0 comments on commit 43e847a

Please sign in to comment.