diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 9a2396a..b0c36f7 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -2,19 +2,19 @@ "name": "gitlab-runner", "dockerFile": "Dockerfile", "features": { - "ghcr.io/devcontainers/features/docker-in-docker:2.2.1": {}, + "ghcr.io/devcontainers/features/docker-in-docker:2.5.0": {}, "ghcr.io/devcontainers/features/kubectl-helm-minikube:1.1.4": { "version": "1.27.3", "helm": "3.12.1", "minikube": "1.30.1" }, - "ghcr.io/devcontainers/features/ruby:1.1.0": { + "ghcr.io/devcontainers/features/ruby:1.1.1": { "version": "3.2.2" }, "ghcr.io/devcontainers-contrib/features/pre-commit:2.0.9": { "version": "3.3.3" }, - "ghcr.io/devcontainers/features/terraform:1.3.3": { + "ghcr.io/devcontainers/features/terraform:1.3.4": { "version": "1.5.3" } }, diff --git a/.gitignore b/.gitignore index 386bb76..f7e8306 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -*.env* *.tfvars *.lock.hcl *.tfstate @@ -6,4 +5,4 @@ .vscode/ *.backup backend.hcl -*.zip +.terragrunt-cache/ diff --git a/Makefile b/Makefile index 1bce61f..331bb12 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,29 @@ -.PHONY: up down all clean test init plan apply destroy +.PHONY: all clean test -include .env -export +ENV := dev +TERRAGRUNT_CMD = cd live/${ENV} && terragrunt run-all --terragrunt-non-interactive +.PHONY: tf/init +tf/init: + ${TERRAGRUNT_CMD} init -backend-config=backend.hcl + +.PHONY: tf/plan +tf/plan: + ${TERRAGRUNT_CMD} plan -out tfplan + +.PHONY: tf/graph +tf/graph: + ${TERRAGRUNT_CMD} graph + +.PHONY: tf/apply +tf/apply: + ${TERRAGRUNT_CMD} apply + +.PHONY: tf/destroy +tf/destroy: + ${TERRAGRUNT_CMD} destroy -terragrunt-log-level debug + +.PHONY: up up: minikube start \ --cpus 4 \ @@ -17,17 +38,7 @@ up: --set global.hosts.domain=$$(minikube ip).nip.io \ --set global.hosts.externalIP=$$(minikube ip) \ -f values.yaml + +.PHONY: down down: minikube delete - -init: - terraform -chdir=infra init -backend-config=backend.hcl - -plan: - dotenv run terraform -chdir=infra plan - -apply: - dotenv run terraform -chdir=infra apply - -destroy: - dotenv run terraform -chdir=infra destroy diff --git a/README.md b/README.md index 01c57d7..7ae4be3 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,31 @@ | ![Pre-commit][2] | Static quality gates | pre-commit | | ![Devcontainer][3] | Local DEV Env | devcontainer | - +## IaC Terraform & Terragrunt -## Dev Environment +Implemented in devcontainer + +### DEV environment + +```shell +make tf/init +make tf/plan +make tf/apply +make tf/destroy +``` + +### PROD environment + +```shell +make tf/init ENV=prod +make tf/plan ENV=prod +make tf/apply ENV=prod +make tf/destroy ENV=prod +``` + +## IaC Minikube + +### Dev Environment The development environment is implemented with [devcontainer][5]. diff --git a/env.template b/env.template deleted file mode 100644 index e0d80fe..0000000 --- a/env.template +++ /dev/null @@ -1,10 +0,0 @@ -TF_VAR_token= -TF_VAR_insecure= -TF_VAR_base_url=https:///api/v4/ -TF_VAR_registration_token="" -TF_VAR_aws_region="" -TF_VAR_environment="" -TF_VAR_runner_name=">" -TF_VAR_aws_profile="" -TF_VAR_project="" -TF_VAR_user="" diff --git a/infra/main.tf b/infra/main.tf deleted file mode 100644 index 95aa0b8..0000000 --- a/infra/main.tf +++ /dev/null @@ -1,160 +0,0 @@ -data "aws_availability_zones" "available" { - state = "available" -} - -data "aws_security_group" "default" { - name = "default" - vpc_id = module.vpc.vpc_id -} - -# VPC Flow logs are not needed here -# kics-scan ignore-line -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "5.1.2" - - name = "vpc-${var.environment}" - cidr = "10.0.0.0/16" - - azs = [data.aws_availability_zones.available.names[0]] - private_subnets = ["10.0.1.0/24"] - public_subnets = ["10.0.101.0/24"] - map_public_ip_on_launch = false - - enable_nat_gateway = true - single_nat_gateway = true - - tags = { - Environment = var.environment - } -} - -module "vpc_endpoints" { - source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints" - version = "5.1.2" - - vpc_id = module.vpc.vpc_id - - endpoints = { - s3 = { - service = "s3" - tags = { Name = "s3-vpc-endpoint" } - } - } - - tags = { - Environment = var.environment - } -} - -module "gitlab-runner" { - source = "cattle-ops/gitlab-runner/aws" - version = "7.0.0" - - aws_region = var.aws_region - environment = var.environment - - vpc_id = module.vpc.vpc_id - subnet_id = element(module.vpc.private_subnets, 0) - metrics_autoscaling = ["GroupDesiredCapacity", "GroupInServiceCapacity"] - - runners_name = var.runner_name - runners_gitlab_url = var.gitlab_url - enable_runner_ssm_access = true - - gitlab_runner_security_group_ids = [data.aws_security_group.default.id] - - docker_machine_instance_type = "t3.medium" - - docker_machine_spot_price_bid = "on-demand-price" - - gitlab_runner_registration_config = { - registration_token = var.registration_token - tag_list = "docker_spot_runner" - description = "runner default - auto" - locked_to_project = "true" - run_untagged = "false" - maximum_timeout = "3600" - } - - tags = { - "tf-aws-gitlab-runner:example" = "runner-default" - "tf-aws-gitlab-runner:instancelifecycle" = "spot:yes" - "Project" = var.project - "User" = var.user - } - - runners_privileged = "true" - runners_additional_volumes = ["/certs/client"] - - runners_volumes_tmpfs = [ - { - volume = "/var/opt/cache", - options = "rw,noexec" - } - ] - - runners_services_volumes_tmpfs = [ - { - volume = "/var/lib/mysql", - options = "rw,noexec" - } - ] - - # working 9 to 5 :) - runners_machine_autoscaling = [ - { - periods = ["\"* * 0-9,17-23 * * mon-fri *\"", "\"* * * * * sat,sun *\""] - idle_count = 0 - idle_time = 60 - timezone = var.timezone - } - ] - - runners_pre_build_script = < - # default: - # tags: - # - "docker_spot_runner" - # docker-mirror-check: - # image: docker:20.10.16 - # stage: build - # variables: - # DOCKER_TLS_CERTDIR: '' - # script: - # - | - # - docker info - # if ! docker info | grep -i mirror - # then - # exit 1 - # echo "No mirror config found" - # fi - # - # - # If not using an official docker image for your job, you may need to specify `DOCKER_HOST: tcp://docker:2375` - ## UNCOMMENT 6 LINES BELOW - # runners_docker_services = [{ - # name = "docker:20.10.16-dind" - # alias = "docker" - # command = ["--registry-mirror", "https://mirror.gcr.io"] - # entrypoint = ["dockerd-entrypoint.sh"] - # }] - - - # Example how to configure runners, to utilize EC2 user-data feature - # example template, creates (configurable) swap file for the runner - # runners_userdata = templatefile("${path.module}/../../templates/swap.tpl", { - # swap_size = "512" - # }) -} diff --git a/live/dev/env.hcl b/live/dev/env.hcl new file mode 100644 index 0000000..33d8b31 --- /dev/null +++ b/live/dev/env.hcl @@ -0,0 +1,3 @@ +locals { + environment = "dev" +} diff --git a/live/dev/runner/terragrunt.hcl b/live/dev/runner/terragrunt.hcl new file mode 100644 index 0000000..c2dbacb --- /dev/null +++ b/live/dev/runner/terragrunt.hcl @@ -0,0 +1,15 @@ +terraform { + source = "../../../modules//runner" +} + +include "root" { + path = find_in_parent_folders() +} + +locals { + environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) +} + +inputs = merge( + local.environment_vars.locals +) diff --git a/live/prod/env.hcl b/live/prod/env.hcl new file mode 100644 index 0000000..d6805b3 --- /dev/null +++ b/live/prod/env.hcl @@ -0,0 +1,3 @@ +locals { + environment = "prod" +} diff --git a/live/prod/runner/terragrunt.hcl b/live/prod/runner/terragrunt.hcl new file mode 100644 index 0000000..c2dbacb --- /dev/null +++ b/live/prod/runner/terragrunt.hcl @@ -0,0 +1,15 @@ +terraform { + source = "../../../modules//runner" +} + +include "root" { + path = find_in_parent_folders() +} + +locals { + environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) +} + +inputs = merge( + local.environment_vars.locals +) diff --git a/live/terragrunt.hcl b/live/terragrunt.hcl new file mode 100644 index 0000000..f7e692e --- /dev/null +++ b/live/terragrunt.hcl @@ -0,0 +1,37 @@ +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite" + } + config = { + bucket = "pe-tf-backend" + key = "${path_relative_to_include()}/terraform.tfstate" + region = "eu-west-2" + profile = "default" + encrypt = true + dynamodb_table = "pe-tf-backend" + s3_bucket_tags = { + "Project" = "Platform Engineering" + "User" = "lmilbaum" + } + dynamodb_table_tags = { + "Project" = "Platform Engineering" + "User" = "lmilbaum" + } + } +} + +generate "provider" { + path = "provider.tf" + if_exists = "overwrite" + contents = <