Skip to content

Commit

Permalink
feat(example): devops-stack on scaleway
Browse files Browse the repository at this point in the history
chore(scaleway): first example
  • Loading branch information
Xaving committed Jun 12, 2024
1 parent c6db8ec commit 58269d7
Show file tree
Hide file tree
Showing 9 changed files with 504 additions and 172 deletions.
11 changes: 11 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,14 @@ ehthumbs_vista.db

# Folder config file
[Dd]esktop.ini
.DS_STORE
examples/*/secrets.yml
examples/*/terraform.tfstate*
examples/*/.terraform.lock.hcl
examples/*/kubeconfig.yml
examples/*/issue.txt
examples/*/log.txt
examples/*/*.png
examples/*/*.html
examples/*/issuers.yml
**/*.swp
36 changes: 36 additions & 0 deletions examples/scaleway/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## Introduction
The terraform project will instanciated a devops-stack on Scaleway.

## Installation

Add your credentials to launch the project. At least the following environement variables are required: `SCW_ACCESS_KEY,SCW_ACCESS_KEY,SCW_DEFAULT_ORGANIZATION_ID,SCW_DEFAULT_PROJECT_ID,SCW_DEFAULT_PROJECT_ID`.

We also use an environement variable for the variable PROJECT\_ID called `TF_VAR_PROJECT_ID`

Configure the stack by modifying `inputs.tfvars` (e.g: cluster\_name) and launch the terraform apply with:

If you want to create a Kapsule cluster, you will have to use the scaleway provider in version 2.33.0.

If you modify the base\_domain, be sure to add a new star record that points to the load balancer ip address created by the stack in your domain.

```bash
terraform init
terraform apply -var-file inputs.tfvars
```

## Usage
Get the kubeconfig file and the domain name with the following commands:

```bash
terraform output -raw kubeconfig_file > kubeconfig.json
terraform output base_domain
```

Your application are available at the following address: $APP\_NAME.apps.$CLUSTER\_NAME.$BASE\_DOMAIN.
e.g: prometheus.apps.devops-stack.51-51-52-52.np.io

For authentication on oidc, users and password are available in the output:
```bash
terraform output passwords
```

38 changes: 38 additions & 0 deletions examples/scaleway/inputs.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# ###################################################
# Input for module which creates the scaleway cluster
# ###################################################
cluster_name = "devops-stack"
cluster_description = "Devops-stack on cloud provider scaleway"
cluster_tags = ["demo", "dev", "devops-stack", "test", ]
cluster_type = "multicloud"
kubernetes_version = "1.29.1"
admission_plugins = ["PodNodeSelector", ]
node_pools = {
config1 = {
node_type = "DEV1-L"
size = 2
min_size = 2
max_size = 2
autoscaling = true
autohealing = true
container_runtime = "containerd"
wait_for_pool_ready = true
}
}

# #########################
# Additional cluster config
# #########################
base_domain = "gs-fr-dev.camptocamp.com"
lb_name = "devops-stack"
zone = "fr-par-1"
lb_type = "LB-S"

# Ingress
ingress_enable_service_monitor = false

# Keycloak
cluster_issuer = "ca-issuer"

# Cert-manager
cert_manager_enable_service_monitor = false
159 changes: 159 additions & 0 deletions examples/scaleway/loki.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
data "scaleway_account_project" "devops_stack" {
project_id = var.project_id
}

resource "scaleway_object_bucket" "loki" {
name = "devops-stack-loki-logs"
tags = {
line = "devops-stack"
platform = "scw-devops-stack-example"
}
}

resource "scaleway_iam_application" "loki" {
name = "devops-stack-example-loki"
description = "Loki access to S3 buckets from Devops Stack example"
}

resource "scaleway_iam_policy" "loki" {
name = "devops-stack-example-loki"
description = "Loki access to S3 buckets from Devops Stack example"
application_id = scaleway_iam_application.loki.id

rule {
project_ids = [data.scaleway_account_project.devops_stack.id]
permission_set_names = [
"ObjectStorageObjectsDelete",
"ObjectStorageObjectsRead",
"ObjectStorageObjectsWrite",
"ObjectStorageBucketsRead",
]
}
}

resource "scaleway_iam_api_key" "loki" {
application_id = scaleway_iam_application.loki.id
description = "Loki credentials for Devops Stack example"
default_project_id = data.scaleway_account_project.devops_stack.id
}

locals {
loki_common_settings = {
extraEnv = [
{
name = "AWS_ACCESS_KEY_ID"
valueFrom = {
secretKeyRef = {
name = kubernetes_secret.credentials_loki_s3.metadata.0.name
key = "AWS_ACCESS_KEY_ID"
}
}
},
{
name = "AWS_SECRET_ACCESS_KEY"
valueFrom = {
secretKeyRef = {
name = kubernetes_secret.credentials_loki_s3.metadata.0.name
key = "AWS_SECRET_ACCESS_KEY"
}
}
},
]
}
}

module "loki" {
source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git?ref=v8.1.0"

app_autosync = {}

retention = "9000h"
ingress = {
hosts = ["loki.apps.${var.cluster_name}.${var.base_domain}"]
cluster_issuer = var.cluster_issuer
}

helm_values = [{
loki-distributed = {
loki = merge({
structuredConfig = {
auth_enabled = false
compactor = {
retention_delete_delay = "1h"
retention_enabled = false
}
ingester = {
lifecycler = {
ring = {
replication_factor = 1
}
}
}
}
schemaConfig = {
configs = [
{
from = "2023-04-28",
store = "boltdb-shipper"
object_store = "s3"
schema = "v11"
index = {
prefix = "index_"
period = "24h"
}
}
]
}
storageConfig = {
aws = {
bucketnames = scaleway_object_bucket.loki.id
endpoint = scaleway_object_bucket.loki.endpoint
s3forcepathstyle = true
#region = "fr-par"
sse_encryption = false
signature_version = "v2"
}
boltdb_shipper = {
shared_store = "s3"
cache_ttl = "24h"
}
}
}, local.loki_common_settings)
indexGateway = local.loki_common_settings
ingester = merge({ replicas = 1 }, local.loki_common_settings)
compactor = local.loki_common_settings
queryFrontend = local.loki_common_settings
querier = local.loki_common_settings
distributor = local.loki_common_settings
}
promtail = {
updateStrategy = {
type = "RollingUpdate"
rollingUpdate = {
maxUnavailable = 3
}
}
config = {
clients = [
{
url = "http://loki-distributor:3100/loki/api/v1/push"
#tenant_id = 1
}
]
}
}
}]
}

resource "kubernetes_secret" "credentials_loki_s3" {
metadata {
namespace = "loki-stack"
name = "credentials-loki-s3"
}

data = {
AWS_ACCESS_KEY_ID = scaleway_iam_api_key.loki.access_key
AWS_SECRET_ACCESS_KEY = scaleway_iam_api_key.loki.secret_key
}

}
Loading

0 comments on commit 58269d7

Please sign in to comment.