Skip to content

Commit

Permalink
Add terraform examples for aws
Browse files Browse the repository at this point in the history
  • Loading branch information
@shahiinn
shahiinn committed Jan 28, 2025
1 parent cc91e4f commit 2cc41ec
Show file tree
Hide file tree
Showing 13 changed files with 1,295 additions and 0 deletions.
14 changes: 14 additions & 0 deletions examples/terraform-examples/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Terraform Playground
This repository contains a collection of Terraform configurations that I use to learn and experiment with Terraform.

## Install Terraform
Follow the [Install Terraform](https://developer.hashicorp.com/terraform/install) page to install Terraform on your machine.

## Setting up Terraform with Artifactory
The recommended way to manage Terraform state is to use a remote backend.
Some of the repository examples use JFrog Artifactory as the remote backend (commented out).

To set up Terraform with Artifactory, follow the instructions in the [Terraform Artifactory Backend](https://jfrog.com/integration/terraform-artifactory-backend/) documentation.

## Examples
1. Create the needed [AWS infrastructure for running JFrog Artifactory and Xray in AWS](jfrog-platform-aws-install) using RDS, S3, and EKS. This uses the [JFrog Platform Helm Chart](https://github.com/jfrog/charts/tree/master/stable/jfrog-platform) to install Artifactory and Xray
70 changes: 70 additions & 0 deletions examples/terraform-examples/jfrog-platform-aws-install/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# JFrog Platform Installation in AWS with Terraform
This example will prepare the AWS infrastructure and services required to run Artifactory and Xray (installed with the [jfrog-platform Helm Chart](https://github.com/jfrog/charts/tree/master/stable/jfrog-platform)) using Terraform:
1. The AWS VPC
2. RDS (PostgreSQL) as the database for each application
2. S3 as the Artifactory object storage
3. EKS as the Kubernetes cluster for running Artifactory and Xray with pre-defined node groups for the different services

The resources are split between individual files for easy and clear separation.


## Prepare the JFrog Platform Configurations
The [jfrog-values.yaml](jfrog-values.yaml) file has the values that Helm will use to configure the JFrog Platform installation.

The [artifactory-license-template.yaml](artifactory-license-template.yaml) file has the license key(s) template that you will need to copy to a `artifactory-license.yaml` file.
```shell
cp artifactory-license-template.yaml artifactory-license.yaml
```

If you plan on skipping the license key(s) for now, you can leave the `artifactory-license.yaml` file empty. Terraform will create an empty one for you if you don't create it.

## JFrog Platform Sizing
Artifactory and Xray have pre-defined sizing templates that you can use to deploy them. The supported sizing templates in this project are `small`, `medium`, `large`, `xlarge`, and `2xlarge`.

The sizing templates will be pulled from the [official Helm Charts](https://github.com/jfrog/charts) during the execution of the Terraform configuration.

## Terraform


1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

2. Plan the Terraform configuration by running the following command
```shell
terraform plan -var 'sizing=small'
```

3. Apply the Terraform configuration by running the following command
```shell
terraform apply -var 'sizing=small'
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```

## Accessing the EKS Cluster and Artifactory Installation
To get the `kubectl` configuration for the EKS cluster, run the following command
```shell
aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)
```

### Install JFrog Platform
Once done, install the JFrog Platform (Artifactory and Xray) using the Helm Chart with the following command.

Terraform will create the needed configuration files to be used for the `helm install` command.
This command will auto generate and be writen to the console when you run the `Terraform apply` command.
```shell
helm upgrade --install jfrog jfrog/jfrog-platform \
--version <version> \
--namespace <namesapce>> --create-namespace \
-f ./jfrog-values.yaml \
-f ./artifactory-license.yaml \
-f ./jfrog-artifactory-<sizing>-adjusted.yaml \
-f ./jfrog-xray--<sizing>-adjusted.yaml \
-f ./jfrog-custom.yaml \
--timeout 600s
```
11 changes: 11 additions & 0 deletions examples/terraform-examples/jfrog-platform-aws-install/artifactory-license-template.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
## A template for the Artifactory license as a helm value.
## Copy this file to artifactory-license.yaml and fill in the full license key(s).
artifactory:
artifactory:
license:
licenseKey: |
cHJvZHVjdHM6CiAgYXJ1aWZhY3Rvcnk6CiAgICBwcm9kdWN0OiBaWGh3YVhKbGN6b2dNakF5TlMx
TFRGaFpXTmlNRGs1T0dRMVpncHZkMjVsY2p...
cHJvZHVjdHM6CiAgYXJ0aWZhY3Rvcnk6CiAgIBBwcm9kdWN0OiBaWGh3YVhKbGN6b2dNakF5TlMv
d05DMHdObFF5TURvMU9UbzFPVm9LYVdRNkl...
237 changes: 237 additions & 0 deletions examples/terraform-examples/jfrog-platform-aws-install/eks.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
# This file is used to create an AWS EKS cluster and the managed node group(s)

locals {
cluster_name = var.cluster_name
}

resource "aws_security_group_rule" "allow_management_from_my_ip" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = var.cluster_public_access_cidrs
security_group_id = module.eks.cluster_security_group_id
description = "Allow all traffic from my public IP for management"
}

module "eks" {
source = "terraform-aws-modules/eks/aws"

cluster_name = local.cluster_name
cluster_version = "1.31"

enable_cluster_creator_admin_permissions = true
cluster_endpoint_public_access = true
cluster_endpoint_public_access_cidrs = var.cluster_public_access_cidrs

cluster_addons = {
aws-ebs-csi-driver = {
most_recent = true
service_account_role_arn = module.ebs_csi_irsa_role.iam_role_arn
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

eks_managed_node_group_defaults = {
ami_type = "AL2_ARM_64"
iam_role_additional_policies = {
AmazonS3FullAccess = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
}
pre_bootstrap_user_data = <<-EOF
# This script will run on all nodes before the kubelet starts
echo "It works!" > /tmp/pre_bootstrap_user_data.txt
EOF
block_device_mappings = {
xvda = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp3"
volume_size = 50
throughput = 125
delete_on_termination = true
}
}
}
tags = {
Group = var.common_tag
}
}

eks_managed_node_groups = {
artifactory = {
name = "artifactory-node-group"

instance_types = [(
var.sizing == "large" ? var.artifactory_node_size_large :
var.sizing == "xlarge" ? var.artifactory_node_size_large :
var.sizing == "2xlarge" ? var.artifactory_node_size_large :
var.artifactory_node_size_default
)]
min_size = 1
max_size = 10
desired_size = (
var.sizing == "medium" ? 2 :
var.sizing == "large" ? 3 :
var.sizing == "xlarge" ? 4 :
var.sizing == "2xlarge" ? 6 :
1
)
block_device_mappings = {
xvda = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp3"
volume_size = (
var.sizing == "large" ? var.artifactory_disk_size_large :
var.sizing == "xlarge" ? var.artifactory_disk_size_large :
var.sizing == "2xlarge" ? var.artifactory_disk_size_large :
var.artifactory_disk_size_default
)
iops = (
var.sizing == "large" ? var.artifactory_disk_iops_large :
var.sizing == "xlarge" ? var.artifactory_disk_iops_large :
var.sizing == "2xlarge" ? var.artifactory_disk_iops_large :
var.artifactory_disk_iops_default
)
throughput = (
var.sizing == "large" ? var.artifactory_disk_throughput_large :
var.sizing == "xlarge" ? var.artifactory_disk_throughput_large :
var.sizing == "2xlarge" ? var.artifactory_disk_throughput_large :
var.artifactory_disk_throughput_default
)
delete_on_termination = true
}
}
}
labels = {
"group" = "artifactory"
}
}

nginx = {
name = "nginx-node-group"

instance_types = [(
var.sizing == "xlarge" ? var.nginx_node_size_large :
var.sizing == "2xlarge" ? var.nginx_node_size_large :
var.nginx_node_size_default
)]

min_size = 1
max_size = 10
desired_size = (
var.sizing == "medium" ? 2 :
var.sizing == "large" ? 2 :
var.sizing == "xlarge" ? 2 :
var.sizing == "2xlarge" ? 3 :
1
)

labels = {
"group" = "nginx"
}
}

xray = {
name = "xray-node-group"

instance_types = [(
var.sizing == "xlarge" ? var.xray_node_size_xlarge :
var.sizing == "2xlarge" ? var.xray_node_size_xlarge :
var.xray_node_size_default
)]
min_size = 1
max_size = 10
desired_size = (
var.sizing == "medium" ? 2 :
var.sizing == "large" ? 3 :
var.sizing == "xlarge" ? 4 :
var.sizing == "2xlarge" ? 6 :
1
)
block_device_mappings = {
xvda = {
device_name = "/dev/xvda"
ebs = {
volume_type = "gp3"
volume_size = (
var.sizing == "large" ? var.xray_disk_size_large :
var.sizing == "xlarge" ? var.xray_disk_size_large :
var.sizing == "2xlarge" ? var.xray_disk_size_large :
var.xray_disk_size_default
)
iops = (
var.sizing == "large" ? var.xray_disk_iops_large :
var.sizing == "xlarge" ? var.xray_disk_iops_large :
var.sizing == "2xlarge" ? var.xray_disk_iops_large :
var.xray_disk_iops_default
)
throughput = (
var.sizing == "large" ? var.xray_disk_throughput_large :
var.sizing == "xlarge" ? var.xray_disk_throughput_large :
var.sizing == "2xlarge" ? var.xray_disk_throughput_large :
var.xray_disk_throughput_default
)
delete_on_termination = true
}
}
}
labels = {
"group" = "xray"
}
}

## Create an extra node group for testing
extra = {
name = "extra-node-group"

instance_types = [var.extra_node_size]

min_size = 1
max_size = 3
desired_size = var.extra_node_count

labels = {
"group" = "extra"
}
}
}

tags = {
Group = var.common_tag
}
}

# Create the gp3 storage class and make it the default
resource "kubernetes_storage_class" "gp3_storage_class" {
metadata {
name = "gp3"
annotations = {
"storageclass.kubernetes.io/is-default-class" = "true"
}
}
storage_provisioner = "ebs.csi.aws.com"
volume_binding_mode = "WaitForFirstConsumer"
allow_volume_expansion = true
parameters = {
"fsType" = "ext4"
"type" = "gp3"
}
}

module "ebs_csi_irsa_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"

role_name = "ebs-csi-${module.eks.cluster_name}-${var.region}"
attach_ebs_csi_policy = true

oidc_providers = {
ex = {
provider_arn = module.eks.oidc_provider_arn
namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
}
}
}
Loading

0 comments on commit 2cc41ec

Please sign in to comment.