v1.0.0 Release (#31)

* Update deployment template to use ECR. * Prepare the v1.0.0 release 🎉 * Update ECS deployment example and documentation.
hashicorp-forge · Aug 3, 2023 · d3c266e · d3c266e
1 parent 5b340e5
commit d3c266e
Show file tree

Hide file tree

Showing 15 changed files with 87 additions and 51 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -42,34 +42,6 @@ jobs:
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}
 
-      #
-      # Temporarily remove Docker container publishing
-      #
-      # - name: Wait a moment for the package to be available on PyPi
-      #   run: sleep 60s
-      #   shell: bash
-      #
-      # - uses: docker/login-action@v2
-      #   with:
-      #     registry: ${{ env.REGISTRY }}
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      #
-      # - name: Extract metadata (tags, labels) for Docker
-      #   id: meta
-      #   uses: docker/metadata-action@v4
-      #   with:
-      #     images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      #
-      # - uses: docker/build-push-action@v3
-      #   with:
-      #     context: .
-      #     push: true
-      #     tags: ${{ steps.meta.outputs.tags }}
-      #     labels: ${{ steps.meta.outputs.labels }}
-      #     build-args: |
-      #       GROVE_VERSION=${{ github.ref_name }}
-
   # Finally, generate and publish documentation after a successful release.
   documentation:
     needs: release

diff --git a/.gitignore b/.gitignore
@@ -155,3 +155,4 @@ cython_debug/
 .terraform.lock.hcl
 *.tfstate
 *.tfstate.backup
+*.lock.info
diff --git a/Dockerfile b/Dockerfile
@@ -3,8 +3,6 @@
 
 FROM python:3.9-alpine
 
-ARG GROVE_VERSION
-
-RUN pip install --no-cache-dir grove==$GROVE_VERSION
+RUN pip install --no-cache-dir grove
 
 ENTRYPOINT ["grove"]
diff --git a/grove/__about__.py b/grove/__about__.py
@@ -1,6 +1,6 @@
 """Grove metadata."""
 
-__version__ = "1.0.0rc6"
+__version__ = "1.0.0"
 __title__ = "grove"
 __license__ = "Mozilla Public License 2.0"
 __copyright__ = "Copyright 2023 HashiCorp, Inc."
diff --git a/templates/deployment/terraform-aws-ecs/README.md b/templates/deployment/terraform-aws-ecs/README.md
@@ -0,0 +1,24 @@
+## AWS ECS (Fargate) Scheduled Deployment
+
+This deployment example uses AWS ECS Fargate to deploy Grove into AWS. This configures
+Grove to execute every 10-minutes, and allows configuration of connections using JSON
+documents placed under the `connectors/` directory in this folder.
+
+To deploy using this template, Terraform should be installed on the machine used to
+deploy Grove.
+
+1. Login to an AWS account with the required permissions to deploy new services on the command-line.
+2. Use Terraform to create the infrastructure required. You will be prompted for the name of the S3 bucket to create to output collected logs to.
+    1. `terraform init`
+    1. `terraform plan`
+    1. `terraform apply`
+3. Note the output ECR repository URL, as this is required to publish a Grove container image to.
+
+This deployment requires a container image to be created and pushed into the created ECR
+repository. The steps for building this image using Docker can be found below:
+
+1. Build a new image using the `Dockerfile` in the root of this repository.
+    1. `docker image build -t grove:latest`
+
+To authenticate with AWS ECR, tag and publish the container image ready for use, please
+follow the AWS documentation on ["Publishing a Docker image"](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html).
diff --git a/templates/deployment/terraform-aws-ecs/connectors/local_heartbeat/local_heartbeat.json b/templates/deployment/terraform-aws-ecs/connectors/local_heartbeat/local_heartbeat.json
@@ -1,6 +1,6 @@
 {
   "name": "local_heartbeat",
   "connector": "local_heartbeat",
-  "identity": "b603c5cd-16f5-4a80-bf03-7e2289a046e7",
+  "identity": "deployment_demo",
   "key": "local_heartbeat"
 }
diff --git a/templates/deployment/terraform-aws-ecs/main.tf b/templates/deployment/terraform-aws-ecs/main.tf
@@ -12,6 +12,7 @@ resource "aws_ssm_parameter" "connector_documents" {
 
 # Deploy Grove into ECS Fargate.
 module "grove" {
-  depends_on = [aws_ssm_parameter.connector_documents]
-  source     = "./modules/grove"
+  source              = "./modules/grove"
+  container_image_tag = var.container_image_tag
+  output_bucket_name  = var.output_bucket_name
 }
diff --git a/...nt/terraform-aws-ecs/modules/grove/ecs.tf → ...erraform-aws-ecs/modules/grove/compute.tf b/...nt/terraform-aws-ecs/modules/grove/ecs.tf → ...erraform-aws-ecs/modules/grove/compute.tf
@@ -3,6 +3,11 @@
 
 data "aws_region" "current" {}
 
+# Create a repository for container images.
+resource "aws_ecr_repository" "grove" {
+  name = "grove"
+}
+
 # Deploy an ECS Fargate cluster for Grove to run in.
 resource "aws_ecs_cluster" "grove" {
   name = "${var.name}-cluster"
@@ -35,7 +40,7 @@ resource "aws_ecs_task_definition" "grove" {
   container_definitions = jsonencode([
     {
       name      = "${var.name}-container"
-      image     = var.image
+      image     = "${aws_ecr_repository.grove.repository_url}:${var.container_image_tag}"
       essential = true
 
       # Configuration is set through environment variables.
@@ -53,7 +58,7 @@ resource "aws_ecs_task_definition" "grove" {
 
         # Configuration handler configuration.
         { name = "GROVE_CONFIG_HANDLER", value = "aws_ssm" },
-        { name = "GROVE_CONFIG_AWS_SSM_ASSUME_ROLE_ARN", value = data.aws_region.current.name },
+        { name = "GROVE_CONFIG_AWS_SSM_SSM_REGION", value = data.aws_region.current.name },
       ]
 
       # Used for operational logs from Fargate, NOT collected log data.

diff --git a/templates/deployment/terraform-aws-ecs/modules/grove/network.tf b/templates/deployment/terraform-aws-ecs/modules/grove/network.tf
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: MPL-2.0
 
 resource "aws_vpc" "vpc" {
-  cidr_block = "10.0.0.0/16"
+  cidr_block = "172.31.0.0/23"
 
   tags = {
     Name = var.name
@@ -30,21 +30,21 @@ resource "aws_route" "internet_access" {
 
 resource "aws_subnet" "public" {
   vpc_id                  = aws_vpc.vpc.id
-  cidr_block              = "10.0.1.0/24"
+  cidr_block              = "172.31.0.0/26"
   availability_zone       = "us-east-1a"
   map_public_ip_on_launch = true
 }
 
 resource "aws_subnet" "public_2" {
   vpc_id                  = aws_vpc.vpc.id
-  cidr_block              = "10.0.3.0/24"
+  cidr_block              = "172.31.0.64/26"
   availability_zone       = "us-east-1c"
   map_public_ip_on_launch = true
 }
 
 resource "aws_subnet" "private" {
   vpc_id                  = aws_vpc.vpc.id
-  cidr_block              = "10.0.2.0/24"
+  cidr_block              = "172.31.1.0/26"
   map_public_ip_on_launch = false
 }
 

diff --git a/templates/deployment/terraform-aws-ecs/modules/grove/output.tf b/templates/deployment/terraform-aws-ecs/modules/grove/output.tf
@@ -0,0 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+output "ecr_repository_url" {
+  value = aws_ecr_repository.grove.repository_url
+}
diff --git a/templates/deployment/terraform-aws-ecs/modules/grove/s3.tf b/templates/deployment/terraform-aws-ecs/modules/grove/s3.tf
@@ -3,12 +3,7 @@
 
 # Create the bucket for Grove to output collected logs to.
 resource "aws_s3_bucket" "logs" {
-  bucket = "${var.name}-output"
-}
-
-resource "aws_s3_bucket_acl" "logs_bucket_acl" {
-  bucket = aws_s3_bucket.logs.id
-  acl    = "private"
+  bucket = var.output_bucket_name
 }
 
 resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {

diff --git a/templates/deployment/terraform-aws-ecs/modules/grove/variables.tf b/templates/deployment/terraform-aws-ecs/modules/grove/variables.tf
@@ -7,10 +7,15 @@ variable "name" {
   default     = "grove"
 }
 
-variable "image" {
+variable "container_image_tag" {
   type        = string
-  description = "Grove docker image to deploy"
-  default     = "hashicorp/grove:latest"
+  description = "Grove tag associated with the docker image to deploy."
+  default     = "latest"
+}
+
+variable "output_bucket_name" {
+  type        = string
+  description = "The name of the S3 bucket to create for logs to be output to."
 }
 
 variable "cpu" {
@@ -50,7 +55,7 @@ variable "log_level" {
 variable "schedule" {
   type        = string
   description = "The CloudWatch schedule to invoke the Grove on"
-  default     = "rate(15 minutes)"
+  default     = "rate(10 minutes)"
 }
 
 variable "log_retention_in_days" {

diff --git a/templates/deployment/terraform-aws-ecs/output.tf b/templates/deployment/terraform-aws-ecs/output.tf
@@ -0,0 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+output "ecr_repository_url" {
+  value = module.grove.ecr_repository_url
+}
diff --git a/templates/deployment/terraform-aws-ecs/providers.tf b/templates/deployment/terraform-aws-ecs/providers.tf
@@ -5,8 +5,18 @@ terraform {
   required_providers {
     aws = "~> 4.0"
   }
+
+  required_version = "~> 1.4.0"
 }
 
 provider "aws" {
   region = "us-east-1"
+
+  default_tags {
+    tags = {
+      Project     = "Grove"
+      Environment = "Production"
+      Owner       = "team@example.org"
+    }
+  }
 }
diff --git a/templates/deployment/terraform-aws-ecs/variables.tf b/templates/deployment/terraform-aws-ecs/variables.tf
@@ -0,0 +1,13 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+variable "container_image_tag" {
+  description = "The tag to use when deploying the Grove container image (ECR)."
+  type        = string
+  default     = "latest"
+}
+
+variable "output_bucket_name" {
+  description = "The name of the S3 bucket to create for outputting logs to."
+  type        = string
+}