[wip]

Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>

.github/workflows/conformance.yml

@@ -0,0 +1,28 @@
+name: Talos Conformance
+on:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  setup-and-test:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Init Terraform
+        run: |
+          make -C example init
+      - name: Set up AWS CLI credentials
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_PR_SA_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_PR_SA_KEY }}
+          aws-region: us-west-2 

.github/workflows/talos-conformance.yml

@@ -0,0 +1,26 @@
+name: Talos Conformance
+on:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+  push:
+    branches:
+      - main
+jobs:
+  setup-and-test:
+
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: foo
+        run: "ls"
+      - name: Configure AWS credentials from shared services account
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::478566851380:role/CloudCustodianRole
+          aws-region: us-east-1

example/04-matrix-variables.yaml

@@ -0,0 +1,12 @@
+variable "bpf_masquerade" {
+  default     = true
+  description = "enables bpf masquerade."
+  type        = bool 
+}
+
+variable "vtep_enabled" {
+  default     = false
+  description = "enables vxlan vtep"
+  type        = bool 
+}
+

example/common.tfvars

@@ -0,0 +1,2 @@
+owner = "tom.hadlaw"
+region = "us-west-2"

test/conformance/00-locals.tf

@@ -0,0 +1,21 @@
+locals {
+  expiry = file("${path.module}/.timestamp")
+  # The default tags defined here are merged with extra tags defined via var.tags in 00-variables.tf.
+  tags = merge(
+    tomap({
+      "expiry" : local.expiry,
+      "owner" : var.owner
+    }),
+    var.tags
+  )
+  extra_provisioner_environment_variables = {
+    CLUSTER_NAME = var.cluster_name
+    CLUSTER_ID   = var.cluster_id
+    POD_CIDR     = var.pod_cidr
+    SERVICE_CIDR = var.service_cidr
+    KUBECONFIG   = module.talos.path_to_kubeconfig_file
+    # See https://www.talos.dev/v1.5/kubernetes-guides/network/deploying-cilium/ 
+    KUBE_APISERVER_HOST = "localhost"
+    KUBE_APISERVER_PORT = "7445"
+  }
+}

test/conformance/00-outputs.tf

@@ -0,0 +1,28 @@
+output "cluster_name" {
+  description = "Cluster name"
+  value       = var.cluster_name
+}
+
+output "path_to_kubeconfig_file" {
+  description = "Path to the kubeconfig of the Talos Linux cluster"
+  value       = module.talos.path_to_kubeconfig_file
+}
+
+output "path_to_talosconfig_file" {
+  description = "Path to the talosconfig of the Talos Linux cluster"
+  value       = module.talos.path_to_talosconfig_file
+}
+
+output "elb_dns_name" {
+  description = "Public ELB DNS name."
+  value       = module.talos.elb_dns_name
+}
+
+output "region" {
+  description = "AWS region used for the infra"
+  value       = var.region
+}
+
+output "cilium_namespace" {
+  value = var.cilium_namespace
+}

test/conformance/00-providers.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+  default_tags {
+    tags = local.tags
+  }
+}

test/conformance/00-variables.tf

@@ -0,0 +1,104 @@
+# vpc module & general
+variable "cluster_name" {
+  default     = "talos-cute"
+  description = "The name of the cluster."
+  type        = string
+}
+
+variable "cluster_id" {
+  default     = "1"
+  description = "The (Cilium) ID of the cluster. Must be unique for Cilium ClusterMesh and between 0-255."
+  type        = number
+}
+
+variable "region" {
+  description = "The region in which to create the cluster."
+  type        = string
+}
+
+variable "owner" {
+  description = "Owner for resource tagging"
+  type        = string
+}
+
+variable "vpc_cidr" {
+  default     = "10.0.0.0/16"
+  description = "The CIDR to use for the VPC. Currently it must be a /16 or /24."
+  type        = string
+}
+
+variable "tags" {
+  default = {
+    usage    = "cute",
+    platform = "talos"
+  }
+  description = "The set of tags to place on the created resources. These will be merged with the default tags defined via local.tags in 00-locals.tf."
+  type        = map(string)
+}
+
+# talos module
+variable "talos_version" {
+  type        = string
+  description = "Talos version to use for the cluster, if not set the newest Talos version. Check https://github.com/siderolabs/talos/releases for available releases."
+}
+
+variable "kubernetes_version" {
+  default     = "1.27.3"
+  type        = string
+  description = "Kubernetes version to use for the Talos cluster, if not set, the K8s version shipped with the selected Talos version will be used. Check https://www.talos.dev/v1.5/introduction/support-matrix/."
+}
+
+variable "service_cidr" {
+  default     = "100.68.0.0/16"
+  description = "The CIDR to use for K8s Services"
+  type        = string
+}
+
+variable "allocate_node_cidrs" {
+  description = "Whether to assign PodCIDRs to Node resources or not. Only needed in case Cilium runs in 'kubernetes' IPAM mode."
+  type        = bool
+  default     = false
+}
+
+variable "pod_cidr" {
+  default     = "100.64.0.0/14"
+  description = "The CIDR to use for K8s Pods. Depending on if allocate_node_cidrs is set or not, it will either be configured on the controllerManager and assigned to Node resources or to CiliumNode CRs (in case Cilium runs with 'cluster-pool' IPAM mode)."
+  type        = string
+}
+
+# Cilium module
+variable "cilium_namespace" {
+  default     = "kube-system"
+  description = "The namespace in which to install Cilium."
+  type        = string
+}
+
+variable "cilium_helm_chart" {
+  default     = "cilium/cilium"
+  type        = string
+  description = "The name of the Helm chart to be used. The naming depends on the Helm repo naming on the local machine."
+}
+
+variable "cilium_helm_version" {
+  default     = "1.14.3"
+  type        = string
+  description = "The version of the used Helm chart. Check https://github.com/cilium/cilium/releases to see available versions."
+}
+
+variable "cilium_helm_values_file_path" {
+  default     = "03-cilium-values.yaml"
+  description = "Cilium values file"
+  type        = string
+}
+
+variable "cilium_helm_values_override_file_path" {
+  default     = ""
+  description = "Override Cilium values file"
+  type        = string
+}
+
+variable "pre_cilium_install_script" {
+  default     = ""
+  description = "A script to be run before installing Cilium."
+  type        = string
+}

test/conformance/01-vpc.tf

@@ -0,0 +1,14 @@
+// Create the VPC.
+
+resource "random_id" "cluster" {
+  byte_length = 4
+}
+
+module "vpc" {
+  source = "git::https://github.com/isovalent/terraform-aws-vpc.git?ref=v1.7"
+
+  cidr   = var.vpc_cidr
+  name   = "${var.cluster_name}-${random_id.cluster.dec}"
+  region = var.region
+  tags   = local.tags
+}

test/conformance/02-talos.tf

@@ -0,0 +1,21 @@
+module "talos" {
+  #source = "git::https://github.com/isovalent/terraform-aws-talos?ref=<RELEASE_TAG>"
+  source = "../../"
+
+  // Supported Talos versions (and therefore K8s versions) can be found here: https://github.com/siderolabs/talos/releases
+  talos_version      = var.talos_version
+  kubernetes_version = var.kubernetes_version
+  cluster_name       = var.cluster_name
+  cluster_id         = var.cluster_id
+  region             = var.region
+  tags               = local.tags
+  # For single-node cluster support:
+  #allow_workload_on_cp_nodes = true
+  #controlplane_count         = 1
+  #workers_count              = 0
+  // VPC needs to be created in advance via https://github.com/isovalent/terraform-aws-vpc
+  vpc_id       = module.vpc.id
+  pod_cidr     = var.pod_cidr
+  service_cidr = var.service_cidr
+  #disable_kube_proxy = false
+}