updated for multi-cluster deployments

terraform-cisco-modules · Apr 22, 2022 · c6e222c · c6e222c
1 parent f0bee04
commit c6e222c
Show file tree

Hide file tree

Showing 36 changed files with 293 additions and 244 deletions.
diff --git a/examples/app_hello/app_hello.auto.tfvars b/examples/app_hello/app_hello.auto.tfvars
@@ -18,3 +18,9 @@ tfc_workspace    = "Your_k8s_kubeconfig_Workspace"
 */
 # tfc_oath_token = "value"
 
+#__________________________________________________________
+#
+# Kubernetes Cluster
+#__________________________________________________________
+
+cluster_name = "Your_Cluster_Name"
diff --git a/examples/applications/applications.auto.tfvars b/examples/applications/applications.auto.tfvars
@@ -18,6 +18,13 @@ tfc_workspace    = "Your_k8s_kubeconfig_Workspace"
 */
 # tfc_oath_token = "value"
 
+#__________________________________________________________
+#
+# Kubernetes Cluster
+#__________________________________________________________
+
+cluster_name = "Your_Cluster_Name"
+
 helm_chart = {
   "helloiksapp" = {
     chart     = "https://prathjan.github.io/helm-chart/helloiks-0.1.0.tgz"

diff --git a/examples/hipsterstore/hipsterstore.auto.tfvars b/examples/hipsterstore/hipsterstore.auto.tfvars
@@ -39,3 +39,10 @@ tfc_workspaces = [{
   - export TF_VAR_apikey="abcdefghijklmnopqrstuvwxyz.0123456789"
 */
 # apikey = "value"
+
+#__________________________________________________________
+#
+# Kubernetes Cluster
+#__________________________________________________________
+
+cluster_name = "Your_Cluster_Name"
diff --git a/examples/iwo/iwo.auto.tfvars b/examples/iwo/iwo.auto.tfvars
@@ -39,3 +39,10 @@ tfc_workspaces = [{
   - export TF_VAR_apikey="abcdefghijklmnopqrstuvwxyz.0123456789"
 */
 # apikey = "value"
+
+#__________________________________________________________
+#
+# Kubernetes Cluster
+#__________________________________________________________
+
+cluster_name = "Your_Cluster_Name"
diff --git a/examples/kubeconfig/kubeconfig.auto.tfvars b/examples/kubeconfig/kubeconfig.auto.tfvars
@@ -21,4 +21,4 @@
 # Kubernetes Cluster
 #__________________________________________________________
 
-cluster_name = "panther-cl1"
+cluster_name = "Your_Cluster_Name"
diff --git a/examples/kubernetes_cluster_profiles/kubernetes_cluster_profiles.auto.tfvars b/examples/kubernetes_cluster_profiles/kubernetes_cluster_profiles.auto.tfvars
@@ -47,7 +47,7 @@ tfc_workspaces = [{
 
 kubernetes_cluster_profiles = {
   "panther-cl1" = {
-    action                    = "Deploy" # Options are {Delete|Deploy|Ready|No-op|Unassign}.
+    action                    = "No-op" # Options are {Delete|Deploy|Ready|No-op|Unassign}.
     addons_policies           = ["ccp-monitor", "kubernetes-dashboard"]
     certificate_configuration = false
     cluster_configuration = [{
@@ -59,12 +59,11 @@ kubernetes_cluster_profiles = {
     network_cidr_policy      = "Wakanda_CIDR"
     node_pools = {
       "Control_Plane" = {
-        action       = "No-op"
         desired_size = 3
         ip_pool      = "iks"
         kubernetes_labels = [{
-          "key"   = "panther-cl1"
-          "value" = "C1 Control Plane Nodes"
+          "key"   = "environment"
+          "value" = "production"
         }]
         kubernetes_version_policy = "v1.21.10"
         max_size                  = 3
@@ -74,12 +73,11 @@ kubernetes_cluster_profiles = {
         vm_instance_type_policy   = "Small"
       }
       "Worker_g1" = {
-        action       = "No-op"
         desired_size = 3
         ip_pool      = "iks"
         kubernetes_labels = [{
-          "key"   = "panther-cl1"
-          "value" = "C1 Worker Group1"
+          "key"   = "environment"
+          "value" = "production"
         }]
         kubernetes_version_policy = "v1.21.10"
         max_size                  = 5
@@ -94,7 +92,7 @@ kubernetes_cluster_profiles = {
     wait_for_completion           = false
   }
   "terminus-cl1" = {
-    action                    = "Deploy" # Options are {Delete|Deploy|Ready|No-op|Unassign}.
+    action                    = "No-op" # Options are {Delete|Deploy|Ready|No-op|Unassign}.
     addons_policies           = ["ccp-monitor", "kubernetes-dashboard"]
     certificate_configuration = false
     cluster_configuration = [{
@@ -106,12 +104,11 @@ kubernetes_cluster_profiles = {
     network_cidr_policy      = "Wakanda_CIDR"
     node_pools = {
       "Control_Plane" = {
-        action       = "No-op"
         desired_size = 3
         ip_pool      = "iks"
         kubernetes_labels = [{
-          "key"   = "terminus-cl1"
-          "value" = "C1 Control Plane Nodes"
+          "key"   = "environment"
+          "value" = "pre-prod"
         }]
         kubernetes_version_policy = "v1.21.10"
         max_size                  = 3
@@ -121,12 +118,11 @@ kubernetes_cluster_profiles = {
         vm_instance_type_policy   = "Small"
       }
       "Worker_g1" = {
-        action       = "No-op"
         desired_size = 3
         ip_pool      = "iks"
         kubernetes_labels = [{
-          "key"   = "panther-cl1"
-          "value" = "C1 Worker Group1"
+          "key"   = "environment"
+          "value" = "pre-prod"
         }]
         kubernetes_version_policy = "v1.21.10"
         max_size                  = 5

diff --git a/modules/app_hello/README.md b/modules/app_hello/README.md
@@ -25,14 +25,15 @@ No modules.
 | Name | Type |
 |------|------|
 | [helm_release.hello_iks_app](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [terraform_remote_state.local_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-| [terraform_remote_state.remote_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.local_kubeconfigs](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.remote_kubeconfigs](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend      = string<br>      organization = optional(string)<br>      policies_dir = optional(string)<br>      workspace    = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "organization": "default",<br>    "policies_dir": "../kubeconfig/",<br>    "workspace": "kubeconfig"<br>  }<br>]</pre> | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the Cluster to push Policy to | `string` | n/a | yes |
+| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend        = string<br>      kubeconfig_dir = optional(string)<br>      organization   = optional(string)<br>      workspace      = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "kubeconfig_dir": "../kubeconfigs/",<br>    "organization": "default",<br>    "workspace": "kubeconfigs"<br>  }<br>]</pre> | no |
 
 ## Outputs
 

diff --git a/modules/app_hello/main.tf b/modules/app_hello/main.tf
@@ -3,21 +3,21 @@
 # Get Outputs from the kubeconfig Workspace
 #__________________________________________________________
 
-data "terraform_remote_state" "local_kubeconfig" {
+data "terraform_remote_state" "local_kubeconfigs" {
   for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "local" }
   backend  = each.value.backend
   config = {
     path = "${each.value.kubeconfig_dir}terraform.tfstate"
   }
 }
 
-data "terraform_remote_state" "remote_kubeconfig" {
+data "terraform_remote_state" "remote_kubeconfigs" {
   for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "remote" }
   backend  = each.value.backend
   config = {
-    organization = var.organization
+    organization = each.value.organization
     workspaces = {
-      name = var.workspace
+      name = each.value.workspace
     }
   }
 }
@@ -26,20 +26,20 @@ locals {
   # Output Sources for Policies and Pools
   tfc_workspaces = {
     for k, v in var.tfc_workspaces : k => {
-      backend      = v.backend
-      organization = v.organization != null ? v.organization : "default"
-      policies_dir = v.policies_dir != null ? v.policies_dir : "../kubeconfig/"
-      workspace    = v.workspace != null ? v.workspace : "kubeconfig"
+      backend        = v.backend
+      kubeconfig_dir = v.kubeconfig_dir != null ? v.kubeconfig_dir : "../kubeconfigs/"
+      organization   = v.organization != null ? v.organization : "default"
+      workspace      = v.workspace != null ? v.workspace : "kubeconfigs"
     }
   }
-  # IKS Cluster Name
-  cluster_name = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
-    data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name
-  ) : lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {})
+
   # Kubernetes Configuration File
-  kubeconfig = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
-    yamldecode(data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name)
-  ) : yamldecode(lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {}))
+  kubeconfigs = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    data.terraform_remote_state.local_kubeconfigs[0].outputs, "kubeconfigs", {}
+    ) : lookup(data.terraform_remote_state.remote_kubeconfigs[0].outputs, "kubeconfigs", {}
+  )
+
+  kubeconfig = yamldecode(local.kubeconfigs[var.cluster_name].kube_config)
 }
 
 

diff --git a/modules/app_hello/provider.tf b/modules/app_hello/provider.tf
@@ -12,4 +12,3 @@ provider "helm" {
     cluster_ca_certificate = base64decode(local.kubeconfig.clusters[0].cluster.certificate-authority-data)
   }
 }
-
diff --git a/modules/app_hello/variables.tf b/modules/app_hello/variables.tf
@@ -10,10 +10,10 @@ terraform {
 variable "tfc_workspaces" {
   default = [
     {
-      backend      = "remote"
-      organization = "default"
-      policies_dir = "../kubeconfig/"
-      workspace    = "kubeconfig"
+      backend        = "remote"
+      kubeconfig_dir = "../kubeconfigs/"
+      organization   = "default"
+      workspace      = "kubeconfigs"
     }
   ]
   description = <<-EOT
@@ -26,10 +26,15 @@ variable "tfc_workspaces" {
   EOT
   type = list(object(
     {
-      backend      = string
-      organization = optional(string)
-      policies_dir = optional(string)
-      workspace    = optional(string)
+      backend        = string
+      kubeconfig_dir = optional(string)
+      organization   = optional(string)
+      workspace      = optional(string)
     }
   ))
 }
+
+variable "cluster_name" {
+  description = "Name of the Cluster to push Policy to"
+  type        = string
+}
diff --git a/modules/applications/README.md b/modules/applications/README.md
@@ -29,16 +29,17 @@ No modules.
 |------|------|
 | [helm_release.helm_chart](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.manifest](https://registry.terraform.io/providers/gavinbunney/kubectl/1.11.3/docs/resources/manifest) | resource |
-| [terraform_remote_state.local_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
-| [terraform_remote_state.remote_kubeconfig](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.local_kubeconfigs](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+| [terraform_remote_state.remote_kubeconfigs](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the Cluster to push Policy to | `string` | n/a | yes |
 | <a name="input_helm_chart"></a> [helm\_chart](#input\_helm\_chart) | Key - Name of the Helm Chart<br>* chart - location to find the chart<br>* namespace - Kubernetes Namespace to assign to the pod<br>* set - List of Parameters for deployment | <pre>map(object(<br>    {<br>      chart     = string<br>      namespace = string<br>      set       = list(map(string))<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_kubectl_manifest"></a> [kubectl\_manifest](#input\_kubectl\_manifest) | n/a | <pre>map(object(<br>    {<br>      yaml_body = string<br>    }<br>  ))</pre> | n/a | yes |
-| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend      = string<br>      organization = optional(string)<br>      policies_dir = optional(string)<br>      workspace    = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "organization": "default",<br>    "policies_dir": "../kubeconfig/",<br>    "workspace": "kubeconfig"<br>  }<br>]</pre> | no |
+| <a name="input_tfc_workspaces"></a> [tfc\_workspaces](#input\_tfc\_workspaces) | * backend: Options are:<br>  - local - The backend is on the Local Machine<br>  - Remote - The backend is in TFCB.<br>* kubeconfig\_dir: Name of the Policies directory when the backend is local.<br>* organization: Name of the Terraform Cloud Organization when backend is remote.<br>* workspace: Name of the workspace in Terraform Cloud. | <pre>list(object(<br>    {<br>      backend        = string<br>      kubeconfig_dir = optional(string)<br>      organization   = optional(string)<br>      workspace      = optional(string)<br>    }<br>  ))</pre> | <pre>[<br>  {<br>    "backend": "remote",<br>    "kubeconfig_dir": "../kubeconfigs/",<br>    "organization": "default",<br>    "workspace": "kubeconfigs"<br>  }<br>]</pre> | no |
 
 ## Outputs
 

diff --git a/modules/applications/main.tf b/modules/applications/main.tf
@@ -3,21 +3,21 @@
 # Get Outputs from the kubeconfig Workspace
 #__________________________________________________________
 
-data "terraform_remote_state" "local_kubeconfig" {
+data "terraform_remote_state" "local_kubeconfigs" {
   for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "local" }
   backend  = each.value.backend
   config = {
     path = "${each.value.kubeconfig_dir}terraform.tfstate"
   }
 }
 
-data "terraform_remote_state" "remote_kubeconfig" {
+data "terraform_remote_state" "remote_kubeconfigs" {
   for_each = { for k, v in local.tfc_workspaces : k => v if v.backend == "remote" }
   backend  = each.value.backend
   config = {
-    organization = var.organization
+    organization = each.value.organization
     workspaces = {
-      name = var.workspace
+      name = each.value.workspace
     }
   }
 }
@@ -26,22 +26,23 @@ locals {
   # Output Sources for Policies and Pools
   tfc_workspaces = {
     for k, v in var.tfc_workspaces : k => {
-      backend      = v.backend
-      organization = v.organization != null ? v.organization : "default"
-      policies_dir = v.policies_dir != null ? v.policies_dir : "../kubeconfig/"
-      workspace    = v.workspace != null ? v.workspace : "kubeconfig"
+      backend        = v.backend
+      kubeconfig_dir = v.kubeconfig_dir != null ? v.kubeconfig_dir : "../kubeconfigs/"
+      organization   = v.organization != null ? v.organization : "default"
+      workspace      = v.workspace != null ? v.workspace : "kubeconfigs"
     }
   }
-  # IKS Cluster Name
-  cluster_name = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
-    data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name
-  ) : lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {})
+
   # Kubernetes Configuration File
-  kubeconfig = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
-    yamldecode(data.terraform_remote_state.local_kubeconfig[0].outputs.cluster_name)
-  ) : yamldecode(lookup(data.terraform_remote_state.remote_kubeconfig[0].outputs, "cluster_name", {}))
+  kubeconfigs = var.tfc_workspaces[0]["backend"] == "local" ? lookup(
+    data.terraform_remote_state.local_kubeconfigs[0].outputs, "kubeconfigs", {}
+    ) : lookup(data.terraform_remote_state.remote_kubeconfigs[0].outputs, "kubeconfigs", {}
+  )
+
+  kubeconfig = yamldecode(local.kubeconfigs[var.cluster_name].kube_config)
 }
 
+
 #_____________________________________________________________________
 #
 # Deploy Applications using the Helm Provider
@@ -55,7 +56,7 @@ resource "helm_release" "helm_chart" {
   dynamic "set" {
     for_each = each.value.set
     name     = set.value.name
-    value    = set.value.value == "cluster_name" ? "${local.cluster_name}_sample" : set.value.value
+    value    = set.value.value == "cluster_name" ? "${var.cluster_name}_sample" : set.value.value
   }
 }
 

diff --git a/modules/applications/variables.tf b/modules/applications/variables.tf
@@ -10,10 +10,10 @@ terraform {
 variable "tfc_workspaces" {
   default = [
     {
-      backend      = "remote"
-      organization = "default"
-      policies_dir = "../kubeconfig/"
-      workspace    = "kubeconfig"
+      backend        = "remote"
+      kubeconfig_dir = "../kubeconfigs/"
+      organization   = "default"
+      workspace      = "kubeconfigs"
     }
   ]
   description = <<-EOT
@@ -26,14 +26,19 @@ variable "tfc_workspaces" {
   EOT
   type = list(object(
     {
-      backend      = string
-      organization = optional(string)
-      policies_dir = optional(string)
-      workspace    = optional(string)
+      backend        = string
+      kubeconfig_dir = optional(string)
+      organization   = optional(string)
+      workspace      = optional(string)
     }
   ))
 }
 
+variable "cluster_name" {
+  description = "Name of the Cluster to push Policy to"
+  type        = string
+}
+
 
 #______________________________________________
 #
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,4 +12,3 @@ provider "helm" {
		cluster_ca_certificate = base64decode(local.kubeconfig.clusters[0].cluster.certificate-authority-data)
		}
		}