installs

alex-treebeard · alex-treebeard · commit 1b90cd0bdf24 · 2024-02-20T09:53:38.000Z
diff --git a/.gitignore b/.gitignore
@@ -32,3 +32,5 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+examples/**/*.lock.hcl
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@
 | <a name="module_dex"></a> [dex](#module\_dex) | ./modules/kust | n/a |
 | <a name="module_istio_crds"></a> [istio\_crds](#module\_istio\_crds) | ./modules/kust | n/a |
 | <a name="module_istio_install"></a> [istio\_install](#module\_istio\_install) | ./modules/kust | n/a |
+| <a name="module_istio_namespace"></a> [istio\_namespace](#module\_istio\_namespace) | ./modules/kust | n/a |
 | <a name="module_jupyter_web_app"></a> [jupyter\_web\_app](#module\_jupyter\_web\_app) | ./modules/kust | n/a |
 | <a name="module_knative_serving"></a> [knative\_serving](#module\_knative\_serving) | ./modules/kust | n/a |
 | <a name="module_kserve"></a> [kserve](#module\_kserve) | ./modules/kust | n/a |
@@ -48,7 +49,6 @@
 
 | Name | Type |
 |------|------|
-| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.external_secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.gatekeeper](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.gpu_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -60,6 +60,7 @@
 | [kustomization_build.cert_manager](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
 | [kustomization_build.cluster_local_gateway](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
 | [kustomization_build.istio_crds](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
+| [kustomization_build.istio_namespace](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
 | [kustomization_build.jupyter_web_app](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
 | [kustomization_build.kserve](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
 | [kustomization_build.kubeflow_issuer](https://registry.terraform.io/providers/kbst/kustomization/latest/docs/data-sources/build) | data source |
@@ -85,7 +86,6 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | n/a | `string` | `"eu-west-1"` | no |
 | <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | n/a | `bool` | `true` | no |
 | <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | n/a | `bool` | `false` | no |
 | <a name="input_enable_gatekeeper"></a> [enable\_gatekeeper](#input\_enable\_gatekeeper) | n/a | `bool` | `false` | no |
@@ -95,9 +95,7 @@
 | <a name="input_enable_kuberay"></a> [enable\_kuberay](#input\_enable\_kuberay) | n/a | `bool` | `false` | no |
 | <a name="input_enable_mlflow"></a> [enable\_mlflow](#input\_enable\_mlflow) | n/a | `bool` | `false` | no |
 | <a name="input_enable_tensorboard"></a> [enable\_tensorboard](#input\_enable\_tensorboard) | n/a | `bool` | `false` | no |
-| <a name="input_github"></a> [github](#input\_github) | n/a | <pre>object({<br>    client_id     = string<br>    client_secret = string<br>    org           = string<br>  })</pre> | n/a | yes |
 | <a name="input_hostname"></a> [hostname](#input\_hostname) | n/a | `string` | `"localhost"` | no |
-| <a name="input_owner_email"></a> [owner\_email](#input\_owner\_email) | The email of the owner of the Kubeflow deployment | `string` | n/a | yes |
 | <a name="input_port"></a> [port](#input\_port) | n/a | `string` | `"8080"` | no |
 | <a name="input_protocol"></a> [protocol](#input\_protocol) | n/a | `string` | `"http://"` | no |
 
diff --git a/examples/k3s/main.tf b/examples/k3s/main.tf
@@ -0,0 +1,49 @@
+
+terraform {
+  required_providers {
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "~> 0.9.5"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.12.1"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.25.2"
+    }
+  }
+  backend "kubernetes" {
+    secret_suffix = "state"
+    config_path   = "/home/vscode/.kube/config"
+  }
+}
+
+variable "kubeconfig_path" {
+  type    = string
+  default = "/home/vscode/.kube/config"
+}
+
+provider "kustomization" {
+  kubeconfig_path = var.kubeconfig_path
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = var.kubeconfig_path
+  }
+}
+
+provider "kubernetes" {
+  config_path = var.kubeconfig_path
+}
+
+module "treebeardkf" {
+  source = "../.."
+  hostname    = "kf.example.com"
+  protocol    = "https://"
+  port        = ""
+  enable_kuberay       = false
+  enable_mlflow        = false
+}
diff --git a/kubeflow.tf b/kubeflow.tf
@@ -1,8 +1,3 @@
-variable "owner_email" {
-  description = "The email of the owner of the Kubeflow deployment"
-  type        = string
-}
-
 data "kustomization_overlay" "kubeflow_profile" {
   resources = [
     "${path.module}/overlays/profile"
@@ -21,7 +16,7 @@ metadata:
 spec:
   owner:
     kind: User
-    name: ${var.owner_email}
+    name: user@example.com
 EOF
   }
 }
diff --git a/main.tf b/main.tf
@@ -30,13 +30,6 @@ variable "port" {
   default = "8080"
 }
 
-variable "github" {
-  type = object({
-    client_id     = string
-    client_secret = string
-    org           = string
-  })
-}
 
 locals {
   base_url = "${var.protocol}${var.hostname}${var.port}"
@@ -78,48 +71,19 @@ module "istio_crds" {
   ]
 }
 
-# data "kustomization_build" "istio_namespace" {
-#   path = "${path.module}/submodules/manifests/common/istio-1-17/istio-namespace/base"
-# }
-
-# module "istio_namespace" {
-#   source = "./modules/kust"
-#   build  = data.kustomization_build.istio_namespace
-#   depends_on = [
-#     module.istio_crds
-#   ]
-# }
-
-resource "helm_release" "external_dns" {
-  count      = var.enable_external_dns ? 1 : 0
-  name       = "external-dns"
-  chart      = "external-dns"
-  repository = "https://kubernetes-sigs.github.io/external-dns/"
-  namespace  = "istio-system"
-  version    = "1.14.0"
-  values = [
-    <<-EOF
-    provider: aws
-    env:
-      - name: AWS_REGION
-        value: ${var.aws_region}
-      - name: AWS_ACCESS_KEY_ID
-        valueFrom:
-          secretKeyRef:
-            name: aws-credentials
-            key: aws_access_key_id
-      - name: AWS_SECRET_ACCESS_KEY
-        valueFrom:
-          secretKeyRef:
-            name: aws-credentials
-            key: aws_secret_access_key
-    EOF
-  ]
+data "kustomization_build" "istio_namespace" {
+  path = "${path.module}/submodules/manifests/common/istio-1-17/istio-namespace/base"
+}
+
+module "istio_namespace" {
+  source = "./modules/kust"
+  build  = data.kustomization_build.istio_namespace
   depends_on = [
     module.istio_crds
   ]
 }
 
+
 data "kustomization_overlay" "istio_install" {
   resources = [
     "${path.module}/overlays/istio-install"
@@ -154,7 +118,7 @@ module "istio_install" {
   source = "./modules/kust"
   build  = data.kustomization_overlay.istio_install
   depends_on = [
-    helm_release.external_dns
+    module.istio_namespace
   ]
 }
 
@@ -206,32 +170,20 @@ data:
     oauth2:
       skipApprovalScreen: false
     enablePasswordDB: true
-    staticPasswords: []
-    # - email: user@example.com
-    #   hash: $2y$12$4K/VkmDd1q1Orb3xAt82zu8gk7Ad6ReFR4LCP9UeYE90NLiN9Df72
-    #   # https://github.com/dexidp/dex/pull/1601/commits
-    #   # FIXME: Use hashFromEnv instead
-    #   username: user
-    #   userID: "15841185641784"
+    staticPasswords:
+    - email: user@example.com
+      hash: $2y$12$4K/VkmDd1q1Orb3xAt82zu8gk7Ad6ReFR4LCP9UeYE90NLiN9Df72
+      # https://github.com/dexidp/dex/pull/1601/commits
+      # FIXME: Use hashFromEnv instead
+      username: user
+      userID: "15841185641784"
     staticClients:
     # https://github.com/dexidp/dex/pull/1664
     - idEnv: OIDC_CLIENT_ID
       redirectURIs: ["/authservice/oidc/callback"]
       name: 'Dex Login Application'
       secretEnv: OIDC_CLIENT_SECRET
-    connectors:
-    - type: github
-      id: github
-      name: GitHub
-      config:
-        clientID: ${var.github.client_id}
-        clientSecret: ${var.github.client_secret}
-        redirectURI: ${local.base_url}/dex/callback
-        orgs:
-        - name: ${var.github.org}
-        loadAllGroups: false
-        teamNameField: slug
-        useLoginAsID: true
+    connectors: []
 EOF
   }
 }
diff --git a/submodules/manifests b/submodules/manifests
diff --git a/util.tf b/util.tf
@@ -116,8 +116,3 @@ variable "enable_external_dns" {
   type    = bool
   default = true
 }
-
-variable "aws_region" {
-  type    = string
-  default = "eu-west-1"
-}

Original file line number	Diff line number	Diff line change
`@@ -116,8 +116,3 @@ variable "enable_external_dns" {`
`116`	`116`	`type = bool`
`117`	`117`	`default = true`
`118`	`118`	`}`
`119`		`-`
`120`		`-variable "aws_region" {`
`121`		`- type = string`
`122`		`- default = "eu-west-1"`
`123`		`-}`