kubernetes deployment using mdxc and the massdriver-application module

kubernetes-deployment/massdriver.yaml

@@ -5,32 +5,53 @@ ref: github.com/YOUR_ORG/<md .Name md>
 access: private
 type: application
 
+app:
+  envs:
+    # Use jq expressions to build environment variables from input params or connections
+    LOG_LEVEL: .params.log_level
+    # MONGO_DSN: .connections.mongo_authentication.data.authentication.username + ":" + .connections.mongo_authentication.data.authentication.password + "@" + .connections.mongo_authentication.data.authentication.hostname + ":" + (.connections.mongo_authentication.data.authentication.port|tostring)
+  policies: []
+    # Use jq expressions to select policies from artifact security blocks
+    # - .connections.sqs.data.security.iam.subscribe
+
 params:
   properties:
-    name:
-      type: string
     namespace:
+      title: Kubernetes Namespace
       type: string
       default: default
     image:
+      title: Container Image
       type: object
       properties:
         repository:
-          type: string
-        sha:
+          title: Repository
+          description: "Container image repository to use for this application. See: https://app.massdriver.cloud/container-repositories"
           type: string
         tag:
+          title: Tag
+          description:
           type: string
-    resource_requests:
+          minLength: 1
+    resourceRequests:
       type: object
       properties:
         cpu:
+          title: CPU
+          description: The minimum CPU resources required for this application.
           type: string
+          # TODO: use custom rjsf widget here
         memory:
+          title: Memory
+          description: The minimum Memory resources required for this application.
           type: string
+          # TODO: use custom rjsf widget here
     port:
+      title: Port
+      description: The container port the application will listen on.
       type: integer
     autoscaling:
+      title: Horizonal Autoscaling
       type: object
       properties:
         enabled:
@@ -46,50 +67,61 @@ params:
           type: integer
           default: 90
     ingress:
+      title: Ingress
+      description: Configure the application for public internet accessibility
       type: object
       properties:
         enabled:
+          title: Enable Public Internet Access
           type: boolean
         host:
+          title: Hostname
+          description: TBD, is this the right field name?
           type: string
         path:
           type: string
           default: '/'
-    envs:
-      type: array
-      items:
-        type: object
-        properties:
-          name:
-            type: string
-          value:
-            type: string
-<md if not .Connections md>
-connections:
-  properties: {}
-<md end -md>
 
-<md if .Connections md>
 connections:
   required:
+    - kubernetes_cluster
   <md- range $key, $art:= .Connections md>
     - <md $key md>
   <md- end md>
+  oneOf:
+    - required: ["aws_authentication"]
+    - required: ["gcp_authentication"]
+    - required: ["azure_authentication"]
   properties:
+    kubernetes_cluster:
+      $ref: massdriver/kubernetes-cluster
+    aws_authentication:
+      $ref: massdriver/aws-iam-role
+    gcp_authentication:
+      $ref: massdriver/gcp-service-account
+    azure_authentication:
+      $ref: massdriver/azure-service-principal
   <md- range $key, $art:= .Connections md>
     <md $key md>:
       $ref: <md $art md>
   <md- end md>
-<md- end md>
 
+artifacts:
+  properties:
+    debug:
+      $ref: massdriver/env-file
 ui:
+  image:
+    repository:
+      # Custom field docs: https://github.com/massdriver-cloud/docs/issues/8
+      ui:field: "containerRepositoriesDropdown"
+      # TODO: we need to make a cloud agnositc query var "any" or default to "any" if `cloud` is omitted
+      cloud: "aws"
   ui:order:
-    - name
     - namespace
     - image
     - resource_requests
     - autoscaling
-    - envs
     - port
     - ingress
   autoscaling:

kubernetes-deployment/src/_artifacts.tf

@@ -0,0 +1,18 @@
+# TODO: remove this artifact
+resource "massdriver_artifact" "debug" {
+  field                = "debug"
+  provider_resource_id = "debug:${timestamp()}"
+  name                 = "Debugging output for app ${timestamp()}"
+  artifact = jsonencode(
+    {
+      data = {
+        vars = [
+          { key = "policies", value = jsonencode(module.application.policies) },
+          { key = "envs", value = jsonencode(module.application.envs) },
+          { key = "cloud", value = module.application.cloud }
+        ]
+      }
+      specs = {}
+    }
+  )
+}

kubernetes-deployment/src/_providers.tf

@@ -1,159 +1,41 @@
-# AWS providers
-# terraform {
-#   required_version = ">= 1.0"
-#   required_providers {
-#     massdriver = {
-#       source = "massdriver-cloud/massdriver"
-#     }
-#     jq = {
-#       source = "massdriver-cloud/jq"
-#     }
-#     aws = {
-#       source = "hashicorp/aws"
-#     }
-#     helm = {
-#       source = "hashicorp/helm"
-#     }
-#   }
-# }
-
-# locals {
-#   aws_authentication = module.k8s_application.connections.aws_authentication
-#   kubernetes_cluster = module.k8s_application.connections.kubernetes_cluster
-#   k8s_cluster_name   = split("/", local.kubernetes_cluster.data.infrastructure.arn)[1]
-#   region_hack        = split(":", local.kubernetes_cluster.data.infrastructure.arn)[3]
-# }
-
-# data "aws_eks_cluster" "cluster" {
-#   name = local.k8s_cluster_name
-# }
-
-# data "aws_eks_cluster_auth" "auth" {
-#   name = local.k8s_cluster_name
-# }
-
-# provider "aws" {
-#   region = local.region_hack
-#   assume_role {
-#     role_arn    = local.aws_authentication.data.arn
-#     external_id = local.aws_authentication.data.external_id
-#   }
-#   default_tags {
-#     tags = module.k8s_application.params.md_metadata.default_tags
-#   }
-# }
-
-# provider "helm" {
-#   kubernetes {
-#     host                   = data.aws_eks_cluster.cluster.endpoint
-#     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
-#     # token                  = local.kubernetes_cluster.data.authentication.user.token
-#     # this returns a value that doesn't work for the cluster
-#     # I'm not sure if it's the creds I used in the AWS provider
-#     # but I tried to use the ones that made the cluster
-#     # in GCP, we use all fields from the artifact, what are your thoughts on this?
-#     token = data.aws_eks_cluster_auth.auth.token
-#   }
-# }
-
-# Azure providers
-# terraform {
-#   required_version = ">= 1.0"
-#   required_providers {
-#     massdriver = {
-#       source = "massdriver-cloud/massdriver"
-#     }
-#     jq = {
-#       source = "massdriver-cloud/jq"
-#     }
-#     azurerm = {
-#       source = "hashicorp/azurerm"
-#     }
-#     azuread = {
-#       source = "hashicorp/azuread"
-#     }
-#     helm = {
-#       source = "hashicorp/helm"
-#     }
-#   }
-# }
-
-# locals {
-#   azure_authentication         = module.k8s_application.connections.azure_authentication
-#   kubernetes_cluster_split_ari = split("/", module.k8s_application.connections.kubernetes_cluster.data.infrastructure.ari)
-#   kubernetes_cluster_name      = local.kubernetes_cluster_split_ari[index(local.kubernetes_cluster_split_ari, "managedClusters") + 1]
-#   resource_group_name          = local.kubernetes_cluster_split_ari[index(local.kubernetes_cluster_split_ari, "resourceGroups") + 1]
-# }
-
-# data "azurerm_kubernetes_cluster" "cluster" {
-#   name                = local.kubernetes_cluster_name
-#   resource_group_name = local.resource_group_name
-# }
-
-# provider "azurerm" {
-#   features {}
-
-#   client_id       = local.azure_authentication.data.client_id
-#   tenant_id       = local.azure_authentication.data.tenant_id
-#   client_secret   = local.azure_authentication.data.client_secret
-#   subscription_id = local.azure_authentication.data.subscription_id
-# }
-
-# provider "azuread" {
-#   client_id     = local.azure_authentication.data.client_id
-#   tenant_id     = local.azure_authentication.data.tenant_id
-#   client_secret = local.azure_authentication.data.client_secret
-# }
-
-# provider "helm" {
-#   kubernetes {
-#     host                   = data.azurerm_kubernetes_cluster.cluster.kube_config.0.host
-#     client_certificate     = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.client_certificate)
-#     client_key             = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_admin_config.0.client_key)
-#     cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config.0.cluster_ca_certificate)
-#   }
-# }
-
-# GCP providers
-# terraform {
-#   required_version = ">= 1.0"
-#   required_providers {
-#     massdriver = {
-#       source = "massdriver-cloud/massdriver"
-#     }
-#     jq = {
-#       source = "massdriver-cloud/jq"
-#     }
-#     google = {
-#       source = "hashicorp/google"
-#     }
-#     helm = {
-#       source = "hashicorp/helm"
-#     }
-#   }
-# }
-
-# locals {
-#   gcp_authentication = module.k8s_application.connections.gcp_authentication
-#   kubernetes_cluster = module.k8s_application.connections.kubernetes_cluster
-#   gcp_region         = split("/", local.kubernetes_cluster.data.infrastructure.grn)[3]
-#   gcp_project_id     = local.gcp_authentication.data.project_id
-
-#   k8s_host                  = local.kubernetes_cluster.data.authentication.cluster.server
-#   k8s_certificate_authority = base64decode(local.kubernetes_cluster.data.authentication.cluster.certificate-authority-data)
-#   k8s_token                 = local.kubernetes_cluster.data.authentication.user.token
-# }
-
-# provider "google" {
-#   project     = local.gcp_project_id
-#   credentials = jsonencode(local.gcp_authentication.data)
-#   region      = local.gcp_region
-# }
-
-# provider "helm" {
-#   kubernetes {
-#     host                   = local.k8s_host
-#     cluster_ca_certificate = local.k8s_certificate_authority
-#     token                  = local.k8s_token
-#   }
-# }
+terraform {
+  required_providers {
+    mdxc = {
+      source = "massdriver-cloud/mdxc"
+    }
+
+    massdriver = {
+      source = "massdriver-cloud/massdriver"
+    }
+
+    helm = {
+      source = "hashicorp/helm"
+    }
+  }
+}
+
+locals {
+  # Note: If the field name `kubernetes_cluster` in massdriver.yaml has been changed, these must be updated to match.
+  kubernetes_cluster_auth = var.kubernetes_cluster.data.authentication
+  kubernetes_cloud        = var.kubernetes_cluster.specs.kubernetes.cloud
+}
+
+provider "mdxc" {
+  # TODO: auth will still be borked as the fields may not be present in, we'll need to use a lot of lookups
+  azure = local.kubernetes_cloud == "azure" ? null : null
+  gcp   = local.kubernetes_cloud == "gcp" ? null : null
+  aws = local.kubernetes_cloud == "aws" ? {
+    # TODO: need to ge this dynamically
+    region      = "us-west-2"
+    role_arn    = var.aws_authentication.data.arn
+    external_id = var.aws_authentication.data.external_id
+  } : null
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = local.kubernetes_cluster_auth.cluster.server
+    cluster_ca_certificate = base64decode(local.kubernetes_cluster_auth.certificate-authority-data)
+    token                  = local.kubernetes_cluster_auth.user.token
+  }
+}

kubernetes-deployment/chart/values.yaml → kubernetes-deployment/src/chart/values.yaml

@@ -2,8 +2,6 @@ image:
   repository:
   tag:
 
-nameOverride: thing
-
 command: []
 args: []
 
@@ -32,7 +30,6 @@ ingress:
   path:
 
 labels: {}
-
 # nodeSelector: {}
 
 # tolerations: []