From 4c5da4eb23454f37c046ec430710068b3776a317 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Tue, 16 Sep 2025 18:37:05 -0300 Subject: [PATCH 01/87] Add scope-definition-agent-association --- .../README.md | 66 +++++++++++++++++++ .../backend.tf | 16 +++++ .../main.tf | 29 ++++++++ .../outputs.tf | 8 +++ .../variables.tf | 49 ++++++++++++++ modules/nullplatform/scope-definition/main.tf | 23 +++---- .../nullplatform/scope-definition/outputs.tf | 10 +++ .../scope-definition/variables.tf | 6 ++ 8 files changed, 196 insertions(+), 11 deletions(-) create mode 100644 modules/nullplatform/scope-definition-agent-association/README.md create mode 100644 modules/nullplatform/scope-definition-agent-association/backend.tf create mode 100644 modules/nullplatform/scope-definition-agent-association/main.tf create mode 100644 modules/nullplatform/scope-definition-agent-association/outputs.tf create mode 100644 modules/nullplatform/scope-definition-agent-association/variables.tf diff --git a/modules/nullplatform/scope-definition-agent-association/README.md b/modules/nullplatform/scope-definition-agent-association/README.md new file mode 100644 index 0000000..c21406a --- /dev/null +++ b/modules/nullplatform/scope-definition-agent-association/README.md @@ -0,0 +1,66 @@ +## [ALPHA] Scope-Definition-Agent-Association module + +This module creates a notification channel that associates agents with a specific scope definition, enabling agent-based operations for services within that scope. + +## How to use it + +```hcl +module "k8s_scope_definition" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition?ref=alpha" + nrn = var.np_account_nrn + np_api_key = var.np_api_key + github_repo_url = "https://github.com/nullplatform/scopes" + github_ref = "features/specs_for_automation" + github_scope_path = "k8s" + scope_name = "K8S Webserver" + scope_description = "Webserver running in a Kubernetes cluster" + +} + +module "k8s_agent_asociation" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition-agent-association?ref=alpha" + nrn = var.np_account_nrn + agent_api_key = var.np_api_key + scope_slug = module.k8s_scope_definition.slug + agent_command = module.k8s_scope_definition.specification.agent_command + agent_tags = { "environment" = "demo", "training" = "ingenia", "cluster" = "geisbruch" } +} +``` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [nullplatform](#provider\_nullplatform) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [agent\_api\_key](#input\_agent\_api\_key) | API key with permissions to run commands on agents (usually ops permissions) | `string` | n/a | yes | +| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| n/a | yes | +| [agent\_tags](#input\_agent\_tags) | Agent tags for selector | `map(string)` | n/a | yes | +| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | +| [channel\_type](#input\_channel\_type) | Type of the notification channel | `string` | `"agent"` | no | +| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | +| [scope\_slug](#input\_scope\_slug) | The slug of the scope definition | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/backend.tf b/modules/nullplatform/scope-definition-agent-association/backend.tf new file mode 100644 index 0000000..8fda109 --- /dev/null +++ b/modules/nullplatform/scope-definition-agent-association/backend.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + http = { + source = "hashicorp/http" + } + external = { + source = "hashicorp/external" + } + null = { + source = "hashicorp/null" + } + } +} diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf new file mode 100644 index 0000000..f93300c --- /dev/null +++ b/modules/nullplatform/scope-definition-agent-association/main.tf @@ -0,0 +1,29 @@ +resource "nullplatform_notification_channel" "channel_from_template" { + nrn = var.nrn + type = "agent" + source = var.channel_sources + + + configuration { + dynamic "agent" { + for_each = [1] + content { + api_key = var.agent_api_key + command { + type = var.agent_command.type + data = { + cmdline = var.agent_command.data.cmdline + arguments = jsonencode(try(var.agent_command.data.arguments, [])) + environment = jsonencode(try(var.agent_command.data.environment, {})) + } + } + + selector = var.agent_tags + } + } + } + + filters = jsonencode({ + "service.specification.slug" = var.scope_slug + }) +} diff --git a/modules/nullplatform/scope-definition-agent-association/outputs.tf b/modules/nullplatform/scope-definition-agent-association/outputs.tf new file mode 100644 index 0000000..eed0514 --- /dev/null +++ b/modules/nullplatform/scope-definition-agent-association/outputs.tf @@ -0,0 +1,8 @@ +################################################################################ +# Scope Definition Module Outputs +################################################################################ + +output "id" { + value = nullplatform_notification_channel.channel_from_template.id + description = "The ID of the created notification channel" +} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf new file mode 100644 index 0000000..14133f7 --- /dev/null +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -0,0 +1,49 @@ +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "nrn" { + type = string + description = "Nullplatform Resource Name (organization:account format)" +} + +variable "agent_tags" { + type = map(string) + description = "Agent tags" +} + +variable "channel_sources" { + type = list(string) + description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" + default = [ "telemetry", "service" ] +} + +variable "channel_type" { + type = string + description = "Type of the notification channel (e.g., 'agent')" + default = "agent" + +} + +variable "agent_api_key" { + type = string + description = "API key with permsissions to run commands on agents (usually ops permisions)" + sensitive = true +} + +variable "scope_slug" { + type = string + description = "The slug of the scope definition" +} + +variable "agent_command" { + type = object({ + type = string + data = object({ + cmdline = string + arguments = optional(list(string), []) + environment = optional(map(string), {}) + }) + }) + +} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf index 1d9dac8..b8a77cc 100644 --- a/modules/nullplatform/scope-definition/main.tf +++ b/modules/nullplatform/scope-definition/main.tf @@ -4,15 +4,15 @@ # Fetch service specification template data "http" "service_spec_template" { - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/service-spec.json.tpl" + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" } - # Fetch action specification templates data "http" "action_templates" { - for_each = toset(var.action_spec_names) - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/actions/${each.key}.json.tpl" + for_each = toset(local.available_actions) + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" } + ################################################################################ # Step 2: Process and Create Service Specification ################################################################################ @@ -20,12 +20,13 @@ data "http" "action_templates" { locals { # Process the template by replacing the template variables # replace is done because some old templates contain gomplate placeholders - service_spec_rendered = replace( + service_spec_rendered = var.use_tpl_files ? replace( data.http.service_spec_template.response_body, "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", "\"${var.nrn}\"" - ) + ) : data.http.service_spec_template.response_body service_spec_parsed = jsondecode(local.service_spec_rendered) + available_actions = local.service_spec_parsed.available_actions } # Create service specification @@ -76,22 +77,22 @@ resource "nullplatform_scope_type" "from_template" { # Step 4: Create Action Specifications ################################################################################ -# Process action templates - direct JSON parsing (they don't contain template variables) +# Process action templates - conditional processing based on file type # replace is done because some old templates contain gomplate placeholders locals { action_specs_parsed = { - for name in var.action_spec_names : - name => jsondecode(replace( + for name in local.available_actions : + name => jsondecode(var.use_tpl_files ? replace( data.http.action_templates[name].response_body, "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", "\"\"" - )) + ) : data.http.action_templates[name].response_body) } } # Create action specifications resource "nullplatform_action_specification" "from_templates" { - for_each = toset(var.action_spec_names) + for_each = toset(local.available_actions ) depends_on = [nullplatform_service_specification.from_template] service_specification_id = local.service_specification_id diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf index d6bc51c..35d59ea 100644 --- a/modules/nullplatform/scope-definition/outputs.tf +++ b/modules/nullplatform/scope-definition/outputs.tf @@ -12,6 +12,11 @@ output "service_specification_slug" { description = "The slug of the created service specification" } +output "slug" { + value = nullplatform_service_specification.from_template.slug + description = "The slug of the created service specification" +} + output "scope_type_id" { value = nullplatform_scope_type.from_template.id description = "The ID of the created scope type" @@ -49,4 +54,9 @@ output "scope_name" { output "scope_description" { value = var.scope_description description = "The name of the scope definition" +} + +output "specification" { + value = local.service_spec_parsed + description = "The attributes of the created service specification" } \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf index 062dcaa..676b3bc 100644 --- a/modules/nullplatform/scope-definition/variables.tf +++ b/modules/nullplatform/scope-definition/variables.tf @@ -54,6 +54,12 @@ variable "action_spec_names" { description = "List of action specification template names to fetch and create" } +variable "use_tpl_files" { + type = bool + default = true + description = "Whether to use .tpl files (true) or .json files (false) for templates" +} + # NRN Patch Configuration variable "np_api_key" { type = string From d5a56f6ac6437cf12f5307d64e59598f64bef6ea Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Wed, 17 Sep 2025 18:13:58 -0300 Subject: [PATCH 02/87] Simolify asociation process --- .../README.md | 5 +-- .../main.tf | 18 ++++---- .../variables.tf | 44 ++++++++++++++++++- .../nullplatform/scope-definition/outputs.tf | 5 +++ .../scope-definition/variables.tf | 6 +++ 5 files changed, 65 insertions(+), 13 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/README.md b/modules/nullplatform/scope-definition-agent-association/README.md index c21406a..1014386 100644 --- a/modules/nullplatform/scope-definition-agent-association/README.md +++ b/modules/nullplatform/scope-definition-agent-association/README.md @@ -13,16 +13,15 @@ module "k8s_scope_definition" { github_ref = "features/specs_for_automation" github_scope_path = "k8s" scope_name = "K8S Webserver" + workflow_override_path = "../../nullplatform-training/partner-training/3-scopes-getting-started/scope-override" scope_description = "Webserver running in a Kubernetes cluster" } module "k8s_agent_asociation" { source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition-agent-association?ref=alpha" - nrn = var.np_account_nrn agent_api_key = var.np_api_key - scope_slug = module.k8s_scope_definition.slug - agent_command = module.k8s_scope_definition.specification.agent_command + scope_definition=module.k8s_scope_definition agent_tags = { "environment" = "demo", "training" = "ingenia", "cluster" = "geisbruch" } } ``` diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf index f93300c..047b44c 100644 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ b/modules/nullplatform/scope-definition-agent-association/main.tf @@ -1,29 +1,29 @@ resource "nullplatform_notification_channel" "channel_from_template" { - nrn = var.nrn + nrn = local.merged_config.nrn type = "agent" - source = var.channel_sources + source = local.merged_config.channel_sources configuration { dynamic "agent" { for_each = [1] content { - api_key = var.agent_api_key + api_key = local.merged_config.agent_api_key command { - type = var.agent_command.type + type = local.merged_config.specification.agent_command.type data = { - cmdline = var.agent_command.data.cmdline - arguments = jsonencode(try(var.agent_command.data.arguments, [])) - environment = jsonencode(try(var.agent_command.data.environment, {})) + cmdline = local.merged_config.workflow_override_path != "" ? "${local.merged_config.specification.agent_command.data.cmdline} --overrides-path=${local.merged_config.workflow_override_path}" : local.merged_config.specification.agent_command.data.cmdline + arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) + environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) } } - selector = var.agent_tags + selector = local.merged_config.agent_tags } } } filters = jsonencode({ - "service.specification.slug" = var.scope_slug + "service.specification.slug" = local.merged_config.slug }) } diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf index 14133f7..541731d 100644 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -5,11 +5,13 @@ variable "nrn" { type = string description = "Nullplatform Resource Name (organization:account format)" + default = null } variable "agent_tags" { type = map(string) description = "Agent tags" + } variable "channel_sources" { @@ -34,8 +36,14 @@ variable "agent_api_key" { variable "scope_slug" { type = string description = "The slug of the scope definition" + default = null +} +variable "workflow_override_path" { + type = string + default = null + description = "Path to a custom workflow file to override the default one" + } - variable "agent_command" { type = object({ type = string @@ -45,5 +53,39 @@ variable "agent_command" { environment = optional(map(string), {}) }) }) + default = null +} + +variable "scope_definition" { + type = object({ + slug = string, + workflow_override_path = string, + specification = object({ + agent_command = object({ + type = string + data = object({ + cmdline = string + arguments = optional(list(string), []) + environment = optional(map(string), {}) + }) + }) + }) + }) +} + +locals { + merged_config = merge( + { + nrn = var.nrn + agent_tags = var.agent_tags + channel_sources = var.channel_sources + channel_type = var.channel_type + agent_api_key = var.agent_api_key + slug = var.scope_slug + agent_command = var.agent_command + workflow_override_path = var.workflow_override_path + }, + var.scope_definition + ) } \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf index 35d59ea..bcb54b7 100644 --- a/modules/nullplatform/scope-definition/outputs.tf +++ b/modules/nullplatform/scope-definition/outputs.tf @@ -59,4 +59,9 @@ output "scope_description" { output "specification" { value = local.service_spec_parsed description = "The attributes of the created service specification" +} + +output "workflow_override_path" { + value = var.workflow_override_path + description = "The path to the custom workflow file" } \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf index 676b3bc..4a83630 100644 --- a/modules/nullplatform/scope-definition/variables.tf +++ b/modules/nullplatform/scope-definition/variables.tf @@ -13,6 +13,12 @@ variable "github_repo_url" { description = "GitHub repository URL containing templates" } +variable "workflow_override_path" { + type = string + default = "" + description = "Path to a custom workflow file to override the default one" +} + variable "github_ref" { type = string default = "main" From 5e0eed91805c07e05e2d3c868533d2514f3844bf Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Wed, 17 Sep 2025 23:01:27 -0300 Subject: [PATCH 03/87] Update to support metrics --- .../README.md | 2 +- .../main.tf | 11 ++++++++-- .../variables.tf | 18 +++++++++++++++ modules/nullplatform/scope-definition/main.tf | 22 +++++++++++++++++++ .../nullplatform/scope-definition/outputs.tf | 11 ++++++++++ .../scope-definition/variables.tf | 20 +++++++++++++++++ 6 files changed, 81 insertions(+), 3 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/README.md b/modules/nullplatform/scope-definition-agent-association/README.md index 1014386..2548ba2 100644 --- a/modules/nullplatform/scope-definition-agent-association/README.md +++ b/modules/nullplatform/scope-definition-agent-association/README.md @@ -13,7 +13,7 @@ module "k8s_scope_definition" { github_ref = "features/specs_for_automation" github_scope_path = "k8s" scope_name = "K8S Webserver" - workflow_override_path = "../../nullplatform-training/partner-training/3-scopes-getting-started/scope-override" + workflow_override_values = "../../nullplatform-training/partner-training/3-scopes-getting-started/scope-override/values.yaml" scope_description = "Webserver running in a Kubernetes cluster" } diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf index 047b44c..20f4d1e 100644 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ b/modules/nullplatform/scope-definition-agent-association/main.tf @@ -12,7 +12,11 @@ resource "nullplatform_notification_channel" "channel_from_template" { command { type = local.merged_config.specification.agent_command.type data = { - cmdline = local.merged_config.workflow_override_path != "" ? "${local.merged_config.specification.agent_command.data.cmdline} --overrides-path=${local.merged_config.workflow_override_path}" : local.merged_config.specification.agent_command.data.cmdline + cmdline = join(" ", compact([ + local.merged_config.specification.agent_command.data.cmdline, + local.merged_config.workflow_override_path != "" ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", + local.merged_config.workflow_override_values != "" ? "--values=${local.merged_config.workflow_override_values}" : "" + ])) arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) } @@ -24,6 +28,9 @@ resource "nullplatform_notification_channel" "channel_from_template" { } filters = jsonencode({ - "service.specification.slug" = local.merged_config.slug + "$or" = [ + {"service.specification.slug" = {"$eq": local.merged_config.slug }}, + {"arguments.scope_provider" = {"$eq": local.merged_config.scope_provider_id }} + ] }) } diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf index 541731d..279f3c4 100644 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -57,10 +57,26 @@ variable "agent_command" { } +variable "workflow_override_values" { + type = string + default = "null" + description = "Values to override in the workflow file" + +} + +variable "scope_provider_id" { + type = string + description = "The ID of the scope provider associated with the scope definition" + default = null + +} + variable "scope_definition" { type = object({ slug = string, workflow_override_path = string, + workflow_override_values = string, + scope_provider_id = string, specification = object({ agent_command = object({ type = string @@ -83,8 +99,10 @@ locals { channel_type = var.channel_type agent_api_key = var.agent_api_key slug = var.scope_slug + scope_provider_id = var.scope_provider_id agent_command = var.agent_command workflow_override_path = var.workflow_override_path + workflow_override_values = var.workflow_override_values }, var.scope_definition ) diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf index b8a77cc..e9d3593 100644 --- a/modules/nullplatform/scope-definition/main.tf +++ b/modules/nullplatform/scope-definition/main.tf @@ -102,3 +102,25 @@ resource "nullplatform_action_specification" "from_templates" { results = jsonencode(local.action_specs_parsed[each.key].results) retryable = try(local.action_specs_parsed[each.key].retryable, false) } + +resource "null_resource" "nrn_patch" { + depends_on = [nullplatform_service_specification.from_template] + + triggers = { + nrn = var.nrn + service_slug = local.service_slug + } + + provisioner "local-exec" { + command = <<-EOT + np nrn patch --nrn "${var.nrn}" --body "{ + \"global.${local.service_slug}_metric_provider\": \"${var.metrics_provider}\", + \"global.${local.service_slug}_log_provider\": \"${var.logs_provider}\" + }" + EOT + + environment = { + NP_API_KEY = var.np_api_key + } + } +} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf index bcb54b7..631e507 100644 --- a/modules/nullplatform/scope-definition/outputs.tf +++ b/modules/nullplatform/scope-definition/outputs.tf @@ -64,4 +64,15 @@ output "specification" { output "workflow_override_path" { value = var.workflow_override_path description = "The path to the custom workflow file" +} +output "workflow_override_values" { + value = var.workflow_override_values + description = "The workflow override values" + +} + +output "scope_provider_id" { + value = nullplatform_service_specification.from_template.id + description = "The ID of the scope provider associated with the scope definition" + } \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf index 4a83630..6301389 100644 --- a/modules/nullplatform/scope-definition/variables.tf +++ b/modules/nullplatform/scope-definition/variables.tf @@ -19,6 +19,13 @@ variable "workflow_override_path" { description = "Path to a custom workflow file to override the default one" } +variable "workflow_override_values" { + type = string + default = "" + description = "Values to override in the workflow file" + +} + variable "github_ref" { type = string default = "main" @@ -60,6 +67,19 @@ variable "action_spec_names" { description = "List of action specification template names to fetch and create" } +variable "logs_provider" { + type = string + default = "external" + description = "The logs provider to be used" +} + +variable "metrics_provider" { + type = string + default = "externalmetrics" + description = "The metrics provider to be used" + +} + variable "use_tpl_files" { type = bool default = true From c13ec02c41d2417bc237b39bdffc6d555207c7ba Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Wed, 17 Sep 2025 23:03:05 -0300 Subject: [PATCH 04/87] Update to support metrics --- modules/nullplatform/scope-definition/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf index e9d3593..0d1b8d7 100644 --- a/modules/nullplatform/scope-definition/main.tf +++ b/modules/nullplatform/scope-definition/main.tf @@ -103,6 +103,7 @@ resource "nullplatform_action_specification" "from_templates" { retryable = try(local.action_specs_parsed[each.key].retryable, false) } +## TODO: Change by NRN API when available or provider resource "null_resource" "nrn_patch" { depends_on = [nullplatform_service_specification.from_template] From 2eba5e875b2daf66002113c59d96f6462f93f56c Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 11:11:44 -0300 Subject: [PATCH 05/87] Add service definition --- .../service-definition/backend.tf | 16 +++ .../nullplatform/service-definition/main.tf | 129 ++++++++++++++++++ .../service-definition/outputs.tf | 88 ++++++++++++ .../service-definition/variables.tf | 87 ++++++++++++ 4 files changed, 320 insertions(+) create mode 100644 modules/nullplatform/service-definition/backend.tf create mode 100644 modules/nullplatform/service-definition/main.tf create mode 100644 modules/nullplatform/service-definition/outputs.tf create mode 100644 modules/nullplatform/service-definition/variables.tf diff --git a/modules/nullplatform/service-definition/backend.tf b/modules/nullplatform/service-definition/backend.tf new file mode 100644 index 0000000..8fda109 --- /dev/null +++ b/modules/nullplatform/service-definition/backend.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + http = { + source = "hashicorp/http" + } + external = { + source = "hashicorp/external" + } + null = { + source = "hashicorp/null" + } + } +} diff --git a/modules/nullplatform/service-definition/main.tf b/modules/nullplatform/service-definition/main.tf new file mode 100644 index 0000000..83f98ca --- /dev/null +++ b/modules/nullplatform/service-definition/main.tf @@ -0,0 +1,129 @@ + +################################################################################ +# Step 1: Fetch Templates +################################################################################ + +locals { + git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" + full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null +} + +# Fetch service specification template +data "http" "service_spec_template" { + url = "${local.full_git_repo_url}/${var.git_service_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" +} +# Fetch action specification templates +data "http" "action_templates" { + for_each = toset(local.available_actions) + url = "${local.full_git_repo_url}/${var.git_service_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" +} + +data "http" "link_templates" { + for_each = toset(local.available_links) + url = "${local.full_git_repo_url}/${var.git_service_path}/specs/links/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" +} + + +################################################################################ +# Step 2: Process and Create Service Specification +################################################################################ + +locals { + # Process the template by replacing the template variables + # replace is done because some old templates contain gomplate placeholders + service_spec_rendered = var.use_tpl_files ? replace( + data.http.service_spec_template.response_body, + "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", + "\"${var.nrn}\"" + ) : data.http.service_spec_template.response_body + service_spec_parsed = jsondecode(local.service_spec_rendered) + available_actions = try(local.service_spec_parsed.available_actions, []) + available_links = try(local.service_spec_parsed.available_links, []) + visible_to_nrns = concat([var.nrn], var.extra_visibile_to_nrns) + +} + +# Create service specification +resource "nullplatform_service_specification" "from_template" { + name = var.service_name + visible_to = local.visible_to_nrns + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) + use_default_actions = local.service_spec_parsed.use_default_actions + + selectors { + category = local.service_spec_parsed.selectors.category + imported = local.service_spec_parsed.selectors.imported + provider = local.service_spec_parsed.selectors.provider + sub_category = local.service_spec_parsed.selectors.sub_category + } + dimensions = jsonencode(var.dimensions) +} + +locals { + # Variables that depend on created service specification + service_specification_id = nullplatform_service_specification.from_template.id + service_slug = nullplatform_service_specification.from_template.slug + + dependent_env_vars = { + NRN = var.nrn + SERVICE_SPECIFICATION_ID = local.service_specification_id + SERVICE_SLUG = local.service_slug + } +} + +################################################################################ +# Process action templates - conditional processing based on file type +# replace is done because some old templates contain gomplate placeholders +locals { + action_specs_parsed = { + for name in local.available_actions : + name => jsondecode(var.use_tpl_files ? replace( + data.http.action_templates[name].response_body, + "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", + "\"\"" + ) : data.http.action_templates[name].response_body) + } +} + +# Create action specifications +resource "nullplatform_action_specification" "from_templates" { + for_each = toset(local.available_actions ) + depends_on = [nullplatform_service_specification.from_template] + + service_specification_id = local.service_specification_id + name = local.action_specs_parsed[each.key].name + type = local.action_specs_parsed[each.key].type + parameters = jsonencode(local.action_specs_parsed[each.key].parameters) + results = jsonencode(local.action_specs_parsed[each.key].results) + retryable = try(local.action_specs_parsed[each.key].retryable, false) +} + + +locals { + link_specs_parsed = { + for name in local.available_links : + name => jsondecode(var.use_tpl_files ? replace( + data.http.link_templates[name].response_body, + "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", + "\"\"" + ) : data.http.link_templates[name].response_body) + } +} + +resource "nullplatform_link_specification" "service_link_from_templates" { + for_each = toset(local.available_links ) + depends_on = [nullplatform_service_specification.from_template] + + name = local.link_specs_parsed[each.key].name + unique = try(local.link_specs_parsed[each.key].unique, false) + specification_id = local.service_specification_id + attributes = jsonencode(local.link_specs_parsed[each.key].attributes) + use_default_actions = try(local.link_specs_parsed[each.key].use_default_actions, true) + selectors { + category = local.service_spec_parsed.selectors.category + imported = local.service_spec_parsed.selectors.imported + provider = local.service_spec_parsed.selectors.provider + sub_category = local.service_spec_parsed.selectors.sub_category + } +} \ No newline at end of file diff --git a/modules/nullplatform/service-definition/outputs.tf b/modules/nullplatform/service-definition/outputs.tf new file mode 100644 index 0000000..651b802 --- /dev/null +++ b/modules/nullplatform/service-definition/outputs.tf @@ -0,0 +1,88 @@ +################################################################################ +# Scope Definition Module Outputs +################################################################################ + +output "service_specification_id" { + value = nullplatform_service_specification.from_template.id + description = "The ID of the created service specification" +} + +output "service_specification_slug" { + value = nullplatform_service_specification.from_template.slug + description = "The slug of the created service specification" +} + +output "slug" { + value = nullplatform_service_specification.from_template.slug + description = "The slug of the created service specification" +} + +output "action_specification_ids" { + value = { + for k, v in nullplatform_action_specification.from_templates : k => v.id + } + description = "Map of action specification names to their IDs" +} + + +output "link_specification_ids" { + value = { + for k, v in nullplatform_link_specification.service_link_from_templates : k => v.id + } + description = "Map of link specification names to their IDs" +} + +output "nrn" { + value = var.nrn + description = "The NRN of the created service specification" +} +output "git_provider" { + value = var.git_provider + description = "The Git provider associated with the service specification" +} +output "git_user" { + value = var.git_user + description = "The Git user associated with the service specification" +} +output "git_password" { + value = var.git_password + description = "The Git password associated with the service specification" + sensitive = true +} +output "git_repo" { + value = var.git_repo + description = "The GitHub repository URL associated with the service specification" +} +output "git_ref" { + value = var.git_ref + description = "The GitHub branch associated with the service specification" +} +output "git_service_path" { + value = var.git_service_path + description = "The GitHub path associated with the service specification" +} + +output "service_name" { + value = var.service_name + description = "The name of the scope definition" +} + +output "service_description" { + value = var.service_description + description = "The description of the service definition" +} + +output "specification" { + value = local.service_spec_parsed + description = "The attributes of the created service specification" +} + +output "workflow_override_path" { + value = var.workflow_override_path + description = "The path to the custom workflow file" +} +output "workflow_override_values" { + value = var.workflow_override_values + description = "The workflow override values" + +} diff --git a/modules/nullplatform/service-definition/variables.tf b/modules/nullplatform/service-definition/variables.tf new file mode 100644 index 0000000..747f644 --- /dev/null +++ b/modules/nullplatform/service-definition/variables.tf @@ -0,0 +1,87 @@ +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "nrn" { + type = string + description = "Nullplatform Resource Name (organization:account format)" +} +variable "git_provider" { + type = string + default = "github" + description = "Git provider (e.g., github, gitlab)" +} +variable "git_user" { + type = string + default = null + description = "Git provider (e.g., github, gitlab)" +} +variable "git_password" { + type = string + default = null + sensitive = true + description = "Git provider (e.g., github, gitlab)" +} +variable "git_repo" { + type = string + default = "nullplatform/services" + description = "GitHub repository URL containing templates" +} + +variable "workflow_override_path" { + type = string + default = "" + description = "Path to a custom workflow file to override the default one" +} + +variable "workflow_override_values" { + type = string + default = "" + description = "Values to override in the workflow file" + +} + +variable "git_ref" { + type = string + default = "main" + description = "Git reference (branch, tag, or commit)" +} + +variable "git_service_path" { + type = string + description = "Path within the repository for the specific service (e.g., databases/postgres/k8s)" +} + +variable "service_name" { + type = string + description = "Name of the scope type to be created" +} +variable "service_description" { + type = string + description = "Description of the scope type to be created" +} + +variable "use_tpl_files" { + type = bool + default = false + description = "Whether to use .tpl files (true) or .json files (false) for templates" +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "extra_visibile_to_nrns" { + type = list(string) + default = [] + description = "Additional NRNs that should have visibility to the created service specification" +} +variable "dimensions" { + type = map(string) + default = null + description = "Key-value pairs for dimensions to be associated with the service specification" + +} \ No newline at end of file From 2d804f3101f5c718b39c5f0376bd8f6fb462347f Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 11:13:33 -0300 Subject: [PATCH 06/87] Add readme --- .../nullplatform/service-definition/README.md | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 modules/nullplatform/service-definition/README.md diff --git a/modules/nullplatform/service-definition/README.md b/modules/nullplatform/service-definition/README.md new file mode 100644 index 0000000..f3f7a9e --- /dev/null +++ b/modules/nullplatform/service-definition/README.md @@ -0,0 +1,89 @@ +## [ALPHA] Service-Definition module + +## How to use it + +```hcl +module "service_definition" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition" + + nrn = "organization:account" + np_api_key = "your-api-key" + git_repo = "nullplatform/services" + git_ref = "main" + git_service_path = "databases/postgres/k8s" + service_name = "PostgreSQL Database" + service_description = "PostgreSQL database service running in Kubernetes" + dimensions = { + environment = "production" + region = "us-east-1" + } +} +``` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [http](#provider\_http) | n/a | +| [nullplatform](#provider\_nullplatform) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | +| [nullplatform_link_specification.service_link_from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/link_specification) | resource | +| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | +| [http_http.action_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | +| [http_http.link_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | +| [http_http.service_spec_template](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [dimensions](#input\_dimensions) | Key-value pairs for dimensions to be associated with the service specification | `map(string)` | `null` | no | +| [extra\_visibile\_to\_nrns](#input\_extra\_visibile\_to\_nrns) | Additional NRNs that should have visibility to the created service specification | `list(string)` | `[]` | no | +| [git\_password](#input\_git\_password) | Git provider (e.g., github, gitlab) | `string` | `null` | no | +| [git\_provider](#input\_git\_provider) | Git provider (e.g., github, gitlab) | `string` | `"github"` | no | +| [git\_ref](#input\_git\_ref) | Git reference (branch, tag, or commit) | `string` | `"main"` | no | +| [git\_repo](#input\_git\_repo) | GitHub repository URL containing templates | `string` | `"nullplatform/services"` | no | +| [git\_service\_path](#input\_git\_service\_path) | Path within the repository for the specific service (e.g., databases/postgres/k8s) | `string` | n/a | yes | +| [git\_user](#input\_git\_user) | Git provider (e.g., github, gitlab) | `string` | `null` | no | +| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | +| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | +| [service\_description](#input\_service\_description) | Description of the scope type to be created | `string` | n/a | yes | +| [service\_name](#input\_service\_name) | Name of the scope type to be created | `string` | n/a | yes | +| [use\_tpl\_files](#input\_use\_tpl\_files) | Whether to use .tpl files (true) or .json files (false) for templates | `bool` | `false` | no | +| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `""` | no | +| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [action\_specification\_ids](#output\_action\_specification\_ids) | Map of action specification names to their IDs | +| [git\_password](#output\_git\_password) | The Git password associated with the service specification | +| [git\_provider](#output\_git\_provider) | The Git provider associated with the service specification | +| [git\_ref](#output\_git\_ref) | The GitHub branch associated with the service specification | +| [git\_repo](#output\_git\_repo) | The GitHub repository URL associated with the service specification | +| [git\_service\_path](#output\_git\_service\_path) | The GitHub path associated with the service specification | +| [git\_user](#output\_git\_user) | The Git user associated with the service specification | +| [link\_specification\_ids](#output\_link\_specification\_ids) | Map of link specification names to their IDs | +| [nrn](#output\_nrn) | The NRN of the created service specification | +| [service\_description](#output\_service\_description) | The description of the service definition | +| [service\_name](#output\_service\_name) | The name of the scope definition | +| [service\_specification\_id](#output\_service\_specification\_id) | The ID of the created service specification | +| [service\_specification\_slug](#output\_service\_specification\_slug) | The slug of the created service specification | +| [slug](#output\_slug) | The slug of the created service specification | +| [specification](#output\_specification) | The attributes of the created service specification | +| [workflow\_override\_path](#output\_workflow\_override\_path) | The path to the custom workflow file | +| [workflow\_override\_values](#output\_workflow\_override\_values) | The workflow override values | \ No newline at end of file From b0ecea253b3033217e7ce4fcb29aea5df7cd0c6f Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 12:17:42 -0300 Subject: [PATCH 07/87] Add service-definition-agent-association --- .../backend.tf | 16 +++ .../main.tf | 36 ++++++ .../outputs.tf | 8 ++ .../variables.tf | 110 ++++++++++++++++++ 4 files changed, 170 insertions(+) create mode 100644 modules/nullplatform/service-definition-agent-association/backend.tf create mode 100644 modules/nullplatform/service-definition-agent-association/main.tf create mode 100644 modules/nullplatform/service-definition-agent-association/outputs.tf create mode 100644 modules/nullplatform/service-definition-agent-association/variables.tf diff --git a/modules/nullplatform/service-definition-agent-association/backend.tf b/modules/nullplatform/service-definition-agent-association/backend.tf new file mode 100644 index 0000000..8fda109 --- /dev/null +++ b/modules/nullplatform/service-definition-agent-association/backend.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + } + http = { + source = "hashicorp/http" + } + external = { + source = "hashicorp/external" + } + null = { + source = "hashicorp/null" + } + } +} diff --git a/modules/nullplatform/service-definition-agent-association/main.tf b/modules/nullplatform/service-definition-agent-association/main.tf new file mode 100644 index 0000000..0a92f0d --- /dev/null +++ b/modules/nullplatform/service-definition-agent-association/main.tf @@ -0,0 +1,36 @@ + +resource "nullplatform_notification_channel" "channel_from_template" { + nrn = local.merged_config.nrn + type = "agent" + source = local.merged_config.channel_sources + + + configuration { + dynamic "agent" { + for_each = [1] + content { + api_key = local.merged_config.agent_api_key + command { + type = local.merged_config.specification.agent_command.type + data = { + cmdline = join(" ", compact([ + local.merged_config.specification.agent_command.data.cmdline, + local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", + local.merged_config.workflow_override_values != null ? "--values=${local.merged_config.workflow_override_values}" : "" + ])) + arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) + environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) + } + } + + selector = local.merged_config.agent_tags + } + } + } + + filters = jsonencode({ + "$or" = [ + {"service.specification.slug" = {"$eq": local.merged_config.slug }} + ] + }) +} diff --git a/modules/nullplatform/service-definition-agent-association/outputs.tf b/modules/nullplatform/service-definition-agent-association/outputs.tf new file mode 100644 index 0000000..eed0514 --- /dev/null +++ b/modules/nullplatform/service-definition-agent-association/outputs.tf @@ -0,0 +1,8 @@ +################################################################################ +# Scope Definition Module Outputs +################################################################################ + +output "id" { + value = nullplatform_notification_channel.channel_from_template.id + description = "The ID of the created notification channel" +} \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/variables.tf b/modules/nullplatform/service-definition-agent-association/variables.tf new file mode 100644 index 0000000..f178c7b --- /dev/null +++ b/modules/nullplatform/service-definition-agent-association/variables.tf @@ -0,0 +1,110 @@ +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "nrn" { + type = string + description = "Nullplatform Resource Name (organization:account format)" + default = null +} + +variable "agent_tags" { + type = map(string) + description = "Agent tags" +} + +variable "channel_sources" { + type = list(string) + description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" + default = [ "telemetry", "service" ] +} + +variable "channel_type" { + type = string + description = "Type of the notification channel (e.g., 'agent')" + default = "agent" + +} + +variable "agent_api_key" { + type = string + description = "API key with permsissions to run commands on agents (usually ops permisions)" + sensitive = true +} + +variable "service_slug" { + type = string + description = "The slug of the scope definition" + default = null +} +variable "workflow_override_path" { + type = string + default = null + description = "Path to a custom workflow file to override the default one" + +} +variable "agent_command" { + type = object({ + type = string + data = object({ + cmdline = string + arguments = optional(list(string), []) + environment = optional(map(string), {}) + }) + }) + default = null + +} + +variable "workflow_override_values" { + type = string + default = "null" + description = "Values to override in the workflow file" + +} + +variable "service_specification_id" { + type = string + description = "The ID of the service definition associated with the agent" + default = null + +} + +variable "service_definition" { + type = object({ + nrn = string, + slug = string, + workflow_override_path = string, + workflow_override_values = string, + service_specification_id = string, + specification = object({ + agent_command = object({ + type = string + data = object({ + cmdline = string + arguments = optional(list(string), []) + environment = optional(map(string), {}) + }) + }) + }) + }) +} + +locals { + merged_config = merge( + { + nrn = var.nrn + agent_tags = var.agent_tags + channel_sources = var.channel_sources + channel_type = var.channel_type + agent_api_key = var.agent_api_key + slug = var.service_slug + service_specification_id = var.service_specification_id + agent_command = var.agent_command + workflow_override_path = var.workflow_override_path + workflow_override_values = var.workflow_override_values + }, + var.service_definition + + ) +} \ No newline at end of file From d9650f74951e18a99ae69fbf2107bf96bb14b125 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 12:21:05 -0300 Subject: [PATCH 08/87] Add readme --- .../README.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 modules/nullplatform/service-definition-agent-association/README.md diff --git a/modules/nullplatform/service-definition-agent-association/README.md b/modules/nullplatform/service-definition-agent-association/README.md new file mode 100644 index 0000000..27575b2 --- /dev/null +++ b/modules/nullplatform/service-definition-agent-association/README.md @@ -0,0 +1,67 @@ +## [ALPHA] Service-Definition-Agent-Association module + +This module creates a notification channel that associates agents with a specific service definition, enabling agent-based operations for services within that scope. + +## How to use it + +```hcl +module "service_definition" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition?ref=alpha" + nrn = var.np_account_nrn + np_api_key = var.np_api_key + git_repo = "nullplatform/services" + git_ref = "main" + git_service_path = "databases/postgres/k8s" + service_name = "PostgreSQL Database" + service_description = "PostgreSQL database service running in Kubernetes" +} + +module "service_agent_association" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition-agent-association?ref=alpha" + agent_api_key = var.np_api_key + service_definition = module.service_definition + agent_tags = { "environment" = "production", "cluster" = "k8s-prod" } +} +``` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [nullplatform](#provider\_nullplatform) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [agent\_api\_key](#input\_agent\_api\_key) | API key with permsissions to run commands on agents (usually ops permisions) | `string` | n/a | yes | +| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| `null` | no | +| [agent\_tags](#input\_agent\_tags) | Agent tags | `map(string)` | n/a | yes | +| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel (e.g., ['monitoring', 'alerts']) | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | +| [channel\_type](#input\_channel\_type) | Type of the notification channel (e.g., 'agent') | `string` | `"agent"` | no | +| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | `null` | no | +| [service\_definition](#input\_service\_definition) | The service definition object from the service-definition module | 
object({
    nrn = string,
    slug = string,
    workflow_override_path = string,
    workflow_override_values = string,
    service_specification_id = string,
    specification = object({
      agent_command = object({
        type = string
        data = object({
          cmdline     = string
          arguments   = optional(list(string), [])
          environment = optional(map(string), {})
        })
      })
    })
  })
| n/a | yes | +| [service\_slug](#input\_service\_slug) | The slug of the scope definition | `string` | `null` | no | +| [service\_specification\_id](#input\_service\_specification\_id) | The ID of the service definition associated with the agent | `string` | `null` | no | +| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `null` | no | +| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `"null"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file From 73076e3ec70f1648658cc373173cfd067a18b496 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 12:47:56 -0300 Subject: [PATCH 09/87] Fixes --- modules/nullplatform/scope-definition/variables.tf | 4 ++-- .../nullplatform/service-definition-agent-association/main.tf | 1 - modules/nullplatform/service-definition/variables.tf | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf index 6301389..71ca828 100644 --- a/modules/nullplatform/scope-definition/variables.tf +++ b/modules/nullplatform/scope-definition/variables.tf @@ -15,13 +15,13 @@ variable "github_repo_url" { variable "workflow_override_path" { type = string - default = "" + default = null description = "Path to a custom workflow file to override the default one" } variable "workflow_override_values" { type = string - default = "" + default = null description = "Values to override in the workflow file" } diff --git a/modules/nullplatform/service-definition-agent-association/main.tf b/modules/nullplatform/service-definition-agent-association/main.tf index 0a92f0d..6acabf4 100644 --- a/modules/nullplatform/service-definition-agent-association/main.tf +++ b/modules/nullplatform/service-definition-agent-association/main.tf @@ -16,7 +16,6 @@ resource "nullplatform_notification_channel" "channel_from_template" { cmdline = join(" ", compact([ local.merged_config.specification.agent_command.data.cmdline, local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", - local.merged_config.workflow_override_values != null ? "--values=${local.merged_config.workflow_override_values}" : "" ])) arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) diff --git a/modules/nullplatform/service-definition/variables.tf b/modules/nullplatform/service-definition/variables.tf index 747f644..7049d1d 100644 --- a/modules/nullplatform/service-definition/variables.tf +++ b/modules/nullplatform/service-definition/variables.tf @@ -30,13 +30,13 @@ variable "git_repo" { variable "workflow_override_path" { type = string - default = "" + default = null description = "Path to a custom workflow file to override the default one" } variable "workflow_override_values" { type = string - default = "" + default = null description = "Values to override in the workflow file" } From cf83b3e2c37d325807838a827d0a7de531ad63ae Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 18:07:58 -0300 Subject: [PATCH 10/87] Fix --- .../nullplatform/scope-definition-agent-association/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf index 20f4d1e..26ec383 100644 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ b/modules/nullplatform/scope-definition-agent-association/main.tf @@ -14,8 +14,8 @@ resource "nullplatform_notification_channel" "channel_from_template" { data = { cmdline = join(" ", compact([ local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != "" ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", - local.merged_config.workflow_override_values != "" ? "--values=${local.merged_config.workflow_override_values}" : "" + local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", + local.merged_config.workflow_override_values != null ? "--values=${local.merged_config.workflow_override_values}" : "" ])) arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) From c588b2dba597db304452f7244a315de4be1ef59e Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 18:13:03 -0300 Subject: [PATCH 11/87] Fix --- .../scope-definition-agent-association/variables.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf index 279f3c4..24512c1 100644 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -74,6 +74,7 @@ variable "scope_provider_id" { variable "scope_definition" { type = object({ slug = string, + nrn = string, workflow_override_path = string, workflow_override_values = string, scope_provider_id = string, @@ -92,6 +93,7 @@ variable "scope_definition" { locals { merged_config = merge( + var.scope_definition, { nrn = var.nrn agent_tags = var.agent_tags @@ -103,7 +105,6 @@ locals { agent_command = var.agent_command workflow_override_path = var.workflow_override_path workflow_override_values = var.workflow_override_values - }, - var.scope_definition + } ) } \ No newline at end of file From c788da4cbe12ce213b5efd6cb032a3183960cfc9 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 18:25:23 -0300 Subject: [PATCH 12/87] Fix --- .../nullplatform/scope-definition-agent-association/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf index 26ec383..4c0077c 100644 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ b/modules/nullplatform/scope-definition-agent-association/main.tf @@ -14,8 +14,7 @@ resource "nullplatform_notification_channel" "channel_from_template" { data = { cmdline = join(" ", compact([ local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", - local.merged_config.workflow_override_values != null ? "--values=${local.merged_config.workflow_override_values}" : "" + local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "" ])) arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) From 04ec53a3c1b16baea9be5208c35981782f6c0234 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 18:31:53 -0300 Subject: [PATCH 13/87] Fix --- .../scope-definition-agent-association/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf index 24512c1..d818710 100644 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -93,7 +93,6 @@ variable "scope_definition" { locals { merged_config = merge( - var.scope_definition, { nrn = var.nrn agent_tags = var.agent_tags @@ -105,6 +104,7 @@ locals { agent_command = var.agent_command workflow_override_path = var.workflow_override_path workflow_override_values = var.workflow_override_values - } + }, + var.scope_definition ) } \ No newline at end of file From 8696060a018a71f7d587cec58c62d2240ac2243f Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Mon, 22 Sep 2025 10:54:15 -0300 Subject: [PATCH 14/87] Update var merges --- .../variables.tf | 34 +++++++++++------- .../variables.tf | 36 +++++++++++-------- 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf index d818710..a583cdc 100644 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ b/modules/nullplatform/scope-definition-agent-association/variables.tf @@ -92,19 +92,29 @@ variable "scope_definition" { } locals { + base_config = { + nrn = var.nrn + agent_tags = var.agent_tags + channel_sources = var.channel_sources + channel_type = var.channel_type + agent_api_key = var.agent_api_key + slug = var.scope_slug + scope_provider_id = var.scope_provider_id + agent_command = var.agent_command + workflow_override_path = var.workflow_override_path + workflow_override_values = var.workflow_override_values + } + merged_config = merge( + local.base_config, { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.scope_slug - scope_provider_id = var.scope_provider_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - }, - var.scope_definition + for k, v in var.scope_definition : k => ( + # If key exists in base_config and scope_definition value is null, + # keep the base_config value, otherwise use scope_definition value + contains(keys(local.base_config), k) && v == null + ? local.base_config[k] + : v + ) + } ) } \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/variables.tf b/modules/nullplatform/service-definition-agent-association/variables.tf index f178c7b..6d40035 100644 --- a/modules/nullplatform/service-definition-agent-association/variables.tf +++ b/modules/nullplatform/service-definition-agent-association/variables.tf @@ -89,22 +89,30 @@ variable "service_definition" { }) }) } - locals { + base_config = { + nrn = var.nrn + agent_tags = var.agent_tags + channel_sources = var.channel_sources + channel_type = var.channel_type + agent_api_key = var.agent_api_key + slug = var.service_slug + service_specification_id = var.service_specification_id + agent_command = var.agent_command + workflow_override_path = var.workflow_override_path + workflow_override_values = var.workflow_override_values + } + merged_config = merge( + local.base_config, { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.service_slug - service_specification_id = var.service_specification_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - }, - var.service_definition - + for k, v in var.service_definition : k => ( + # If key exists in base_config and service_definition value is null, + # keep the base_config value, otherwise use service_definition value + contains(keys(local.base_config), k) && v == null + ? local.base_config[k] + : v + ) + } ) } \ No newline at end of file From 07adcc6d6d47391537aed72e436627ec3310fc96 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Mon, 22 Sep 2025 13:19:11 -0300 Subject: [PATCH 15/87] Change git usage --- modules/nullplatform/scope-definition/main.tf | 10 +++++-- .../nullplatform/scope-definition/outputs.tf | 12 ++++---- .../scope-definition/variables.tf | 29 ++++++++++++++----- 3 files changed, 36 insertions(+), 15 deletions(-) diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf index 0d1b8d7..69e6069 100644 --- a/modules/nullplatform/scope-definition/main.tf +++ b/modules/nullplatform/scope-definition/main.tf @@ -2,17 +2,23 @@ # Step 1: Fetch Templates ################################################################################ +locals { + git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" + full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null +} + # Fetch service specification template data "http" "service_spec_template" { - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" + url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" } # Fetch action specification templates data "http" "action_templates" { for_each = toset(local.available_actions) - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.github_scope_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" + url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" } + ################################################################################ # Step 2: Process and Create Service Specification ################################################################################ diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf index 631e507..7e1c6bb 100644 --- a/modules/nullplatform/scope-definition/outputs.tf +++ b/modules/nullplatform/scope-definition/outputs.tf @@ -33,16 +33,16 @@ output "nrn" { value = var.nrn description = "The NRN of the created service specification" } -output "github_repo_url" { - value = var.github_repo_url +output "git_repo_url" { + value = var.git_repo description = "The GitHub repository URL associated with the service specification" } -output "github_ref" { - value = var.github_ref +output "git_ref" { + value = var.git_ref description = "The GitHub branch associated with the service specification" } -output "github_scope_path" { - value = var.github_scope_path +output "git_scope_path" { + value = var.git_scope_path description = "The GitHub path associated with the service specification" } diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf index 71ca828..a388fac 100644 --- a/modules/nullplatform/scope-definition/variables.tf +++ b/modules/nullplatform/scope-definition/variables.tf @@ -6,11 +6,26 @@ variable "nrn" { type = string description = "Nullplatform Resource Name (organization:account format)" } - -variable "github_repo_url" { +variable "git_provider" { + type = string + default = "github" + description = "Git provider (e.g., github, gitlab)" +} +variable "git_user" { + type = string + default = null + description = "Git username for authentication" +} +variable "git_password" { + type = string + default = null + sensitive = true + description = "Git password or token for authentication" +} +variable "git_repo" { type = string - default = "https://github.com/nullplatform/scopes" - description = "GitHub repository URL containing templates" + default = "nullplatform/scopes" + description = "GitHub repository containing templates" } variable "workflow_override_path" { @@ -26,16 +41,16 @@ variable "workflow_override_values" { } -variable "github_ref" { +variable "git_ref" { type = string default = "main" description = "Git reference (branch, tag, or commit)" } -variable "github_scope_path" { +variable "git_scope_path" { type = string default = "k8s" - description = "Path within the repository for the specific scope (e.g., k8s, ecs)" + description = "Path within the repository for the specific scope (e.g., k8s, ecs)" } variable "scope_name" { From 60d7015f0295925fe1ee9881c391de7cbb883d2a Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Mon, 22 Sep 2025 19:15:00 -0300 Subject: [PATCH 16/87] Avoid circular reference --- modules/nullplatform/scope-definition/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf index 69e6069..ab72230 100644 --- a/modules/nullplatform/scope-definition/main.tf +++ b/modules/nullplatform/scope-definition/main.tf @@ -29,7 +29,7 @@ locals { service_spec_rendered = var.use_tpl_files ? replace( data.http.service_spec_template.response_body, "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"${var.nrn}\"" + "\"\"" ) : data.http.service_spec_template.response_body service_spec_parsed = jsondecode(local.service_spec_rendered) available_actions = local.service_spec_parsed.available_actions From c569885ac0e65d0d6a5a85540b37c1fbf72b7ae9 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 12:43:28 -0300 Subject: [PATCH 17/87] feat:add infraestructure --- infrastructure/aws/alb-controller/README.md | 37 ++++++ infrastructure/aws/alb-controller/data.tf | 7 ++ infrastructure/aws/alb-controller/iam.tf | 27 +++++ infrastructure/aws/alb-controller/locals.tf | 7 ++ infrastructure/aws/alb-controller/main.tf | 24 ++++ .../aws/alb-controller/providers.tf | 12 ++ ...-load-balancer-controller-values.tmpl.yaml | 5 + .../aws/alb-controller/variables.tf | 15 +++ infrastructure/aws/backend/README.md | 26 +++++ infrastructure/aws/backend/main.tf | 46 ++++++++ infrastructure/aws/backend/variables.tf | 4 + infrastructure/aws/eks/.terraform.lock.hcl | 108 ++++++++++++++++++ infrastructure/aws/eks/README.md | 26 +++++ infrastructure/aws/eks/data.tf | 15 +++ infrastructure/aws/eks/main.tf | 41 +++++++ infrastructure/aws/eks/variables.tf | 4 + infrastructure/aws/route53/README.md | 32 ++++++ infrastructure/aws/route53/main.tf | 10 ++ infrastructure/aws/route53/output.tf | 19 +++ infrastructure/aws/route53/varaibles.tf | 2 + infrastructure/aws/vpc/README.md | 17 +++ infrastructure/aws/vpc/main.tf | 23 ++++ infrastructure/aws/vpc/variables.tf | 20 ++++ infrastructure/azure/acr/README.md | 42 +++++++ infrastructure/azure/acr/datasource.tf | 5 + infrastructure/azure/acr/main.tf | 10 ++ infrastructure/azure/acr/output.tf | 15 +++ infrastructure/azure/acr/provider.tf | 17 +++ infrastructure/azure/acr/variables.tf | 21 ++++ infrastructure/azure/aks/main.tf | 0 infrastructure/azure/aks/output.tf | 0 infrastructure/azure/aks/provider.tf | 17 +++ infrastructure/azure/aks/variables.tf | 3 + infrastructure/azure/dns/.terraform.lock.hcl | 19 +++ infrastructure/azure/dns/README.md | 38 ++++++ infrastructure/azure/dns/main.tf | 4 + infrastructure/azure/dns/output.tf | 24 ++++ infrastructure/azure/dns/provider.tf | 17 +++ infrastructure/azure/dns/variables.tf | 14 +++ .../azure/resource_group/.terraform.lock.hcl | 19 +++ infrastructure/azure/resource_group/README.md | 36 ++++++ infrastructure/azure/resource_group/main.tf | 5 + infrastructure/azure/resource_group/output.tf | 9 ++ .../azure/resource_group/provider.tf | 17 +++ .../azure/resource_group/variable.tf | 16 +++ infrastructure/azure/vnet/.terraform.lock.hcl | 77 +++++++++++++ infrastructure/azure/vnet/README.md | 31 +++++ infrastructure/azure/vnet/main.tf | 12 ++ infrastructure/azure/vnet/output.tf | 5 + infrastructure/azure/vnet/provider.tf | 17 +++ infrastructure/azure/vnet/variables.tf | 46 ++++++++ 51 files changed, 1063 insertions(+) create mode 100644 infrastructure/aws/alb-controller/README.md create mode 100644 infrastructure/aws/alb-controller/data.tf create mode 100644 infrastructure/aws/alb-controller/iam.tf create mode 100644 infrastructure/aws/alb-controller/locals.tf create mode 100644 infrastructure/aws/alb-controller/main.tf create mode 100644 infrastructure/aws/alb-controller/providers.tf create mode 100644 infrastructure/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml create mode 100644 infrastructure/aws/alb-controller/variables.tf create mode 100644 infrastructure/aws/backend/README.md create mode 100644 infrastructure/aws/backend/main.tf create mode 100644 infrastructure/aws/backend/variables.tf create mode 100644 infrastructure/aws/eks/.terraform.lock.hcl create mode 100644 infrastructure/aws/eks/README.md create mode 100644 infrastructure/aws/eks/data.tf create mode 100644 infrastructure/aws/eks/main.tf create mode 100644 infrastructure/aws/eks/variables.tf create mode 100644 infrastructure/aws/route53/README.md create mode 100644 infrastructure/aws/route53/main.tf create mode 100644 infrastructure/aws/route53/output.tf create mode 100644 infrastructure/aws/route53/varaibles.tf create mode 100644 infrastructure/aws/vpc/README.md create mode 100644 infrastructure/aws/vpc/main.tf create mode 100644 infrastructure/aws/vpc/variables.tf create mode 100644 infrastructure/azure/acr/README.md create mode 100644 infrastructure/azure/acr/datasource.tf create mode 100644 infrastructure/azure/acr/main.tf create mode 100644 infrastructure/azure/acr/output.tf create mode 100644 infrastructure/azure/acr/provider.tf create mode 100644 infrastructure/azure/acr/variables.tf create mode 100644 infrastructure/azure/aks/main.tf create mode 100644 infrastructure/azure/aks/output.tf create mode 100644 infrastructure/azure/aks/provider.tf create mode 100644 infrastructure/azure/aks/variables.tf create mode 100644 infrastructure/azure/dns/.terraform.lock.hcl create mode 100644 infrastructure/azure/dns/README.md create mode 100644 infrastructure/azure/dns/main.tf create mode 100644 infrastructure/azure/dns/output.tf create mode 100644 infrastructure/azure/dns/provider.tf create mode 100644 infrastructure/azure/dns/variables.tf create mode 100644 infrastructure/azure/resource_group/.terraform.lock.hcl create mode 100644 infrastructure/azure/resource_group/README.md create mode 100644 infrastructure/azure/resource_group/main.tf create mode 100644 infrastructure/azure/resource_group/output.tf create mode 100644 infrastructure/azure/resource_group/provider.tf create mode 100644 infrastructure/azure/resource_group/variable.tf create mode 100644 infrastructure/azure/vnet/.terraform.lock.hcl create mode 100644 infrastructure/azure/vnet/README.md create mode 100644 infrastructure/azure/vnet/main.tf create mode 100644 infrastructure/azure/vnet/output.tf create mode 100644 infrastructure/azure/vnet/provider.tf create mode 100644 infrastructure/azure/vnet/variables.tf diff --git a/infrastructure/aws/alb-controller/README.md b/infrastructure/aws/alb-controller/README.md new file mode 100644 index 0000000..14412b5 --- /dev/null +++ b/infrastructure/aws/alb-controller/README.md @@ -0,0 +1,37 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 6.0 | +| [helm](#requirement\_helm) | ~> 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 6.0 | +| [helm](#provider\_helm) | ~> 3.0 | +| [kubernetes](#provider\_kubernetes) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aws-load-balancer-controller-role](#module\_aws-load-balancer-controller-role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_service_account.aws-load-balancer-controller-sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aws-load-balancer-controller-version](#input\_aws-load-balancer-controller-version) | Version of the AWS Load Balancer Controller Helm chart | `string` | `"1.13.4"` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | VPC ID where load balancers controller will be deployed | `string` | n/a | yes | + \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/data.tf b/infrastructure/aws/alb-controller/data.tf new file mode 100644 index 0000000..6a9c21f --- /dev/null +++ b/infrastructure/aws/alb-controller/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "this" { + name = var.cluster_name +} + +data "aws_iam_openid_connect_provider" "this" { + url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer +} diff --git a/infrastructure/aws/alb-controller/iam.tf b/infrastructure/aws/alb-controller/iam.tf new file mode 100644 index 0000000..e13e4d3 --- /dev/null +++ b/infrastructure/aws/alb-controller/iam.tf @@ -0,0 +1,27 @@ +module "aws-load-balancer-controller-role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + name = "AWSLoadBalancerControllerIAMRole" + attach_load_balancer_controller_policy = true + use_name_prefix = false + oidc_providers = { + main = { + provider_arn = data.aws_iam_openid_connect_provider.this.arn + namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] + } + } +} + +resource "kubernetes_service_account" "aws-load-balancer-controller-sa" { + metadata { + name = "aws-load-balancer-controller" + namespace = "kube-system" + labels = { + "app.kubernetes.io/name" = "aws-load-balancer-controller" + "app.kubernetes.io/component" = "controller" + } + annotations = { + "eks.amazonaws.com/role-arn" = module.aws-load-balancer-controller-role.arn + "eks.amazonaws.com/sts-regional-endpoints" = "true" + } + } +} \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/locals.tf b/infrastructure/aws/alb-controller/locals.tf new file mode 100644 index 0000000..3decfa3 --- /dev/null +++ b/infrastructure/aws/alb-controller/locals.tf @@ -0,0 +1,7 @@ +locals { + aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { + cluster_name = var.cluster_name + service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name + vpc_id = var.vpc_id + }) +} \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/main.tf b/infrastructure/aws/alb-controller/main.tf new file mode 100644 index 0000000..fbd96ff --- /dev/null +++ b/infrastructure/aws/alb-controller/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "aws-load-balancer-controller" { + name = "aws-load-balancer-controller" + repository = "https://aws.github.io/eks-charts" + chart = "aws-load-balancer-controller" + version = var.aws-load-balancer-controller-version + namespace = "kube-system" + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + + values = [local.aws-load-balancer-controller-values] +} \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/providers.tf b/infrastructure/aws/alb-controller/providers.tf new file mode 100644 index 0000000..4eaaf21 --- /dev/null +++ b/infrastructure/aws/alb-controller/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml b/infrastructure/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml new file mode 100644 index 0000000..bb1161a --- /dev/null +++ b/infrastructure/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml @@ -0,0 +1,5 @@ +clusterName: "${cluster_name}" +serviceAccount: + create: false + name: "${service_account_name}" +vpcId: "${vpc_id}" diff --git a/infrastructure/aws/alb-controller/variables.tf b/infrastructure/aws/alb-controller/variables.tf new file mode 100644 index 0000000..9fb8678 --- /dev/null +++ b/infrastructure/aws/alb-controller/variables.tf @@ -0,0 +1,15 @@ +variable "cluster_name" { + description = "Name of the EKS cluster" + type = string +} + +variable "vpc_id" { + description = "VPC ID where load balancers controller will be deployed" + type = string +} + +variable "aws-load-balancer-controller-version" { + description = "Version of the AWS Load Balancer Controller Helm chart" + type = string + default = "1.13.4" +} \ No newline at end of file diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md new file mode 100644 index 0000000..88ae979 --- /dev/null +++ b/infrastructure/aws/backend/README.md @@ -0,0 +1,26 @@ + + + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [random](#provider\_random) | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_bucket.tf_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_object_lock_configuration.tf_state_lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.tf_state_sse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.tf_state_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | +| [random_id.bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | + \ No newline at end of file diff --git a/infrastructure/aws/backend/main.tf b/infrastructure/aws/backend/main.tf new file mode 100644 index 0000000..a4b6d7e --- /dev/null +++ b/infrastructure/aws/backend/main.tf @@ -0,0 +1,46 @@ +data "aws_vpc" "vpc" { + id = var.vpc_id +} + + +provider "aws" { + region = data.aws_vpc.vpc.region +} + +resource "random_id" "bucket_suffix" { + byte_length = 8 +} + +resource "aws_s3_bucket" "tf_state" { + bucket = "tf-state-${lower(random_id.bucket_suffix.hex)}" + object_lock_enabled = true + force_destroy = true +} + +resource "aws_s3_bucket_versioning" "tf_state_versioning" { + bucket = aws_s3_bucket.tf_state.id + + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "tf_state_sse" { + bucket = aws_s3_bucket.tf_state.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_object_lock_configuration" "tf_state_lock" { + bucket = aws_s3_bucket.tf_state.id + rule { + default_retention { + mode = "COMPLIANCE" + days = 1 + } + } +} diff --git a/infrastructure/aws/backend/variables.tf b/infrastructure/aws/backend/variables.tf new file mode 100644 index 0000000..2c7c73a --- /dev/null +++ b/infrastructure/aws/backend/variables.tf @@ -0,0 +1,4 @@ +variable "vpc_id" { + type = string + description = "A account name" +} \ No newline at end of file diff --git a/infrastructure/aws/eks/.terraform.lock.hcl b/infrastructure/aws/eks/.terraform.lock.hcl new file mode 100644 index 0000000..09e5731 --- /dev/null +++ b/infrastructure/aws/eks/.terraform.lock.hcl @@ -0,0 +1,108 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/aws" { + version = "6.14.1" + constraints = ">= 6.0.0, ~> 6.0, >= 6.13.0" + hashes = [ + "h1:kNLipUFeEDetI/ugpLTIfVon0DmbuRSIgVA27VwFnZo=", + "zh:15855cecc8d93d1429817d747e9e7a22b316809d54b7319f00444c65143d50f4", + "zh:53968b11ab8e43624a87bdcabd9898c45e510bffd0737d473af3b9f7cbe2095a", + "zh:65b42d6ec7e93c3dd7ab0b893fe78ee23f994ed656815d8e627d5385a8a813da", + "zh:83360386f071f3f84837a1a39a714e28ca2d75e29bd19cef1fd484c1620b823b", + "zh:841cb6d9f474abcee762b29a6c105d7b3e0e2a7f31dc266f8501ff311be677c4", + "zh:b0204c9542a55dc070d4f960cb8249d4b84383ecdeab8129021c6282161ff3b6", + "zh:cff4954e05c3c7480ae7dffd0463848c07af4aa7240ca3df4e2a0f4832acb57d", + "zh:d2fc484e880da5e40dce1ca1c6e85033c777b9c96eb670a0fa07497c6dd2ccde", + "zh:f603f7a23877c13004730ac87e51acf2642c4f3fdadc194a1dbbb30630d44da0", + ] +} + +provider "registry.opentofu.org/hashicorp/cloudinit" { + version = "2.3.7" + constraints = ">= 2.0.0" + hashes = [ + "h1:El6cBCCiCPGwJsSSN0Z+EUWatjI45hie+kIDnTegV9A=", + "zh:2d48b8452eae9bac2e62273e8f535f73694d8cb05ea38f4b27ee735dcc38eed4", + "zh:4add11b87e48d0e6ecd19243a06ecfc42fc07d0a3748fe568c2971d5f4767486", + "zh:4c9c4e3319cf3328595ea2d68eba7c604325fbcba38cd443e39e982b0b4e29f2", + "zh:503dd83a05b0421ecbcb140d5fdbe3a6b82f163495a82587a1390cf66d7a27be", + "zh:7dd34de7e68036dbbb70c249968a2a10bccba1cb92d3b4dccbc0eb65a3fc58ea", + "zh:a4d7b4480d38446b8da96ce4ecbc2e5a081c4ddc3da2bad97d7b228821b77895", + "zh:bdec6329c3d2d5f034080d9cd6f9a15a2c052faacd716f981e247b48e6845c01", + "zh:e1519544ae3f67196d144e18c21ad681dc29da3133a537ffdd5c2c6271b8db0c", + "zh:e58cd6b05ed51a6fa072e5de2208ba36a58557c3fb414d50c42b3d40a11366b7", + "zh:fafc4a49c297516f2a40490f9a7e6d2b437d77a94330797d4eead178c987ccb5", + ] +} + +provider "registry.opentofu.org/hashicorp/kubernetes" { + version = "2.38.0" + constraints = "~> 2.0" + hashes = [ + "h1:ems+O2dA7atxMWpbtqIrsH7Oa+u+ERWSfpMaFnZPbh0=", + "zh:1096b41c4e5b2ee6c1980916fb9a8579bc1892071396f7a9432be058aabf3cbc", + "zh:2959fde9ae3d1deb5e317df0d7b02ea4977951ee6b9c4beb083c148ca8f3681c", + "zh:5082f98fcb3389c73339365f7df39fc6912bf2bd1a46d5f97778f441a67fd337", + "zh:620fd5d0fbc2d7a24ac6b420a4922e6093020358162a62fa8cbd37b2bac1d22e", + "zh:7f47c2de179bba35d759147c53082cad6c3449d19b0ec0c5a4ca8db5b06393e1", + "zh:89c3aa2a87e29febf100fd21cead34f9a4c0e6e7ae5f383b5cef815c677eb52a", + "zh:96eecc9f94938a0bc35b8a63d2c4a5f972395e44206620db06760b730d0471fc", + "zh:e15567c1095f898af173c281b66bffdc4f3068afdd9f84bb5b5b5521d9f29584", + "zh:ecc6b912629734a9a41a7cf1c4c73fb13b4b510afc9e7b2e0011d290bcd6d77f", + ] +} + +provider "registry.opentofu.org/hashicorp/null" { + version = "3.2.4" + constraints = ">= 3.0.0" + hashes = [ + "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", + "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", + "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", + "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", + "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", + "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", + "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", + "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", + "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", + "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", + "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", + ] +} + +provider "registry.opentofu.org/hashicorp/time" { + version = "0.13.1" + constraints = ">= 0.9.0" + hashes = [ + "h1:3X1jTAlLJV6G9AylC+BgX7WrKFcZYHqA+Z4JwB+v7as=", + "zh:10f32af8b544a039f19abd546e345d056a55cb7bdd69d5bbd7322cbc86883848", + "zh:35dd5beb34a9f73de8d0fed332814c69acae69397c9c065ce63ccd8315442bef", + "zh:56545d1dd5f2e7262e0c0c124264974229ec9cc234d0d7a0e36e14b869590f4a", + "zh:8d7259c3f819fd3470ff933c904b6a549502a8351feb1b5c040a4560decaf7e0", + "zh:a40f26878826b142e26fe193f7e3e14fc97f615cd6af140e88ce5bc25f3fcf50", + "zh:b2e82f25fecff172a9a9e24ea37d37e4fc630ee9245617cb40b10e66a6b979c8", + "zh:d4b699850a40ed07ef83c6b827605d24050b2732646ee017bda278e4ddf01c91", + "zh:e4e6a5e5614b6a54557400aabb748ebd57e947cdbd21ad1c7602c51368a80559", + "zh:eb78fb97bca22931e730487a20a90f5a6221ddfb3138aaf070737ea2b7c9c885", + "zh:faba366a1352ee679bba2a5b09c073c6854721db94b191d49b620b60946a065f", + ] +} + +provider "registry.opentofu.org/hashicorp/tls" { + version = "4.1.0" + constraints = ">= 4.0.0" + hashes = [ + "h1:yNZuPWUgw6Ik2huf9lhsuCGONWo2rsY1MfeceT0BQpw=", + "zh:187a99f0d236fd92da224e2f026c4ca8f1dcbf2b5cddc8e6896801bacfab0d73", + "zh:61a32a01cc46f382014dcf7aff5bcac61fe97bd69d3ccb51c801e9437ecdb9ce", + "zh:683ba18baa2cc336ff83f061b5e4569e2cd7c4a097b53a2d80bb0a26be2fc59a", + "zh:85c7640ea13dcf5ae5f7f3abbf2f21e4b93ce7f333ffee5b4a6acd6b5fe71223", + "zh:882f2c5214fd6d280a500acfd560925a71030ef70e10d11fa2b94815b58ae9b6", + "zh:97cb5e0b81b8687870a6b8a16e9a9cfe546e2fdb7534bdd8302eda0d66393f78", + "zh:c0a0110b15ce45140036fe5bf5a44cb822c2f55b30ff2770faf37d7c3cae3b5e", + "zh:d98c1c63fd0c76704fd7be38c316c305a2c95f3215330f2fb1e6b0b7081bf8e9", + "zh:e703a7adf220ac436f8ebfd06529de865b965fcfc461c7ef7b71afa0de04c8e9", + "zh:e93e241150cd438a0708679cb4aa7976742fde02f4c1725cfdefc405c4eeca1a", + ] +} diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md new file mode 100644 index 0000000..6f1ad6f --- /dev/null +++ b/infrastructure/aws/eks/README.md @@ -0,0 +1,26 @@ + + + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 21.0 | + +## Resources + +| Name | Type | +|------|------| + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | + \ No newline at end of file diff --git a/infrastructure/aws/eks/data.tf b/infrastructure/aws/eks/data.tf new file mode 100644 index 0000000..ae68c9d --- /dev/null +++ b/infrastructure/aws/eks/data.tf @@ -0,0 +1,15 @@ +data "aws_subnets" "private" { + filter { + name = "vpc-id" + values = [data.aws_vpc.vpc.id] + } + + filter { + name = "tag:Name" + values = ["*private*"] + } +} + +data "aws_vpc" "vpc" { + id = var.vpc_id +} \ No newline at end of file diff --git a/infrastructure/aws/eks/main.tf b/infrastructure/aws/eks/main.tf new file mode 100644 index 0000000..3748540 --- /dev/null +++ b/infrastructure/aws/eks/main.tf @@ -0,0 +1,41 @@ +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 21.0" + + name = "natura-cluster-01" + kubernetes_version = "1.33" + + addons = { + coredns = {} + eks-pod-identity-agent = { + before_compute = true + } + kube-proxy = {} + vpc-cni = { + before_compute = true + } + } + + # Optional + endpoint_public_access = true + + # Optional: Adds the current caller identity as an administrator via cluster access entry + enable_cluster_creator_admin_permissions = true + + vpc_id = data.aws_vpc.vpc.id + subnet_ids = data.aws_subnets.private.ids + control_plane_subnet_ids = data.aws_subnets.private.ids + + # EKS Managed Node Group(s) + eks_managed_node_groups = { + example = { + # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups + ami_type = "AL2023_x86_64_STANDARD" + instance_types = ["t3.medium"] + + min_size = 2 + max_size = 10 + desired_size = 2 + } + } +} \ No newline at end of file diff --git a/infrastructure/aws/eks/variables.tf b/infrastructure/aws/eks/variables.tf new file mode 100644 index 0000000..2c7c73a --- /dev/null +++ b/infrastructure/aws/eks/variables.tf @@ -0,0 +1,4 @@ +variable "vpc_id" { + type = string + description = "A account name" +} \ No newline at end of file diff --git a/infrastructure/aws/route53/README.md b/infrastructure/aws/route53/README.md new file mode 100644 index 0000000..d62952d --- /dev/null +++ b/infrastructure/aws/route53/README.md @@ -0,0 +1,32 @@ + + + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | +| [aws_route53_zone.public_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [domain\_name](#input\_domain\_name) | n/a | `any` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [private\_zone\_id](#output\_private\_zone\_id) | The ID of the Private Route 53 Hosted Zone | +| [private\_zone\_name](#output\_private\_zone\_name) | The domain name of the Private Route 53 Hosted Zone | +| [public\_zone\_id](#output\_public\_zone\_id) | The ID of the Public Route 53 Hosted Zone | +| [public\_zone\_name](#output\_public\_zone\_name) | The domain name of the Public Route 53 Hosted Zone | + \ No newline at end of file diff --git a/infrastructure/aws/route53/main.tf b/infrastructure/aws/route53/main.tf new file mode 100644 index 0000000..711ca7c --- /dev/null +++ b/infrastructure/aws/route53/main.tf @@ -0,0 +1,10 @@ +resource "aws_route53_zone" "public_zone" { + name = var.domain_name +} + +resource "aws_route53_zone" "private_zone" { + name = var.domain_name + vpc { + vpc_id = var.vpc_id + } +} diff --git a/infrastructure/aws/route53/output.tf b/infrastructure/aws/route53/output.tf new file mode 100644 index 0000000..3aa9385 --- /dev/null +++ b/infrastructure/aws/route53/output.tf @@ -0,0 +1,19 @@ +output "public_zone_id" { + description = "The ID of the Public Route 53 Hosted Zone" + value = aws_route53_zone.public_zone.zone_id +} + +output "public_zone_name" { + description = "The domain name of the Public Route 53 Hosted Zone" + value = aws_route53_zone.public_zone.name +} + +output "private_zone_id" { + description = "The ID of the Private Route 53 Hosted Zone" + value = aws_route53_zone.private_zone.zone_id +} + +output "private_zone_name" { + description = "The domain name of the Private Route 53 Hosted Zone" + value = aws_route53_zone.private_zone.name +} \ No newline at end of file diff --git a/infrastructure/aws/route53/varaibles.tf b/infrastructure/aws/route53/varaibles.tf new file mode 100644 index 0000000..06fb377 --- /dev/null +++ b/infrastructure/aws/route53/varaibles.tf @@ -0,0 +1,2 @@ +variable "vpc_id" {} +variable "domain_name" {} \ No newline at end of file diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md new file mode 100644 index 0000000..ba83de6 --- /dev/null +++ b/infrastructure/aws/vpc/README.md @@ -0,0 +1,17 @@ + + + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [environment](#input\_environment) | The environment name | `string` | n/a | yes | +| [organization](#input\_organization) | A organization name | `string` | n/a | yes | +| [vpc](#input\_vpc) | A VPC with public and private subnets | `any` | n/a | yes | + \ No newline at end of file diff --git a/infrastructure/aws/vpc/main.tf b/infrastructure/aws/vpc/main.tf new file mode 100644 index 0000000..719c08c --- /dev/null +++ b/infrastructure/aws/vpc/main.tf @@ -0,0 +1,23 @@ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + + name = "${var.organization}-${var.environment}" + cidr = var.vpc["cidr"] + + enable_dns_hostnames = true + + azs = var.vpc["azs"] + private_subnets = var.vpc["private_subnets"] + public_subnets = var.vpc["public_subnets"] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} diff --git a/infrastructure/aws/vpc/variables.tf b/infrastructure/aws/vpc/variables.tf new file mode 100644 index 0000000..1fec053 --- /dev/null +++ b/infrastructure/aws/vpc/variables.tf @@ -0,0 +1,20 @@ +variable "vpc" { + description = "A VPC with public and private subnets" +} +# Parรกmetros VPC +# vpc = { +# azs = ["us-west-2a", "us-west-2b", "us-west-2c"] +# cidr = "172.16.0.0/16" +# public_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] +# private_subnets = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24"] +# } + +variable "organization" { + type = string + description = "A organization name" +} + +variable "environment" { + type = string + description = "The environment name" +} \ No newline at end of file diff --git a/infrastructure/azure/acr/README.md b/infrastructure/azure/acr/README.md new file mode 100644 index 0000000..f32c551 --- /dev/null +++ b/infrastructure/azure/acr/README.md @@ -0,0 +1,42 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [containerregistry](#module\_containerregistry) | azure/avm-res-containerregistry-registry/azurerm | v0.4.0 | + +## Resources + +| Name | Type | +|------|------| + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [containerregistry\_name](#input\_containerregistry\_name) | The name of your ACR | `string` | n/a | yes | +| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The ID of your Azure Suscription | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [acr\_admin\_password](#output\_acr\_admin\_password) | Password admin del ACR. | +| [acr\_admin\_username](#output\_acr\_admin\_username) | Usuario admin del ACR. | +| [acr\_login\_server](#output\_acr\_login\_server) | FQDN del login server del ACR. | + \ No newline at end of file diff --git a/infrastructure/azure/acr/datasource.tf b/infrastructure/azure/acr/datasource.tf new file mode 100644 index 0000000..169f758 --- /dev/null +++ b/infrastructure/azure/acr/datasource.tf @@ -0,0 +1,5 @@ +data "azurerm_container_registry" "acr" { + name = var.containerregistry_name + resource_group_name = var.resource_group_name + depends_on = [module.containerregistry] +} \ No newline at end of file diff --git a/infrastructure/azure/acr/main.tf b/infrastructure/azure/acr/main.tf new file mode 100644 index 0000000..f9b9fc2 --- /dev/null +++ b/infrastructure/azure/acr/main.tf @@ -0,0 +1,10 @@ +module "containerregistry" { + source = "azure/avm-res-containerregistry-registry/azurerm" + version = "v0.4.0" + name = var.containerregistry_name + resource_group_name = var.resource_group_name + location = var.location + admin_enabled = true + +} + diff --git a/infrastructure/azure/acr/output.tf b/infrastructure/azure/acr/output.tf new file mode 100644 index 0000000..7cd2e76 --- /dev/null +++ b/infrastructure/azure/acr/output.tf @@ -0,0 +1,15 @@ +output "acr_login_server" { + description = "FQDN del login server del ACR." + value = data.azurerm_container_registry.acr.login_server +} + +output "acr_admin_username" { + description = "Usuario admin del ACR." + value = data.azurerm_container_registry.acr.admin_username + sensitive = true +} +output "acr_admin_password" { + description = "Password admin del ACR." + value = data.azurerm_container_registry.acr.admin_password + sensitive = true +} \ No newline at end of file diff --git a/infrastructure/azure/acr/provider.tf b/infrastructure/azure/acr/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/infrastructure/azure/acr/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/infrastructure/azure/acr/variables.tf b/infrastructure/azure/acr/variables.tf new file mode 100644 index 0000000..042bcbe --- /dev/null +++ b/infrastructure/azure/acr/variables.tf @@ -0,0 +1,21 @@ +variable "location" { + type = string + description = "The location/region where the resource group should be created" +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group" +} + +variable "containerregistry_name" { + type = string + description = "The name of your ACR" + +} + +variable "subscription_id" { + type = string + description = "The ID of your Azure Suscription" + +} \ No newline at end of file diff --git a/infrastructure/azure/aks/main.tf b/infrastructure/azure/aks/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure/azure/aks/output.tf b/infrastructure/azure/aks/output.tf new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure/azure/aks/provider.tf b/infrastructure/azure/aks/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/infrastructure/azure/aks/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/infrastructure/azure/aks/variables.tf b/infrastructure/azure/aks/variables.tf new file mode 100644 index 0000000..5909682 --- /dev/null +++ b/infrastructure/azure/aks/variables.tf @@ -0,0 +1,3 @@ +variable "subscription_id" { + type = string +} diff --git a/infrastructure/azure/dns/.terraform.lock.hcl b/infrastructure/azure/dns/.terraform.lock.hcl new file mode 100644 index 0000000..b0712b1 --- /dev/null +++ b/infrastructure/azure/dns/.terraform.lock.hcl @@ -0,0 +1,19 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/azurerm" { + version = "4.41.0" + constraints = "4.41.0" + hashes = [ + "h1:o5rESeCeMuzdCZweSX0LOcZF3rPlfWs/zowBD5NBjpw=", + "zh:0364797d94a75b3b250e189b9aafc2aea29835451414f9a69f5f77eb5e709472", + "zh:456692d0a235a376f2efdd45213e99c660ef0fc71872b84f9b421461c45172d9", + "zh:4eee07ef555dc11a14e6e2cdd798265f4c24934d3854f3c7f52e0989c425dad3", + "zh:6abbbcfe574bf1fb8cd8794493974ff072fa68930c33607ef2c3874a1c8965a0", + "zh:9f11caea44a17a12c97105e648bd0464f0df27f6402c7917fea67056709f67a0", + "zh:a6745c754d1db8b0f4825b9603cb5092d2aa125de88808b36c51d4f254564027", + "zh:a90026a537d640bbf2b0b778e30904e6ea7595c4b283ab1a4ac324302335a5b3", + "zh:c8f47c93395e493d892bcf45370f50696af74bc8e5a5cd05f160e72871fc88bf", + "zh:f57fd006f03d8c60491e8c579ef03d7933e09c5bf1a7f467a76a29bb68c11e40", + ] +} diff --git a/infrastructure/azure/dns/README.md b/infrastructure/azure/dns/README.md new file mode 100644 index 0000000..06fefe9 --- /dev/null +++ b/infrastructure/azure/dns/README.md @@ -0,0 +1,38 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_dns_zone.public_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/dns_zone) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [domain\_name](#input\_domain\_name) | The domain name to use for the DNS zone | `string` | n/a | yes | +| [resource\_group](#input\_resource\_group) | The name of the resource group | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The Azure subscription Id. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS Zone | +| [dns\_zone\_name](#output\_dns\_zone\_name) | The name of the created DNS Zone | +| [name\_servers](#output\_name\_servers) | A list of name servers | +| [private\_dns\_zone\_id](#output\_private\_dns\_zone\_id) | The ID of the private DNS Zone | +| [private\_dns\_zone\_name](#output\_private\_dns\_zone\_name) | The name of the private created DNS Zone | + \ No newline at end of file diff --git a/infrastructure/azure/dns/main.tf b/infrastructure/azure/dns/main.tf new file mode 100644 index 0000000..b755856 --- /dev/null +++ b/infrastructure/azure/dns/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_dns_zone" "public_dns_zone" { + name = var.domain_name + resource_group_name = var.resource_group +} diff --git a/infrastructure/azure/dns/output.tf b/infrastructure/azure/dns/output.tf new file mode 100644 index 0000000..3562336 --- /dev/null +++ b/infrastructure/azure/dns/output.tf @@ -0,0 +1,24 @@ +output "dns_zone_name" { + description = "The name of the created DNS Zone" + value = azurerm_dns_zone.public_dns_zone.name +} + +output "dns_zone_id" { + description = "The ID of the DNS Zone" + value = azurerm_dns_zone.public_dns_zone.id +} + +output "private_dns_zone_name" { + description = "The name of the private created DNS Zone" + value = azurerm_dns_zone.public_dns_zone.name +} + +output "private_dns_zone_id" { + description = "The ID of the private DNS Zone" + value = azurerm_dns_zone.public_dns_zone.id +} + +output "name_servers" { + description = "A list of name servers" + value = azurerm_dns_zone.public_dns_zone.name_servers +} diff --git a/infrastructure/azure/dns/provider.tf b/infrastructure/azure/dns/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/infrastructure/azure/dns/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/infrastructure/azure/dns/variables.tf b/infrastructure/azure/dns/variables.tf new file mode 100644 index 0000000..2d325f1 --- /dev/null +++ b/infrastructure/azure/dns/variables.tf @@ -0,0 +1,14 @@ +variable "resource_group" { + type = string + description = "The name of the resource group" +} + +variable "domain_name" { + type = string + description = "The domain name to use for the DNS zone" +} + +variable "subscription_id" { + type = string + description = "The Azure subscription Id." +} diff --git a/infrastructure/azure/resource_group/.terraform.lock.hcl b/infrastructure/azure/resource_group/.terraform.lock.hcl new file mode 100644 index 0000000..b0712b1 --- /dev/null +++ b/infrastructure/azure/resource_group/.terraform.lock.hcl @@ -0,0 +1,19 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/azurerm" { + version = "4.41.0" + constraints = "4.41.0" + hashes = [ + "h1:o5rESeCeMuzdCZweSX0LOcZF3rPlfWs/zowBD5NBjpw=", + "zh:0364797d94a75b3b250e189b9aafc2aea29835451414f9a69f5f77eb5e709472", + "zh:456692d0a235a376f2efdd45213e99c660ef0fc71872b84f9b421461c45172d9", + "zh:4eee07ef555dc11a14e6e2cdd798265f4c24934d3854f3c7f52e0989c425dad3", + "zh:6abbbcfe574bf1fb8cd8794493974ff072fa68930c33607ef2c3874a1c8965a0", + "zh:9f11caea44a17a12c97105e648bd0464f0df27f6402c7917fea67056709f67a0", + "zh:a6745c754d1db8b0f4825b9603cb5092d2aa125de88808b36c51d4f254564027", + "zh:a90026a537d640bbf2b0b778e30904e6ea7595c4b283ab1a4ac324302335a5b3", + "zh:c8f47c93395e493d892bcf45370f50696af74bc8e5a5cd05f160e72871fc88bf", + "zh:f57fd006f03d8c60491e8c579ef03d7933e09c5bf1a7f467a76a29bb68c11e40", + ] +} diff --git a/infrastructure/azure/resource_group/README.md b/infrastructure/azure/resource_group/README.md new file mode 100644 index 0000000..abbbca9 --- /dev/null +++ b/infrastructure/azure/resource_group/README.md @@ -0,0 +1,36 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_resource_group.nullplatform_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/resource_group) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [location](#input\_location) | n/a | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | n/a | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | n/a | `string` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_group\_location](#output\_resource\_group\_location) | The location of the created resource group | +| [resource\_group\_name](#output\_resource\_group\_name) | The name of the created resource group | + \ No newline at end of file diff --git a/infrastructure/azure/resource_group/main.tf b/infrastructure/azure/resource_group/main.tf new file mode 100644 index 0000000..6a05d88 --- /dev/null +++ b/infrastructure/azure/resource_group/main.tf @@ -0,0 +1,5 @@ +resource "azurerm_resource_group" "nullplatform_resource_group" { + name = var.resource_group_name + location = var.location + tags = var.tags +} \ No newline at end of file diff --git a/infrastructure/azure/resource_group/output.tf b/infrastructure/azure/resource_group/output.tf new file mode 100644 index 0000000..cf762cf --- /dev/null +++ b/infrastructure/azure/resource_group/output.tf @@ -0,0 +1,9 @@ +output "resource_group_name" { + description = "The name of the created resource group" + value = azurerm_resource_group.nullplatform_resource_group.name +} + +output "resource_group_location" { + description = "The location of the created resource group" + value = azurerm_resource_group.nullplatform_resource_group.location +} \ No newline at end of file diff --git a/infrastructure/azure/resource_group/provider.tf b/infrastructure/azure/resource_group/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/infrastructure/azure/resource_group/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/infrastructure/azure/resource_group/variable.tf b/infrastructure/azure/resource_group/variable.tf new file mode 100644 index 0000000..fb14009 --- /dev/null +++ b/infrastructure/azure/resource_group/variable.tf @@ -0,0 +1,16 @@ +variable "resource_group_name" { + type = string +} + +variable "location" { + type = string +} + +variable "tags" { + type = map(string) + +} +variable "subscription_id" { + type = string + +} \ No newline at end of file diff --git a/infrastructure/azure/vnet/.terraform.lock.hcl b/infrastructure/azure/vnet/.terraform.lock.hcl new file mode 100644 index 0000000..9b7831b --- /dev/null +++ b/infrastructure/azure/vnet/.terraform.lock.hcl @@ -0,0 +1,77 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/azure/azapi" { + version = "2.6.1" + constraints = "~> 2.0, ~> 2.4, ~> 2.5" + hashes = [ + "h1:XR3UFODqLg7M/xbLCJClcQbojEpnbLL7zWHWuhIM3ow=", + "zh:079ae1e32ddfc8adff953653bae29e755c1b170f09d39c156af849c7211796fe", + "zh:167083f1afb594943a7ce15c1321514d0b49e61239dd72501562cb344542cd7f", + "zh:3e534fb7c77ee4b6f6f0ff4ae72052741a865919ebe4ed7565ed50664843441d", + "zh:70c0cf7e98f8b09627b99babdb8b88a474c4b3c4cdeedacb3db1cef6850cb87c", + "zh:770263c99f6215d4b51e464319b5527f32231ee3b9be8b47b4586614d66ef6d2", + "zh:9695b9edf68baf6062d131c771acd0446493200dbefa83a818a5cda445f6f416", + "zh:9e36055ed2a5d4d1fad18ab0baa54b2033e824b675966bfaf1293fb5153b028e", + "zh:9f0f1949d69008f5dd9ea47a5b7bf81f89e8cf81df8175e44899acbffa6db97b", + "zh:a9905e45c32fa9f1ce1fe199b9d01d885e3bb1959290224fd12c0e1971a71c1d", + "zh:e1bcb4f0bdb578bbc49780a0019dd7b26d291ad79da414c7b012ebcd4b6e961d", + "zh:eba871271888de8f16fbbc9f138658875031253d3fb5feeeea8c8165dc26a86e", + "zh:f2b04c71796d1ec2528c460bad7abe943ce120d3d5c6ef7bee66655dd8db44a1", + ] +} + +provider "registry.opentofu.org/azure/modtm" { + version = "0.3.5" + constraints = "~> 0.3" + hashes = [ + "h1:RmCHYU3U3jDGYruN3Q7PiQqwqg7U4WP3dUDbx1PsyQ4=", + "zh:02a54109f2bd30a089a0681eaba8ef9d30b0402a51795597ee7b067f04952417", + "zh:0a15492a7257a0979d1f1d501168d1a38ec8c65b11d89d9423349f143d7b7e67", + "zh:4ae1d114aec1625f192eb2055eb7301774a8f79340085fbbe7c2d11284ba4cb7", + "zh:599201c19e82a227f0739be2150779e42903ba0aa147e96ef219c7f32f926053", + "zh:747b1189e679cd7cf77f76fd09609db0ac1ef7189ec3c64accd37af7d0ebe449", + "zh:859bc8739ceb9049e7cd98284f22eb9d503cc5b80f9452ee28a518080ebf3903", + "zh:8f97c0876b30967b47dfd63546f3843368bc3bc90e98bb42bd33c00ffe2d0b2c", + "zh:91183bbea386e6013d0b2a3b1d36a7bfe1595d45f4ee1f4f693d6254d017d334", + "zh:ae16303a74c83e0d8f4413d568eaf04c3c0d2b07250dbd7ae07bffae01197f36", + "zh:db155386bb65a7fd5569b7d3331de65a259638e8e1c8f8896db969f4599504a9", + "zh:e39e6089c8a17a4b26b59c95050bd0e19fc0a09a14314cfa139053269b6d5f8d", + "zh:ec880b514fc3bd8d07e5d66a0c528fd6d83ae62d6588df4939b1f6ea509f0b24", + ] +} + +provider "registry.opentofu.org/hashicorp/azurerm" { + version = "4.41.0" + constraints = "~> 4.0, 4.41.0" + hashes = [ + "h1:o5rESeCeMuzdCZweSX0LOcZF3rPlfWs/zowBD5NBjpw=", + "zh:0364797d94a75b3b250e189b9aafc2aea29835451414f9a69f5f77eb5e709472", + "zh:456692d0a235a376f2efdd45213e99c660ef0fc71872b84f9b421461c45172d9", + "zh:4eee07ef555dc11a14e6e2cdd798265f4c24934d3854f3c7f52e0989c425dad3", + "zh:6abbbcfe574bf1fb8cd8794493974ff072fa68930c33607ef2c3874a1c8965a0", + "zh:9f11caea44a17a12c97105e648bd0464f0df27f6402c7917fea67056709f67a0", + "zh:a6745c754d1db8b0f4825b9603cb5092d2aa125de88808b36c51d4f254564027", + "zh:a90026a537d640bbf2b0b778e30904e6ea7595c4b283ab1a4ac324302335a5b3", + "zh:c8f47c93395e493d892bcf45370f50696af74bc8e5a5cd05f160e72871fc88bf", + "zh:f57fd006f03d8c60491e8c579ef03d7933e09c5bf1a7f467a76a29bb68c11e40", + ] +} + +provider "registry.opentofu.org/hashicorp/random" { + version = "3.7.2" + constraints = "~> 3.5" + hashes = [ + "h1:cFGCdxTlsrteTiaOV/iOQdql7eJkD3F/vtJxenkj9IE=", + "zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727", + "zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d", + "zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919", + "zh:9b0ac4c1d8e36a86b59ced94fa517ae9b015b1d044b3455465cc6f0eab70915d", + "zh:c6336d7196f1318e1cbb120b3de8426ce43d4cacd2c75f45dba2dbdba666ce00", + "zh:c71f18b0cb5d55a103ea81e346fb56db15b144459123f1be1b0209cffc1deb4e", + "zh:d2dc49a6cac2d156e91b0506d6d756809e36bf390844a187f305094336d3e8d8", + "zh:d5b5fc881ccc41b268f952dae303501d6ec9f9d24ee11fe2fa56eed7478e15d0", + "zh:db9723eaca26d58c930e13fde221d93501529a5cd036b1f167ef8cff6f1a03cc", + "zh:fe3359f733f3ab518c6f85f3a9cd89322a7143463263f30321de0973a52d4ad8", + ] +} diff --git a/infrastructure/azure/vnet/README.md b/infrastructure/azure/vnet/README.md new file mode 100644 index 0000000..aabb85f --- /dev/null +++ b/infrastructure/azure/vnet/README.md @@ -0,0 +1,31 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [avm-res-network-virtualnetwork](#module\_avm-res-network-virtualnetwork) | azure/avm-res-network-virtualnetwork/azurerm | v0.10.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [address\_space](#input\_address\_space) | The cidr of your vnet | `set(string)` | n/a | yes | +| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | +| [subnets\_definition](#input\_subnets\_definition) | The subnet definition for the vnet | 
map(object({
    name             = string
    address_prefixes = list(string)
  }))
| n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The id of your azure suscription | `string` | n/a | yes | +| [vnet\_name](#input\_vnet\_name) | The name of your vnet | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_id](#output\_resource\_id) | The resource ID of the virtual network. | + \ No newline at end of file diff --git a/infrastructure/azure/vnet/main.tf b/infrastructure/azure/vnet/main.tf new file mode 100644 index 0000000..dd6fdec --- /dev/null +++ b/infrastructure/azure/vnet/main.tf @@ -0,0 +1,12 @@ + +module "avm-res-network-virtualnetwork" { + source = "azure/avm-res-network-virtualnetwork/azurerm" + version = "v0.10.0" + address_space = var.address_space + name = var.vnet_name + location = var.location + resource_group_name = var.resource_group_name + subnets = var.subnets_definition +} + + diff --git a/infrastructure/azure/vnet/output.tf b/infrastructure/azure/vnet/output.tf new file mode 100644 index 0000000..1b025c1 --- /dev/null +++ b/infrastructure/azure/vnet/output.tf @@ -0,0 +1,5 @@ + +output "resource_id" { + description = "The resource ID of the virtual network." + value = module.avm-res-network-virtualnetwork.resource_id +} \ No newline at end of file diff --git a/infrastructure/azure/vnet/provider.tf b/infrastructure/azure/vnet/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/infrastructure/azure/vnet/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/infrastructure/azure/vnet/variables.tf b/infrastructure/azure/vnet/variables.tf new file mode 100644 index 0000000..80db5e9 --- /dev/null +++ b/infrastructure/azure/vnet/variables.tf @@ -0,0 +1,46 @@ +variable "location" { + type = string + description = "The location/region where the resource group should be created" +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group" +} + +variable "vnet_name" { + type = string + description = "The name of your vnet" +} + +variable "address_space" { + type = set(string) + description = "The cidr of your vnet" +} + +variable "subnets_definition" { + type = map(object({ + name = string + address_prefixes = list(string) + })) + description = "The subnet definition for the vnet" +} +/* + for example + { + "subnet1" = { + name = "subnet1" + address_prefixes = ["10.0.0.0/24"] + } + "subnet2" = { + name = "subnet2" + address_prefixes = ["10.0.1.0/24"] + } + } + */ + +variable "subscription_id" { + type = string + description = "The id of your azure suscription" + +} \ No newline at end of file From 0d88a882ba8c99bc8a63d45b600fe3e0a13c1aa9 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 13:09:15 -0300 Subject: [PATCH 18/87] feat: add code provider --- .../code_repository/.terraform.lock.hcl | 25 +++++++ nullplatform/code_repository/locals.tf | 4 ++ nullplatform/code_repository/main.tf | 40 +++++++++++ nullplatform/code_repository/provider.tf | 12 ++++ nullplatform/code_repository/variables.tf | 69 +++++++++++++++++++ 5 files changed, 150 insertions(+) create mode 100644 nullplatform/code_repository/.terraform.lock.hcl create mode 100644 nullplatform/code_repository/locals.tf create mode 100644 nullplatform/code_repository/main.tf create mode 100644 nullplatform/code_repository/provider.tf create mode 100644 nullplatform/code_repository/variables.tf diff --git a/nullplatform/code_repository/.terraform.lock.hcl b/nullplatform/code_repository/.terraform.lock.hcl new file mode 100644 index 0000000..189d0b1 --- /dev/null +++ b/nullplatform/code_repository/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/nullplatform/nullplatform" { + version = "0.0.68" + constraints = ">= 0.0.67" + hashes = [ + "h1:S4Bo8NWyjgLGpSGXs81CeqX7IiXl+0r2vJVHLQm+n+E=", + "zh:00ac454a70bcd9e5508b71050a292f046610ed0dea918f286cdd6df1ea07b141", + "zh:06dbfc149cacf47afd8c41a99aabb42b2dd31119dd72ce59c6b2addd78ef5086", + "zh:1b07108c615e1c3ceb28afa443635ebfd36bb58979fc8e96da640c6ef858e26c", + "zh:1b1a8438338cf01c086c24c7a64b0a6eb6c793faff1f188b857d5455997a73f5", + "zh:30bc555e3538cd5a7cf30baf4b1a86d6913f736b123dfc8d817b912fe2552308", + "zh:38dee822decb3adeb57ee5b2cf1030a3bb29966b9ba2c5a0ac61ea314a46db25", + "zh:3f4a4f7f8fbdff23206ec0bcc4e4c03b9e812cebafe625a33bdda317716c01a4", + "zh:9c64bbe63a4f4dcf5e619a7b6af813c234bf4d56e1ef4dd5da46290ca71b3f2b", + "zh:a027331f2ecec9d694eef1a31af7efaeeb190519525c4dd542c2c83393a9c28f", + "zh:a709644870c8ec0138511e3f90aebb40966007e7cb941e49e484d5d944de8650", + "zh:ba1a30fada1821b479ec4e83c626a7e6304cb7878beea4fdbb1a67b71102b0d1", + "zh:c0215b0c805b063417e18721e7bc82afde08a3b57451c832aed182c2a0a2327e", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7dd66b8f5d6d7d6174bc60b3fa2b573c549c480dbb2aed372c100bf7c30f523", + "zh:fcf4fdbcbee302d958fa9da57b54be04ce23ed6ec8d710213140a95a0ad50f35", + ] +} diff --git a/nullplatform/code_repository/locals.tf b/nullplatform/code_repository/locals.tf new file mode 100644 index 0000000..679640a --- /dev/null +++ b/nullplatform/code_repository/locals.tf @@ -0,0 +1,4 @@ +locals { + is_gitlab = lower(var.git_provider) == "gitlab" + is_github = lower(var.git_provider) == "github" +} \ No newline at end of file diff --git a/nullplatform/code_repository/main.tf b/nullplatform/code_repository/main.tf new file mode 100644 index 0000000..a014c6b --- /dev/null +++ b/nullplatform/code_repository/main.tf @@ -0,0 +1,40 @@ +/* If the git_provider variable is set to gitlab, create this resource. */ +resource "nullplatform_provider_config" "gitlab" { + count = local.is_gitlab ? 1 : 0 + nrn = try(regex("(.*):namespace.*", var.nrn)[0], var.nrn) + type = "gitlab-configuration" + dimensions = {} + attributes = jsonencode({ + "setup" : { + "group_path" : var.group_path, + "access_token" : var.access_token, + "installation_url" : var.installation_url + }, + "access": var.collaborators_config + } + ) + +} +/* If the git_provider variable is set to gitlab, create this resource. */ +resource "nullplatform_account" "gitlab_account" { + count = local.is_gitlab ? 1 : 0 + name = var.gitlab_name + repository_prefix = var.gitlab_repository_prefix + repository_provider = var.repository_provider + slug = var.gitlab_slug +} + +/* If the git_provider variable has the value github, create this resource */ +resource "nullplatform_provider_config" "github" { + count = local.is_github ? 1 : 0 + nrn = replace(var.nrn, ":namespace=.*$", "") + type = "github-configuration" + dimensions = {} + attributes = jsonencode({ + "setup" : { + "organization" : var.organization, + "installation_id" : var.organization_installation_id + }, + } + ) +} diff --git a/nullplatform/code_repository/provider.tf b/nullplatform/code_repository/provider.tf new file mode 100644 index 0000000..a3f18aa --- /dev/null +++ b/nullplatform/code_repository/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = ">= 0.0.67" + } + } +} +provider "nullplatform" { + + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/code_repository/variables.tf new file mode 100644 index 0000000..9815884 --- /dev/null +++ b/nullplatform/code_repository/variables.tf @@ -0,0 +1,69 @@ +variable "group_path" { + type = string + +} + +variable "access_token" { + type = string + sensitive = true + +} + +variable "installation_url" { + type = string + +} + +variable "np_api_key" { + type = string + sensitive = true + +} +variable "nrn" { + type = string + +} + +variable "collaborators_config" { + type = object({ + default_collaborators = list(object({ + id = string + role = string + type = string + })) + }) +} + +variable "gitlab_repository_prefix" { + type = string + +} +variable "gitlab_name" { + type = string + +} + +variable "repository_provider" { + type = string + +} +variable "gitlab_slug" { + type = string + +} + +variable "git_provider" { + type = string + description = "gitlab or github" +} +variable "organization" { + type = string + default = "" + +} +variable "organization_installation_id" { + type = string + default = "" + + +} \ No newline at end of file From effe7dbb5c91b1688ad42e0ebb7e06e4a6a75344 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 13:10:57 -0300 Subject: [PATCH 19/87] feat: remove lock --- .../code_repository/.terraform.lock.hcl | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 nullplatform/code_repository/.terraform.lock.hcl diff --git a/nullplatform/code_repository/.terraform.lock.hcl b/nullplatform/code_repository/.terraform.lock.hcl deleted file mode 100644 index 189d0b1..0000000 --- a/nullplatform/code_repository/.terraform.lock.hcl +++ /dev/null @@ -1,25 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.68" - constraints = ">= 0.0.67" - hashes = [ - "h1:S4Bo8NWyjgLGpSGXs81CeqX7IiXl+0r2vJVHLQm+n+E=", - "zh:00ac454a70bcd9e5508b71050a292f046610ed0dea918f286cdd6df1ea07b141", - "zh:06dbfc149cacf47afd8c41a99aabb42b2dd31119dd72ce59c6b2addd78ef5086", - "zh:1b07108c615e1c3ceb28afa443635ebfd36bb58979fc8e96da640c6ef858e26c", - "zh:1b1a8438338cf01c086c24c7a64b0a6eb6c793faff1f188b857d5455997a73f5", - "zh:30bc555e3538cd5a7cf30baf4b1a86d6913f736b123dfc8d817b912fe2552308", - "zh:38dee822decb3adeb57ee5b2cf1030a3bb29966b9ba2c5a0ac61ea314a46db25", - "zh:3f4a4f7f8fbdff23206ec0bcc4e4c03b9e812cebafe625a33bdda317716c01a4", - "zh:9c64bbe63a4f4dcf5e619a7b6af813c234bf4d56e1ef4dd5da46290ca71b3f2b", - "zh:a027331f2ecec9d694eef1a31af7efaeeb190519525c4dd542c2c83393a9c28f", - "zh:a709644870c8ec0138511e3f90aebb40966007e7cb941e49e484d5d944de8650", - "zh:ba1a30fada1821b479ec4e83c626a7e6304cb7878beea4fdbb1a67b71102b0d1", - "zh:c0215b0c805b063417e18721e7bc82afde08a3b57451c832aed182c2a0a2327e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7dd66b8f5d6d7d6174bc60b3fa2b573c549c480dbb2aed372c100bf7c30f523", - "zh:fcf4fdbcbee302d958fa9da57b54be04ce23ed6ec8d710213140a95a0ad50f35", - ] -} From 7f5b93d85e493cbe7c7ae10fecaf26ecbdeac77b Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 15:29:04 -0300 Subject: [PATCH 20/87] feat: add google --- .gitignore | 20 ++++++++ nullplatform/cloud/gcp/README.md | 36 ++++++++++++++ nullplatform/cloud/gcp/main.tf | 32 ++++++++++++ nullplatform/cloud/gcp/providers.tf | 12 +++++ nullplatform/cloud/gcp/variables.tf | 76 +++++++++++++++++++++++++++++ 5 files changed, 176 insertions(+) create mode 100644 nullplatform/cloud/gcp/README.md create mode 100644 nullplatform/cloud/gcp/main.tf create mode 100644 nullplatform/cloud/gcp/providers.tf create mode 100644 nullplatform/cloud/gcp/variables.tf diff --git a/.gitignore b/.gitignore index 4f8d1a8..147046a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,23 @@ +# Local .terraform directories +.terraform/ +.terraform.lock.hcl +**/.terraform/ +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + + # Logs logs *.log diff --git a/nullplatform/cloud/gcp/README.md b/nullplatform/cloud/gcp/README.md new file mode 100644 index 0000000..07816ac --- /dev/null +++ b/nullplatform/cloud/gcp/README.md @@ -0,0 +1,36 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [nullplatform](#requirement\_nullplatform) | >= 0.0.67 | + +## Providers + +| Name | Version | +|------|---------| +| [nullplatform](#provider\_nullplatform) | >= 0.0.67 | + +## Resources + +| Name | Type | +|------|------| +| [nullplatform_provider_config.gcp](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [dimensions](#input\_dimensions) | Map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | +| [domain\_name](#input\_domain\_name) | Domain name for the configuration | `string` | n/a | yes | +| [environment](#input\_environment) | Environment dimension value to which the configuration applies | `string` | n/a | yes | +| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | +| [include\_environment](#input\_include\_environment) | Whether to use Environment as a default dimension | `bool` | `true` | no | +| [location](#input\_location) | n/a | `string` | n/a | yes | +| [np\_api\_key](#input\_np\_api\_key) | n/a | `string` | n/a | yes | +| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | +| [private\_dns\_zone\_name](#input\_private\_dns\_zone\_name) | n/a | `string` | n/a | yes | +| [project\_id](#input\_project\_id) | n/a | `string` | n/a | yes | +| [public\_dns\_zone\_name](#input\_public\_dns\_zone\_name) | n/a | `string` | n/a | yes | +| [service\_account\_key](#input\_service\_account\_key) | n/a | `string` | n/a | yes | + \ No newline at end of file diff --git a/nullplatform/cloud/gcp/main.tf b/nullplatform/cloud/gcp/main.tf new file mode 100644 index 0000000..eaccd8f --- /dev/null +++ b/nullplatform/cloud/gcp/main.tf @@ -0,0 +1,32 @@ + + +resource "nullplatform_provider_config" "gcp" { + nrn = var.nrn + type = "google-cloud-configuration" + dimensions = var.dimensions + attributes = jsonencode({ + "project" : { + "id" : var.project_id + "location" : var.location + }, + "networking" : { + "domain_name" : var.domain_name, + "application_domain" : false + }, + + }) +} + + +resource "nullplatform_dimension" "environment" { + name = "Environment" + order = 1 + nrn = var.nrn +} + +resource "nullplatform_dimension_value" "environment_value" { + for_each = toset(var.environments) + dimension_id = nullplatform_dimension.environment.id + name = each.value + nrn = var.nrn +} diff --git a/nullplatform/cloud/gcp/providers.tf b/nullplatform/cloud/gcp/providers.tf new file mode 100644 index 0000000..a3f18aa --- /dev/null +++ b/nullplatform/cloud/gcp/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = ">= 0.0.67" + } + } +} +provider "nullplatform" { + + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/cloud/gcp/variables.tf b/nullplatform/cloud/gcp/variables.tf new file mode 100644 index 0000000..dc88628 --- /dev/null +++ b/nullplatform/cloud/gcp/variables.tf @@ -0,0 +1,76 @@ + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "include_environment" { + description = "Whether to use Environment as a default dimension" + type = bool + default = true +} + +variable "domain_name" { + description = "Domain name for the configuration" + type = string +} + + +variable "environment" { + description = "Environment dimension value to which the configuration applies" + type = string +} + +variable "dimensions" { + description = "Map of dimension values to configure Nullplatform" + type = map(string) + default = {} +} +/* +####### +# Code respositoy +####3 +variable "organization" { + description = "Organization name for code repository configuration" + type = string +} + +variable "organization_installation_id" { + description = "GitHub App installation ID for the organization" + type = string +} +*/ + +variable "environments" { + type = list(string) + description = "The list of environments" + default = ["development", "staging", "production"] +} + +variable "location" { + type = string + +} + + +variable "project_id" { + type = string + +} + +variable "np_api_key" { + type = string + +} + +variable "private_dns_zone_name" { + type = string + +} +variable "public_dns_zone_name" { + type = string +} +variable "service_account_key" { + type = string + +} \ No newline at end of file From 767668f0da3cef657ce1897308f38585f682c4d1 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 15:32:36 -0300 Subject: [PATCH 21/87] feat: add aws --- nullplatform/cloud/aws/README.md | 51 ++++++++ nullplatform/cloud/aws/data.tf | 5 + nullplatform/cloud/aws/example.md | 64 ++++++++++ nullplatform/cloud/aws/iam-registry.tf | 93 ++++++++++++++ nullplatform/cloud/aws/locals.tf | 3 + nullplatform/cloud/aws/main.tf | 167 +++++++++++++++++++++++++ nullplatform/cloud/aws/providers.tf | 8 ++ nullplatform/cloud/aws/variables.tf | 75 +++++++++++ 8 files changed, 466 insertions(+) create mode 100644 nullplatform/cloud/aws/README.md create mode 100644 nullplatform/cloud/aws/data.tf create mode 100644 nullplatform/cloud/aws/example.md create mode 100644 nullplatform/cloud/aws/iam-registry.tf create mode 100644 nullplatform/cloud/aws/locals.tf create mode 100644 nullplatform/cloud/aws/main.tf create mode 100644 nullplatform/cloud/aws/providers.tf create mode 100644 nullplatform/cloud/aws/variables.tf diff --git a/nullplatform/cloud/aws/README.md b/nullplatform/cloud/aws/README.md new file mode 100644 index 0000000..d718f90 --- /dev/null +++ b/nullplatform/cloud/aws/README.md @@ -0,0 +1,51 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | +| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | +| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.ecr-manager-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | +| [aws_iam_user_policy_attachment.ecr-manager-policy-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource | +| [kubernetes_ingress_v1.internal](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | +| [kubernetes_ingress_v1.public](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | +| [nullplatform_dimension.environment](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension) | resource | +| [nullplatform_dimension_value.environment_value](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension_value) | resource | +| [nullplatform_provider_config.aws](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | +| [nullplatform_provider_config.ecr](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | +| [nullplatform_provider_config.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [application\_manager\_assume\_role](#input\_application\_manager\_assume\_role) | ARN of the IAM role for application manager | `string` | `"arn:aws:iam::283477532906:role/application_manager"` | no | +| [certificate\_arn](#input\_certificate\_arn) | ARN of the SSL/TLS certificate for the network configuration | `string` | n/a | yes | +| [dimensions](#input\_dimensions) | Map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | +| [domain\_name](#input\_domain\_name) | Domain name for the configuration | `string` | n/a | yes | +| [environment](#input\_environment) | Environment dimension value to which the configuration applies | `string` | n/a | yes | +| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | +| [hosted\_private\_zone\_id](#input\_hosted\_private\_zone\_id) | Hosted zone ID for private DNS | `string` | n/a | yes | +| [hosted\_public\_zone\_id](#input\_hosted\_public\_zone\_id) | Hosted zone ID for public DNS | `string` | n/a | yes | +| [include\_environment](#input\_include\_environment) | Whether to use Environment as a default dimension | `bool` | `true` | no | +| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | +| [organization](#input\_organization) | Organization name for code repository configuration | `string` | n/a | yes | +| [organization\_installation\_id](#input\_organization\_installation\_id) | GitHub App installation ID for the organization | `string` | n/a | yes | +| [scope\_manager\_assume\_role](#input\_scope\_manager\_assume\_role) | ARN of the IAM role for scope and deploy manager | `string` | `"arn:aws:iam::283477532906:role/scope_and_deploy_manager"` | no | + \ No newline at end of file diff --git a/nullplatform/cloud/aws/data.tf b/nullplatform/cloud/aws/data.tf new file mode 100644 index 0000000..0fe331b --- /dev/null +++ b/nullplatform/cloud/aws/data.tf @@ -0,0 +1,5 @@ +data "aws_caller_identity" "current" { +} + +data "aws_region" "current" { +} \ No newline at end of file diff --git a/nullplatform/cloud/aws/example.md b/nullplatform/cloud/aws/example.md new file mode 100644 index 0000000..051102c --- /dev/null +++ b/nullplatform/cloud/aws/example.md @@ -0,0 +1,64 @@ +# Configuraciรณn Terraform - Nullplatform Configuration + +## Mรณdulo + +```hcl +module "nullplatform_configuration" { + source = "./nullplatform/platform_config" + + domain_name = var.domain_name + environment = var.environment + hosted_private_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + nrn = var.nrn + organization = var.github_organization + organization_installation_id = var.github_organization_installation_id + certificate_arn = var.certificate_arn +} +``` + +## Variables + +```hcl +# Ejemplo con diferentes valores +domain_name = "acme-corp-services.nullapps.io" +environment = "production" +hosted_public_zone_id = "Z1234567890ABCDEFGH" +hosted_private_zone_id = "Z9876543210ZYXWVUTS" +nrn = "organization=2468013579:account=9876543210" +github_organization = "acme-corp" +github_organization_installation_id = "12345678" +certificate_arn = "arn:aws:acm:us-west-2:123456789012:certificate/a1b2c3d4-e5f6-7890-1234-56789abcdef0" +``` + +## Parรกmetros del Mรณdulo + +| Variable | Valor Original | Valor de Ejemplo | Descripciรณn | +|----------|------------------------------------------------------|------------------|-------------| +| `domain_name` | `kwik-e-mart-providers-test.nullapps.io` | `acme-corp-services.nullapps.io` | Nombre de dominio principal | +| `environment` | `""` (vacรญo) | `production` | Entorno de despliegue | +| `hosted_public_zone_id` | `Z1234567890ABCDEFGH` | `Z1234567890ABCDEFGH` | ID de la zona pรบblica de Route53 | +| `hosted_private_zone_id` | `Z9876543210ZYXWVUTS` | `Z9876543210ZYXWVUTS` | ID de la zona privada de Route53 | +| `nrn` | `organization=2468013579:account=2468013579` | `organization=2468013579:account=9876543210` | Identificador de organizaciรณn y cuenta | +| `github_organization` | `acme-corp` | `acme-corp` | Organizaciรณn de GitHub | +| `github_organization_installation_id` | `2468013579` | `12345678` | ID de instalaciรณn de la GitHub App | +| `certificate_arn` | `arn:aws:acm:us-east-1:2468013579:certificate/...` | `arn:aws:acm:us-west-2:123456789012:certificate/...` | ARN del certificado SSL de AWS ACM | + +## Notas de Configuraciรณn + +### Dominios +- Los dominios siguen el patrรณn `{organization}-{service}.nullapps.io` +- Se recomienda usar subdominios descriptivos para diferentes entornos + +### Zonas de Route53 +- **Zona pรบblica**: Para resoluciรณn DNS desde internet +- **Zona privada**: Para resoluciรณn DNS interna en VPC + +### GitHub Integration +- Requiere una GitHub App instalada en la organizaciรณn +- El `organization_installation_id` se obtiene de la configuraciรณn de la GitHub App + +### Certificados SSL +- Deben estar en la regiรณn correcta segรบn el uso +- Para CloudFront: certificados deben estar en `us-east-1` +- Para ALB regional: certificados pueden estar en cualquier regiรณn \ No newline at end of file diff --git a/nullplatform/cloud/aws/iam-registry.tf b/nullplatform/cloud/aws/iam-registry.tf new file mode 100644 index 0000000..fb70a56 --- /dev/null +++ b/nullplatform/cloud/aws/iam-registry.tf @@ -0,0 +1,93 @@ +resource "aws_iam_role" "nullplatform_application_role" { + name = "nullplatform-application-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Principal = { + AWS = var.application_manager_assume_role + }, + Action = "sts:AssumeRole", + Condition = { + StringEquals = { + "aws:RequestedRegion" = [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + }, + DateGreaterThan = { + "aws:CurrentTime" = "2024-01-01T00:00:00Z" + } + } + } + ] + }) +} + +resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { + name = "nullplatform-ecr-manager-policy" + description = "Policy for managing ECR repositories with restricted access" + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Action = [ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:UploadLayerPart", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage", + "ecr:CreateRepository", + "ecr:DeleteRepository", + "ecr:DescribeRepositories", + "ecr:TagResource" + ], + Resource = [ + "arn:aws:ecr:*:*:repository/*" + ], + Condition = { + StringEquals = { + "aws:RequestedRegion" = [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + }, + { + Effect = "Allow", + Action = [ + "sts:GetServiceBearerToken", + "ecr:GetAuthorizationToken" + ], + Resource = "*" + } + ] + }) +} + +resource "aws_iam_user" "nullplatform_build_workflow_user" { + name = "nullplatform-build-workflow-user" +} + +resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { + user = aws_iam_user.nullplatform_build_workflow_user.name +} + + +resource "aws_iam_role_policy_attachment" "ecr-manager-policy" { + role = aws_iam_role.nullplatform_application_role.name + policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn +} + +resource "aws_iam_user_policy_attachment" "ecr-manager-policy-user" { + user = aws_iam_user.nullplatform_build_workflow_user.name + policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn +} \ No newline at end of file diff --git a/nullplatform/cloud/aws/locals.tf b/nullplatform/cloud/aws/locals.tf new file mode 100644 index 0000000..1b50af0 --- /dev/null +++ b/nullplatform/cloud/aws/locals.tf @@ -0,0 +1,3 @@ +locals { + dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) +} \ No newline at end of file diff --git a/nullplatform/cloud/aws/main.tf b/nullplatform/cloud/aws/main.tf new file mode 100644 index 0000000..7258e48 --- /dev/null +++ b/nullplatform/cloud/aws/main.tf @@ -0,0 +1,167 @@ +resource "nullplatform_provider_config" "aws" { + provider = nullplatform + nrn = var.nrn + type = "aws-configuration" + dimensions = local.dimensions + attributes = jsonencode({ + iam = { + #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn + } + account = { + id = data.aws_caller_identity.current.id + region = data.aws_region.current.region + } + networking = { + application_domain = false + domain_name = var.domain_name + hosted_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + +resource "nullplatform_provider_config" "ecr" { + provider = nullplatform + nrn = var.nrn + type = "ecr" + dimensions = {} + attributes = jsonencode({ + "ci" : { + "region" : data.aws_region.current.region, + "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id + "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret + }, + "setup" : { + "region" : data.aws_region.current.region, + "role_arn" : aws_iam_role.nullplatform_application_role.arn + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + +resource "nullplatform_provider_config" "github" { + nrn = replace(var.nrn, ":namespace=.*$", "") + type = "github-configuration" + dimensions = {} + attributes = jsonencode({ + "setup" : { + "organization" : var.organization, + "installation_id" : var.organization_installation_id + }, + } + ) +} + +resource "kubernetes_ingress_v1" "internal" { + metadata { + name = "initial-ingress-setup-internal" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/scheme" = "internal" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} + +resource "kubernetes_ingress_v1" "public" { + metadata { + name = "initial-ingress-setup-public" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} + +resource "nullplatform_dimension" "environment" { + name = "Environment" + order = 1 + nrn = var.nrn +} + +resource "nullplatform_dimension_value" "environment_value" { + for_each = toset(var.environments) + dimension_id = nullplatform_dimension.environment.id + name = each.value + nrn = var.nrn +} diff --git a/nullplatform/cloud/aws/providers.tf b/nullplatform/cloud/aws/providers.tf new file mode 100644 index 0000000..4e925e3 --- /dev/null +++ b/nullplatform/cloud/aws/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} \ No newline at end of file diff --git a/nullplatform/cloud/aws/variables.tf b/nullplatform/cloud/aws/variables.tf new file mode 100644 index 0000000..7c99a65 --- /dev/null +++ b/nullplatform/cloud/aws/variables.tf @@ -0,0 +1,75 @@ +variable "scope_manager_assume_role" { + description = "ARN of the IAM role for scope and deploy manager" + type = string + default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "include_environment" { + description = "Whether to use Environment as a default dimension" + type = bool + default = true +} + +variable "domain_name" { + description = "Domain name for the configuration" + type = string +} + +variable "hosted_private_zone_id" { + description = "Hosted zone ID for private DNS" + type = string +} + +variable "hosted_public_zone_id" { + description = "Hosted zone ID for public DNS" + type = string +} + +variable "environment" { + description = "Environment dimension value to which the configuration applies" + type = string +} + +variable "dimensions" { + description = "Map of dimension values to configure Nullplatform" + type = map(string) + default = {} +} +######### +# Registry Variables +######### +variable "application_manager_assume_role" { + description = "ARN of the IAM role for application manager" + type = string + default = "arn:aws:iam::283477532906:role/application_manager" +} +####### +# Code respositoy +####3 +variable "organization" { + description = "Organization name for code repository configuration" + type = string +} + +variable "organization_installation_id" { + description = "GitHub App installation ID for the organization" + type = string +} +######### +# Ingress Default +###### +variable "certificate_arn" { + description = "ARN of the SSL/TLS certificate for the network configuration" + type = string +} + +variable "environments" { + type = list(string) + description = "The list of environments" + default = ["development", "staging", "production"] +} \ No newline at end of file From 3b289cd57df01f63fe40bfc5a769ad3e638341f9 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 15:33:43 -0300 Subject: [PATCH 22/87] feat: add prometheus --- workloads/prometheus/README.md | 32 +++++++++++++++++++ workloads/prometheus/data.tf | 7 ++++ workloads/prometheus/locals.tf | 4 +++ workloads/prometheus/main.tf | 24 ++++++++++++++ workloads/prometheus/providers.tf | 16 ++++++++++ .../templates/prometheus-values.tmpl.yaml | 25 +++++++++++++++ workloads/prometheus/variables.tf | 7 ++++ 7 files changed, 115 insertions(+) create mode 100644 workloads/prometheus/README.md create mode 100644 workloads/prometheus/data.tf create mode 100644 workloads/prometheus/locals.tf create mode 100644 workloads/prometheus/main.tf create mode 100644 workloads/prometheus/providers.tf create mode 100644 workloads/prometheus/templates/prometheus-values.tmpl.yaml create mode 100644 workloads/prometheus/variables.tf diff --git a/workloads/prometheus/README.md b/workloads/prometheus/README.md new file mode 100644 index 0000000..c683811 --- /dev/null +++ b/workloads/prometheus/README.md @@ -0,0 +1,32 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 6.0 | +| [helm](#requirement\_helm) | ~> 3.0 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 6.0 | +| [helm](#provider\_helm) | ~> 3.0 | +| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [nullplatform_provider_config.prometheus](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | n/a | `any` | n/a | yes | +| [namespace](#input\_namespace) | n/a | `string` | `"prometheus"` | no | +| [nrn](#input\_nrn) | n/a | `any` | n/a | yes | + \ No newline at end of file diff --git a/workloads/prometheus/data.tf b/workloads/prometheus/data.tf new file mode 100644 index 0000000..6a9c21f --- /dev/null +++ b/workloads/prometheus/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "this" { + name = var.cluster_name +} + +data "aws_iam_openid_connect_provider" "this" { + url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer +} diff --git a/workloads/prometheus/locals.tf b/workloads/prometheus/locals.tf new file mode 100644 index 0000000..af88fec --- /dev/null +++ b/workloads/prometheus/locals.tf @@ -0,0 +1,4 @@ +locals { + prometheus-values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { + }) +} \ No newline at end of file diff --git a/workloads/prometheus/main.tf b/workloads/prometheus/main.tf new file mode 100644 index 0000000..5d9e5f8 --- /dev/null +++ b/workloads/prometheus/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "prometheus" { + name = "prometheus" + repository = "https://prometheus-community.github.io/helm-charts" + chart = "prometheus" + namespace = var.namespace + create_namespace = true + + values = [ local.prometheus-values ] +} + +resource "nullplatform_provider_config" "prometheus" { + nrn = var.nrn + type = "prometheus" + attributes = jsonencode({ + "server" : { + "url" : "http://prometheus-server.${var.namespace}.svc.cluster.local:80" + } + }) + dimensions = {} + + lifecycle { + ignore_changes = [attributes] + } +} \ No newline at end of file diff --git a/workloads/prometheus/providers.tf b/workloads/prometheus/providers.tf new file mode 100644 index 0000000..fb31c5a --- /dev/null +++ b/workloads/prometheus/providers.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/workloads/prometheus/templates/prometheus-values.tmpl.yaml b/workloads/prometheus/templates/prometheus-values.tmpl.yaml new file mode 100644 index 0000000..300b731 --- /dev/null +++ b/workloads/prometheus/templates/prometheus-values.tmpl.yaml @@ -0,0 +1,25 @@ +alertmanager: + persistence: + enabled: false +server: + persistentVolume: + enabled: false +extraScrapeConfigs: | + # Mรฉtricas de Null Platform desde nodos K8s + - job_name: null-platform-metrics + kubernetes_sd_configs: + - role: node + metrics_path: /metrics + scheme: http + relabel_configs: + # Cambiar puerto de kubelet (10250) a null-platform (2021) + - source_labels: [ __address__ ] + regex: '(.*):10250' + target_label: __address__ + replacement: '$1:2021' + # Mapear labels de nodos K8s + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + # Aรฑadir nombre del nodo + - source_labels: [ __meta_kubernetes_node_name ] + target_label: node \ No newline at end of file diff --git a/workloads/prometheus/variables.tf b/workloads/prometheus/variables.tf new file mode 100644 index 0000000..6371c8d --- /dev/null +++ b/workloads/prometheus/variables.tf @@ -0,0 +1,7 @@ +variable "namespace" { + default = "prometheus" +} + +variable "cluster_name" {} + +variable "nrn" {} \ No newline at end of file From 3885509a1fe02689a22a0bce37880c900a84cee1 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 15:56:29 -0300 Subject: [PATCH 23/87] feat: add docker server --- nullplatform/{cloud => aws}/aws/README.md | 0 nullplatform/{cloud => aws}/aws/data.tf | 0 nullplatform/{cloud => aws}/aws/example.md | 0 .../{cloud => aws}/aws/iam-registry.tf | 0 nullplatform/{cloud => aws}/aws/locals.tf | 0 nullplatform/{cloud => aws}/aws/main.tf | 0 nullplatform/{cloud => aws}/aws/providers.tf | 0 nullplatform/{cloud => aws}/aws/variables.tf | 0 nullplatform/gcp/agent/README.md | 56 +++++ nullplatform/gcp/agent/auth.tf | 32 +++ nullplatform/gcp/agent/channel.tf | 63 ++++++ nullplatform/gcp/agent/locals.tf | 15 ++ nullplatform/gcp/agent/main.tf | 24 ++ nullplatform/gcp/agent/providers.tf | 49 ++++ nullplatform/gcp/agent/scopes.tf | 211 ++++++++++++++++++ .../nullplatform-agent-values.tmpl.yaml | 19 ++ nullplatform/gcp/agent/variables.tf | 126 +++++++++++ nullplatform/gcp/base/README.md | 39 ++++ nullplatform/gcp/base/auth.tf | 29 +++ nullplatform/gcp/base/locals.tf | 7 + nullplatform/gcp/base/main.tf | 27 +++ nullplatform/gcp/base/providers.tf | 53 +++++ .../nullplatform-base-values.tmpl.yaml | 25 +++ nullplatform/gcp/base/variables.tf | 33 +++ nullplatform/{ => gcp}/cloud/gcp/README.md | 0 nullplatform/{ => gcp}/cloud/gcp/main.tf | 0 nullplatform/{ => gcp}/cloud/gcp/providers.tf | 0 nullplatform/{ => gcp}/cloud/gcp/variables.tf | 0 28 files changed, 808 insertions(+) rename nullplatform/{cloud => aws}/aws/README.md (100%) rename nullplatform/{cloud => aws}/aws/data.tf (100%) rename nullplatform/{cloud => aws}/aws/example.md (100%) rename nullplatform/{cloud => aws}/aws/iam-registry.tf (100%) rename nullplatform/{cloud => aws}/aws/locals.tf (100%) rename nullplatform/{cloud => aws}/aws/main.tf (100%) rename nullplatform/{cloud => aws}/aws/providers.tf (100%) rename nullplatform/{cloud => aws}/aws/variables.tf (100%) create mode 100644 nullplatform/gcp/agent/README.md create mode 100644 nullplatform/gcp/agent/auth.tf create mode 100644 nullplatform/gcp/agent/channel.tf create mode 100644 nullplatform/gcp/agent/locals.tf create mode 100644 nullplatform/gcp/agent/main.tf create mode 100644 nullplatform/gcp/agent/providers.tf create mode 100644 nullplatform/gcp/agent/scopes.tf create mode 100644 nullplatform/gcp/agent/templates/nullplatform-agent-values.tmpl.yaml create mode 100644 nullplatform/gcp/agent/variables.tf create mode 100644 nullplatform/gcp/base/README.md create mode 100644 nullplatform/gcp/base/auth.tf create mode 100644 nullplatform/gcp/base/locals.tf create mode 100644 nullplatform/gcp/base/main.tf create mode 100644 nullplatform/gcp/base/providers.tf create mode 100644 nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml create mode 100644 nullplatform/gcp/base/variables.tf rename nullplatform/{ => gcp}/cloud/gcp/README.md (100%) rename nullplatform/{ => gcp}/cloud/gcp/main.tf (100%) rename nullplatform/{ => gcp}/cloud/gcp/providers.tf (100%) rename nullplatform/{ => gcp}/cloud/gcp/variables.tf (100%) diff --git a/nullplatform/cloud/aws/README.md b/nullplatform/aws/aws/README.md similarity index 100% rename from nullplatform/cloud/aws/README.md rename to nullplatform/aws/aws/README.md diff --git a/nullplatform/cloud/aws/data.tf b/nullplatform/aws/aws/data.tf similarity index 100% rename from nullplatform/cloud/aws/data.tf rename to nullplatform/aws/aws/data.tf diff --git a/nullplatform/cloud/aws/example.md b/nullplatform/aws/aws/example.md similarity index 100% rename from nullplatform/cloud/aws/example.md rename to nullplatform/aws/aws/example.md diff --git a/nullplatform/cloud/aws/iam-registry.tf b/nullplatform/aws/aws/iam-registry.tf similarity index 100% rename from nullplatform/cloud/aws/iam-registry.tf rename to nullplatform/aws/aws/iam-registry.tf diff --git a/nullplatform/cloud/aws/locals.tf b/nullplatform/aws/aws/locals.tf similarity index 100% rename from nullplatform/cloud/aws/locals.tf rename to nullplatform/aws/aws/locals.tf diff --git a/nullplatform/cloud/aws/main.tf b/nullplatform/aws/aws/main.tf similarity index 100% rename from nullplatform/cloud/aws/main.tf rename to nullplatform/aws/aws/main.tf diff --git a/nullplatform/cloud/aws/providers.tf b/nullplatform/aws/aws/providers.tf similarity index 100% rename from nullplatform/cloud/aws/providers.tf rename to nullplatform/aws/aws/providers.tf diff --git a/nullplatform/cloud/aws/variables.tf b/nullplatform/aws/aws/variables.tf similarity index 100% rename from nullplatform/cloud/aws/variables.tf rename to nullplatform/aws/aws/variables.tf diff --git a/nullplatform/gcp/agent/README.md b/nullplatform/gcp/agent/README.md new file mode 100644 index 0000000..7eb41ae --- /dev/null +++ b/nullplatform/gcp/agent/README.md @@ -0,0 +1,56 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 6.0 | +| [helm](#requirement\_helm) | ~> 3.0 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | + +## Providers + +| Name | Version | +|------|---------| +| [external](#provider\_external) | n/a | +| [google](#provider\_google) | n/a | +| [helm](#provider\_helm) | ~> 3.0 | +| [http](#provider\_http) | n/a | +| [null](#provider\_null) | n/a | +| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [null_resource.nrn_patch](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | +| [nullplatform_api_key.nullplatform-agent-api-key](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/api_key) | resource | +| [nullplatform_notification_channel.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | +| [nullplatform_scope_type.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/scope_type) | resource | +| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [action\_spec\_names](#input\_action\_spec\_names) | List of action specification template names to fetch and create | `list(string)` | 
[
  "create-scope",
  "delete-scope",
  "start-initial",
  "start-blue-green",
  "finalize-blue-green",
  "rollback-deployment",
  "delete-deployment",
  "switch-traffic",
  "set-desired-instance-count",
  "pause-autoscaling",
  "resume-autoscaling",
  "restart-pods",
  "kill-instances"
]
| no | +| [agent\_repos\_extra](#input\_agent\_repos\_extra) | Additional repositories for the agent configuration | `list(string)` | `[]` | no | +| [agent\_repos\_scope](#input\_agent\_repos\_scope) | Git repository URL for agent scopes configuration | `string` | `"https://github.com/nullplatform/scopes.git#main"` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the kubernetes cluster | `string` | n/a | yes | +| [environment\_tag](#input\_environment\_tag) | n/a | `any` | n/a | yes | +| [external\_logging\_provider](#input\_external\_logging\_provider) | External logging provider name | `string` | `"external"` | no | +| [external\_metrics\_provider](#input\_external\_metrics\_provider) | External metrics provider name | `string` | `"externalmetrics"` | no | +| [github\_ref](#input\_github\_ref) | Git reference (branch, tag, or commit) | `string` | `"beta"` | no | +| [github\_repo\_url](#input\_github\_repo\_url) | GitHub repository URL containing templates | `string` | `"https://github.com/nullplatform/scopes"` | no | +| [init\_scripts](#input\_init\_scripts) | List of initialization scripts to run | `list(string)` | `[]` | no | +| [location](#input\_location) | n/a | `string` | n/a | yes | +| [namespace](#input\_namespace) | Kubernetes namespace to agent run | `string` | `"nullplatform-tools"` | no | +| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | +| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | +| [nullplatform-agent-helm-version](#input\_nullplatform-agent-helm-version) | Helm chart version for the Nullplatform agent | `string` | `"2.11.0"` | no | +| [project\_id](#input\_project\_id) | n/a | `string` | n/a | yes | +| [repo\_path](#input\_repo\_path) | Local path to the repository containing templates | `string` | `"/root/.np/nullplatform/scopes"` | no | +| [service\_path](#input\_service\_path) | Service path within the repository | `string` | `"k8s"` | no | +| [tags](#input\_tags) | Tags to apply to identifier agent | `string` | n/a | yes | + \ No newline at end of file diff --git a/nullplatform/gcp/agent/auth.tf b/nullplatform/gcp/agent/auth.tf new file mode 100644 index 0000000..31f26e0 --- /dev/null +++ b/nullplatform/gcp/agent/auth.tf @@ -0,0 +1,32 @@ + + + +resource "nullplatform_api_key" "nullplatform-agent-api-key" { + name = "NULLPLATFORM-AGENT-API-KEY" + + grants { + nrn = local.nrn_sin_namespace + role_slug = "controlplane:agent" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "developer" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "ops" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "secops" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/channel.tf b/nullplatform/gcp/agent/channel.tf new file mode 100644 index 0000000..0b1fa66 --- /dev/null +++ b/nullplatform/gcp/agent/channel.tf @@ -0,0 +1,63 @@ +################################################################################ +# Step 1: Fetch Notification Channel Template +################################################################################ + +data "http" "notification_channel_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/notification-channel.json.tpl" +} + +############################################################################### +#Step 2: Process and Create Notification Channel +############################################################################### + +#Process notification channel template +data "external" "notification_channel" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.notification_channel_template.response_body}' | \ + NRN='${var.nrn}' \ + NP_API_KEY='${nullplatform_api_key.nullplatform-agent-api-key.api_key}' \ + REPO_PATH='${var.repo_path}' \ + SERVICE_PATH='${var.service_path}' \ + ENVIRONMENT='${var.environment_tag}' \ + SERVICE_SLUG='${nullplatform_service_specification.from_template.slug}' \ + SERVICE_SPECIFICATION_ID='${nullplatform_service_specification.from_template.id}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + notification_channel_def = jsondecode(data.external.notification_channel.result.json) +} + +# Create notification channel +resource "nullplatform_notification_channel" "from_template" { + nrn = var.nrn + type = local.notification_channel_def.type + source = local.notification_channel_def.source + + configuration { + dynamic "agent" { + for_each = local.notification_channel_def.type == "agent" ? [local.notification_channel_def.configuration] : [] + content { + api_key = agent.value.api_key + command { + type = agent.value.command.type + data = { + for k, v in agent.value.command.data : k => ( + k == "environment" ? jsonencode({ + NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" + }) : ( + can(tostring(v)) ? tostring(v) : jsonencode(v) + ) + ) + } + } + selector = agent.value.selector + } + } + } + + filters = can(local.notification_channel_def.filters) ? jsonencode(local.notification_channel_def.filters) : null +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/locals.tf b/nullplatform/gcp/agent/locals.tf new file mode 100644 index 0000000..f868202 --- /dev/null +++ b/nullplatform/gcp/agent/locals.tf @@ -0,0 +1,15 @@ +locals { + scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) + repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) + final_list = distinct(concat(local.scope_list, local.repos_extra)) + nrn_sin_namespace = join(":", slice(split(":", var.nrn), 0, 2)) + + nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { + agent_repos = join(",", local.final_list) + cluster_name = var.cluster_name + tags = var.tags + init_scripts = var.init_scripts + api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key + namespace = var.namespace + }) +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/main.tf b/nullplatform/gcp/agent/main.tf new file mode 100644 index 0000000..0d39a5e --- /dev/null +++ b/nullplatform/gcp/agent/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "agent" { + name = "nullplatform-agent" + chart = "nullplatform-agent" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-agent-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_agent_values] +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/providers.tf b/nullplatform/gcp/agent/providers.tf new file mode 100644 index 0000000..bef3ba9 --- /dev/null +++ b/nullplatform/gcp/agent/providers.tf @@ -0,0 +1,49 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + /* cambiar por gcp */ + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} +provider "google" { + project = var.project_id + region = var.location + +} + +data "google_container_cluster" "gke" { + name = var.cluster_name + location = var.location +} +data "google_client_config" "this" {} + +provider "kubernetes" { + host = "https://${data.google_container_cluster.gke.endpoint}" + token = data.google_client_config.this.access_token + cluster_ca_certificate = base64decode( + data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate + ) +} +provider "helm" { + kubernetes = { + host = "https://${data.google_container_cluster.gke.endpoint}" + token = data.google_client_config.this.access_token + cluster_ca_certificate = base64decode( + data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate + ) + } +} +provider "nullplatform" { + + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/scopes.tf b/nullplatform/gcp/agent/scopes.tf new file mode 100644 index 0000000..74a3f2e --- /dev/null +++ b/nullplatform/gcp/agent/scopes.tf @@ -0,0 +1,211 @@ +################################################################################ +# Step 1: Fetch Templates +################################################################################ + +# Fetch service specification template +data "http" "service_spec_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/service-spec.json.tpl" +} + +# Fetch scope type template +data "http" "scope_type_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/scope-type-definition.json.tpl" +} + +# Fetch action specification templates +data "http" "action_templates" { + for_each = toset(var.action_spec_names) + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/actions/${each.key}.json.tpl" +} + +################################################################################ +# Step 2: Process and Create Service Specification +################################################################################ + +# Process service spec template +data "external" "service_spec" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.service_spec_template.response_body}' | NRN='${var.nrn}' gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + service_spec_parsed = jsondecode(data.external.service_spec.result.json) +} + +# Create service specification +resource "nullplatform_service_specification" "from_template" { + name = local.service_spec_parsed.name + visible_to = local.service_spec_parsed.visible_to + assignable_to = local.service_spec_parsed.assignable_to + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) + use_default_actions = local.service_spec_parsed.use_default_actions + + selectors { + category = local.service_spec_parsed.selectors.category + imported = local.service_spec_parsed.selectors.imported + provider = local.service_spec_parsed.selectors.provider + sub_category = local.service_spec_parsed.selectors.sub_category + } + + lifecycle { + ignore_changes = [attributes] + } +} + +locals { + # Variables that depend on created service specification + service_specification_id = nullplatform_service_specification.from_template.id + service_slug = nullplatform_service_specification.from_template.slug + + dependent_env_vars = { + NRN = var.nrn + SERVICE_SPECIFICATION_ID = local.service_specification_id + SERVICE_SLUG = local.service_slug + SERVICE_PATH = var.service_path + REPO_PATH = var.repo_path + } +} + +################################################################################ +# Step 3: Process and Create Scope Type +################################################################################ + +# Process scope type template +data "external" "scope_type" { + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.scope_type_template.response_body}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + scope_type_def = jsondecode(data.external.scope_type.result.json) +} + +# Create scope type +resource "nullplatform_scope_type" "from_template" { + depends_on = [nullplatform_service_specification.from_template] + + nrn = var.nrn + name = local.scope_type_def.name + description = local.scope_type_def.description + provider_id = local.service_specification_id +} + +################################################################################ +# Step 4: Create Action Specifications +################################################################################ + +# Process action templates +/* +data "external" "action_specs" { + for_each = toset(var.action_spec_names) + depends_on = [nullplatform_service_specification.from_template] + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${try(data.http.action_templates[each.key].response_body, "{}")}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + SERVICE_SLUG='${local.dependent_env_vars.SERVICE_SLUG}' \ + SERVICE_PATH='${local.dependent_env_vars.SERVICE_PATH}' \ + REPO_PATH='${local.dependent_env_vars.REPO_PATH}' \ + gomplate) + echo "{\"json_b64\":\"$(echo "$processed_json" | base64 -w 0)\"}" + EOT + ] + +} +*/ +data "external" "action_specs" { + for_each = toset(var.action_spec_names) + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + set -euo pipefail + + # Inyectar el template y normalizar EOLs a Unix + body=$(cat <<'TPL' +${try(data.http.action_templates[each.key].response_body, "{}")} +TPL +) + body="$(printf '%s' "$body" | tr -d '\r')" + + # Render con gomplate (vars por entorno) + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + SERVICE_SLUG='${local.dependent_env_vars.SERVICE_SLUG}' \ + SERVICE_PATH='${local.dependent_env_vars.SERVICE_PATH}' \ + REPO_PATH='${local.dependent_env_vars.REPO_PATH}' \ + processed_json="$(printf '%s' "$body" | gomplate)" + + # Validar JSON (opcional pero รบtil) + printf '%s' "$processed_json" | jq . >/dev/null + + # Base64 sin saltos y sin CR + b64="$(printf '%s' "$processed_json" | base64 | tr -d '\r\n')" + + # ENTREGAR map[string]string en UNA lรญnea por stdout + printf '{"json_b64":"%s"}\n' "$b64" + EOT + ] +} + + +locals { + # Static list of action specifications to avoid for_each dependency issues + static_action_specs = toset(var.action_spec_names) +} + +# Create action specifications +resource "nullplatform_action_specification" "from_templates" { + for_each = local.static_action_specs + depends_on = [nullplatform_service_specification.from_template] + + service_specification_id = local.service_specification_id + name = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).name + type = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).type + parameters = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).parameters) + results = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).results) + retryable = try(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).retryable, false) + + lifecycle { + ignore_changes = [annotations] + } + +} + +################################################################################ +# Step 5: Configure NRN with External Providers (Patch) +################################################################################ + +# This replicates: np nrn patch --nrn "$NRN" --body "{\"global.${SERVICE_SLUG}_metric_provider\": \"externalmetrics\", \"global.${SERVICE_SLUG}_log_provider\": \"external\"}" +resource "null_resource" "nrn_patch" { + depends_on = [nullplatform_service_specification.from_template] + + triggers = { + nrn = var.nrn + service_slug = local.service_slug + } + + provisioner "local-exec" { + command = <<-EOT + np nrn patch --nrn "${var.nrn}" --body "{ + \"global.${local.service_slug}_metric_provider\": \"${var.external_metrics_provider}\", + \"global.${local.service_slug}_log_provider\": \"${var.external_logging_provider}\" + }" + EOT + + environment = { + NP_API_KEY = var.np_api_key + } + } +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/templates/nullplatform-agent-values.tmpl.yaml b/nullplatform/gcp/agent/templates/nullplatform-agent-values.tmpl.yaml new file mode 100644 index 0000000..8abcf48 --- /dev/null +++ b/nullplatform/gcp/agent/templates/nullplatform-agent-values.tmpl.yaml @@ -0,0 +1,19 @@ +args: + - "--tags=$(TAGS)" + - "--apikey=$(NP_API_KEY)" + - "--runtime=host" + - "--command-executor-env=NP_API_KEY=$(NP_API_KEY)" + - "--command-executor-debug" + - "--webserver-enabled" + - "--command-executor-git-command-repos $(AGENT_REPOS)" + +configuration: + values: + NP_API_KEY: "${api_key}" + TAGS: "${tags}" + AGENT_REPOS: "${agent_repos}" + CLUSTER_NAME: "${cluster_name}" + NAMESPACE: "${namespace}" + DNS_TYPE: โ€external_dnsโ€ + + diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf new file mode 100644 index 0000000..c4a14d1 --- /dev/null +++ b/nullplatform/gcp/agent/variables.tf @@ -0,0 +1,126 @@ +variable "nullplatform-agent-helm-version" { + description = "Helm chart version for the Nullplatform agent" + type = string + default = "2.11.0" +} + +variable "agent_repos_scope" { + description = "Git repository URL for agent scopes configuration" + type = string + default = "https://github.com/nullplatform/scopes.git#main" +} + +variable "agent_repos_extra" { + description = "Additional repositories for the agent configuration" + type = list(string) + default = [] +} + +variable "cluster_name" { + description = "Name of the kubernetes cluster" + type = string +} + +variable "tags" { + description = "Tags to apply to identifier agent" + type = string +} + +variable "init_scripts" { + description = "List of initialization scripts to run" + type = list(string) + default = [] +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "namespace" { + description = "Kubernetes namespace to agent run" + type = string + default = "nullplatform-tools" +} + +# Template Configuration +variable "service_path" { + type = string + default = "k8s" + description = "Service path within the repository" +} + +variable "repo_path" { + type = string + default = "/root/.np/nullplatform/scopes" + description = "Local path to the repository containing templates" +} + +variable "github_repo_url" { + type = string + default = "https://github.com/nullplatform/scopes" + description = "GitHub repository URL containing templates" +} + +variable "github_ref" { + type = string + default = "beta" + description = "Git reference (branch, tag, or commit)" +} + + + +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "action_spec_names" { + type = list(string) + default = [ + "create-scope", + "delete-scope", + "start-initial", + "start-blue-green", + "finalize-blue-green", + "rollback-deployment", + "delete-deployment", + "switch-traffic", + "set-desired-instance-count", + "pause-autoscaling", + "resume-autoscaling", + "restart-pods", + "kill-instances" + ] + description = "List of action specification template names to fetch and create" +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "external_metrics_provider" { + type = string + default = "externalmetrics" + description = "External metrics provider name" +} + +variable "external_logging_provider" { + type = string + default = "external" + description = "External logging provider name" +} + +variable "project_id" { + type = string + +} +variable "location" { + type = string +} + +variable "environment_tag" { + +} \ No newline at end of file diff --git a/nullplatform/gcp/base/README.md b/nullplatform/gcp/base/README.md new file mode 100644 index 0000000..ee0039f --- /dev/null +++ b/nullplatform/gcp/base/README.md @@ -0,0 +1,39 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [google](#requirement\_google) | ~> 5.0 | +| [helm](#requirement\_helm) | ~> 3.0 | +| [kubernetes](#requirement\_kubernetes) | ~> 2.25 | +| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | ~> 5.0 | +| [helm](#provider\_helm) | ~> 3.0 | +| [kubernetes](#provider\_kubernetes) | ~> 2.25 | +| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.gateways](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [nullplatform_api_key.nullplatform-base-api-key](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/api_key) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | n/a | `string` | n/a | yes | +| [location](#input\_location) | n/a | `string` | n/a | yes | +| [namespace](#input\_namespace) | Kubernetes namespace to agent run | `string` | `"nullplatform-tools"` | no | +| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | +| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | +| [nullplatform-base-helm-version](#input\_nullplatform-base-helm-version) | Helm chart version for the Nullplatform agent | `string` | `"2.12.0"` | no | +| [project\_id](#input\_project\_id) | n/a | `string` | n/a | yes | + \ No newline at end of file diff --git a/nullplatform/gcp/base/auth.tf b/nullplatform/gcp/base/auth.tf new file mode 100644 index 0000000..199657b --- /dev/null +++ b/nullplatform/gcp/base/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-base-api-key" { + name = "NULLPLATFORM-BASE-API-KEY" + + grants { + nrn = local.nrn_sin_namespace + role_slug = "controlplane:agent" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "developer" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "ops" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "secops" + } + grants { + nrn = local.nrn_sin_namespace + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/nullplatform/gcp/base/locals.tf b/nullplatform/gcp/base/locals.tf new file mode 100644 index 0000000..3a8b9b3 --- /dev/null +++ b/nullplatform/gcp/base/locals.tf @@ -0,0 +1,7 @@ +locals { + nrn_sin_namespace = join(":", slice(split(":", var.nrn), 0, 2)) + nullplatform_base_values = templatefile("${path.module}/templates/nullplatform-base-values.tmpl.yaml", { + api_key = nullplatform_api_key.nullplatform-base-api-key.api_key + + }) +} \ No newline at end of file diff --git a/nullplatform/gcp/base/main.tf b/nullplatform/gcp/base/main.tf new file mode 100644 index 0000000..64a09c6 --- /dev/null +++ b/nullplatform/gcp/base/main.tf @@ -0,0 +1,27 @@ +resource "kubernetes_namespace" "gateways" { + metadata { name = "gateways" } +} + +resource "helm_release" "base" { + name = "nullplatform-base" + chart = "nullplatform-base" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-base-helm-version + create_namespace = true + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_base_values] +} \ No newline at end of file diff --git a/nullplatform/gcp/base/providers.tf b/nullplatform/gcp/base/providers.tf new file mode 100644 index 0000000..c1627d7 --- /dev/null +++ b/nullplatform/gcp/base/providers.tf @@ -0,0 +1,53 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + google = { + source = "hashicorp/google" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} + +provider "google" { + project = var.project_id + region = var.location + +} + +data "google_container_cluster" "gke" { + name = var.cluster_name + location = var.location +} +data "google_client_config" "this" {} + +provider "kubernetes" { + host = "https://${data.google_container_cluster.gke.endpoint}" + token = data.google_client_config.this.access_token + cluster_ca_certificate = base64decode( + data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate + ) +} +provider "helm" { + kubernetes = { + host = "https://${data.google_container_cluster.gke.endpoint}" + token = data.google_client_config.this.access_token + cluster_ca_certificate = base64decode( + data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate + ) + } +} +provider "nullplatform" { + + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml new file mode 100644 index 0000000..582deae --- /dev/null +++ b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml @@ -0,0 +1,25 @@ +global: + provider: "gke" + installGatewayV2Crd: true +gateway: + http: + enabled: true + internal: + enabled: true +logging: + enabled: true + prometheus: + enabled: true + exporterPort: 32021 +metricsServer: + enabled: false +controlPlane: + enabled: true +nullplatform: + apiKey: "${api_key}" +gateways: + enabled: true +gatewayAPI: + enabled: true + crds: + install: true \ No newline at end of file diff --git a/nullplatform/gcp/base/variables.tf b/nullplatform/gcp/base/variables.tf new file mode 100644 index 0000000..4d10273 --- /dev/null +++ b/nullplatform/gcp/base/variables.tf @@ -0,0 +1,33 @@ +variable "nullplatform-base-helm-version" { + description = "Helm chart version for the Nullplatform agent" + type = string + default = "2.12.0" +} + +variable "namespace" { + description = "Kubernetes namespace to agent run" + type = string + default = "nullplatform-tools" +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} +variable "cluster_name" { + type = string + +} +variable "location" { + type = string +} + +variable "project_id" { + type = string +} \ No newline at end of file diff --git a/nullplatform/cloud/gcp/README.md b/nullplatform/gcp/cloud/gcp/README.md similarity index 100% rename from nullplatform/cloud/gcp/README.md rename to nullplatform/gcp/cloud/gcp/README.md diff --git a/nullplatform/cloud/gcp/main.tf b/nullplatform/gcp/cloud/gcp/main.tf similarity index 100% rename from nullplatform/cloud/gcp/main.tf rename to nullplatform/gcp/cloud/gcp/main.tf diff --git a/nullplatform/cloud/gcp/providers.tf b/nullplatform/gcp/cloud/gcp/providers.tf similarity index 100% rename from nullplatform/cloud/gcp/providers.tf rename to nullplatform/gcp/cloud/gcp/providers.tf diff --git a/nullplatform/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/gcp/variables.tf similarity index 100% rename from nullplatform/cloud/gcp/variables.tf rename to nullplatform/gcp/cloud/gcp/variables.tf From 18de9cd74188b95e7bf220292e3ffafa9bcc0000 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 15:57:01 -0300 Subject: [PATCH 24/87] feat: add docker server --- nullplatform/asset/docker-server/main.tf | 14 +++++++++ nullplatform/asset/docker-server/provider.tf | 12 +++++++ nullplatform/asset/docker-server/variables.tf | 31 +++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 nullplatform/asset/docker-server/main.tf create mode 100644 nullplatform/asset/docker-server/provider.tf create mode 100644 nullplatform/asset/docker-server/variables.tf diff --git a/nullplatform/asset/docker-server/main.tf b/nullplatform/asset/docker-server/main.tf new file mode 100644 index 0000000..2c78234 --- /dev/null +++ b/nullplatform/asset/docker-server/main.tf @@ -0,0 +1,14 @@ +resource "nullplatform_provider_config" "docker_server" { + nrn = var.nrn + type = "docker-server" + dimensions = {} + attributes = jsonencode({ + "setup" : { + "server" : var.login_server, + "path" : var.path, + "username" : var.username, + "password" : var.password, + "use_namespace" : false + } + }) +} diff --git a/nullplatform/asset/docker-server/provider.tf b/nullplatform/asset/docker-server/provider.tf new file mode 100644 index 0000000..a3f18aa --- /dev/null +++ b/nullplatform/asset/docker-server/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = ">= 0.0.67" + } + } +} +provider "nullplatform" { + + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/asset/docker-server/variables.tf b/nullplatform/asset/docker-server/variables.tf new file mode 100644 index 0000000..f8e5b0a --- /dev/null +++ b/nullplatform/asset/docker-server/variables.tf @@ -0,0 +1,31 @@ +variable "nrn" { + type = string + description = "The null platform nrn" +} + +variable "login_server" { + description = "Docker Login server name" + type = string +} + +variable "path" { + description = "Path to the registry created" + type = string +} + +variable "username" { + description = "Docker username" + type = string + default = "_json_key_base64" +} + +variable "password" { + description = "Docker password" + type = string + sensitive = false +} + +variable "np_api_key" { + type = string + +} \ No newline at end of file From b6d3876786fdf794587cc05035e19ec7ff0a89e8 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 16:03:24 -0300 Subject: [PATCH 25/87] feat: edit variables --- nullplatform/gcp/agent/auth.tf | 10 +++++----- nullplatform/gcp/agent/locals.tf | 2 +- nullplatform/gcp/base/locals.tf | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/nullplatform/gcp/agent/auth.tf b/nullplatform/gcp/agent/auth.tf index 31f26e0..6ac502a 100644 --- a/nullplatform/gcp/agent/auth.tf +++ b/nullplatform/gcp/agent/auth.tf @@ -5,23 +5,23 @@ resource "nullplatform_api_key" "nullplatform-agent-api-key" { name = "NULLPLATFORM-AGENT-API-KEY" grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "controlplane:agent" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "developer" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "ops" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "secops" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "secrets-reader" } diff --git a/nullplatform/gcp/agent/locals.tf b/nullplatform/gcp/agent/locals.tf index f868202..a15bee7 100644 --- a/nullplatform/gcp/agent/locals.tf +++ b/nullplatform/gcp/agent/locals.tf @@ -2,7 +2,7 @@ locals { scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) final_list = distinct(concat(local.scope_list, local.repos_extra)) - nrn_sin_namespace = join(":", slice(split(":", var.nrn), 0, 2)) + nrn_without_namespace = join(":", slice(split(":", var.nrn), 0, 2)) nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { agent_repos = join(",", local.final_list) diff --git a/nullplatform/gcp/base/locals.tf b/nullplatform/gcp/base/locals.tf index 3a8b9b3..1c04d84 100644 --- a/nullplatform/gcp/base/locals.tf +++ b/nullplatform/gcp/base/locals.tf @@ -1,5 +1,5 @@ locals { - nrn_sin_namespace = join(":", slice(split(":", var.nrn), 0, 2)) + nrn_without_namespace = join(":", slice(split(":", var.nrn), 0, 2)) nullplatform_base_values = templatefile("${path.module}/templates/nullplatform-base-values.tmpl.yaml", { api_key = nullplatform_api_key.nullplatform-base-api-key.api_key From 3e211229bc3ddf92a78cfa854bd6ff877a9f2b6b Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Mon, 29 Sep 2025 18:03:04 -0300 Subject: [PATCH 26/87] feat: add prometheus --- workloads/prometheus/data.tf | 2 ++ workloads/prometheus/locals.tf | 3 ++- workloads/prometheus/main.tf | 2 +- workloads/prometheus/providers.tf | 16 +++++++++---- .../templates/prometheus-values.tmpl.yaml | 4 ++-- workloads/prometheus/variables.tf | 24 ++++++++++++++++++- 6 files changed, 42 insertions(+), 9 deletions(-) diff --git a/workloads/prometheus/data.tf b/workloads/prometheus/data.tf index 6a9c21f..a974859 100644 --- a/workloads/prometheus/data.tf +++ b/workloads/prometheus/data.tf @@ -1,3 +1,4 @@ +/* data "aws_eks_cluster" "this" { name = var.cluster_name } @@ -5,3 +6,4 @@ data "aws_eks_cluster" "this" { data "aws_iam_openid_connect_provider" "this" { url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer } +*/ \ No newline at end of file diff --git a/workloads/prometheus/locals.tf b/workloads/prometheus/locals.tf index af88fec..f80060c 100644 --- a/workloads/prometheus/locals.tf +++ b/workloads/prometheus/locals.tf @@ -1,4 +1,5 @@ locals { - prometheus-values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { + prometheus_values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { + nullplatform_port = var.nullplatform_port }) } \ No newline at end of file diff --git a/workloads/prometheus/main.tf b/workloads/prometheus/main.tf index 5d9e5f8..2bd787e 100644 --- a/workloads/prometheus/main.tf +++ b/workloads/prometheus/main.tf @@ -5,7 +5,7 @@ resource "helm_release" "prometheus" { namespace = var.namespace create_namespace = true - values = [ local.prometheus-values ] + values = [ local.prometheus_values ] } resource "nullplatform_provider_config" "prometheus" { diff --git a/workloads/prometheus/providers.tf b/workloads/prometheus/providers.tf index fb31c5a..d954757 100644 --- a/workloads/prometheus/providers.tf +++ b/workloads/prometheus/providers.tf @@ -4,13 +4,21 @@ terraform { source = "nullplatform/nullplatform" version = "~> 0.0.63" } - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } + helm = { source = "hashicorp/helm" version = "~> 3.0" } } +} +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + config_context = var.kube_context + } +} + +provider "nullplatform" { + + api_key = var.np_api_key } \ No newline at end of file diff --git a/workloads/prometheus/templates/prometheus-values.tmpl.yaml b/workloads/prometheus/templates/prometheus-values.tmpl.yaml index 300b731..a6ad502 100644 --- a/workloads/prometheus/templates/prometheus-values.tmpl.yaml +++ b/workloads/prometheus/templates/prometheus-values.tmpl.yaml @@ -12,11 +12,11 @@ extraScrapeConfigs: | metrics_path: /metrics scheme: http relabel_configs: - # Cambiar puerto de kubelet (10250) a null-platform (2021) + # Change kubelet port (10250) to null-platform (2021) - source_labels: [ __address__ ] regex: '(.*):10250' target_label: __address__ - replacement: '$1:2021' + replacement: '$1:${nullplatform_port}' # Mapear labels de nodos K8s - action: labelmap regex: __meta_kubernetes_node_label_(.+) diff --git a/workloads/prometheus/variables.tf b/workloads/prometheus/variables.tf index 6371c8d..62c32d9 100644 --- a/workloads/prometheus/variables.tf +++ b/workloads/prometheus/variables.tf @@ -4,4 +4,26 @@ variable "namespace" { variable "cluster_name" {} -variable "nrn" {} \ No newline at end of file +variable "nrn" {} + +variable "cloud" { + description = "cloud (ej. gcp, aws, azure, etc.)" + type = string +} +variable "np_api_key" { + type = string +} + +variable "nullplatform_port" { + type = number + default = 2021 +} + +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context +} From 2c1cde2e3a32a3f840274f09ba9cbbb920bae615 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 10:05:23 -0300 Subject: [PATCH 27/87] feat(main-modules): add v2 modules-aws --- v2/foundations/aws/alb-controller/README.md | 37 ++++ v2/foundations/aws/alb-controller/data.tf | 7 + v2/foundations/aws/alb-controller/iam.tf | 28 +++ v2/foundations/aws/alb-controller/locals.tf | 7 + v2/foundations/aws/alb-controller/main.tf | 24 +++ .../aws/alb-controller/providers.tf | 12 ++ ...-load-balancer-controller-values.tmpl.yaml | 5 + .../aws/alb-controller/variables.tf | 15 ++ v2/foundations/aws/backend/main.tf | 46 +++++ v2/foundations/aws/backend/providers.tf | 12 ++ v2/foundations/aws/backend/variables.tf | 4 + v2/foundations/aws/eks/data.tf | 15 ++ v2/foundations/aws/eks/main.tf | 41 ++++ v2/foundations/aws/eks/providers.tf | 12 ++ v2/foundations/aws/eks/variables.tf | 27 +++ v2/foundations/aws/route53/main.tf | 10 + v2/foundations/aws/route53/output.tf | 19 ++ v2/foundations/aws/route53/providers.tf | 8 + v2/foundations/aws/route53/varaibles.tf | 8 + v2/foundations/aws/vpc/main.tf | 24 +++ v2/foundations/aws/vpc/providers.tf | 8 + v2/foundations/aws/vpc/variables.tf | 20 ++ v2/foundations/azure/acr/README.md | 42 +++++ v2/foundations/azure/acr/datasource.tf | 5 + v2/foundations/azure/acr/main.tf | 10 + v2/foundations/azure/acr/output.tf | 15 ++ v2/foundations/azure/acr/provider.tf | 17 ++ v2/foundations/azure/acr/variables.tf | 21 +++ v2/foundations/azure/dns/README.md | 38 ++++ v2/foundations/azure/dns/main.tf | 4 + v2/foundations/azure/dns/output.tf | 24 +++ v2/foundations/azure/dns/provider.tf | 17 ++ v2/foundations/azure/dns/variables.tf | 14 ++ v2/foundations/azure/resource_group/README.md | 36 ++++ v2/foundations/azure/resource_group/main.tf | 5 + v2/foundations/azure/resource_group/output.tf | 9 + .../azure/resource_group/provider.tf | 17 ++ .../azure/resource_group/variable.tf | 16 ++ v2/foundations/azure/vnet/README.md | 31 ++++ v2/foundations/azure/vnet/main.tf | 12 ++ v2/foundations/azure/vnet/output.tf | 5 + v2/foundations/azure/vnet/provider.tf | 17 ++ v2/foundations/azure/vnet/variables.tf | 46 +++++ .../aws/nullplatform_agent/auth.tf | 29 +++ .../aws/nullplatform_agent/channel.tf | 63 +++++++ v2/nullplatform/aws/nullplatform_agent/iam.tf | 136 ++++++++++++++ .../aws/nullplatform_agent/locals.tf | 15 ++ .../aws/nullplatform_agent/main.tf | 24 +++ .../aws/nullplatform_agent/providers.tf | 20 ++ .../aws/nullplatform_agent/scopes.tf | 175 ++++++++++++++++++ .../nullplatform-agent-values.tmpl.yaml | 23 +++ .../aws/nullplatform_agent/variables.tf | 114 ++++++++++++ .../aws/nullplatform_providers/data.tf | 5 + .../nullplatform_providers/iam-registry.tf | 93 ++++++++++ .../aws/nullplatform_providers/main.tf | 167 +++++++++++++++++ .../aws/nullplatform_providers/providers.tf | 12 ++ .../aws/nullplatform_providers/variables.tf | 82 ++++++++ v2/nullplatform_base/auth.tf | 29 +++ v2/nullplatform_base/locals.tf | 5 + v2/nullplatform_base/main.tf | 24 +++ v2/nullplatform_base/providers.tf | 16 ++ .../nullplatform-base-values.tmpl.yaml | 14 ++ v2/nullplatform_base/variables.tf | 16 ++ v2/workload/prometheus/locals.tf | 4 + v2/workload/prometheus/main.tf | 24 +++ v2/workload/prometheus/providers.tf | 16 ++ .../templates/prometheus-values.tmpl.yaml | 25 +++ v2/workload/prometheus/variables.tf | 7 + 68 files changed, 1928 insertions(+) create mode 100644 v2/foundations/aws/alb-controller/README.md create mode 100644 v2/foundations/aws/alb-controller/data.tf create mode 100644 v2/foundations/aws/alb-controller/iam.tf create mode 100644 v2/foundations/aws/alb-controller/locals.tf create mode 100644 v2/foundations/aws/alb-controller/main.tf create mode 100644 v2/foundations/aws/alb-controller/providers.tf create mode 100644 v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml create mode 100644 v2/foundations/aws/alb-controller/variables.tf create mode 100644 v2/foundations/aws/backend/main.tf create mode 100644 v2/foundations/aws/backend/providers.tf create mode 100644 v2/foundations/aws/backend/variables.tf create mode 100644 v2/foundations/aws/eks/data.tf create mode 100644 v2/foundations/aws/eks/main.tf create mode 100644 v2/foundations/aws/eks/providers.tf create mode 100644 v2/foundations/aws/eks/variables.tf create mode 100644 v2/foundations/aws/route53/main.tf create mode 100644 v2/foundations/aws/route53/output.tf create mode 100644 v2/foundations/aws/route53/providers.tf create mode 100644 v2/foundations/aws/route53/varaibles.tf create mode 100644 v2/foundations/aws/vpc/main.tf create mode 100644 v2/foundations/aws/vpc/providers.tf create mode 100644 v2/foundations/aws/vpc/variables.tf create mode 100644 v2/foundations/azure/acr/README.md create mode 100644 v2/foundations/azure/acr/datasource.tf create mode 100644 v2/foundations/azure/acr/main.tf create mode 100644 v2/foundations/azure/acr/output.tf create mode 100644 v2/foundations/azure/acr/provider.tf create mode 100644 v2/foundations/azure/acr/variables.tf create mode 100644 v2/foundations/azure/dns/README.md create mode 100644 v2/foundations/azure/dns/main.tf create mode 100644 v2/foundations/azure/dns/output.tf create mode 100644 v2/foundations/azure/dns/provider.tf create mode 100644 v2/foundations/azure/dns/variables.tf create mode 100644 v2/foundations/azure/resource_group/README.md create mode 100644 v2/foundations/azure/resource_group/main.tf create mode 100644 v2/foundations/azure/resource_group/output.tf create mode 100644 v2/foundations/azure/resource_group/provider.tf create mode 100644 v2/foundations/azure/resource_group/variable.tf create mode 100644 v2/foundations/azure/vnet/README.md create mode 100644 v2/foundations/azure/vnet/main.tf create mode 100644 v2/foundations/azure/vnet/output.tf create mode 100644 v2/foundations/azure/vnet/provider.tf create mode 100644 v2/foundations/azure/vnet/variables.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/auth.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/channel.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/iam.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/locals.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/main.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/providers.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/scopes.tf create mode 100644 v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml create mode 100644 v2/nullplatform/aws/nullplatform_agent/variables.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/data.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/iam-registry.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/main.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/providers.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/variables.tf create mode 100644 v2/nullplatform_base/auth.tf create mode 100644 v2/nullplatform_base/locals.tf create mode 100644 v2/nullplatform_base/main.tf create mode 100644 v2/nullplatform_base/providers.tf create mode 100644 v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml create mode 100644 v2/nullplatform_base/variables.tf create mode 100644 v2/workload/prometheus/locals.tf create mode 100644 v2/workload/prometheus/main.tf create mode 100644 v2/workload/prometheus/providers.tf create mode 100644 v2/workload/prometheus/templates/prometheus-values.tmpl.yaml create mode 100644 v2/workload/prometheus/variables.tf diff --git a/v2/foundations/aws/alb-controller/README.md b/v2/foundations/aws/alb-controller/README.md new file mode 100644 index 0000000..14412b5 --- /dev/null +++ b/v2/foundations/aws/alb-controller/README.md @@ -0,0 +1,37 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~> 6.0 | +| [helm](#requirement\_helm) | ~> 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 6.0 | +| [helm](#provider\_helm) | ~> 3.0 | +| [kubernetes](#provider\_kubernetes) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aws-load-balancer-controller-role](#module\_aws-load-balancer-controller-role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_service_account.aws-load-balancer-controller-sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aws-load-balancer-controller-version](#input\_aws-load-balancer-controller-version) | Version of the AWS Load Balancer Controller Helm chart | `string` | `"1.13.4"` | no | +| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | VPC ID where load balancers controller will be deployed | `string` | n/a | yes | + \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/data.tf b/v2/foundations/aws/alb-controller/data.tf new file mode 100644 index 0000000..6a9c21f --- /dev/null +++ b/v2/foundations/aws/alb-controller/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "this" { + name = var.cluster_name +} + +data "aws_iam_openid_connect_provider" "this" { + url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer +} diff --git a/v2/foundations/aws/alb-controller/iam.tf b/v2/foundations/aws/alb-controller/iam.tf new file mode 100644 index 0000000..f8fd1a2 --- /dev/null +++ b/v2/foundations/aws/alb-controller/iam.tf @@ -0,0 +1,28 @@ +module "aws-load-balancer-controller-role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + version = "~> 6.0" + name = "AWSLoadBalancerControllerIAMRole" + attach_load_balancer_controller_policy = true + use_name_prefix = false + oidc_providers = { + main = { + provider_arn = data.aws_iam_openid_connect_provider.this.arn + namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] + } + } +} + +resource "kubernetes_service_account" "aws-load-balancer-controller-sa" { + metadata { + name = "aws-load-balancer-controller" + namespace = "kube-system" + labels = { + "app.kubernetes.io/name" = "aws-load-balancer-controller" + "app.kubernetes.io/component" = "controller" + } + annotations = { + "eks.amazonaws.com/role-arn" = module.aws-load-balancer-controller-role.arn + "eks.amazonaws.com/sts-regional-endpoints" = "true" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/locals.tf b/v2/foundations/aws/alb-controller/locals.tf new file mode 100644 index 0000000..3decfa3 --- /dev/null +++ b/v2/foundations/aws/alb-controller/locals.tf @@ -0,0 +1,7 @@ +locals { + aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { + cluster_name = var.cluster_name + service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name + vpc_id = var.vpc_id + }) +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/main.tf b/v2/foundations/aws/alb-controller/main.tf new file mode 100644 index 0000000..fbd96ff --- /dev/null +++ b/v2/foundations/aws/alb-controller/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "aws-load-balancer-controller" { + name = "aws-load-balancer-controller" + repository = "https://aws.github.io/eks-charts" + chart = "aws-load-balancer-controller" + version = var.aws-load-balancer-controller-version + namespace = "kube-system" + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + + values = [local.aws-load-balancer-controller-values] +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/providers.tf b/v2/foundations/aws/alb-controller/providers.tf new file mode 100644 index 0000000..4eaaf21 --- /dev/null +++ b/v2/foundations/aws/alb-controller/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml b/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml new file mode 100644 index 0000000..bb1161a --- /dev/null +++ b/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml @@ -0,0 +1,5 @@ +clusterName: "${cluster_name}" +serviceAccount: + create: false + name: "${service_account_name}" +vpcId: "${vpc_id}" diff --git a/v2/foundations/aws/alb-controller/variables.tf b/v2/foundations/aws/alb-controller/variables.tf new file mode 100644 index 0000000..9fb8678 --- /dev/null +++ b/v2/foundations/aws/alb-controller/variables.tf @@ -0,0 +1,15 @@ +variable "cluster_name" { + description = "Name of the EKS cluster" + type = string +} + +variable "vpc_id" { + description = "VPC ID where load balancers controller will be deployed" + type = string +} + +variable "aws-load-balancer-controller-version" { + description = "Version of the AWS Load Balancer Controller Helm chart" + type = string + default = "1.13.4" +} \ No newline at end of file diff --git a/v2/foundations/aws/backend/main.tf b/v2/foundations/aws/backend/main.tf new file mode 100644 index 0000000..a4b6d7e --- /dev/null +++ b/v2/foundations/aws/backend/main.tf @@ -0,0 +1,46 @@ +data "aws_vpc" "vpc" { + id = var.vpc_id +} + + +provider "aws" { + region = data.aws_vpc.vpc.region +} + +resource "random_id" "bucket_suffix" { + byte_length = 8 +} + +resource "aws_s3_bucket" "tf_state" { + bucket = "tf-state-${lower(random_id.bucket_suffix.hex)}" + object_lock_enabled = true + force_destroy = true +} + +resource "aws_s3_bucket_versioning" "tf_state_versioning" { + bucket = aws_s3_bucket.tf_state.id + + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "tf_state_sse" { + bucket = aws_s3_bucket.tf_state.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_object_lock_configuration" "tf_state_lock" { + bucket = aws_s3_bucket.tf_state.id + rule { + default_retention { + mode = "COMPLIANCE" + days = 1 + } + } +} diff --git a/v2/foundations/aws/backend/providers.tf b/v2/foundations/aws/backend/providers.tf new file mode 100644 index 0000000..4eaaf21 --- /dev/null +++ b/v2/foundations/aws/backend/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/backend/variables.tf b/v2/foundations/aws/backend/variables.tf new file mode 100644 index 0000000..2c7c73a --- /dev/null +++ b/v2/foundations/aws/backend/variables.tf @@ -0,0 +1,4 @@ +variable "vpc_id" { + type = string + description = "A account name" +} \ No newline at end of file diff --git a/v2/foundations/aws/eks/data.tf b/v2/foundations/aws/eks/data.tf new file mode 100644 index 0000000..ae68c9d --- /dev/null +++ b/v2/foundations/aws/eks/data.tf @@ -0,0 +1,15 @@ +data "aws_subnets" "private" { + filter { + name = "vpc-id" + values = [data.aws_vpc.vpc.id] + } + + filter { + name = "tag:Name" + values = ["*private*"] + } +} + +data "aws_vpc" "vpc" { + id = var.vpc_id +} \ No newline at end of file diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf new file mode 100644 index 0000000..96fee3f --- /dev/null +++ b/v2/foundations/aws/eks/main.tf @@ -0,0 +1,41 @@ +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 21.0" + + name = var.name + kubernetes_version = var.kubernetes_version + + addons = { + coredns = {} + eks-pod-identity-agent = { + before_compute = true + } + kube-proxy = {} + vpc-cni = { + before_compute = true + } + } + + # Optional + endpoint_public_access = true + + # Optional: Adds the current caller identity as an administrator via cluster access entry + enable_cluster_creator_admin_permissions = true + + vpc_id = data.aws_vpc.vpc.id + subnet_ids = data.aws_subnets.private.ids + control_plane_subnet_ids = data.aws_subnets.private.ids + + # EKS Managed Node Group(s) + eks_managed_node_groups = { + example = { + # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups + ami_type = var.ami_type + instance_types = [var.instance_types] + + min_size = 2 + max_size = 10 + desired_size = 2 + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/eks/providers.tf b/v2/foundations/aws/eks/providers.tf new file mode 100644 index 0000000..4eaaf21 --- /dev/null +++ b/v2/foundations/aws/eks/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/eks/variables.tf b/v2/foundations/aws/eks/variables.tf new file mode 100644 index 0000000..62291c3 --- /dev/null +++ b/v2/foundations/aws/eks/variables.tf @@ -0,0 +1,27 @@ +variable "vpc_id" { + type = string + description = "A account name" +} + +variable "name" { + type = string + description = "A name of cluster" +} + +variable "ami_type" { + type = string + description = "The ami type to use with node" + default = "AL2023_x86_64_STANDARD" +} + +variable "instance_types" { + type = string + description = "The instance type to use" + default = "t3.medium" +} + +variable "kubernetes_version" { + type = string + description = "The version of K8s to use" + default = "1.32" +} diff --git a/v2/foundations/aws/route53/main.tf b/v2/foundations/aws/route53/main.tf new file mode 100644 index 0000000..711ca7c --- /dev/null +++ b/v2/foundations/aws/route53/main.tf @@ -0,0 +1,10 @@ +resource "aws_route53_zone" "public_zone" { + name = var.domain_name +} + +resource "aws_route53_zone" "private_zone" { + name = var.domain_name + vpc { + vpc_id = var.vpc_id + } +} diff --git a/v2/foundations/aws/route53/output.tf b/v2/foundations/aws/route53/output.tf new file mode 100644 index 0000000..3aa9385 --- /dev/null +++ b/v2/foundations/aws/route53/output.tf @@ -0,0 +1,19 @@ +output "public_zone_id" { + description = "The ID of the Public Route 53 Hosted Zone" + value = aws_route53_zone.public_zone.zone_id +} + +output "public_zone_name" { + description = "The domain name of the Public Route 53 Hosted Zone" + value = aws_route53_zone.public_zone.name +} + +output "private_zone_id" { + description = "The ID of the Private Route 53 Hosted Zone" + value = aws_route53_zone.private_zone.zone_id +} + +output "private_zone_name" { + description = "The domain name of the Private Route 53 Hosted Zone" + value = aws_route53_zone.private_zone.name +} \ No newline at end of file diff --git a/v2/foundations/aws/route53/providers.tf b/v2/foundations/aws/route53/providers.tf new file mode 100644 index 0000000..8b01857 --- /dev/null +++ b/v2/foundations/aws/route53/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/route53/varaibles.tf b/v2/foundations/aws/route53/varaibles.tf new file mode 100644 index 0000000..ecf2671 --- /dev/null +++ b/v2/foundations/aws/route53/varaibles.tf @@ -0,0 +1,8 @@ +variable "vpc_id" { + type = string + description = "The VPC id" +} +variable "domain_name" { + type = string + description = "The domains to project" +} \ No newline at end of file diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf new file mode 100644 index 0000000..6ab4b2d --- /dev/null +++ b/v2/foundations/aws/vpc/main.tf @@ -0,0 +1,24 @@ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 6.0" + + name = "${var.organization}-${var.environment}" + cidr = var.vpc["cidr"] + + enable_dns_hostnames = true + + azs = var.vpc["azs"] + private_subnets = var.vpc["private_subnets"] + public_subnets = var.vpc["public_subnets"] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} diff --git a/v2/foundations/aws/vpc/providers.tf b/v2/foundations/aws/vpc/providers.tf new file mode 100644 index 0000000..8b01857 --- /dev/null +++ b/v2/foundations/aws/vpc/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/vpc/variables.tf b/v2/foundations/aws/vpc/variables.tf new file mode 100644 index 0000000..1fec053 --- /dev/null +++ b/v2/foundations/aws/vpc/variables.tf @@ -0,0 +1,20 @@ +variable "vpc" { + description = "A VPC with public and private subnets" +} +# Parรกmetros VPC +# vpc = { +# azs = ["us-west-2a", "us-west-2b", "us-west-2c"] +# cidr = "172.16.0.0/16" +# public_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] +# private_subnets = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24"] +# } + +variable "organization" { + type = string + description = "A organization name" +} + +variable "environment" { + type = string + description = "The environment name" +} \ No newline at end of file diff --git a/v2/foundations/azure/acr/README.md b/v2/foundations/azure/acr/README.md new file mode 100644 index 0000000..f32c551 --- /dev/null +++ b/v2/foundations/azure/acr/README.md @@ -0,0 +1,42 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [containerregistry](#module\_containerregistry) | azure/avm-res-containerregistry-registry/azurerm | v0.4.0 | + +## Resources + +| Name | Type | +|------|------| + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [containerregistry\_name](#input\_containerregistry\_name) | The name of your ACR | `string` | n/a | yes | +| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The ID of your Azure Suscription | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [acr\_admin\_password](#output\_acr\_admin\_password) | Password admin del ACR. | +| [acr\_admin\_username](#output\_acr\_admin\_username) | Usuario admin del ACR. | +| [acr\_login\_server](#output\_acr\_login\_server) | FQDN del login server del ACR. | + \ No newline at end of file diff --git a/v2/foundations/azure/acr/datasource.tf b/v2/foundations/azure/acr/datasource.tf new file mode 100644 index 0000000..169f758 --- /dev/null +++ b/v2/foundations/azure/acr/datasource.tf @@ -0,0 +1,5 @@ +data "azurerm_container_registry" "acr" { + name = var.containerregistry_name + resource_group_name = var.resource_group_name + depends_on = [module.containerregistry] +} \ No newline at end of file diff --git a/v2/foundations/azure/acr/main.tf b/v2/foundations/azure/acr/main.tf new file mode 100644 index 0000000..f9b9fc2 --- /dev/null +++ b/v2/foundations/azure/acr/main.tf @@ -0,0 +1,10 @@ +module "containerregistry" { + source = "azure/avm-res-containerregistry-registry/azurerm" + version = "v0.4.0" + name = var.containerregistry_name + resource_group_name = var.resource_group_name + location = var.location + admin_enabled = true + +} + diff --git a/v2/foundations/azure/acr/output.tf b/v2/foundations/azure/acr/output.tf new file mode 100644 index 0000000..7cd2e76 --- /dev/null +++ b/v2/foundations/azure/acr/output.tf @@ -0,0 +1,15 @@ +output "acr_login_server" { + description = "FQDN del login server del ACR." + value = data.azurerm_container_registry.acr.login_server +} + +output "acr_admin_username" { + description = "Usuario admin del ACR." + value = data.azurerm_container_registry.acr.admin_username + sensitive = true +} +output "acr_admin_password" { + description = "Password admin del ACR." + value = data.azurerm_container_registry.acr.admin_password + sensitive = true +} \ No newline at end of file diff --git a/v2/foundations/azure/acr/provider.tf b/v2/foundations/azure/acr/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/v2/foundations/azure/acr/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/v2/foundations/azure/acr/variables.tf b/v2/foundations/azure/acr/variables.tf new file mode 100644 index 0000000..042bcbe --- /dev/null +++ b/v2/foundations/azure/acr/variables.tf @@ -0,0 +1,21 @@ +variable "location" { + type = string + description = "The location/region where the resource group should be created" +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group" +} + +variable "containerregistry_name" { + type = string + description = "The name of your ACR" + +} + +variable "subscription_id" { + type = string + description = "The ID of your Azure Suscription" + +} \ No newline at end of file diff --git a/v2/foundations/azure/dns/README.md b/v2/foundations/azure/dns/README.md new file mode 100644 index 0000000..06fefe9 --- /dev/null +++ b/v2/foundations/azure/dns/README.md @@ -0,0 +1,38 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_dns_zone.public_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/dns_zone) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [domain\_name](#input\_domain\_name) | The domain name to use for the DNS zone | `string` | n/a | yes | +| [resource\_group](#input\_resource\_group) | The name of the resource group | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The Azure subscription Id. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS Zone | +| [dns\_zone\_name](#output\_dns\_zone\_name) | The name of the created DNS Zone | +| [name\_servers](#output\_name\_servers) | A list of name servers | +| [private\_dns\_zone\_id](#output\_private\_dns\_zone\_id) | The ID of the private DNS Zone | +| [private\_dns\_zone\_name](#output\_private\_dns\_zone\_name) | The name of the private created DNS Zone | + \ No newline at end of file diff --git a/v2/foundations/azure/dns/main.tf b/v2/foundations/azure/dns/main.tf new file mode 100644 index 0000000..b755856 --- /dev/null +++ b/v2/foundations/azure/dns/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_dns_zone" "public_dns_zone" { + name = var.domain_name + resource_group_name = var.resource_group +} diff --git a/v2/foundations/azure/dns/output.tf b/v2/foundations/azure/dns/output.tf new file mode 100644 index 0000000..3562336 --- /dev/null +++ b/v2/foundations/azure/dns/output.tf @@ -0,0 +1,24 @@ +output "dns_zone_name" { + description = "The name of the created DNS Zone" + value = azurerm_dns_zone.public_dns_zone.name +} + +output "dns_zone_id" { + description = "The ID of the DNS Zone" + value = azurerm_dns_zone.public_dns_zone.id +} + +output "private_dns_zone_name" { + description = "The name of the private created DNS Zone" + value = azurerm_dns_zone.public_dns_zone.name +} + +output "private_dns_zone_id" { + description = "The ID of the private DNS Zone" + value = azurerm_dns_zone.public_dns_zone.id +} + +output "name_servers" { + description = "A list of name servers" + value = azurerm_dns_zone.public_dns_zone.name_servers +} diff --git a/v2/foundations/azure/dns/provider.tf b/v2/foundations/azure/dns/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/v2/foundations/azure/dns/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/v2/foundations/azure/dns/variables.tf b/v2/foundations/azure/dns/variables.tf new file mode 100644 index 0000000..2d325f1 --- /dev/null +++ b/v2/foundations/azure/dns/variables.tf @@ -0,0 +1,14 @@ +variable "resource_group" { + type = string + description = "The name of the resource group" +} + +variable "domain_name" { + type = string + description = "The domain name to use for the DNS zone" +} + +variable "subscription_id" { + type = string + description = "The Azure subscription Id." +} diff --git a/v2/foundations/azure/resource_group/README.md b/v2/foundations/azure/resource_group/README.md new file mode 100644 index 0000000..abbbca9 --- /dev/null +++ b/v2/foundations/azure/resource_group/README.md @@ -0,0 +1,36 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | =4.41.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_resource_group.nullplatform_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/resource_group) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [location](#input\_location) | n/a | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | n/a | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | n/a | `string` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_group\_location](#output\_resource\_group\_location) | The location of the created resource group | +| [resource\_group\_name](#output\_resource\_group\_name) | The name of the created resource group | + \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/main.tf b/v2/foundations/azure/resource_group/main.tf new file mode 100644 index 0000000..6a05d88 --- /dev/null +++ b/v2/foundations/azure/resource_group/main.tf @@ -0,0 +1,5 @@ +resource "azurerm_resource_group" "nullplatform_resource_group" { + name = var.resource_group_name + location = var.location + tags = var.tags +} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/output.tf b/v2/foundations/azure/resource_group/output.tf new file mode 100644 index 0000000..cf762cf --- /dev/null +++ b/v2/foundations/azure/resource_group/output.tf @@ -0,0 +1,9 @@ +output "resource_group_name" { + description = "The name of the created resource group" + value = azurerm_resource_group.nullplatform_resource_group.name +} + +output "resource_group_location" { + description = "The location of the created resource group" + value = azurerm_resource_group.nullplatform_resource_group.location +} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/provider.tf b/v2/foundations/azure/resource_group/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/v2/foundations/azure/resource_group/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/v2/foundations/azure/resource_group/variable.tf b/v2/foundations/azure/resource_group/variable.tf new file mode 100644 index 0000000..fb14009 --- /dev/null +++ b/v2/foundations/azure/resource_group/variable.tf @@ -0,0 +1,16 @@ +variable "resource_group_name" { + type = string +} + +variable "location" { + type = string +} + +variable "tags" { + type = map(string) + +} +variable "subscription_id" { + type = string + +} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/README.md b/v2/foundations/azure/vnet/README.md new file mode 100644 index 0000000..aabb85f --- /dev/null +++ b/v2/foundations/azure/vnet/README.md @@ -0,0 +1,31 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~> 1.6 | +| [azurerm](#requirement\_azurerm) | =4.41.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [avm-res-network-virtualnetwork](#module\_avm-res-network-virtualnetwork) | azure/avm-res-network-virtualnetwork/azurerm | v0.10.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [address\_space](#input\_address\_space) | The cidr of your vnet | `set(string)` | n/a | yes | +| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | +| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | +| [subnets\_definition](#input\_subnets\_definition) | The subnet definition for the vnet | 
map(object({
    name             = string
    address_prefixes = list(string)
  }))
| n/a | yes | +| [subscription\_id](#input\_subscription\_id) | The id of your azure suscription | `string` | n/a | yes | +| [vnet\_name](#input\_vnet\_name) | The name of your vnet | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [resource\_id](#output\_resource\_id) | The resource ID of the virtual network. | + \ No newline at end of file diff --git a/v2/foundations/azure/vnet/main.tf b/v2/foundations/azure/vnet/main.tf new file mode 100644 index 0000000..dd6fdec --- /dev/null +++ b/v2/foundations/azure/vnet/main.tf @@ -0,0 +1,12 @@ + +module "avm-res-network-virtualnetwork" { + source = "azure/avm-res-network-virtualnetwork/azurerm" + version = "v0.10.0" + address_space = var.address_space + name = var.vnet_name + location = var.location + resource_group_name = var.resource_group_name + subnets = var.subnets_definition +} + + diff --git a/v2/foundations/azure/vnet/output.tf b/v2/foundations/azure/vnet/output.tf new file mode 100644 index 0000000..1b025c1 --- /dev/null +++ b/v2/foundations/azure/vnet/output.tf @@ -0,0 +1,5 @@ + +output "resource_id" { + description = "The resource ID of the virtual network." + value = module.avm-res-network-virtualnetwork.resource_id +} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/provider.tf b/v2/foundations/azure/vnet/provider.tf new file mode 100644 index 0000000..514092e --- /dev/null +++ b/v2/foundations/azure/vnet/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.6" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=4.41.0" + } + } +} + +provider "azurerm" { + features {} + resource_provider_registrations = "none" + use_cli = true + subscription_id = var.subscription_id +} + diff --git a/v2/foundations/azure/vnet/variables.tf b/v2/foundations/azure/vnet/variables.tf new file mode 100644 index 0000000..80db5e9 --- /dev/null +++ b/v2/foundations/azure/vnet/variables.tf @@ -0,0 +1,46 @@ +variable "location" { + type = string + description = "The location/region where the resource group should be created" +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group" +} + +variable "vnet_name" { + type = string + description = "The name of your vnet" +} + +variable "address_space" { + type = set(string) + description = "The cidr of your vnet" +} + +variable "subnets_definition" { + type = map(object({ + name = string + address_prefixes = list(string) + })) + description = "The subnet definition for the vnet" +} +/* + for example + { + "subnet1" = { + name = "subnet1" + address_prefixes = ["10.0.0.0/24"] + } + "subnet2" = { + name = "subnet2" + address_prefixes = ["10.0.1.0/24"] + } + } + */ + +variable "subscription_id" { + type = string + description = "The id of your azure suscription" + +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/auth.tf b/v2/nullplatform/aws/nullplatform_agent/auth.tf new file mode 100644 index 0000000..df1b230 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-agent-api-key" { + name = "NULLPLATFORM-AGENT-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/channel.tf b/v2/nullplatform/aws/nullplatform_agent/channel.tf new file mode 100644 index 0000000..9a8121d --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/channel.tf @@ -0,0 +1,63 @@ +################################################################################ +# Step 1: Fetch Notification Channel Template +################################################################################ + +data "http" "notification_channel_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/notification-channel.json.tpl" +} + +############################################################################### +#Step 2: Process and Create Notification Channel +############################################################################### + +#Process notification channel template +data "external" "notification_channel" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.notification_channel_template.response_body}' | \ + NRN='${var.nrn}' \ + NP_API_KEY='${nullplatform_api_key.nullplatform-agent-api-key.api_key}' \ + REPO_PATH='${var.repo_path}' \ + SERVICE_PATH='${var.service_path}' \ + ENVIRONMENT='${var.environment_tag}' \ + SERVICE_SLUG='${nullplatform_service_specification.from_template.slug}' \ + SERVICE_SPECIFICATION_ID='${nullplatform_service_specification.from_template.id}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + notification_channel_def = jsondecode(data.external.notification_channel.result.json) +} + +# Create notification channel +resource "nullplatform_notification_channel" "from_template" { + nrn = var.nrn + type = local.notification_channel_def.type + source = local.notification_channel_def.source + + configuration { + dynamic "agent" { + for_each = local.notification_channel_def.type == "agent" ? [local.notification_channel_def.configuration] : [] + content { + api_key = agent.value.api_key + command { + type = agent.value.command.type + data = { + for k, v in agent.value.command.data : k => ( + k == "environment" ? jsonencode({ + NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" + }) : ( + can(tostring(v)) ? tostring(v) : jsonencode(v) + ) + ) + } + } + selector = agent.value.selector + } + } + } + + filters = can(local.notification_channel_def.filters) ? jsonencode(local.notification_channel_def.filters) : null +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/iam.tf b/v2/nullplatform/aws/nullplatform_agent/iam.tf new file mode 100644 index 0000000..07875cf --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/iam.tf @@ -0,0 +1,136 @@ +module "nullplatform-agent-role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + name = "nullplatform-agent-role" + use_name_prefix = false + + oidc_providers = { + main = { + provider_arn = data.aws_iam_openid_connect_provider.this.arn + namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] + } + } + + policies = { + "nullplatform-route53-policy" = aws_iam_policy.nullplatform-route53-policy.arn, + "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, + "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn + } +} + +resource "aws_iam_policy" "nullplatform-route53-policy" { + name = "nullplatform-route53-policy" + description = "Policy for managing Route53 DNS records" + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "route53:ChangeResourceRecordSets", + "route53:ListResourceRecordSets", + "route53:GetHostedZone", + "route53:ListHostedZones", + "route53:ListHostedZonesByName" + ], + "Resource": [ + "arn:aws:route53:::hostedzone/*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + }) +} + +resource "aws_iam_policy" "nullplatform-elb-policy" { + name = "nullplatform-elb-policy" + description = "Policy for managing Elastic Load Balancer" + policy = jsonencode( + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeRules" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/k8s-nullplatform-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/k8s-nullplatform-*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + } + ) +} + +resource "aws_iam_policy" "nullplatform-eks-policy" { + name = "nullplatform-eks-policy" + description = "Policy for managing EKS clusters" + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "eks:DescribeCluster", + "eks:ListClusters", + "eks:DescribeNodegroup", + "eks:ListNodegroups", + "eks:DescribeAddon", + "eks:ListAddons" + ], + "Resource": [ + "arn:aws:eks:*:*:cluster/*", + "arn:aws:eks:*:*:nodegroup/*", + "arn:aws:eks:*:*:addon/*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + + }) +} diff --git a/v2/nullplatform/aws/nullplatform_agent/locals.tf b/v2/nullplatform/aws/nullplatform_agent/locals.tf new file mode 100644 index 0000000..efceb24 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/locals.tf @@ -0,0 +1,15 @@ +locals { + scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) + repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) + final_list = distinct(concat(local.scope_list, local.repos_extra)) + + nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { + agent_repos = join(",", local.final_list) + cluster_name = var.cluster_name + tags = var.tags + init_scripts = var.init_scripts + resource_identity = module.nullplatform-agent-role.arn + api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key + namespace = var.namespace + }) +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/main.tf b/v2/nullplatform/aws/nullplatform_agent/main.tf new file mode 100644 index 0000000..31d0351 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "agent" { + name = "nullplatform-agent" + chart = "nullplatform-agent" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-agent-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_agent_values] +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/providers.tf b/v2/nullplatform/aws/nullplatform_agent/providers.tf new file mode 100644 index 0000000..06f29fe --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/providers.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/scopes.tf b/v2/nullplatform/aws/nullplatform_agent/scopes.tf new file mode 100644 index 0000000..d5267c4 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/scopes.tf @@ -0,0 +1,175 @@ +################################################################################ +# Step 1: Fetch Templates +################################################################################ + +# Fetch service specification template +data "http" "service_spec_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/service-spec.json.tpl" +} + +# Fetch scope type template +data "http" "scope_type_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/scope-type-definition.json.tpl" +} + +# Fetch action specification templates +data "http" "action_templates" { + for_each = toset(var.action_spec_names) + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/actions/${each.key}.json.tpl" +} + +################################################################################ +# Step 2: Process and Create Service Specification +################################################################################ + +# Process service spec template +data "external" "service_spec" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.service_spec_template.response_body}' | NRN='${var.nrn}' gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + service_spec_parsed = jsondecode(data.external.service_spec.result.json) +} + +# Create service specification +resource "nullplatform_service_specification" "from_template" { + name = local.service_spec_parsed.name + visible_to = local.service_spec_parsed.visible_to + assignable_to = local.service_spec_parsed.assignable_to + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) + use_default_actions = local.service_spec_parsed.use_default_actions + + selectors { + category = local.service_spec_parsed.selectors.category + imported = local.service_spec_parsed.selectors.imported + provider = local.service_spec_parsed.selectors.provider + sub_category = local.service_spec_parsed.selectors.sub_category + } + + lifecycle { + ignore_changes = [attributes] + } +} + +locals { + # Variables that depend on created service specification + service_specification_id = nullplatform_service_specification.from_template.id + service_slug = nullplatform_service_specification.from_template.slug + + dependent_env_vars = { + NRN = var.nrn + SERVICE_SPECIFICATION_ID = local.service_specification_id + SERVICE_SLUG = local.service_slug + SERVICE_PATH = var.service_path + REPO_PATH = var.repo_path + } +} + +################################################################################ +# Step 3: Process and Create Scope Type +################################################################################ + +# Process scope type template +data "external" "scope_type" { + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.scope_type_template.response_body}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + scope_type_def = jsondecode(data.external.scope_type.result.json) +} + +# Create scope type +resource "nullplatform_scope_type" "from_template" { + depends_on = [nullplatform_service_specification.from_template] + + nrn = var.nrn + name = local.scope_type_def.name + description = local.scope_type_def.description + provider_id = local.service_specification_id +} + +################################################################################ +# Step 4: Create Action Specifications +################################################################################ + +# Process action templates +data "external" "action_specs" { + for_each = toset(var.action_spec_names) + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${try(data.http.action_templates[each.key].response_body, "{}")}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + SERVICE_SLUG='${local.dependent_env_vars.SERVICE_SLUG}' \ + SERVICE_PATH='${local.dependent_env_vars.SERVICE_PATH}' \ + REPO_PATH='${local.dependent_env_vars.REPO_PATH}' \ + gomplate) + echo "{\"json_b64\":\"$(echo "$processed_json" | base64 -w 0)\"}" + EOT + ] +} + +locals { + # Static list of action specifications to avoid for_each dependency issues + static_action_specs = toset(var.action_spec_names) +} + +# Create action specifications +resource "nullplatform_action_specification" "from_templates" { + for_each = local.static_action_specs + depends_on = [nullplatform_service_specification.from_template] + + service_specification_id = local.service_specification_id + name = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).name + type = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).type + parameters = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).parameters) + results = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).results) + retryable = try(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).retryable, false) + + lifecycle { + ignore_changes = [annotations] + } + +} + +################################################################################ +# Step 5: Configure NRN with External Providers (Patch) +################################################################################ + +# This replicates: np nrn patch --nrn "$NRN" --body "{\"global.${SERVICE_SLUG}_metric_provider\": \"externalmetrics\", \"global.${SERVICE_SLUG}_log_provider\": \"external\"}" +resource "null_resource" "nrn_patch" { + depends_on = [nullplatform_service_specification.from_template] + + triggers = { + nrn = var.nrn + service_slug = local.service_slug + } + + provisioner "local-exec" { + command = <<-EOT + np nrn patch --nrn "${var.nrn}" --body "{ + \"global.${local.service_slug}_metric_provider\": \"${var.external_metrics_provider}\", + \"global.${local.service_slug}_log_provider\": \"${var.external_logging_provider}\" + }" + EOT + + environment = { + NP_API_KEY = var.np_api_key + } + } +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml b/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml new file mode 100644 index 0000000..9af357c --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml @@ -0,0 +1,23 @@ +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: "${resource_identity}" +args: + - "--tags=$(TAGS)" + - "--apikey=$(NP_API_KEY)" + - "--runtime=host" + - "--command-executor-env=NP_API_KEY=$(NP_API_KEY)" + - "--command-executor-debug" + - "--webserver-enabled" + - "--command-executor-git-command-repos $(AGENT_REPOS)" + +configuration: + values: + NP_API_KEY: "${api_key}" + TAGS: "${tags}" + AGENT_REPOS: "${agent_repos}" + CLUSTER_NAME: "${cluster_name}" + NAMESPACE: "${namespace}" + + +image: + tag: aws \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/variables.tf b/v2/nullplatform/aws/nullplatform_agent/variables.tf new file mode 100644 index 0000000..1458841 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_agent/variables.tf @@ -0,0 +1,114 @@ +variable "nullplatform-agent-helm-version" { + description = "Helm chart version for the Nullplatform agent" + type = string + default = "2.11.0" +} + +variable "agent_repos_scope" { + description = "Git repository URL for agent scopes configuration" + type = string + default = "https://github.com/nullplatform/scopes.git#main" +} + +variable "agent_repos_extra" { + description = "Additional repositories for the agent configuration" + type = list(string) + default = [] +} + +variable "cluster_name" { + description = "Name of the EKS cluster" + type = string +} + +variable "tags" { + description = "Tags to apply to identifier agent" + type = string +} + +variable "init_scripts" { + description = "List of initialization scripts to run" + type = list(string) + default = [] +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "namespace" { + description = "Kubernetes namespace to agent run" + type = string + default = "nullplatform-tools" +} + +# Template Configuration +variable "service_path" { + type = string + default = "k8s" + description = "Service path within the repository" +} + +variable "repo_path" { + type = string + default = "/root/.np/nullplatform/scopes" + description = "Local path to the repository containing templates" +} + +variable "github_repo_url" { + type = string + default = "https://github.com/nullplatform/scopes" + description = "GitHub repository URL containing templates" +} + +variable "github_ref" { + type = string + default = "beta" + description = "Git reference (branch, tag, or commit)" +} + +variable "environment_tag" {} + +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "action_spec_names" { + type = list(string) + default = [ + "create-scope", + "delete-scope", + "start-initial", + "start-blue-green", + "finalize-blue-green", + "rollback-deployment", + "delete-deployment", + "switch-traffic", + "set-desired-instance-count", + "pause-autoscaling", + "resume-autoscaling", + "restart-pods", + "kill-instances" + ] + description = "List of action specification template names to fetch and create" +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "external_metrics_provider" { + type = string + default = "externalmetrics" + description = "External metrics provider name" +} + +variable "external_logging_provider" { + type = string + default = "external" + description = "External logging provider name" +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/data.tf b/v2/nullplatform/aws/nullplatform_providers/data.tf new file mode 100644 index 0000000..0fe331b --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/data.tf @@ -0,0 +1,5 @@ +data "aws_caller_identity" "current" { +} + +data "aws_region" "current" { +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf b/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf new file mode 100644 index 0000000..fb70a56 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf @@ -0,0 +1,93 @@ +resource "aws_iam_role" "nullplatform_application_role" { + name = "nullplatform-application-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Principal = { + AWS = var.application_manager_assume_role + }, + Action = "sts:AssumeRole", + Condition = { + StringEquals = { + "aws:RequestedRegion" = [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + }, + DateGreaterThan = { + "aws:CurrentTime" = "2024-01-01T00:00:00Z" + } + } + } + ] + }) +} + +resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { + name = "nullplatform-ecr-manager-policy" + description = "Policy for managing ECR repositories with restricted access" + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Action = [ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:UploadLayerPart", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage", + "ecr:CreateRepository", + "ecr:DeleteRepository", + "ecr:DescribeRepositories", + "ecr:TagResource" + ], + Resource = [ + "arn:aws:ecr:*:*:repository/*" + ], + Condition = { + StringEquals = { + "aws:RequestedRegion" = [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + }, + { + Effect = "Allow", + Action = [ + "sts:GetServiceBearerToken", + "ecr:GetAuthorizationToken" + ], + Resource = "*" + } + ] + }) +} + +resource "aws_iam_user" "nullplatform_build_workflow_user" { + name = "nullplatform-build-workflow-user" +} + +resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { + user = aws_iam_user.nullplatform_build_workflow_user.name +} + + +resource "aws_iam_role_policy_attachment" "ecr-manager-policy" { + role = aws_iam_role.nullplatform_application_role.name + policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn +} + +resource "aws_iam_user_policy_attachment" "ecr-manager-policy-user" { + user = aws_iam_user.nullplatform_build_workflow_user.name + policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/main.tf b/v2/nullplatform/aws/nullplatform_providers/main.tf new file mode 100644 index 0000000..0ff3402 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/main.tf @@ -0,0 +1,167 @@ +resource "nullplatform_provider_config" "aws" { + provider = nullplatform + nrn = var.nrn + type = "aws-configuration" + dimensions = {} + attributes = jsonencode({ + iam = { + #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn + } + account = { + id = data.aws_caller_identity.current.id + region = data.aws_region.current.region + } + networking = { + application_domain = false + domain_name = var.domain_name + hosted_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + +resource "nullplatform_provider_config" "ecr" { + provider = nullplatform + nrn = var.nrn + type = "ecr" + dimensions = {} + attributes = jsonencode({ + "ci" : { + "region" : data.aws_region.current.region, + "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id + "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret + }, + "setup" : { + "region" : data.aws_region.current.region, + "role_arn" : aws_iam_role.nullplatform_application_role.arn + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + +resource "nullplatform_provider_config" "github" { + nrn = replace(var.nrn, ":namespace=.*$", "") + type = "github-configuration" + dimensions = {} + attributes = jsonencode({ + "setup" : { + "organization" : var.organization, + "installation_id" : var.organization_installation_id + }, + } + ) +} + +resource "kubernetes_ingress_v1" "internal" { + metadata { + name = "initial-ingress-setup-internal" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/scheme" = "internal" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} + +resource "kubernetes_ingress_v1" "public" { + metadata { + name = "initial-ingress-setup-public" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} + +resource "nullplatform_dimension" "environment" { + name = "Environment" + order = 1 + nrn = var.nrn +} + +resource "nullplatform_dimension_value" "environment_value" { + for_each = toset(var.environments) + dimension_id = nullplatform_dimension.environment.id + name = each.value + nrn = var.nrn +} diff --git a/v2/nullplatform/aws/nullplatform_providers/providers.tf b/v2/nullplatform/aws/nullplatform_providers/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/variables.tf b/v2/nullplatform/aws/nullplatform_providers/variables.tf new file mode 100644 index 0000000..555860a --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/variables.tf @@ -0,0 +1,82 @@ +variable "scope_manager_assume_role" { + description = "ARN of the IAM role for scope and deploy manager" + type = string + default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "include_environment" { + description = "Whether to use Environment as a default dimension" + type = bool + default = true +} + +variable "domain_name" { + description = "Domain name for the configuration" + type = string +} + +variable "hosted_private_zone_id" { + description = "Hosted zone ID for private DNS" + type = string +} + +variable "hosted_public_zone_id" { + description = "Hosted zone ID for public DNS" + type = string +} + +variable "environment" { + description = "Environment dimension value to which the configuration applies" + type = string +} + +variable "dimensions" { + description = "Map of dimension values to configure Nullplatform" + type = map(string) + default = {} +} +######### +# Registry Variables +######### +variable "application_manager_assume_role" { + description = "ARN of the IAM role for application manager" + type = string + default = "arn:aws:iam::283477532906:role/application_manager" +} +####### +# Code respositoy +####3 +variable "organization" { + description = "Organization name for code repository configuration" + type = string +} + +variable "organization_installation_id" { + description = "GitHub App installation ID for the organization" + type = string +} +######### +# Ingress Default +###### +variable "certificate_arn" { + description = "ARN of the SSL/TLS certificate for the network configuration" + type = string +} + +variable "environments" { + type = list(string) + description = "The list of environments" + default = ["development", "staging", "production"] +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} \ No newline at end of file diff --git a/v2/nullplatform_base/auth.tf b/v2/nullplatform_base/auth.tf new file mode 100644 index 0000000..a1a312a --- /dev/null +++ b/v2/nullplatform_base/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-base-api-key" { + name = "NULLPLATFORM-BASE-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/v2/nullplatform_base/locals.tf b/v2/nullplatform_base/locals.tf new file mode 100644 index 0000000..ed71fce --- /dev/null +++ b/v2/nullplatform_base/locals.tf @@ -0,0 +1,5 @@ +locals { + nullplatform_base_values = templatefile("${path.module}/templates/nullplatform-base-values.tmpl.yaml", { + api_key = nullplatform_api_key.nullplatform-base-api-key.api_key + }) +} diff --git a/v2/nullplatform_base/main.tf b/v2/nullplatform_base/main.tf new file mode 100644 index 0000000..45d9ba6 --- /dev/null +++ b/v2/nullplatform_base/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "base" { + name = "nullplatform-base" + chart = "nullplatform-base" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-base-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_base_values] +} \ No newline at end of file diff --git a/v2/nullplatform_base/providers.tf b/v2/nullplatform_base/providers.tf new file mode 100644 index 0000000..fb31c5a --- /dev/null +++ b/v2/nullplatform_base/providers.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml b/v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml new file mode 100644 index 0000000..57a048f --- /dev/null +++ b/v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml @@ -0,0 +1,14 @@ +global: + provider: "eks" + installGatewayV2Crd: false +logging: + enabled: true + prometheus: + enabled: true + exporterPort: 2021 +metricsServer: + enabled: true +controlPlane: + enabled: true +nullplatform: + apiKey: "${api_key}" \ No newline at end of file diff --git a/v2/nullplatform_base/variables.tf b/v2/nullplatform_base/variables.tf new file mode 100644 index 0000000..13f57a4 --- /dev/null +++ b/v2/nullplatform_base/variables.tf @@ -0,0 +1,16 @@ +variable "nullplatform-base-helm-version" { + description = "Helm chart version for the Nullplatform agent" + type = string + default = "2.12.0" +} + +variable "namespace" { + description = "Kubernetes namespace to agent run" + type = string + default = "nullplatform-tools" +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} \ No newline at end of file diff --git a/v2/workload/prometheus/locals.tf b/v2/workload/prometheus/locals.tf new file mode 100644 index 0000000..af88fec --- /dev/null +++ b/v2/workload/prometheus/locals.tf @@ -0,0 +1,4 @@ +locals { + prometheus-values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { + }) +} \ No newline at end of file diff --git a/v2/workload/prometheus/main.tf b/v2/workload/prometheus/main.tf new file mode 100644 index 0000000..5d9e5f8 --- /dev/null +++ b/v2/workload/prometheus/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "prometheus" { + name = "prometheus" + repository = "https://prometheus-community.github.io/helm-charts" + chart = "prometheus" + namespace = var.namespace + create_namespace = true + + values = [ local.prometheus-values ] +} + +resource "nullplatform_provider_config" "prometheus" { + nrn = var.nrn + type = "prometheus" + attributes = jsonencode({ + "server" : { + "url" : "http://prometheus-server.${var.namespace}.svc.cluster.local:80" + } + }) + dimensions = {} + + lifecycle { + ignore_changes = [attributes] + } +} \ No newline at end of file diff --git a/v2/workload/prometheus/providers.tf b/v2/workload/prometheus/providers.tf new file mode 100644 index 0000000..fb31c5a --- /dev/null +++ b/v2/workload/prometheus/providers.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} \ No newline at end of file diff --git a/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml b/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml new file mode 100644 index 0000000..300b731 --- /dev/null +++ b/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml @@ -0,0 +1,25 @@ +alertmanager: + persistence: + enabled: false +server: + persistentVolume: + enabled: false +extraScrapeConfigs: | + # Mรฉtricas de Null Platform desde nodos K8s + - job_name: null-platform-metrics + kubernetes_sd_configs: + - role: node + metrics_path: /metrics + scheme: http + relabel_configs: + # Cambiar puerto de kubelet (10250) a null-platform (2021) + - source_labels: [ __address__ ] + regex: '(.*):10250' + target_label: __address__ + replacement: '$1:2021' + # Mapear labels de nodos K8s + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + # Aรฑadir nombre del nodo + - source_labels: [ __meta_kubernetes_node_name ] + target_label: node \ No newline at end of file diff --git a/v2/workload/prometheus/variables.tf b/v2/workload/prometheus/variables.tf new file mode 100644 index 0000000..6371c8d --- /dev/null +++ b/v2/workload/prometheus/variables.tf @@ -0,0 +1,7 @@ +variable "namespace" { + default = "prometheus" +} + +variable "cluster_name" {} + +variable "nrn" {} \ No newline at end of file From 8106bab051abcbfbb8b3582b478cbfab63eddcee Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 10:25:31 -0300 Subject: [PATCH 28/87] feat(main-modules): change vpc name --- v2/foundations/aws/vpc/main.tf | 2 +- v2/foundations/aws/vpc/variables.tf | 4 ++-- v2/{ => nullplatform}/nullplatform_base/auth.tf | 0 v2/{ => nullplatform}/nullplatform_base/locals.tf | 0 v2/{ => nullplatform}/nullplatform_base/main.tf | 0 v2/{ => nullplatform}/nullplatform_base/providers.tf | 0 .../templates/nullplatform-base-values.tmpl.yaml | 0 v2/{ => nullplatform}/nullplatform_base/variables.tf | 0 8 files changed, 3 insertions(+), 3 deletions(-) rename v2/{ => nullplatform}/nullplatform_base/auth.tf (100%) rename v2/{ => nullplatform}/nullplatform_base/locals.tf (100%) rename v2/{ => nullplatform}/nullplatform_base/main.tf (100%) rename v2/{ => nullplatform}/nullplatform_base/providers.tf (100%) rename v2/{ => nullplatform}/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml (100%) rename v2/{ => nullplatform}/nullplatform_base/variables.tf (100%) diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf index 6ab4b2d..227ec7f 100644 --- a/v2/foundations/aws/vpc/main.tf +++ b/v2/foundations/aws/vpc/main.tf @@ -2,7 +2,7 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "~> 6.0" - name = "${var.organization}-${var.environment}" + name = "${var.organization}-${var.account}" cidr = var.vpc["cidr"] enable_dns_hostnames = true diff --git a/v2/foundations/aws/vpc/variables.tf b/v2/foundations/aws/vpc/variables.tf index 1fec053..b486bbe 100644 --- a/v2/foundations/aws/vpc/variables.tf +++ b/v2/foundations/aws/vpc/variables.tf @@ -14,7 +14,7 @@ variable "organization" { description = "A organization name" } -variable "environment" { +variable "account" { type = string - description = "The environment name" + description = "The account name" } \ No newline at end of file diff --git a/v2/nullplatform_base/auth.tf b/v2/nullplatform/nullplatform_base/auth.tf similarity index 100% rename from v2/nullplatform_base/auth.tf rename to v2/nullplatform/nullplatform_base/auth.tf diff --git a/v2/nullplatform_base/locals.tf b/v2/nullplatform/nullplatform_base/locals.tf similarity index 100% rename from v2/nullplatform_base/locals.tf rename to v2/nullplatform/nullplatform_base/locals.tf diff --git a/v2/nullplatform_base/main.tf b/v2/nullplatform/nullplatform_base/main.tf similarity index 100% rename from v2/nullplatform_base/main.tf rename to v2/nullplatform/nullplatform_base/main.tf diff --git a/v2/nullplatform_base/providers.tf b/v2/nullplatform/nullplatform_base/providers.tf similarity index 100% rename from v2/nullplatform_base/providers.tf rename to v2/nullplatform/nullplatform_base/providers.tf diff --git a/v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml b/v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml similarity index 100% rename from v2/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml rename to v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml diff --git a/v2/nullplatform_base/variables.tf b/v2/nullplatform/nullplatform_base/variables.tf similarity index 100% rename from v2/nullplatform_base/variables.tf rename to v2/nullplatform/nullplatform_base/variables.tf From 3678cc89fa96d8ab31bce68e2f9497a81278236c Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 11:20:54 -0300 Subject: [PATCH 29/87] feat(main-modules): add output files --- v2/foundations/aws/alb-controller/README.md | 37 --------------------- v2/foundations/aws/eks/output.tf | 20 +++++++++++ v2/foundations/aws/vpc/output.tf | 14 ++++++++ 3 files changed, 34 insertions(+), 37 deletions(-) delete mode 100644 v2/foundations/aws/alb-controller/README.md create mode 100644 v2/foundations/aws/eks/output.tf create mode 100644 v2/foundations/aws/vpc/output.tf diff --git a/v2/foundations/aws/alb-controller/README.md b/v2/foundations/aws/alb-controller/README.md deleted file mode 100644 index 14412b5..0000000 --- a/v2/foundations/aws/alb-controller/README.md +++ /dev/null @@ -1,37 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | ~> 6.0 | -| [helm](#requirement\_helm) | ~> 3.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 6.0 | -| [helm](#provider\_helm) | ~> 3.0 | -| [kubernetes](#provider\_kubernetes) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [aws-load-balancer-controller-role](#module\_aws-load-balancer-controller-role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_service_account.aws-load-balancer-controller-sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws-load-balancer-controller-version](#input\_aws-load-balancer-controller-version) | Version of the AWS Load Balancer Controller Helm chart | `string` | `"1.13.4"` | no | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID where load balancers controller will be deployed | `string` | n/a | yes | - \ No newline at end of file diff --git a/v2/foundations/aws/eks/output.tf b/v2/foundations/aws/eks/output.tf new file mode 100644 index 0000000..6d47508 --- /dev/null +++ b/v2/foundations/aws/eks/output.tf @@ -0,0 +1,20 @@ +output "eks_cluster_name" { + value = module.eks.cluster_name + description = "Nombre del cluster EKS" +} + +output "eks_cluster_endpoint" { + value = module.eks.cluster_endpoint + description = "Endpoint del API Server" +} + +output "eks_cluster_ca" { + value = module.eks.cluster_certificate_authority_data + description = "CA del cluster en base64" + sensitive = true +} + +output "eks_oidc_provider_arn" { + value = module.eks.oidc_provider_arn + description = "ARN del OIDC provider del cluster" +} \ No newline at end of file diff --git a/v2/foundations/aws/vpc/output.tf b/v2/foundations/aws/vpc/output.tf new file mode 100644 index 0000000..9c95a9b --- /dev/null +++ b/v2/foundations/aws/vpc/output.tf @@ -0,0 +1,14 @@ +output "vpc_id" { + value = module.vpc.vpc_id + description = "ID de la VPC" +} + +output "private_subnets" { + value = module.vpc.private_subnets + description = "Subnets privadas" +} + +output "public_subnets" { + value = module.vpc.public_subnets + description = "Subnets pรบblicas" +} \ No newline at end of file From 8247c9c92092d2f023fab3c920b6490e6913f218 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 11:56:27 -0300 Subject: [PATCH 30/87] feat(main-modules): add varieble OIDC --- v2/nullplatform/aws/nullplatform_agent/iam.tf | 2 +- v2/nullplatform/aws/nullplatform_agent/variables.tf | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/v2/nullplatform/aws/nullplatform_agent/iam.tf b/v2/nullplatform/aws/nullplatform_agent/iam.tf index 07875cf..645a4d1 100644 --- a/v2/nullplatform/aws/nullplatform_agent/iam.tf +++ b/v2/nullplatform/aws/nullplatform_agent/iam.tf @@ -5,7 +5,7 @@ module "nullplatform-agent-role" { oidc_providers = { main = { - provider_arn = data.aws_iam_openid_connect_provider.this.arn + provider_arn = var.aws_iam_openid_connect_provider_arn namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] } } diff --git a/v2/nullplatform/aws/nullplatform_agent/variables.tf b/v2/nullplatform/aws/nullplatform_agent/variables.tf index 1458841..9974c73 100644 --- a/v2/nullplatform/aws/nullplatform_agent/variables.tf +++ b/v2/nullplatform/aws/nullplatform_agent/variables.tf @@ -111,4 +111,6 @@ variable "external_logging_provider" { type = string default = "external" description = "External logging provider name" -} \ No newline at end of file +} + +variable "aws_iam_openid_connect_provider_arn" {} \ No newline at end of file From 212956cf11e2a26679c85cd5a264c5f95ba78562 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 14:30:35 -0300 Subject: [PATCH 31/87] feat: add external_dns --- workloads/external-dns/dns.yaml | 22 +++++++ workloads/external-dns/locals.tf | 9 +++ workloads/external-dns/main.tf | 11 ++++ workloads/external-dns/provider.tf | 22 +++++++ workloads/external-dns/secret.tf | 16 +++++ workloads/external-dns/secret.yaml | 8 +++ .../templates/external_dns_values.tmpl.yaml | 55 ++++++++++++++++++ workloads/external-dns/values.yaml | 58 +++++++++++++++++++ workloads/external-dns/variables.tf | 44 ++++++++++++++ 9 files changed, 245 insertions(+) create mode 100644 workloads/external-dns/dns.yaml create mode 100644 workloads/external-dns/locals.tf create mode 100644 workloads/external-dns/main.tf create mode 100644 workloads/external-dns/provider.tf create mode 100644 workloads/external-dns/secret.tf create mode 100644 workloads/external-dns/secret.yaml create mode 100644 workloads/external-dns/templates/external_dns_values.tmpl.yaml create mode 100644 workloads/external-dns/values.yaml create mode 100644 workloads/external-dns/variables.tf diff --git a/workloads/external-dns/dns.yaml b/workloads/external-dns/dns.yaml new file mode 100644 index 0000000..dc65b6e --- /dev/null +++ b/workloads/external-dns/dns.yaml @@ -0,0 +1,22 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: k-8-s-custom-scope-1668577173-dns + namespace: default + labels: + nullplatform: "true" + account: kwik-e-mart-main + account_id: "95118862" + namespace: kubernets + namespace_id: "965608594" + application: external-dns + application_id: "1038560634" + scope: custom-scope + scope_id: "1668577173" +spec: + endpoints: + - dnsName: david.nullimplementation.com + recordTTL: 300 + recordType: A + targets: + - "34.86.164.237" \ No newline at end of file diff --git a/workloads/external-dns/locals.tf b/workloads/external-dns/locals.tf new file mode 100644 index 0000000..6d2ff1a --- /dev/null +++ b/workloads/external-dns/locals.tf @@ -0,0 +1,9 @@ +locals { + external_dns_values = templatefile("${path.module}/templates/external_dns_values.tmpl.yaml", { + domain = var.domain + txt_owner_id = var.txt_owner_id + dns_provider_name = var.dns_provider_name + extra_args = var.extra_args + }) + create_cf_secret = lower(var.dns_provider_name) == "cloudflare" +} \ No newline at end of file diff --git a/workloads/external-dns/main.tf b/workloads/external-dns/main.tf new file mode 100644 index 0000000..11ffb97 --- /dev/null +++ b/workloads/external-dns/main.tf @@ -0,0 +1,11 @@ +resource "helm_release" "external_dns" { + name = "external-dns" + repository = "https://kubernetes-sigs.github.io/external-dns/" + chart = "external-dns" + namespace = var.externa_dns_namespace + create_namespace = true + version = var.external_dns_version + + values = [local.external_dns_values] + depends_on = [kubernetes_secret_v1.external_dns_cloudflare] +} diff --git a/workloads/external-dns/provider.tf b/workloads/external-dns/provider.tf new file mode 100644 index 0000000..b843bf4 --- /dev/null +++ b/workloads/external-dns/provider.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + config_context = var.kube_context + } +} +provider "kubernetes" { + config_path = var.kubeconfig_path +} diff --git a/workloads/external-dns/secret.tf b/workloads/external-dns/secret.tf new file mode 100644 index 0000000..7bfc040 --- /dev/null +++ b/workloads/external-dns/secret.tf @@ -0,0 +1,16 @@ +resource "kubernetes_secret_v1" "external_dns_cloudflare" { + count = local.create_cf_secret ? 1 : 0 + + metadata { + name = "external-dns-cloudflare" + namespace = var.externa_dns_namespace + } + + type = "Opaque" + + + data = { + "api-token" = var.clodflare_token + } +} + diff --git a/workloads/external-dns/secret.yaml b/workloads/external-dns/secret.yaml new file mode 100644 index 0000000..edc32d2 --- /dev/null +++ b/workloads/external-dns/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: external-dns-cloudflare + namespace: kube-system +type: Opaque +stringData: + api-token: rCiehSR5DiDaJKuTxItNJ8rmFSEfJqs9hdKOPdGE diff --git a/workloads/external-dns/templates/external_dns_values.tmpl.yaml b/workloads/external-dns/templates/external_dns_values.tmpl.yaml new file mode 100644 index 0000000..ef30303 --- /dev/null +++ b/workloads/external-dns/templates/external_dns_values.tmpl.yaml @@ -0,0 +1,55 @@ +provider: + name: "${dns_provider_name}" + +sources: + - crd + +domainFilters: + - "${domain}" + +policy: "upsert-only" +registry: "txt" +txtOwnerId: "${txt_owner_id}" +interval: "1m" +logLevel: "info" + + +env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: "external-dns-cloudflare" + key: "api-token" + +extraArgs: +%{ for arg in extra_args ~} + - "${arg}" +%{ endfor ~} + +serviceAccount: + create: true + name: "external-dns" + +rbac: + create: true + +resources: + requests: + cpu: "50m" + memory: "128Mi" + limits: + memory: "256Mi" + + +securityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + +podSecurityContext: + fsGroup: 65534 + runAsNonRoot: true \ No newline at end of file diff --git a/workloads/external-dns/values.yaml b/workloads/external-dns/values.yaml new file mode 100644 index 0000000..c44b067 --- /dev/null +++ b/workloads/external-dns/values.yaml @@ -0,0 +1,58 @@ + +provider: + name: cloudflare +sources: + - service + - ingress + - crd + +policy: upsert-only +registry: txt +txtOwnerId: "external-dns" +txtPrefix: "externaldns-" + + + +domainFilters: + - nullimplementation.com + +interval: 10s # Check every 10 seconds for faster DNS updates + +rbac: + create: true + +serviceAccount: + create: true + name: external-dns + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +securityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + +podSecurityContext: + fsGroup: 65534 + runAsNonRoot: true + +env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: external-dns-cloudflare + key: api-token +# Flags extra รบtiles para Cloudflare +extraArgs: + - --cloudflare-proxied # activa "nube naranja" por defecto + - --cloudflare-dns-records-per-page=200 \ No newline at end of file diff --git a/workloads/external-dns/variables.tf b/workloads/external-dns/variables.tf new file mode 100644 index 0000000..3c9a19d --- /dev/null +++ b/workloads/external-dns/variables.tf @@ -0,0 +1,44 @@ +variable "external_dns_version" { + type = string + default = "1.19.0" + +} + +variable "externa_dns_namespace" { + type = string +} +variable "domain" { + type = string + +} + +variable "txt_owner_id" { + type = string + +} + +variable "clodflare_token" { + type = string + sensitive = true + +} + +variable "dns_provider_name" { + type = string + description = "dns provider" + +} + +variable "extra_args" { + type = list(string) + default = [""] +} + +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context +} \ No newline at end of file From 479afbe713e76b4634ca2224ef8f8c3406ed02a4 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 14:31:26 -0300 Subject: [PATCH 32/87] feat: add external_dns --- nullplatform/gcp/base/auth.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nullplatform/gcp/base/auth.tf b/nullplatform/gcp/base/auth.tf index 199657b..08ba765 100644 --- a/nullplatform/gcp/base/auth.tf +++ b/nullplatform/gcp/base/auth.tf @@ -2,23 +2,23 @@ resource "nullplatform_api_key" "nullplatform-base-api-key" { name = "NULLPLATFORM-BASE-API-KEY" grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "controlplane:agent" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "developer" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "ops" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "secops" } grants { - nrn = local.nrn_sin_namespace + nrn = local.nrn_without_namespace role_slug = "secrets-reader" } From b5d6d3b380517d3544399ab6c67c4a1171c6fdb6 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 14:50:36 -0300 Subject: [PATCH 33/87] feat: remove old file --- workloads/external-dns/dns.yaml | 22 ------------ workloads/external-dns/values.yaml | 58 ------------------------------ 2 files changed, 80 deletions(-) delete mode 100644 workloads/external-dns/dns.yaml delete mode 100644 workloads/external-dns/values.yaml diff --git a/workloads/external-dns/dns.yaml b/workloads/external-dns/dns.yaml deleted file mode 100644 index dc65b6e..0000000 --- a/workloads/external-dns/dns.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: k-8-s-custom-scope-1668577173-dns - namespace: default - labels: - nullplatform: "true" - account: kwik-e-mart-main - account_id: "95118862" - namespace: kubernets - namespace_id: "965608594" - application: external-dns - application_id: "1038560634" - scope: custom-scope - scope_id: "1668577173" -spec: - endpoints: - - dnsName: david.nullimplementation.com - recordTTL: 300 - recordType: A - targets: - - "34.86.164.237" \ No newline at end of file diff --git a/workloads/external-dns/values.yaml b/workloads/external-dns/values.yaml deleted file mode 100644 index c44b067..0000000 --- a/workloads/external-dns/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ - -provider: - name: cloudflare -sources: - - service - - ingress - - crd - -policy: upsert-only -registry: txt -txtOwnerId: "external-dns" -txtPrefix: "externaldns-" - - - -domainFilters: - - nullimplementation.com - -interval: 10s # Check every 10 seconds for faster DNS updates - -rbac: - create: true - -serviceAccount: - create: true - name: external-dns - -resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - -securityContext: - runAsNonRoot: true - runAsUser: 65532 - runAsGroup: 65532 - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - -podSecurityContext: - fsGroup: 65534 - runAsNonRoot: true - -env: - - name: CF_API_TOKEN - valueFrom: - secretKeyRef: - name: external-dns-cloudflare - key: api-token -# Flags extra รบtiles para Cloudflare -extraArgs: - - --cloudflare-proxied # activa "nube naranja" por defecto - - --cloudflare-dns-records-per-page=200 \ No newline at end of file From f1a7f9ae3e57cc0f7c50ed3c2a7ee955f01a60fa Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 14:52:09 -0300 Subject: [PATCH 34/87] fear: remove old file --- workloads/external-dns/secret.yaml | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 workloads/external-dns/secret.yaml diff --git a/workloads/external-dns/secret.yaml b/workloads/external-dns/secret.yaml deleted file mode 100644 index edc32d2..0000000 --- a/workloads/external-dns/secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: external-dns-cloudflare - namespace: kube-system -type: Opaque -stringData: - api-token: rCiehSR5DiDaJKuTxItNJ8rmFSEfJqs9hdKOPdGE From aef9c74515e67a3ebbe54f3233a661bef496887d Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 17:54:25 -0300 Subject: [PATCH 35/87] feat: add istios and cert manager config --- workloads/cert-manager/locals.tf | 25 ++++ workloads/cert-manager/main.tf | 26 ++++ workloads/cert-manager/provider.tf | 17 +++ .../templates/cert_manager_values.tmpl.yaml | 24 ++++ workloads/cert-manager/variables.tf | 127 ++++++++++++++++++ workloads/external-dns/provider.tf | 5 - workloads/istio/locals.tf | 4 + workloads/istio/main.tf | 29 ++++ workloads/istio/provider.tf | 17 +++ workloads/istio/variables.tf | 26 ++++ 10 files changed, 295 insertions(+), 5 deletions(-) create mode 100644 workloads/cert-manager/locals.tf create mode 100644 workloads/cert-manager/main.tf create mode 100644 workloads/cert-manager/provider.tf create mode 100644 workloads/cert-manager/templates/cert_manager_values.tmpl.yaml create mode 100644 workloads/cert-manager/variables.tf create mode 100644 workloads/istio/locals.tf create mode 100644 workloads/istio/main.tf create mode 100644 workloads/istio/provider.tf create mode 100644 workloads/istio/variables.tf diff --git a/workloads/cert-manager/locals.tf b/workloads/cert-manager/locals.tf new file mode 100644 index 0000000..1a741f0 --- /dev/null +++ b/workloads/cert-manager/locals.tf @@ -0,0 +1,25 @@ +locals { + helm_values = templatefile("${path.module}/templates/cert_manager_values.tmpl.yaml", { + hosted_zone_name = var.hosted_zone_name + account_slug = var.account_slug + + # GCP + gcp_enabled = var.gcp_enabled + gcp_service_account_key = var.gcp_service_account_key + + # Azure + azure_enabled = var.azure_enabled + azure_subscription_id = var.azure_subscription_id + azure_resource_group_name = var.azure_resource_group_name + azure_client_id = var.azure_client_id + azure_secret_key = var.azure_secret_key + azure_client_secret = var.azure_client_secret + azure_tenant_id = var.azure_tenant_id + azure_hosted_zone_name = var.azure_hosted_zone_name + + # Cloudflare + cloudflare_enabled = var.cloudflare_enabled + cloudflare_secret_name = var.cloudflare_secret_name + cloudflare_api_token = var.cloudflare_api_token + }) +} \ No newline at end of file diff --git a/workloads/cert-manager/main.tf b/workloads/cert-manager/main.tf new file mode 100644 index 0000000..b8b407b --- /dev/null +++ b/workloads/cert-manager/main.tf @@ -0,0 +1,26 @@ +resource "helm_release" "cert_manager" { + name = "cert-manager" + repository = "https://charts.jetstack.io" + chart = "cert-manager" + namespace = var.cert_manager_namespace + create_namespace = true + version = var.cert_manager_version + + set = [{ + name = "crds.enabled" + value = "true" + } + ] +} + + +resource "helm_release" "cert_manager-config" { + name = "cert-manager-config" + repository = "https://nullplatform.github.io/helm-charts" + chart = "nullplatform-cert-manager-config" + create_namespace = true + version = var.cert_manager_config_version + + values = [local.helm_values] +} + diff --git a/workloads/cert-manager/provider.tf b/workloads/cert-manager/provider.tf new file mode 100644 index 0000000..bc34018 --- /dev/null +++ b/workloads/cert-manager/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + config_context = var.kube_context + } +} +provider "kubernetes" { + config_path = var.kubeconfig_path +} diff --git a/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml b/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml new file mode 100644 index 0000000..88b6db6 --- /dev/null +++ b/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml @@ -0,0 +1,24 @@ +hostedZoneName: "${hosted_zone_name}" + +nullPlatform: + accountSlug: "${account_slug}" + +gcp: + enabled: ${gcp_enabled} + serviceAccountKey: |- + ${gcp_service_account_key} + +azure: + enabled: ${azure_enabled} + subscriptionID: "${azure_subscription_id}" + resourceGroupName: "${azure_resource_group_name}" + clientID: "${azure_client_id}" + secretKey: "${azure_secret_key}" # ej: "client-secret" + clientSecret: "${azure_client_secret}" + tenantID: "${azure_tenant_id}" + hostedZoneName: "${azure_hosted_zone_name}" + +cloudflare: + enabled: ${cloudflare_enabled} + secretName: "${cloudflare_secret_name}" + apiToken: "${cloudflare_api_token}" diff --git a/workloads/cert-manager/variables.tf b/workloads/cert-manager/variables.tf new file mode 100644 index 0000000..82963c4 --- /dev/null +++ b/workloads/cert-manager/variables.tf @@ -0,0 +1,127 @@ + +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context +} +variable "cert_manager_version" { + type = string + default = "1.18.2" + +} +variable "cert_manager_namespace" { + type = string + default = "cert-manager" +} + +variable "cert_manager_config_version" { + type = string + default = "2.10.0" + +} + +variable "hosted_zone_name" { + description = "Hosted zone name (if applicable)." + type = string + default = "" +} + +variable "account_slug" { + description = "NullPlatform account slug." + type = string + default = "" +} + +# --- GCP --- +variable "gcp_enabled" { + description = "Enable GCP (Cloud DNS) solver in cert-manager." + type = bool + default = false +} + +variable "gcp_service_account_key" { + description = "Contents of the Service Account JSON for Cloud DNS (use file() if reading from disk)." + type = string + sensitive = true + default = "" +} + +# --- Azure --- +variable "azure_enabled" { + description = "Enable Azure DNS solver in cert-manager." + type = bool + default = false +} + +variable "azure_subscription_id" { + description = "Azure Subscription ID." + type = string + default = "" +} + +variable "azure_resource_group_name" { + description = "Azure Resource Group that contains the DNS zone." + type = string + default = "" +} + +variable "azure_client_id" { + description = "Azure App (Client) ID for authentication." + type = string + default = "" +} + +variable "azure_secret_key" { + description = "Key name inside the Azure Secret that holds the client secret (default 'client-secret')." + type = string + default = "client-secret" +} + +variable "azure_client_secret" { + description = "Azure App Client Secret (value)." + type = string + sensitive = true + default = "" +} + +variable "azure_tenant_id" { + description = "Azure Tenant ID." + type = string + default = "" +} + +variable "azure_hosted_zone_name" { + description = "Hosted zone name in Azure DNS." + type = string + default = "" +} + +# --- Cloudflare --- +variable "cloudflare_enabled" { + description = "Enable Cloudflare DNS-01 solver in cert-manager." + type = bool + default = false +} + +variable "cloudflare_secret_name" { + description = "Kubernetes Secret name that stores the Cloudflare API Token." + type = string + default = "cloudflare-api-token-secret" +} + +variable "cloudflare_api_token" { + description = "Cloudflare API Token (minimum permissions: Zone:DNS:Edit + Zone:Read)." + type = string + sensitive = true + default = "" + validation { + condition = !var.cloudflare_enabled || length(var.cloudflare_api_token) > 0 + error_message = "When cloudflare_enabled is true, cloudflare_api_token must not be empty." + } +} + + + diff --git a/workloads/external-dns/provider.tf b/workloads/external-dns/provider.tf index b843bf4..bc34018 100644 --- a/workloads/external-dns/provider.tf +++ b/workloads/external-dns/provider.tf @@ -1,10 +1,5 @@ terraform { required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - helm = { source = "hashicorp/helm" version = "~> 3.0" diff --git a/workloads/istio/locals.tf b/workloads/istio/locals.tf new file mode 100644 index 0000000..5e0e83b --- /dev/null +++ b/workloads/istio/locals.tf @@ -0,0 +1,4 @@ +locals { + repository = "https://istio-release.storage.googleapis.com/charts" + namespace = "istio-system" +} \ No newline at end of file diff --git a/workloads/istio/main.tf b/workloads/istio/main.tf new file mode 100644 index 0000000..d6cbf34 --- /dev/null +++ b/workloads/istio/main.tf @@ -0,0 +1,29 @@ + +resource "helm_release" "istio_base" { + name = "istio-base" + repository = local.repository + chart = "base" + namespace = local.namespace + create_namespace = true + version = var.istio_base_version +} + +resource "helm_release" "istiod" { + name = "istiod" + depends_on = [helm_release.istio_base] + repository = local.repository + chart = "istiod" + namespace = local.namespace + version = var.istiod_version +} + +# Setup Istio Gateway using Helm +resource "helm_release" "istio_ingressgateway" { + name = "istio-ingressgateway" + depends_on = [helm_release.istiod] + repository = local.repository + chart = "gateway" + namespace = local.namespace + version = var.istio_ingressgateway_version + +} diff --git a/workloads/istio/provider.tf b/workloads/istio/provider.tf new file mode 100644 index 0000000..bc34018 --- /dev/null +++ b/workloads/istio/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "~> 3.0" + } + } +} +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + config_context = var.kube_context + } +} +provider "kubernetes" { + config_path = var.kubeconfig_path +} diff --git a/workloads/istio/variables.tf b/workloads/istio/variables.tf new file mode 100644 index 0000000..e4656e1 --- /dev/null +++ b/workloads/istio/variables.tf @@ -0,0 +1,26 @@ +variable "istio_base_version" { + type = string + default = "1.27.1" + +} + +variable "istio_ingressgateway_version" { + type = string + default = "1.27.1" + +} + +variable "istiod_version" { + type = string + default = "1.27.1" + +} + +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context +} \ No newline at end of file From b768f8aab052dc40e58a05bfcb8b98e4acbb855b Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 18:39:58 -0300 Subject: [PATCH 36/87] feat(main-modules): add variable OIDC alb-controller --- .gitignore | 3 +++ v2/foundations/aws/alb-controller/data.tf | 7 ------- v2/foundations/aws/alb-controller/iam.tf | 2 +- v2/foundations/aws/alb-controller/variables.tf | 4 ++++ v2/foundations/aws/eks/data.tf | 15 --------------- v2/foundations/aws/eks/main.tf | 8 ++++---- v2/foundations/aws/eks/variables.tf | 8 +++----- 7 files changed, 15 insertions(+), 32 deletions(-) delete mode 100644 v2/foundations/aws/alb-controller/data.tf delete mode 100644 v2/foundations/aws/eks/data.tf diff --git a/.gitignore b/.gitignore index 4f8d1a8..21551b0 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,9 @@ yarn-error.log* lerna-debug.log* .pnpm-debug.log* +**/**/.terraform.lock.hcl +**/**/.terraform +**/**/*.state # Diagnostic reports (https://nodejs.org/api/report.html) report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json diff --git a/v2/foundations/aws/alb-controller/data.tf b/v2/foundations/aws/alb-controller/data.tf deleted file mode 100644 index 6a9c21f..0000000 --- a/v2/foundations/aws/alb-controller/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "this" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "this" { - url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer -} diff --git a/v2/foundations/aws/alb-controller/iam.tf b/v2/foundations/aws/alb-controller/iam.tf index f8fd1a2..921374d 100644 --- a/v2/foundations/aws/alb-controller/iam.tf +++ b/v2/foundations/aws/alb-controller/iam.tf @@ -6,7 +6,7 @@ module "aws-load-balancer-controller-role" { use_name_prefix = false oidc_providers = { main = { - provider_arn = data.aws_iam_openid_connect_provider.this.arn + provider_arn = var.aws_iam_openid_connect_provider namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] } } diff --git a/v2/foundations/aws/alb-controller/variables.tf b/v2/foundations/aws/alb-controller/variables.tf index 9fb8678..97cad6f 100644 --- a/v2/foundations/aws/alb-controller/variables.tf +++ b/v2/foundations/aws/alb-controller/variables.tf @@ -12,4 +12,8 @@ variable "aws-load-balancer-controller-version" { description = "Version of the AWS Load Balancer Controller Helm chart" type = string default = "1.13.4" +} + +variable "aws_iam_openid_connect_provider" { + } \ No newline at end of file diff --git a/v2/foundations/aws/eks/data.tf b/v2/foundations/aws/eks/data.tf deleted file mode 100644 index ae68c9d..0000000 --- a/v2/foundations/aws/eks/data.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_subnets" "private" { - filter { - name = "vpc-id" - values = [data.aws_vpc.vpc.id] - } - - filter { - name = "tag:Name" - values = ["*private*"] - } -} - -data "aws_vpc" "vpc" { - id = var.vpc_id -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf index 96fee3f..0f97619 100644 --- a/v2/foundations/aws/eks/main.tf +++ b/v2/foundations/aws/eks/main.tf @@ -22,13 +22,13 @@ module "eks" { # Optional: Adds the current caller identity as an administrator via cluster access entry enable_cluster_creator_admin_permissions = true - vpc_id = data.aws_vpc.vpc.id - subnet_ids = data.aws_subnets.private.ids - control_plane_subnet_ids = data.aws_subnets.private.ids + vpc_id = var.aws_vpc_vpc_id + subnet_ids = var.aws_subnets_private_ids + control_plane_subnet_ids = var.aws_subnets_private_ids # EKS Managed Node Group(s) eks_managed_node_groups = { - example = { + nullplatform = { # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups ami_type = var.ami_type instance_types = [var.instance_types] diff --git a/v2/foundations/aws/eks/variables.tf b/v2/foundations/aws/eks/variables.tf index 62291c3..2c41762 100644 --- a/v2/foundations/aws/eks/variables.tf +++ b/v2/foundations/aws/eks/variables.tf @@ -1,8 +1,3 @@ -variable "vpc_id" { - type = string - description = "A account name" -} - variable "name" { type = string description = "A name of cluster" @@ -25,3 +20,6 @@ variable "kubernetes_version" { description = "The version of K8s to use" default = "1.32" } + +variable "aws_vpc_vpc_id" {} +variable "aws_subnets_private_ids" {} \ No newline at end of file From dd303ad88ad4fce181b38f1db360ad149c20c61b Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 18:55:57 -0300 Subject: [PATCH 37/87] feat(main-modules): disable cloudwatch logs eks --- v2/foundations/aws/alb-controller/variables.tf | 2 +- v2/foundations/aws/eks/main.tf | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/v2/foundations/aws/alb-controller/variables.tf b/v2/foundations/aws/alb-controller/variables.tf index 97cad6f..0d7bc8c 100644 --- a/v2/foundations/aws/alb-controller/variables.tf +++ b/v2/foundations/aws/alb-controller/variables.tf @@ -15,5 +15,5 @@ variable "aws-load-balancer-controller-version" { } variable "aws_iam_openid_connect_provider" { - + } \ No newline at end of file diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf index 0f97619..dd660d5 100644 --- a/v2/foundations/aws/eks/main.tf +++ b/v2/foundations/aws/eks/main.tf @@ -5,6 +5,9 @@ module "eks" { name = var.name kubernetes_version = var.kubernetes_version + cluster_enabled_log_types = [] # desactiva todos: api, audit, authenticator, controllerManager, scheduler + create_cloudwatch_log_group = false # opcional: que el mรณdulo no gestione el log group + addons = { coredns = {} eks-pod-identity-agent = { From f58406a061236e9c5819170666a0776f39aab247 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 18:57:31 -0300 Subject: [PATCH 38/87] feat(main-modules): fix disable cloudwatch logs eks --- v2/foundations/aws/eks/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf index dd660d5..7a8b2f0 100644 --- a/v2/foundations/aws/eks/main.tf +++ b/v2/foundations/aws/eks/main.tf @@ -5,8 +5,8 @@ module "eks" { name = var.name kubernetes_version = var.kubernetes_version - cluster_enabled_log_types = [] # desactiva todos: api, audit, authenticator, controllerManager, scheduler - create_cloudwatch_log_group = false # opcional: que el mรณdulo no gestione el log group + cluster_enabled_log_types = [] # desactiva todos: api, audit, authenticator, controllerManager, scheduler + create_cloudwatch_log_group = false # opcional: que el mรณdulo no gestione el log group addons = { coredns = {} From ff250c86ca96076f2ee96a21b87ee7477914c6b3 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 18:59:44 -0300 Subject: [PATCH 39/87] feat(main-modules): fix disable cloudwatch logs eks --- v2/foundations/aws/eks/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf index 7a8b2f0..60ca228 100644 --- a/v2/foundations/aws/eks/main.tf +++ b/v2/foundations/aws/eks/main.tf @@ -5,8 +5,7 @@ module "eks" { name = var.name kubernetes_version = var.kubernetes_version - cluster_enabled_log_types = [] # desactiva todos: api, audit, authenticator, controllerManager, scheduler - create_cloudwatch_log_group = false # opcional: que el mรณdulo no gestione el log group + create_cloudwatch_log_group = false addons = { coredns = {} From 752d3aa03d79715d76dd43de28458b066136504f Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 19:16:59 -0300 Subject: [PATCH 40/87] feat: edit variables values default --- nullplatform/gcp/cloud/gcp/variables.tf | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/nullplatform/gcp/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/gcp/variables.tf index dc88628..7c943ea 100644 --- a/nullplatform/gcp/cloud/gcp/variables.tf +++ b/nullplatform/gcp/cloud/gcp/variables.tf @@ -26,20 +26,7 @@ variable "dimensions" { type = map(string) default = {} } -/* -####### -# Code respositoy -####3 -variable "organization" { - description = "Organization name for code repository configuration" - type = string -} -variable "organization_installation_id" { - description = "GitHub App installation ID for the organization" - type = string -} -*/ variable "environments" { type = list(string) @@ -65,12 +52,15 @@ variable "np_api_key" { variable "private_dns_zone_name" { type = string + default = "" } variable "public_dns_zone_name" { type = string + default = "" } variable "service_account_key" { type = string + default = "" } \ No newline at end of file From 98f55f67c593b49e7f1c320f41dc8a2c5f511cb8 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 19:20:58 -0300 Subject: [PATCH 41/87] feat: edit variables values default --- nullplatform/gcp/cloud/gcp/variables.tf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nullplatform/gcp/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/gcp/variables.tf index 7c943ea..c73d0ba 100644 --- a/nullplatform/gcp/cloud/gcp/variables.tf +++ b/nullplatform/gcp/cloud/gcp/variables.tf @@ -16,10 +16,7 @@ variable "domain_name" { } -variable "environment" { - description = "Environment dimension value to which the configuration applies" - type = string -} + variable "dimensions" { description = "Map of dimension values to configure Nullplatform" From d76aedcde59b1a7fb829fde0be742a3303808a4a Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 19:21:06 -0300 Subject: [PATCH 42/87] feat(main-modules): fix vpc configurations --- v2/foundations/aws/vpc/main.tf | 8 ++++---- v2/foundations/aws/vpc/variables.tf | 15 +++++++-------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf index 227ec7f..d2f8e53 100644 --- a/v2/foundations/aws/vpc/main.tf +++ b/v2/foundations/aws/vpc/main.tf @@ -3,13 +3,13 @@ module "vpc" { version = "~> 6.0" name = "${var.organization}-${var.account}" - cidr = var.vpc["cidr"] + cidr = var.vpc.cidr enable_dns_hostnames = true - azs = var.vpc["azs"] - private_subnets = var.vpc["private_subnets"] - public_subnets = var.vpc["public_subnets"] + azs = var.vpc.azs + private_subnets = var.vpc.private_subnets + public_subnets = var.vpc.public_subnets enable_nat_gateway = true single_nat_gateway = true diff --git a/v2/foundations/aws/vpc/variables.tf b/v2/foundations/aws/vpc/variables.tf index b486bbe..326fae6 100644 --- a/v2/foundations/aws/vpc/variables.tf +++ b/v2/foundations/aws/vpc/variables.tf @@ -1,13 +1,12 @@ variable "vpc" { - description = "A VPC with public and private subnets" + description = "Configuraciรณn de la VPC" + type = object({ + cidr_block = string + azs = list(string) + private_subnets = list(string) + public_subnets = list(string) + }) } -# Parรกmetros VPC -# vpc = { -# azs = ["us-west-2a", "us-west-2b", "us-west-2c"] -# cidr = "172.16.0.0/16" -# public_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] -# private_subnets = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24"] -# } variable "organization" { type = string From 8182c2b1531effb3b843cab5dd58ec1546abd495 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 19:23:57 -0300 Subject: [PATCH 43/87] feat(main-modules): fix vpc configurations --- v2/foundations/aws/vpc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf index d2f8e53..25aefde 100644 --- a/v2/foundations/aws/vpc/main.tf +++ b/v2/foundations/aws/vpc/main.tf @@ -3,7 +3,7 @@ module "vpc" { version = "~> 6.0" name = "${var.organization}-${var.account}" - cidr = var.vpc.cidr + cidr = var.vpc.cidr_block enable_dns_hostnames = true From 584a49f69c37674e32c3769fb010838379e04928 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 20:12:24 -0300 Subject: [PATCH 44/87] feat(main-modules): decoupling providers --- .../aws/nullplatform_providers/dimensions.tf | 12 ++ .../aws/nullplatform_providers/main.tf | 111 +----------------- .../aws/nullplatform_providers/namespaces.tf | 7 ++ .../aws/nullplatform_providers/networking.tf | 96 +++++++++++++++ .../aws/nullplatform_providers/variables.tf | 5 + 5 files changed, 121 insertions(+), 110 deletions(-) create mode 100644 v2/nullplatform/aws/nullplatform_providers/dimensions.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/namespaces.tf create mode 100644 v2/nullplatform/aws/nullplatform_providers/networking.tf diff --git a/v2/nullplatform/aws/nullplatform_providers/dimensions.tf b/v2/nullplatform/aws/nullplatform_providers/dimensions.tf new file mode 100644 index 0000000..037e8b4 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/dimensions.tf @@ -0,0 +1,12 @@ +resource "nullplatform_dimension" "environment" { + name = "Environment" + order = 1 + nrn = var.nrn +} + +resource "nullplatform_dimension_value" "environment_value" { + for_each = toset(var.environments) + dimension_id = nullplatform_dimension.environment.id + name = each.value + nrn = var.nrn +} diff --git a/v2/nullplatform/aws/nullplatform_providers/main.tf b/v2/nullplatform/aws/nullplatform_providers/main.tf index 0ff3402..a517af8 100644 --- a/v2/nullplatform/aws/nullplatform_providers/main.tf +++ b/v2/nullplatform/aws/nullplatform_providers/main.tf @@ -55,113 +55,4 @@ resource "nullplatform_provider_config" "github" { }, } ) -} - -resource "kubernetes_ingress_v1" "internal" { - metadata { - name = "initial-ingress-setup-internal" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/scheme" = "internal" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} - -resource "kubernetes_ingress_v1" "public" { - metadata { - name = "initial-ingress-setup-public" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} - -resource "nullplatform_dimension" "environment" { - name = "Environment" - order = 1 - nrn = var.nrn -} - -resource "nullplatform_dimension_value" "environment_value" { - for_each = toset(var.environments) - dimension_id = nullplatform_dimension.environment.id - name = each.value - nrn = var.nrn -} +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/namespaces.tf b/v2/nullplatform/aws/nullplatform_providers/namespaces.tf new file mode 100644 index 0000000..cdf9400 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/namespaces.tf @@ -0,0 +1,7 @@ +resource "kubernetes_namespace" "nullplatform_namespaces" { + for_each = toset(var.namespaces) + + metadata { + name = each.key + } +} diff --git a/v2/nullplatform/aws/nullplatform_providers/networking.tf b/v2/nullplatform/aws/nullplatform_providers/networking.tf new file mode 100644 index 0000000..243c438 --- /dev/null +++ b/v2/nullplatform/aws/nullplatform_providers/networking.tf @@ -0,0 +1,96 @@ + +resource "kubernetes_ingress_v1" "internal" { + metadata { + name = "initial-ingress-setup-internal" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/scheme" = "internal" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} + +resource "kubernetes_ingress_v1" "public" { + metadata { + name = "initial-ingress-setup-public" + namespace = "nullplatform" + + annotations = merge({ + "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ + type = "fixed-response" + fixedResponseConfig = { + contentType = "text/plain" + statusCode = "404" + messageBody = "404 scope not found or has not been deployed yet" + } + }) + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + }) + } + + spec { + ingress_class_name = "alb" + + rule { + host = "setup.nullapps.io" + http { + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "response-404" + port { + name = "use-annotation" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/variables.tf b/v2/nullplatform/aws/nullplatform_providers/variables.tf index 555860a..feb2b4f 100644 --- a/v2/nullplatform/aws/nullplatform_providers/variables.tf +++ b/v2/nullplatform/aws/nullplatform_providers/variables.tf @@ -79,4 +79,9 @@ variable "np_api_key" { type = string sensitive = true description = "Nullplatform API key for authentication" +} + +variable "namespaces" { + type = list(string) + default = ["nullplatform", "nullplatform-tools"] } \ No newline at end of file From 2aece6b554792823506a15b02b076bb22a49be8d Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Tue, 30 Sep 2025 20:13:45 -0300 Subject: [PATCH 45/87] fix: edit variables --- nullplatform/code_repository/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/code_repository/variables.tf index 9815884..c70ca01 100644 --- a/nullplatform/code_repository/variables.tf +++ b/nullplatform/code_repository/variables.tf @@ -26,7 +26,7 @@ variable "nrn" { variable "collaborators_config" { type = object({ - default_collaborators = list(object({ + collaborators = list(object({ id = string role = string type = string From 5f2385d870ffe4163edc429fcb3a3f47609eef65 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 20:15:28 -0300 Subject: [PATCH 46/87] feat(main-modules): decoupling providers --- .../aws/nullplatform_providers/variables.tf | 2 +- v2/nullplatform/nullplatform_account/main.tf | 0 v2/nullplatform/nullplatform_account/providers.tf | 12 ++++++++++++ v2/nullplatform/nullplatform_users/main.tf | 0 v2/nullplatform/nullplatform_users/providers.tf | 12 ++++++++++++ 5 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 v2/nullplatform/nullplatform_account/main.tf create mode 100644 v2/nullplatform/nullplatform_account/providers.tf create mode 100644 v2/nullplatform/nullplatform_users/main.tf create mode 100644 v2/nullplatform/nullplatform_users/providers.tf diff --git a/v2/nullplatform/aws/nullplatform_providers/variables.tf b/v2/nullplatform/aws/nullplatform_providers/variables.tf index feb2b4f..8c26c7d 100644 --- a/v2/nullplatform/aws/nullplatform_providers/variables.tf +++ b/v2/nullplatform/aws/nullplatform_providers/variables.tf @@ -83,5 +83,5 @@ variable "np_api_key" { variable "namespaces" { type = list(string) - default = ["nullplatform", "nullplatform-tools"] + default = ["nullplatform"] } \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/main.tf b/v2/nullplatform/nullplatform_account/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/v2/nullplatform/nullplatform_account/providers.tf b/v2/nullplatform/nullplatform_account/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/v2/nullplatform/nullplatform_account/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/main.tf b/v2/nullplatform/nullplatform_users/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/v2/nullplatform/nullplatform_users/providers.tf b/v2/nullplatform/nullplatform_users/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/v2/nullplatform/nullplatform_users/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file From c6987e466465e4b29a551e33d30640606b7bdc6b Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 20:41:28 -0300 Subject: [PATCH 47/87] feat(main-modules): add account & users --- v2/nullplatform/nullplatform_account/main.tf | 8 ++++++++ v2/nullplatform/nullplatform_account/variables.tf | 12 ++++++++++++ v2/nullplatform/nullplatform_users/main.tf | 7 +++++++ v2/nullplatform/nullplatform_users/variables.tf | 10 ++++++++++ 4 files changed, 37 insertions(+) create mode 100644 v2/nullplatform/nullplatform_account/variables.tf create mode 100644 v2/nullplatform/nullplatform_users/variables.tf diff --git a/v2/nullplatform/nullplatform_account/main.tf b/v2/nullplatform/nullplatform_account/main.tf index e69de29..e02c9da 100644 --- a/v2/nullplatform/nullplatform_account/main.tf +++ b/v2/nullplatform/nullplatform_account/main.tf @@ -0,0 +1,8 @@ +resource "nullplatform_account" "nullplatform_account" { + for_each = var.nullplatform_accounts + + name = each.value.name + repository_prefix = each.value.repository_prefix + repository_provider = each.value.repository_provider + slug = each.value.slug +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/variables.tf b/v2/nullplatform/nullplatform_account/variables.tf new file mode 100644 index 0000000..59a0c47 --- /dev/null +++ b/v2/nullplatform/nullplatform_account/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = string + repository_provider = optional(string, "POC") + slug = optional(string, "poc-account") + })) +} + +variable "np_api_key" { + +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/main.tf b/v2/nullplatform/nullplatform_users/main.tf index e69de29..0afdafe 100644 --- a/v2/nullplatform/nullplatform_users/main.tf +++ b/v2/nullplatform/nullplatform_users/main.tf @@ -0,0 +1,7 @@ +resource "nullplatform_user" "nullplatform_user" { + for_each = var.nullplatform_users + + email = each.value.email + first_name = each.value.first_name + last_name = each.value.last_name +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/variables.tf b/v2/nullplatform/nullplatform_users/variables.tf new file mode 100644 index 0000000..e9b6ac5 --- /dev/null +++ b/v2/nullplatform/nullplatform_users/variables.tf @@ -0,0 +1,10 @@ +variable "nullplatform_users" { + type = map(object({ + email = string + first_name = string + last_name = string + })) +} + +variable "np_api_key" { +} \ No newline at end of file From 846b6e1f2e6ecf02e1acbc7d35da2b3e587a18ec Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 21:02:47 -0300 Subject: [PATCH 48/87] feat(main-modules): add org_id users --- v2/nullplatform/nullplatform_account/variables.tf | 4 ++-- v2/nullplatform/nullplatform_users/main.tf | 1 + v2/nullplatform/nullplatform_users/variables.tf | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/v2/nullplatform/nullplatform_account/variables.tf b/v2/nullplatform/nullplatform_account/variables.tf index 59a0c47..9c5996e 100644 --- a/v2/nullplatform/nullplatform_account/variables.tf +++ b/v2/nullplatform/nullplatform_account/variables.tf @@ -1,8 +1,8 @@ variable "nullplatform_accounts" { type = map(object({ name = string - repository_prefix = string - repository_provider = optional(string, "POC") + repository_prefix = optional(string, "poc-account") + repository_provider = optional(string, "github") slug = optional(string, "poc-account") })) } diff --git a/v2/nullplatform/nullplatform_users/main.tf b/v2/nullplatform/nullplatform_users/main.tf index 0afdafe..029beb9 100644 --- a/v2/nullplatform/nullplatform_users/main.tf +++ b/v2/nullplatform/nullplatform_users/main.tf @@ -4,4 +4,5 @@ resource "nullplatform_user" "nullplatform_user" { email = each.value.email first_name = each.value.first_name last_name = each.value.last_name + organization_id = each.value.organization_id } \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/variables.tf b/v2/nullplatform/nullplatform_users/variables.tf index e9b6ac5..b56836a 100644 --- a/v2/nullplatform/nullplatform_users/variables.tf +++ b/v2/nullplatform/nullplatform_users/variables.tf @@ -3,6 +3,7 @@ variable "nullplatform_users" { email = string first_name = string last_name = string + organization_id = string })) } From e7cb645e0cc9a811175db269f8551aea0df3ff2d Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Tue, 30 Sep 2025 21:09:13 -0300 Subject: [PATCH 49/87] feat(main-modules): rollback organization_id --- v2/nullplatform/nullplatform_users/main.tf | 1 - v2/nullplatform/nullplatform_users/variables.tf | 1 - 2 files changed, 2 deletions(-) diff --git a/v2/nullplatform/nullplatform_users/main.tf b/v2/nullplatform/nullplatform_users/main.tf index 029beb9..0afdafe 100644 --- a/v2/nullplatform/nullplatform_users/main.tf +++ b/v2/nullplatform/nullplatform_users/main.tf @@ -4,5 +4,4 @@ resource "nullplatform_user" "nullplatform_user" { email = each.value.email first_name = each.value.first_name last_name = each.value.last_name - organization_id = each.value.organization_id } \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/variables.tf b/v2/nullplatform/nullplatform_users/variables.tf index b56836a..e9b6ac5 100644 --- a/v2/nullplatform/nullplatform_users/variables.tf +++ b/v2/nullplatform/nullplatform_users/variables.tf @@ -3,7 +3,6 @@ variable "nullplatform_users" { email = string first_name = string last_name = string - organization_id = string })) } From 3d0db1200b54df1086d78bb595a2ddccff764372 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 09:41:48 -0300 Subject: [PATCH 50/87] feat: remove aws reference --- nullplatform/gcp/agent/providers.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/nullplatform/gcp/agent/providers.tf b/nullplatform/gcp/agent/providers.tf index bef3ba9..ab7af6b 100644 --- a/nullplatform/gcp/agent/providers.tf +++ b/nullplatform/gcp/agent/providers.tf @@ -4,11 +4,6 @@ terraform { source = "nullplatform/nullplatform" version = "~> 0.0.63" } - /* cambiar por gcp */ - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } helm = { source = "hashicorp/helm" version = "~> 3.0" From 57a2eba066ef33ecc4d3c0cc0e3364e9638a1fbb Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 09:43:59 -0300 Subject: [PATCH 51/87] feat: change provider gcp --- nullplatform/gcp/agent/providers.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nullplatform/gcp/agent/providers.tf b/nullplatform/gcp/agent/providers.tf index ab7af6b..8fb234f 100644 --- a/nullplatform/gcp/agent/providers.tf +++ b/nullplatform/gcp/agent/providers.tf @@ -10,6 +10,7 @@ terraform { } } } +/* provider "google" { project = var.project_id region = var.location @@ -38,6 +39,17 @@ provider "helm" { ) } } +*/ +provider "helm" { + kubernetes = { + config_path = var.kubeconfig_path + config_context = var.kube_context + } +} +provider "kubernetes" { + config_path = var.kubeconfig_path +} + provider "nullplatform" { api_key = var.np_api_key From 2f89d320c6f70098f93eab83a82ae8481951e8a1 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 09:49:46 -0300 Subject: [PATCH 52/87] feat: add variables --- nullplatform/gcp/agent/variables.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf index c4a14d1..7c80f84 100644 --- a/nullplatform/gcp/agent/variables.tf +++ b/nullplatform/gcp/agent/variables.tf @@ -123,4 +123,13 @@ variable "location" { variable "environment_tag" { +} + +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context } \ No newline at end of file From 31de24d1209d650cb9de3f16906475e2e3bd459a Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 10:06:30 -0300 Subject: [PATCH 53/87] feat:remove gcp reference --- nullplatform/code_repository/variables.tf | 1 - nullplatform/gcp/agent/providers.tf | 29 ------------------ nullplatform/gcp/base/providers.tf | 37 ++++++----------------- nullplatform/gcp/base/variables.tf | 15 +++++---- 4 files changed, 16 insertions(+), 66 deletions(-) diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/code_repository/variables.tf index c70ca01..f37ca99 100644 --- a/nullplatform/code_repository/variables.tf +++ b/nullplatform/code_repository/variables.tf @@ -65,5 +65,4 @@ variable "organization_installation_id" { type = string default = "" - } \ No newline at end of file diff --git a/nullplatform/gcp/agent/providers.tf b/nullplatform/gcp/agent/providers.tf index 8fb234f..a9fd42a 100644 --- a/nullplatform/gcp/agent/providers.tf +++ b/nullplatform/gcp/agent/providers.tf @@ -10,36 +10,7 @@ terraform { } } } -/* -provider "google" { - project = var.project_id - region = var.location -} - -data "google_container_cluster" "gke" { - name = var.cluster_name - location = var.location -} -data "google_client_config" "this" {} - -provider "kubernetes" { - host = "https://${data.google_container_cluster.gke.endpoint}" - token = data.google_client_config.this.access_token - cluster_ca_certificate = base64decode( - data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate - ) -} -provider "helm" { - kubernetes = { - host = "https://${data.google_container_cluster.gke.endpoint}" - token = data.google_client_config.this.access_token - cluster_ca_certificate = base64decode( - data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate - ) - } -} -*/ provider "helm" { kubernetes = { config_path = var.kubeconfig_path diff --git a/nullplatform/gcp/base/providers.tf b/nullplatform/gcp/base/providers.tf index c1627d7..15a395e 100644 --- a/nullplatform/gcp/base/providers.tf +++ b/nullplatform/gcp/base/providers.tf @@ -4,10 +4,7 @@ terraform { source = "nullplatform/nullplatform" version = "~> 0.0.63" } - google = { - source = "hashicorp/google" - version = "~> 5.0" - } + kubernetes = { source = "hashicorp/kubernetes" version = "~> 2.25" @@ -19,34 +16,18 @@ terraform { } } -provider "google" { - project = var.project_id - region = var.location - -} - -data "google_container_cluster" "gke" { - name = var.cluster_name - location = var.location -} -data "google_client_config" "this" {} - -provider "kubernetes" { - host = "https://${data.google_container_cluster.gke.endpoint}" - token = data.google_client_config.this.access_token - cluster_ca_certificate = base64decode( - data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate - ) -} provider "helm" { kubernetes = { - host = "https://${data.google_container_cluster.gke.endpoint}" - token = data.google_client_config.this.access_token - cluster_ca_certificate = base64decode( - data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate - ) + config_path = var.kubeconfig_path + config_context = var.kube_context } } +provider "kubernetes" { + config_path = var.kubeconfig_path +} + + + provider "nullplatform" { api_key = var.np_api_key diff --git a/nullplatform/gcp/base/variables.tf b/nullplatform/gcp/base/variables.tf index 4d10273..1a7a615 100644 --- a/nullplatform/gcp/base/variables.tf +++ b/nullplatform/gcp/base/variables.tf @@ -20,14 +20,13 @@ variable "np_api_key" { sensitive = true description = "Nullplatform API key for authentication" } -variable "cluster_name" { - type = string -} -variable "location" { - type = string -} -variable "project_id" { - type = string +variable "kubeconfig_path" { + type = string + default = "~/.kube/config" +} +variable "kube_context" { + type = string + default = null # o el nombre de tu context } \ No newline at end of file From ee4f2a985b167d6219648e1096937d95c1035bfd Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 10:30:02 -0300 Subject: [PATCH 54/87] feat: remove variables and data --- workloads/prometheus/data.tf | 9 --------- workloads/prometheus/main.tf | 2 +- workloads/prometheus/variables.tf | 10 +++------- 3 files changed, 4 insertions(+), 17 deletions(-) delete mode 100644 workloads/prometheus/data.tf diff --git a/workloads/prometheus/data.tf b/workloads/prometheus/data.tf deleted file mode 100644 index a974859..0000000 --- a/workloads/prometheus/data.tf +++ /dev/null @@ -1,9 +0,0 @@ -/* -data "aws_eks_cluster" "this" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "this" { - url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer -} -*/ \ No newline at end of file diff --git a/workloads/prometheus/main.tf b/workloads/prometheus/main.tf index 2bd787e..ebc11c2 100644 --- a/workloads/prometheus/main.tf +++ b/workloads/prometheus/main.tf @@ -2,7 +2,7 @@ resource "helm_release" "prometheus" { name = "prometheus" repository = "https://prometheus-community.github.io/helm-charts" chart = "prometheus" - namespace = var.namespace + namespace = var.prometheus_namespace create_namespace = true values = [ local.prometheus_values ] diff --git a/workloads/prometheus/variables.tf b/workloads/prometheus/variables.tf index 62c32d9..3844842 100644 --- a/workloads/prometheus/variables.tf +++ b/workloads/prometheus/variables.tf @@ -1,15 +1,10 @@ -variable "namespace" { +variable "prometheus_namespace" { default = "prometheus" } -variable "cluster_name" {} - variable "nrn" {} -variable "cloud" { - description = "cloud (ej. gcp, aws, azure, etc.)" - type = string -} + variable "np_api_key" { type = string } @@ -27,3 +22,4 @@ variable "kube_context" { type = string default = null # o el nombre de tu context } + From 3da0d51fd15390fd527e604e50377b5a4ea0d9b6 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 10:43:01 -0300 Subject: [PATCH 55/87] feat: edit namesapce variable --- workloads/prometheus/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workloads/prometheus/main.tf b/workloads/prometheus/main.tf index ebc11c2..08df4da 100644 --- a/workloads/prometheus/main.tf +++ b/workloads/prometheus/main.tf @@ -13,7 +13,7 @@ resource "nullplatform_provider_config" "prometheus" { type = "prometheus" attributes = jsonencode({ "server" : { - "url" : "http://prometheus-server.${var.namespace}.svc.cluster.local:80" + "url" : "http://prometheus-server.${var.prometheus_namespace}.svc.cluster.local:80" } }) dimensions = {} From 434079f6c01012581b2df94c77f8b865deb118c0 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:25:52 -0300 Subject: [PATCH 56/87] feat: rename variable name --- workloads/cert-manager/templates/cert_manager_values.tmpl.yaml | 2 +- workloads/cert-manager/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml b/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml index 88b6db6..821b03c 100644 --- a/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml +++ b/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml @@ -21,4 +21,4 @@ azure: cloudflare: enabled: ${cloudflare_enabled} secretName: "${cloudflare_secret_name}" - apiToken: "${cloudflare_api_token}" + apiToken: "${cloudflare_token}" diff --git a/workloads/cert-manager/variables.tf b/workloads/cert-manager/variables.tf index 82963c4..0a38bc5 100644 --- a/workloads/cert-manager/variables.tf +++ b/workloads/cert-manager/variables.tf @@ -112,7 +112,7 @@ variable "cloudflare_secret_name" { default = "cloudflare-api-token-secret" } -variable "cloudflare_api_token" { +variable "cloudflare_token" { description = "Cloudflare API Token (minimum permissions: Zone:DNS:Edit + Zone:Read)." type = string sensitive = true From 506898aaaa638135dbad99a5ad977994e009b771 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:27:13 -0300 Subject: [PATCH 57/87] feat: rename variable name --- workloads/cert-manager/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workloads/cert-manager/variables.tf b/workloads/cert-manager/variables.tf index 0a38bc5..e20d2c7 100644 --- a/workloads/cert-manager/variables.tf +++ b/workloads/cert-manager/variables.tf @@ -118,7 +118,7 @@ variable "cloudflare_token" { sensitive = true default = "" validation { - condition = !var.cloudflare_enabled || length(var.cloudflare_api_token) > 0 + condition = !var.cloudflare_enabled || length(var.cloudflare_token) > 0 error_message = "When cloudflare_enabled is true, cloudflare_api_token must not be empty." } } From a0ae4972d52a212bfeb0b5ff337a1a7f5510ed1a Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:37:10 -0300 Subject: [PATCH 58/87] feat: rename variable name --- workloads/cert-manager/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workloads/cert-manager/locals.tf b/workloads/cert-manager/locals.tf index 1a741f0..29f23eb 100644 --- a/workloads/cert-manager/locals.tf +++ b/workloads/cert-manager/locals.tf @@ -20,6 +20,6 @@ locals { # Cloudflare cloudflare_enabled = var.cloudflare_enabled cloudflare_secret_name = var.cloudflare_secret_name - cloudflare_api_token = var.cloudflare_api_token + cloudflare_api_token = var.cloudflare_token }) } \ No newline at end of file From 933b27a1f18f54a1d73f481994e94379377d661b Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:39:38 -0300 Subject: [PATCH 59/87] feat: rename variable name --- workloads/cert-manager/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workloads/cert-manager/locals.tf b/workloads/cert-manager/locals.tf index 29f23eb..e222583 100644 --- a/workloads/cert-manager/locals.tf +++ b/workloads/cert-manager/locals.tf @@ -20,6 +20,6 @@ locals { # Cloudflare cloudflare_enabled = var.cloudflare_enabled cloudflare_secret_name = var.cloudflare_secret_name - cloudflare_api_token = var.cloudflare_token + cloudflare_token = var.cloudflare_token }) } \ No newline at end of file From 29dfd5121d51db474dc1b80620a0bcce7bc5b6e0 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:41:01 -0300 Subject: [PATCH 60/87] feat: rename variable name --- workloads/external-dns/secret.tf | 2 +- workloads/external-dns/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/workloads/external-dns/secret.tf b/workloads/external-dns/secret.tf index 7bfc040..07fa11b 100644 --- a/workloads/external-dns/secret.tf +++ b/workloads/external-dns/secret.tf @@ -10,7 +10,7 @@ resource "kubernetes_secret_v1" "external_dns_cloudflare" { data = { - "api-token" = var.clodflare_token + "api-token" = var.cloudflare_token } } diff --git a/workloads/external-dns/variables.tf b/workloads/external-dns/variables.tf index 3c9a19d..8aceb2e 100644 --- a/workloads/external-dns/variables.tf +++ b/workloads/external-dns/variables.tf @@ -17,7 +17,7 @@ variable "txt_owner_id" { } -variable "clodflare_token" { +variable "cloudflare_token" { type = string sensitive = true From dc6a0613dec674b81d25ae4570a36784c0018706 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 14:59:54 -0300 Subject: [PATCH 61/87] feat:rename resource --- workloads/cert-manager/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workloads/cert-manager/main.tf b/workloads/cert-manager/main.tf index b8b407b..b89158d 100644 --- a/workloads/cert-manager/main.tf +++ b/workloads/cert-manager/main.tf @@ -14,7 +14,7 @@ resource "helm_release" "cert_manager" { } -resource "helm_release" "cert_manager-config" { +resource "helm_release" "cert_manager_config" { name = "cert-manager-config" repository = "https://nullplatform.github.io/helm-charts" chart = "nullplatform-cert-manager-config" From 5a38b5db00dbb386c0c56d32b442bfdae89e03e5 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 15:03:18 -0300 Subject: [PATCH 62/87] feat:rename resource --- workloads/cert-manager/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/workloads/cert-manager/main.tf b/workloads/cert-manager/main.tf index b89158d..daf6934 100644 --- a/workloads/cert-manager/main.tf +++ b/workloads/cert-manager/main.tf @@ -20,6 +20,7 @@ resource "helm_release" "cert_manager_config" { chart = "nullplatform-cert-manager-config" create_namespace = true version = var.cert_manager_config_version + namespace = var.cert_manager_namespace values = [local.helm_values] } From 0d7b9c2424df3bd92e47172bc2cc34345b81e373 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 16:42:10 -0300 Subject: [PATCH 63/87] feat: comment accout --- nullplatform/code_repository/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nullplatform/code_repository/main.tf b/nullplatform/code_repository/main.tf index a014c6b..d3119ed 100644 --- a/nullplatform/code_repository/main.tf +++ b/nullplatform/code_repository/main.tf @@ -15,7 +15,7 @@ resource "nullplatform_provider_config" "gitlab" { ) } -/* If the git_provider variable is set to gitlab, create this resource. */ +/* If the git_provider variable is set to gitlab, create this resource. resource "nullplatform_account" "gitlab_account" { count = local.is_gitlab ? 1 : 0 name = var.gitlab_name @@ -23,7 +23,7 @@ resource "nullplatform_account" "gitlab_account" { repository_provider = var.repository_provider slug = var.gitlab_slug } - +*/ /* If the git_provider variable has the value github, create this resource */ resource "nullplatform_provider_config" "github" { count = local.is_github ? 1 : 0 From f10d00162edd6929a5b85709c3a1ab4d72b81fa6 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 17:37:10 -0300 Subject: [PATCH 64/87] feat: edit repo ref --- nullplatform/gcp/agent/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf index 7c80f84..743d79d 100644 --- a/nullplatform/gcp/agent/variables.tf +++ b/nullplatform/gcp/agent/variables.tf @@ -7,7 +7,7 @@ variable "nullplatform-agent-helm-version" { variable "agent_repos_scope" { description = "Git repository URL for agent scopes configuration" type = string - default = "https://github.com/nullplatform/scopes.git#main" + default = "https://github.com/nullplatform/scopes.git#beta" } variable "agent_repos_extra" { From a383f9aa2b979ea77c6cb07c83e60e42dc068037 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Wed, 1 Oct 2025 17:52:15 -0300 Subject: [PATCH 65/87] feat(main-v2): add aws/acm --- v2/foundations/aws/acm/main.tf | 33 +++++++++++++++++++++++++++++ v2/foundations/aws/acm/output.tf | 9 ++++++++ v2/foundations/aws/acm/providers.tf | 8 +++++++ v2/foundations/aws/acm/variables.tf | 14 ++++++++++++ v2/foundations/aws/route53/main.tf | 7 ++++++ 5 files changed, 71 insertions(+) create mode 100644 v2/foundations/aws/acm/main.tf create mode 100644 v2/foundations/aws/acm/output.tf create mode 100644 v2/foundations/aws/acm/providers.tf create mode 100644 v2/foundations/aws/acm/variables.tf diff --git a/v2/foundations/aws/acm/main.tf b/v2/foundations/aws/acm/main.tf new file mode 100644 index 0000000..862d67f --- /dev/null +++ b/v2/foundations/aws/acm/main.tf @@ -0,0 +1,33 @@ +resource "aws_acm_certificate" "cert" { + provider = aws + domain_name = "*.${var.domain_name}" + validation_method = "DNS" + + subject_alternative_names = var.subject_alternative_names + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_route53_record" "cert_validation" { + provider = aws + for_each = { + for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => { + name = dvo.resource_record_name + type = dvo.resource_record_type + value = dvo.resource_record_value + } + } + zone_id = var.zone_id + name = each.value.name + type = each.value.type + ttl = 300 + records = [each.value.value] +} + +resource "aws_acm_certificate_validation" "cert_validation" { + provider = aws + certificate_arn = aws_acm_certificate.cert.arn + validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] +} \ No newline at end of file diff --git a/v2/foundations/aws/acm/output.tf b/v2/foundations/aws/acm/output.tf new file mode 100644 index 0000000..461f61b --- /dev/null +++ b/v2/foundations/aws/acm/output.tf @@ -0,0 +1,9 @@ +output "acm_certificate_arn" { + description = "The ARN of the ACM certificate" + value = aws_acm_certificate.cert.arn +} + +output "acm_certificate_domain_name" { + description = "The domain name for which the ACM certificate is issued" + value = aws_acm_certificate.cert.domain_name +} \ No newline at end of file diff --git a/v2/foundations/aws/acm/providers.tf b/v2/foundations/aws/acm/providers.tf new file mode 100644 index 0000000..8b01857 --- /dev/null +++ b/v2/foundations/aws/acm/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} \ No newline at end of file diff --git a/v2/foundations/aws/acm/variables.tf b/v2/foundations/aws/acm/variables.tf new file mode 100644 index 0000000..25a378a --- /dev/null +++ b/v2/foundations/aws/acm/variables.tf @@ -0,0 +1,14 @@ +variable "zone_id" { + description = "Route53 Zone ID where certificate will be validated" + type = string +} + +variable "domain_name" { + type = string +} + +variable "subject_alternative_names" { + type = list(string) + description = "Alternative DNS to add" + default = [] +} \ No newline at end of file diff --git a/v2/foundations/aws/route53/main.tf b/v2/foundations/aws/route53/main.tf index 711ca7c..578fb7f 100644 --- a/v2/foundations/aws/route53/main.tf +++ b/v2/foundations/aws/route53/main.tf @@ -8,3 +8,10 @@ resource "aws_route53_zone" "private_zone" { vpc_id = var.vpc_id } } + +module "aws_route53_acm" { + source = "../acm" + domain_name = var.domain_name + zone_id = aws_route53_zone.public_zone.id + subject_alternative_names = [] +} From c85969cf6d117e489643ddd25c1f6123b44970e5 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 18:02:12 -0300 Subject: [PATCH 66/87] feat: edit branch --- nullplatform/gcp/agent/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf index 743d79d..31fbb8e 100644 --- a/nullplatform/gcp/agent/variables.tf +++ b/nullplatform/gcp/agent/variables.tf @@ -7,7 +7,7 @@ variable "nullplatform-agent-helm-version" { variable "agent_repos_scope" { description = "Git repository URL for agent scopes configuration" type = string - default = "https://github.com/nullplatform/scopes.git#beta" + default = "https://github.com/nullplatform/scopes.git#ftc" } variable "agent_repos_extra" { From ebaf40a54ffb8900caec7bd21f771af62c30d9fd Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Wed, 1 Oct 2025 18:07:15 -0300 Subject: [PATCH 67/87] feat(main-v2): add examples --- .../README.md | 217 +++++++++ .../backend.tf | 8 + .../nullplatform-with-infraestructure/main.tf | 117 +++++ .../providers.tf | 42 ++ .../variables.tf | 118 +++++ .../README.md | 436 ++++++++++++++++++ .../backend.tf | 8 + .../data.tf | 7 + .../main.tf | 69 +++ .../providers.tf | 40 ++ .../variables.tf | 121 +++++ 11 files changed, 1183 insertions(+) create mode 100644 v2/examples/aws/nullplatform-with-infraestructure/README.md create mode 100644 v2/examples/aws/nullplatform-with-infraestructure/backend.tf create mode 100644 v2/examples/aws/nullplatform-with-infraestructure/main.tf create mode 100644 v2/examples/aws/nullplatform-with-infraestructure/providers.tf create mode 100644 v2/examples/aws/nullplatform-with-infraestructure/variables.tf create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/README.md create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/backend.tf create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/data.tf create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/main.tf create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/providers.tf create mode 100644 v2/examples/aws/nullplatform-without-infraestructure/variables.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/README.md b/v2/examples/aws/nullplatform-with-infraestructure/README.md new file mode 100644 index 0000000..75e5084 --- /dev/null +++ b/v2/examples/aws/nullplatform-with-infraestructure/README.md @@ -0,0 +1,217 @@ +# Infraestructura Base AWS para Nullplatform + +Este repositorio contiene la configuraciรณn de Terraform necesaria para desplegar la infraestructura base en AWS que soporta Nullplatform, incluyendo recursos de red, DNS, Kubernetes y configuraciones de la plataforma. + +## Descripciรณn + +El proyecto despliega y configura automรกticamente: + +### Infraestructura AWS Base +- **VPC**: Red privada virtual con subredes pรบblicas y privadas +- **Route53**: Zonas DNS pรบblicas y privadas para gestiรณn de dominios +- **EKS**: Cluster de Kubernetes gestionado +- **ALB Controller**: Controlador de Application Load Balancer para ingress +- **ACM**: Gestiรณn de certificados SSL/TLS + +### Configuraciรณn Nullplatform +- **Providers**: Configuraciรณn de proveedores de Nullplatform (AWS, GitHub) +- **Users**: Gestiรณn de usuarios de la plataforma +- **Accounts**: Configuraciรณn de cuentas +- **Agent**: Agente de Nullplatform desplegado en EKS +- **Base Chart**: Helm chart base con configuraciones fundamentales +- **Prometheus**: Stack de monitoreo y mรฉtricas + +## Requisitos Previos + +- Terraform ~> v1.12.2 +- OpenTofu ~> v1.10.6 +- Cuenta de AWS con permisos administrativos +- API Key de Nullplatform +- GitHub Organization configurada + +## Mรณdulos Principales + +### 1. Foundations (AWS) +``` +โ”œโ”€โ”€ VPC +โ”œโ”€โ”€ Route53 +โ”œโ”€โ”€ ACM +โ”œโ”€โ”€ EKS +โ””โ”€โ”€ ALB Controller +``` + +### 2. Nullplatform Configuration +``` +โ”œโ”€โ”€ Providers +โ”œโ”€โ”€ Users +โ”œโ”€โ”€ Accounts +โ”œโ”€โ”€ Agent +โ”œโ”€โ”€ Base Chart +โ””โ”€โ”€ Prometheus +``` + +## Variables Requeridas + +### AWS & Networking +- `account`: Identificador de cuenta +- `organization`: Nombre de la organizaciรณn +- `vpc`: Configuraciรณn de VPC +- `domain_name`: Dominio para Route53 +- `eks_cluster_name`: Nombre del cluster EKS +- `certificate_arn`: ARN del certificado ACM + +### Nullplatform +- `nrn`: Nullplatform Resource Name +- `api_key`: API Key de Nullplatform +- `environment`: Entorno (dev, staging, prod) +- `nullplatform_users`: Lista de usuarios +- `nullplatform_accounts`: Lista de cuentas +- `tags`: Tags para el agente +- `environment_tags`: tags para el channel +- `agent_repos_extra`: Repositorios adicionales para el agente + +### GitHub +- `github_organization`: Organizaciรณn de GitHub +- `github_organization_installation_id`: ID de instalaciรณn de GitHub App + +## Uso + +### 1. Clonar el repositorio +```bash +git clone +cd +``` + +### 2. Configurar variables +Crear un archivo `terraform.tfvars`: +```hcl +account = "my-account" +organization = "my-org" +domain_name = "example.com" +eks_cluster_name = "nullplatform-cluster" +certificate_arn = "arn:aws:acm:..." +nrn = "nrn:..." +api_key = "np_..." +environment = "production" + +github_organization = "my-github-org" +github_organization_installation_id = "12345678" + +# Usuarios y cuentas +nullplatform_users = {} +nullplatform_accounts = {} +``` + +### 3. Inicializar Terraform +```bash +terraform init +``` + +### 4. Revisar el plan +```bash +terraform plan +``` + +### 5. Aplicar la configuraciรณn +```bash +terraform apply +``` + +## Arquitectura + +``` +โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” +โ”‚ AWS Cloud โ”‚ +โ”‚ โ”‚ +โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ +โ”‚ โ”‚ VPC โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ Public โ”‚ โ”‚ Private โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ Subnets โ”‚ โ”‚ Subnets โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ EKS Cluster โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ | +โ”‚ โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ ALB Controller โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ Nullplatform โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ Agent - Base โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ Prometheus โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ ALB โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ +โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ +โ”‚ โ”‚ +โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ +โ”‚ โ”‚ Route53 (DNS) โ”‚ โ”‚ +โ”‚ โ”‚ โ€ข Public Zone โ”‚ โ”‚ +โ”‚ โ”‚ โ€ข Private Zone โ”‚ โ”‚ +โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ +โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ +``` + +## Orden de Despliegue + +El cรณdigo estรก estructurado para respetar las dependencias: + +1. **VPC** โ†’ Crea la red base +2. **Route53** โ†’ Configura DNS (requiere VPC) +3. **ACM** -> Crea y valida el TLS/SSL +3. **EKS** โ†’ Despliega cluster Kubernetes (requiere VPC) +4. **ALB Controller** โ†’ Instala controlador (requiere EKS) +5. **Nullplatform Config** โ†’ Configura providers (requiere Route53) +6. **Nullplatform Resources** โ†’ Crea usuarios y cuentas +7. **Nullplatform Agent** โ†’ Despliega agente (requiere EKS) +8. **Base Chart** โ†’ Instala configuraciones base (requiere EKS) +9. **Prometheus** โ†’ Despliega monitoreo (requiere EKS) + +## Outputs + +Los mรณdulos generan outputs รบtiles como: +- VPC ID +- Subnet IDs +- EKS Cluster endpoint +- Route53 Zone IDs +- OIDC Provider ARN + +## Limpieza + +Para destruir toda la infraestructura: +```bash +terraform destroy +``` + +โš ๏ธ **Advertencia**: Esto eliminarรก todos los recursos creados. Asegรบrate de hacer backups si es necesario. + +## Troubleshooting + +### Error al crear EKS +- Verificar que las subredes privadas tengan acceso a internet (NAT Gateway) +- Confirmar que los security groups permitan el trรกfico necesario + +### ALB Controller no despliega +- Verificar que el OIDC provider estรฉ configurado correctamente +- Revisar los logs del pod del controller + +### Prometheus no recolecta mรฉtricas +- Confirmar que el agente de Nullplatform estรฉ ejecutรกndose +- Verificar la configuraciรณn de ServiceMonitors + +## Soporte + +Para mรกs informaciรณn sobre los mรณdulos, visita: +- [Nullplatform Terraform Modules](https://github.com/nullplatform/main-terraform-modules) +- [Documentaciรณn de Nullplatform](https://docs.nullplatform.com) + +## Licencia + +[Especificar licencia del proyecto] \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-with-infraestructure/backend.tf b/v2/examples/aws/nullplatform-with-infraestructure/backend.tf new file mode 100644 index 0000000..7787092 --- /dev/null +++ b/v2/examples/aws/nullplatform-with-infraestructure/backend.tf @@ -0,0 +1,8 @@ +# terraform { +# backend "s3" { +# bucket = "tf-state-8c73135a5572b70b" +# key = "terraform.tfstate" +# region = "us-east-1" +# encrypt = true +# } +# } diff --git a/v2/examples/aws/nullplatform-with-infraestructure/main.tf b/v2/examples/aws/nullplatform-with-infraestructure/main.tf new file mode 100644 index 0000000..f79b9fd --- /dev/null +++ b/v2/examples/aws/nullplatform-with-infraestructure/main.tf @@ -0,0 +1,117 @@ +############################################################################### +# VPC Config +################################################################################ +module "foundations_vpc" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/vpc?ref=chore/IaC-v2" + account = var.account + organization = var.organization + vpc = var.vpc +} + +################################################################################ +# Route53 Config +################################################################################ +module "foundations_route53" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/route53?ref=chore/IaC-v2" + + domain_name = var.domain_name + vpc_id = module.foundations_vpc.vpc_id +} + +################################################################################ +# EKS Config +################################################################################ +module "foundations_eks" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/eks?ref=chore/IaC-v2" + + name = var.eks_cluster_name + aws_subnets_private_ids = module.foundations_vpc.private_subnets + aws_vpc_vpc_id = module.foundations_vpc.vpc_id +} + +################################################################################ +# ALB-Controller Config +################################################################################ +module "foundations_alb_controller" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/alb-controller?ref=chore/IaC-v2" + + cluster_name = module.foundations_eks.eks_cluster_name + vpc_id = module.foundations_vpc.vpc_id + + depends_on = [module.foundations_eks] + aws_iam_openid_connect_provider = module.foundations_eks.eks_oidc_provider_arn +} + + +################################################################################ +# Platform Config +################################################################################ +module "nullplatform_configuration" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + + domain_name = var.domain_name + environment = var.environment + hosted_private_zone_id = module.foundations_route53.private_zone_id + hosted_public_zone_id = module.foundations_route53.public_zone_id + nrn = var.nrn + organization = var.github_organization + organization_installation_id = var.github_organization_installation_id + certificate_arn = var.certificate_arn + np_api_key = var.api_key + +} + +################################################################################ +# Users Config +################################################################################ +module "nullplatform_user" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + np_api_key = var.api_key + nullplatform_users = var.nullplatform_users +} + +################################################################################ +# Acount Config +################################################################################ +module "nullplatform_account" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + np_api_key = var.api_key + nullplatform_accounts = var.nullplatform_accounts +} + + +################################################################################ +# Nullplatform Agent Helm Chart Configuration +################################################################################ + +module "nullplatform_agent" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + cluster_name = module.foundations_eks.eks_cluster_name + tags = var.tags + nrn = var.nrn + agent_repos_extra = var.agent_repos_extra + environment_tag = var.environment_tags + np_api_key = var.api_key + aws_iam_openid_connect_provider_arn = module.foundations_eks.eks_oidc_provider_arn +} + +################################################################################ +# Nullplatform Base Helm Chart Configuration +################################################################################ + +module "nullplatform_base_chart" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + nrn = var.nrn + + depends_on = [module.foundations_eks] +} + +################################################################################ +# Prometheus Configuration +################################################################################ + +module "nullplatform_prometheus" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + cluster_name = module.foundations_eks.eks_cluster_name + nrn = var.nrn +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-with-infraestructure/providers.tf b/v2/examples/aws/nullplatform-with-infraestructure/providers.tf new file mode 100644 index 0000000..5a3431d --- /dev/null +++ b/v2/examples/aws/nullplatform-with-infraestructure/providers.tf @@ -0,0 +1,42 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.api_key +} + +provider "kubernetes" { + host = module.foundations_eks.eks_cluster_endpoint + cluster_ca_certificate = base64decode(module.foundations_eks.eks_cluster_ca) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "--profile", "providers-test", + "eks", "get-token", + "--cluster-name", module.foundations_eks.eks_cluster_name + ] + } +} + +provider "helm" { + kubernetes = { + host = module.foundations_eks.eks_cluster_endpoint + cluster_ca_certificate = base64decode(module.foundations_eks.eks_cluster_ca) + exec = { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "--profile", "providers-test", + "eks", "get-token", + "--cluster-name", module.foundations_eks.eks_cluster_name + ] + } + } +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-with-infraestructure/variables.tf b/v2/examples/aws/nullplatform-with-infraestructure/variables.tf new file mode 100644 index 0000000..2127416 --- /dev/null +++ b/v2/examples/aws/nullplatform-with-infraestructure/variables.tf @@ -0,0 +1,118 @@ +####################################### +# Variables de cuenta / organizaciรณn +####################################### +variable "account" { + description = "Nombre o alias de la cuenta" + type = string +} + +variable "organization" { + description = "Organizaciรณn de AWS u otro scope" + type = string +} + +variable "environment" { + description = "Nombre del entorno (dev, staging, prod, etc.)" + type = string + default = "" +} + +####################################### +# VPC +####################################### +variable "vpc" { + description = "Configuraciรณn de la VPC" + type = object({ + cidr_block = string + azs = list(string) + private_subnets = list(string) + public_subnets = list(string) + }) +} + +####################################### +# Route53 / dominios +####################################### +variable "domain_name" { + description = "Dominio raรญz para el entorno" + type = string +} + +####################################### +# EKS +####################################### +variable "eks_cluster_name" { + description = "Nombre del cluster EKS" + type = string +} + +####################################### +# Nullplatform configuration +####################################### +variable "nrn" { + description = "ID รบnico de nullplatform (organization y account)" + type = string +} + +variable "github_organization" { + description = "Organizaciรณn de GitHub asociada" + type = string +} + +variable "github_organization_installation_id" { + description = "Installation ID de la GitHub App" + type = string +} + +variable "certificate_arn" { + description = "ARN del certificado SSL/TLS de ACM" + type = string +} + +variable "api_key" { + description = "API Key de Nullplatform" + type = string + sensitive = true +} + +####################################### +# Tags +####################################### +variable "tags" { + description = "Etiquetas adicionales en formato clave:valor" + type = string +} + +variable "agent_repos_extra" { + description = "Repositorios adicionales para el agente" + type = list(string) + default = [] +} + +variable "environment_tags" { + description = "Etiquetas especรญficas del entorno" + type = string +} + +####################################### +# Prometheus / monitoring +####################################### +# Se aprovechan las variables eks_cluster_name y nrn + + +variable "nullplatform_users" { + type = map(object({ + email = string + first_name = string + last_name = string + })) +} + +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = string + repository_provider = string + slug = string + })) +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/README.md b/v2/examples/aws/nullplatform-without-infraestructure/README.md new file mode 100644 index 0000000..11528df --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/README.md @@ -0,0 +1,436 @@ +# Nullplatform sobre Infraestructura AWS Existente + +Este repositorio contiene la configuraciรณn de Iac para desplegar Nullplatform sobre una infraestructura AWS existente. Asume que ya cuentas con VPC, Route53, EKS y ALB Controller configurados. + +## Descripciรณn + +El proyecto configura y despliega รบnicamente los componentes de Nullplatform: + +### Configuraciรณn de Nullplatform +- **Providers**: Integraciรณn con AWS y GitHub +- **Users**: Gestiรณn de usuarios de la plataforma +- **Accounts**: Configuraciรณn de cuentas +- **Agent**: Agente de Nullplatform desplegado en el cluster EKS existente +- **Base Chart**: Helm chart base con configuraciones de logs y mรฉtricas +- **Prometheus**: Stack de monitoreo y recolecciรณn de mรฉtricas + +## Requisitos Previos + +### Infraestructura AWS Existente +- โœ… VPC con subredes pรบblicas y privadas +- โœ… Route53 con zonas DNS pรบblicas y privadas configuradas +- โœ… Cluster EKS funcional y accesible con OIDC habilitado +- โœ… ALB Controller instalado en el cluster +- โœ… Certificado ACM creado y disponible + +### Credenciales y Accesos +- Terraform ~> v1.12.2 +- OpenTofu ~> v1.10.6 +- `kubectl` configurado para acceder al cluster EKS +- API Key de Nullplatform (generada a nivel Organizaciรณn y con roles Ops, SecOps, SecretReader) +- GitHub Organization con la App instalada (https://docs.nullplatform.com/docs/providers/tutorials/configuring-github#record-your-installation-id) +- Permisos IAM para crear roles y polรญticas + +## Estructura del Proyecto + +``` +. +โ”œโ”€โ”€ main.tf # Configuraciรณn principal de mรณdulos +โ”œโ”€โ”€ variables.tf # Definiciรณn de variables +โ”œโ”€โ”€ terraform.tfvars # Valores de variables (no versionar) +โ”œโ”€โ”€ data.tf # Data sources para recursos existentes +โ””โ”€โ”€ README.md # Este archivo +``` + +## Variables Requeridas + +### Infraestructura AWS Existente +```hcl +# Cluster EKS +eks_cluster_name = "nombre-del-cluster-existente" + +# DNS +domain_name = "example.com" +hosted_private_zone_id = "Z1234567890ABC" # ID de la zona privada existente +hosted_public_zone_id = "Z0987654321XYZ" # ID de la zona pรบblica existente + +# Certificados +certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/..." +``` + +### Nullplatform +```hcl +# Configuraciรณn general +nrn = "nrn:organization:account:scope:..." +api_key = "np_..." +environment = "production" # o "staging", "development" + +# GitHub +github_organization = "mi-organizacion" +github_organization_installation_id = "12345678" + +# Usuarios +nullplatform_users = { + admin = { + email = "admin@example.com" + first_name = "admin" + last_name = "admin" + } +} + +# Cuentas +nullplatform_accounts = { + main = { + name = "main", + repository_prefix = "main", + repository_provider = optional(string, "github") + slug = "main" + } +} +# tags para el agente +tags = "environment:providers-test" + +# Tags to channel +environment_tags = "providers-test" + +agent_repos_extra = [] +``` + +## Data Sources Necesarios + +En el archivo `data.tf` ecnontraras la informacion para referenciar recursos existentes: + +```hcl +# Obtener informaciรณn del cluster EKS existente +data "aws_eks_cluster" "this" { + name = var.eks_cluster_name +} + +data "aws_iam_openid_connect_provider" "this" { + url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer +} + +## Opcionales +# Obtener informaciรณn de la VPC +data "aws_vpc" "this" { + filter { + name = "tag:Name" + values = ["nombre-de-tu-vpc"] # Ajustar segรบn tu VPC + } +} + +# Obtener zonas DNS (opcional, si no usas variables) +data "aws_route53_zone" "private" { + zone_id = var.hosted_private_zone_id + private_zone = true +} + +data "aws_route53_zone" "public" { + zone_id = var.hosted_public_zone_id +} +``` + +## Configuraciรณn del Provider + +En el archivo `providers.tf` encontraras la configuracion para usar los diferentes providers requeridos en la instalacion + +```hcl +terraform { + required_version = "~> 1.0" + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } + provider "nullplatform" { + api_key = var.api_key +} + + +} + +# Provider de Kubernetes y helm usando el cluster EKS existente +provider "kubernetes" { + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "--profile", "providers-test", + "eks", "get-token", + "--cluster-name", var.eks_cluster_name + ] + } +} + +provider "helm" { + kubernetes = { + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data) + exec = { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "--profile", "providers-test", + "eks", "get-token", + "--cluster-name", var.eks_cluster_name + ] + } + } +} +``` + +## Guรญa de Uso + +### 1. Verificar Prerequisitos + +Asegรบrate de tener acceso al cluster: +```bash +aws eks update-kubeconfig --name --region +kubectl get nodes +``` + +Verifica que el ALB Controller estรฉ funcionando: +```bash +kubectl get deployment -n kube-system aws-load-balancer-controller +``` + +### 2. Configurar Variables + +Crea un archivo `terraform.tfvars`: +```hcl +# AWS Infrastructure (existente) +eks_cluster_name = "my-existing-cluster" +domain_name = "example.com" +hosted_private_zone_id = "Z1234567890ABC" +hosted_public_zone_id = "Z0987654321XYZ" +certificate_arn = "arn:aws:acm:..." + +# Nullplatform +nrn = "nrn:..." +api_key = "np_..." +environment = "production" + +# GitHub +github_organization = "my-org" +github_organization_installation_id = "12345678" + +# Users & Accounts +nullplatform_users = { + admin = { + email = "admin@example.com" + first_name = "admin" + last_name = "admin" + } +} + +nullplatform_accounts = { + main = { + name = "main", + repository_prefix = "main", + repository_provider = optional(string, "github") + slug = "main" + } +} +``` + +### 3. Inicializar y Desplegar + +```bash +# Inicializar Terraform +terraform init + +# Revisar el plan +terraform plan + +# Aplicar la configuraciรณn +terraform apply +``` + +### 4. Verificar el Despliegue + +```bash +# Verificar que el agente estรฉ corriendo +kubectl get pods -n nullplatform-system + +# Verificar Prometheus +kubectl get pods -n monitoring + +# Verificar los servicios +kubectl get svc --all-namespaces +``` + +## Componentes Desplegados + +### 1. Nullplatform Providers +Configura la integraciรณn entre Nullplatform y tus proveedores: +- AWS (usando las zonas DNS y certificados existentes) +- GitHub (como repositorio de las aplicaciones) + +### 2. Usuarios y Cuentas +Gestiona el acceso y las cuentas dentro de Nullplatform. + +### 3. Nullplatform Agent +Agente desplegado en el cluster EKS que: +- Gestiona deployments +- Sincroniza estado con Nullplatform +- Maneja secrets y configuraciones +- Se comunica con la API de Nullplatform + +### 4. Base Chart +Helm chart con configuraciones fundamentales: +- Logs & Metricas + +### 5. Prometheus Stack +Stack de monitoreo que incluye: +- Prometheus server +- Service monitors +- Alert managers + +## Arquitectura + +``` +โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” +โ”‚ Infraestructura AWS Existente โ”‚ +โ”‚ โ”‚ +โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ +โ”‚ โ”‚ VPC (existente) โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ Cluster EKS (existente) โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ Nullplatform Agent โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Deployment Manager โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข State Sync โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ Base Chart โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Logs โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Mรฉtricas โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ Prometheus โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Metrics Collection โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ โ€ข Monitoring โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ โ”‚ +โ”‚ โ”‚ โ”‚ โ”‚ +โ”‚ โ”‚ ALB Controller (existente) โ”‚ โ”‚ +โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚ +โ”‚ โ”‚ +โ”‚ Route53 DNS (existente) โ”‚ +โ”‚ ACM Certificate (existente) โ”‚ +โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ + โ”‚ + โ”‚ API Calls + โ–ผ + โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” + โ”‚ Nullplatform API โ”‚ + โ”‚ โ€ข Configuration โ”‚ + โ”‚ โ€ข State Management โ”‚ + โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ +``` + +## Permisos IAM Requeridos + +El agente de Nullplatform necesitarรก permisos IAM. El mรณdulo crearรก automรกticamente: +- IAM Role para el Service Account +- Polรญticas necesarias para interactuar con AWS +- Binding con el OIDC provider del cluster + +Permisos tรญpicos requeridos: +- Route53 (gestiรณn de DNS) +- ECR (pull de imรกgenes) +- Secrets Manager (gestiรณn de secrets) +- CloudWatch (logs y mรฉtricas) + +## Troubleshooting + +### El agente no inicia +```bash +# Ver logs del agente +kubectl logs -n nullplatform-system -l app=nullplatform-agent + +# Verificar el service account +kubectl get serviceaccount -n nullplatform-system + +# Verificar el IAM role +kubectl describe serviceaccount -n nullplatform-system nullplatform-agent +``` + +### Problemas con OIDC Provider +```bash +# Verificar que el OIDC provider existe +aws iam list-open-id-connect-providers + +# Verificar la URL del OIDC +aws eks describe-cluster --name --query "cluster.identity.oidc.issuer" +``` + +### Prometheus no recolecta mรฉtricas +```bash +# Verificar los service monitors +kubectl get servicemonitor -n monitoring + +# Ver logs de Prometheus +kubectl logs -n monitoring -l app=prometheus + +# Verificar los targets +kubectl port-forward -n monitoring svc/prometheus 9090:9090 +# Abrir http://localhost:9090/targets +``` + +### Problemas de conectividad +```bash +# Verificar network policies +kubectl get networkpolicies --all-namespaces + +# Verificar que los pods pueden comunicarse +kubectl run -it --rm debug --image=busybox --restart=Never -- sh +``` + +## Actualizaciรณn de Componentes + +Para actualizar los charts de Nullplatform: + +```bash +# Actualizar un mรณdulo especรญfico +terraform apply -target=module.nullplatform_agent + +# Actualizar todos los charts +terraform apply +``` + +## Limpieza + +Para eliminar รบnicamente los componentes de Nullplatform: + +```bash +terraform destroy +``` + +โš ๏ธ **Nota**: Esto NO eliminarรก tu infraestructura AWS existente (VPC, EKS, Route53, etc.) + +## Migraciรณn desde Infraestructura Completa + +Si anteriormente desplegabas todo con Terraform, para migrar: + +1. Exporta los IDs de recursos existentes +2. Actualiza `terraform.tfvars` con los valores +3. Comenta los mรณdulos de infraestructura en `main.tf` +4. Ejecuta `terraform init` y `terraform plan` + +## Monitoreo y Observabilidad + +Una vez desplegado, puedes acceder a: + +### Prometheus UI +```bash +kubectl port-forward -n monitoring svc/prometheus-server 9090:80 +# Abrir http://localhost:9090 +``` diff --git a/v2/examples/aws/nullplatform-without-infraestructure/backend.tf b/v2/examples/aws/nullplatform-without-infraestructure/backend.tf new file mode 100644 index 0000000..7787092 --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/backend.tf @@ -0,0 +1,8 @@ +# terraform { +# backend "s3" { +# bucket = "tf-state-8c73135a5572b70b" +# key = "terraform.tfstate" +# region = "us-east-1" +# encrypt = true +# } +# } diff --git a/v2/examples/aws/nullplatform-without-infraestructure/data.tf b/v2/examples/aws/nullplatform-without-infraestructure/data.tf new file mode 100644 index 0000000..51d0292 --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "this" { + name = var.eks_cluster_name +} + +data "aws_iam_openid_connect_provider" "this" { + url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/main.tf b/v2/examples/aws/nullplatform-without-infraestructure/main.tf new file mode 100644 index 0000000..3d817fb --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/main.tf @@ -0,0 +1,69 @@ +################################################################################ +# Platform Config +################################################################################ +module "nullplatform_configuration" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + + domain_name = var.domain_name + environment = var.environment + hosted_private_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + nrn = var.nrn + organization = var.github_organization + organization_installation_id = var.github_organization_installation_id + certificate_arn = var.certificate_arn + np_api_key = var.api_key +} + +################################################################################ +# Users Config +################################################################################ +module "nullplatform_user" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + np_api_key = var.api_key + nullplatform_users = var.nullplatform_users +} + +################################################################################ +# Acount Config +################################################################################ +module "nullplatform_account" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + np_api_key = var.api_key + nullplatform_accounts = var.nullplatform_accounts +} + + +################################################################################ +# Nullplatform Agent Helm Chart Configuration +################################################################################ + +module "nullplatform_agent" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + cluster_name = var.eks_cluster_name + tags = var.tags + nrn = var.nrn + agent_repos_extra = var.agent_repos_extra + environment_tag = var.environment_tags + np_api_key = var.api_key + aws_iam_openid_connect_provider_arn = data.aws_iam_openid_connect_provider.this.arn +} + +################################################################################ +# Nullplatform Base Helm Chart Configuration +################################################################################ + +module "nullplatform_base_chart" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + nrn = var.nrn +} + +################################################################################ +# Prometheus Configuration +################################################################################ + +module "nullplatform_prometheus" { + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + cluster_name = var.eks_cluster_name + nrn = var.nrn +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/providers.tf b/v2/examples/aws/nullplatform-without-infraestructure/providers.tf new file mode 100644 index 0000000..56aa164 --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/providers.tf @@ -0,0 +1,40 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.api_key +} + +provider "kubernetes" { + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "eks", "get-token", + "--cluster-name", var.eks_cluster_name + ] + } +} + +provider "helm" { + kubernetes = { + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data) + exec = { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = [ + "eks", "get-token", + "--cluster-name", var.eks_cluster_name + ] + } + } +} \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/variables.tf b/v2/examples/aws/nullplatform-without-infraestructure/variables.tf new file mode 100644 index 0000000..c82a6d7 --- /dev/null +++ b/v2/examples/aws/nullplatform-without-infraestructure/variables.tf @@ -0,0 +1,121 @@ +####################################### +# Variables de cuenta / organizaciรณn +####################################### +variable "account" { + description = "Nombre o alias de la cuenta" + type = string +} + +variable "organization" { + description = "Organizaciรณn de AWS u otro scope" + type = string +} + +variable "environment" { + description = "Nombre del entorno (dev, staging, prod, etc.)" + type = string + default = "" +} + +####################################### +# VPC +####################################### +variable "vpc" { + description = "Configuraciรณn de la VPC" + type = object({ + cidr_block = string + azs = list(string) + private_subnets = list(string) + public_subnets = list(string) + }) +} + +####################################### +# Route53 / dominios +####################################### +variable "domain_name" { + description = "Dominio raรญz para el entorno" + type = string +} + +variable "hosted_public_zone_id" {} +variable "hosted_private_zone_id" {} + +####################################### +# EKS +####################################### +variable "eks_cluster_name" { + description = "Nombre del cluster EKS" + type = string +} + +####################################### +# Nullplatform configuration +####################################### +variable "nrn" { + description = "ID รบnico de nullplatform (organization y account)" + type = string +} + +variable "github_organization" { + description = "Organizaciรณn de GitHub asociada" + type = string +} + +variable "github_organization_installation_id" { + description = "Installation ID de la GitHub App" + type = string +} + +variable "certificate_arn" { + description = "ARN del certificado SSL/TLS de ACM" + type = string +} + +variable "api_key" { + description = "API Key de Nullplatform" + type = string + sensitive = true +} + +####################################### +# Tags +####################################### +variable "tags" { + description = "Etiquetas adicionales en formato clave:valor" + type = string +} + +variable "agent_repos_extra" { + description = "Repositorios adicionales para el agente" + type = list(string) + default = [] +} + +variable "environment_tags" { + description = "Etiquetas especรญficas del entorno" + type = string +} + +####################################### +# Prometheus / monitoring +####################################### +# Se aprovechan las variables eks_cluster_name y nrn + + +variable "nullplatform_users" { + type = map(object({ + email = string + first_name = string + last_name = string + })) +} + +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = string + repository_provider = string + slug = string + })) +} \ No newline at end of file From e3439b30eb5425c6bae19540b115a3a05782a347 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 20:25:23 -0300 Subject: [PATCH 68/87] feat: edit port base --- .../gcp/base/templates/nullplatform-base-values.tmpl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml index 582deae..dcb30ad 100644 --- a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml +++ b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml @@ -10,7 +10,7 @@ logging: enabled: true prometheus: enabled: true - exporterPort: 32021 + exporterPort: 302021 metricsServer: enabled: false controlPlane: From 2e4e909b520615c8c28cc5f0eea68ea69b7692f2 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 20:28:22 -0300 Subject: [PATCH 69/87] feat: edit port base --- .../gcp/base/templates/nullplatform-base-values.tmpl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml index dcb30ad..84bbca2 100644 --- a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml +++ b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml @@ -10,7 +10,7 @@ logging: enabled: true prometheus: enabled: true - exporterPort: 302021 + exporterPort: 30021 metricsServer: enabled: false controlPlane: From e0c314ea2fa5554f89f4109b908e19c775e86453 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 20:47:28 -0300 Subject: [PATCH 70/87] feat: edit port base --- .../gcp/base/templates/nullplatform-base-values.tmpl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml index 84bbca2..9cfa656 100644 --- a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml +++ b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml @@ -10,7 +10,7 @@ logging: enabled: true prometheus: enabled: true - exporterPort: 30021 + exporterPort: 2025 metricsServer: enabled: false controlPlane: From d00d4e1d25a1151a067b27d6daff43bf45b92381 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 21:02:36 -0300 Subject: [PATCH 71/87] feat: remove variables agent --- nullplatform/gcp/agent/variables.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf index 31fbb8e..8aac01c 100644 --- a/nullplatform/gcp/agent/variables.tf +++ b/nullplatform/gcp/agent/variables.tf @@ -113,13 +113,7 @@ variable "external_logging_provider" { description = "External logging provider name" } -variable "project_id" { - type = string -} -variable "location" { - type = string -} variable "environment_tag" { From 229b19637cdc19001d1eb5c7b666e866152671f6 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Wed, 1 Oct 2025 22:15:57 -0300 Subject: [PATCH 72/87] feat: edit branch agent --- nullplatform/gcp/agent/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nullplatform/gcp/agent/variables.tf b/nullplatform/gcp/agent/variables.tf index 8aac01c..27bb89b 100644 --- a/nullplatform/gcp/agent/variables.tf +++ b/nullplatform/gcp/agent/variables.tf @@ -1,7 +1,7 @@ variable "nullplatform-agent-helm-version" { description = "Helm chart version for the Nullplatform agent" type = string - default = "2.11.0" + default = "2.14.0" } variable "agent_repos_scope" { @@ -64,7 +64,7 @@ variable "github_repo_url" { variable "github_ref" { type = string - default = "beta" + default = "ftc" description = "Git reference (branch, tag, or commit)" } From b01c999a300e625057f54898ab4e17c563db1eef Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Thu, 2 Oct 2025 16:22:54 -0300 Subject: [PATCH 73/87] feat: edit port base --- .../gcp/base/templates/nullplatform-base-values.tmpl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml index 9cfa656..75265e6 100644 --- a/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml +++ b/nullplatform/gcp/base/templates/nullplatform-base-values.tmpl.yaml @@ -10,7 +10,7 @@ logging: enabled: true prometheus: enabled: true - exporterPort: 2025 + exporterPort: 2021 metricsServer: enabled: false controlPlane: From 271810521de14a210e765c53346e5508bcb0cbf5 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Thu, 2 Oct 2025 17:44:44 -0300 Subject: [PATCH 74/87] feat(main-v2): add aws config null --- .../README.md | 0 .../backend.tf | 0 .../nullplatform-with-infraestructure/main.tf | 0 .../providers.tf | 0 .../variables.tf | 0 .../README.md | 0 .../backend.tf | 0 .../data.tf | 0 .../main.tf | 0 .../providers.tf | 0 .../variables.tf | 0 .../aws/acm/main.tf | 0 .../aws/acm/output.tf | 0 .../aws/acm/providers.tf | 0 .../aws/acm/variables.tf | 0 infrastructure/aws/alb-controller/README.md | 37 -- infrastructure/aws/alb-controller/data.tf | 7 - infrastructure/aws/alb-controller/iam.tf | 3 +- .../aws/alb-controller/variables.tf | 4 + infrastructure/aws/backend/README.md | 26 -- .../aws/backend}/providers.tf | 0 infrastructure/aws/eks/.terraform.lock.hcl | 108 ----- infrastructure/aws/eks/README.md | 26 -- infrastructure/aws/eks/data.tf | 15 - infrastructure/aws/eks/main.tf | 18 +- .../aws/eks/output.tf | 0 .../aws/eks}/providers.tf | 0 infrastructure/aws/eks/variables.tf | 29 +- .../aws/ingress}/main.tf | 74 +--- infrastructure/aws/ingress/variables.tf | 4 + infrastructure/aws/route53/README.md | 32 -- infrastructure/aws/route53/main.tf | 7 + .../aws/route53/providers.tf | 0 infrastructure/aws/route53/varaibles.tf | 10 +- infrastructure/aws/vpc/README.md | 17 - infrastructure/aws/vpc/main.tf | 11 +- .../aws/vpc/output.tf | 0 .../aws/vpc/providers.tf | 0 infrastructure/aws/vpc/variables.tf | 19 +- modules/README.md | 23 - modules/aws/acm/README.md | 37 -- modules/aws/acm/backend.tf | 7 - modules/aws/acm/main.tf | 42 -- modules/aws/acm/output.tf | 9 - modules/aws/acm/variables.tf | 18 - modules/aws/alb/.terraform.lock.hcl | 19 - modules/aws/alb/balancer.tf | 73 ---- modules/aws/alb/outputs.tf | 21 - modules/aws/alb/security-groups.tf | 75 ---- modules/aws/alb/variables.tf | 30 -- modules/aws/bucket/README.md | 33 -- modules/aws/bucket/main.tf | 5 - modules/aws/bucket/output.tf | 9 - modules/aws/bucket/variables.tf | 4 - .../data/iam/eks/trusting/.terraform.lock.hcl | 19 - modules/aws/data/iam/eks/trusting/README.md | 34 -- modules/aws/data/iam/eks/trusting/data.tf | 7 - modules/aws/data/iam/eks/trusting/output.tf | 20 - .../aws/data/iam/eks/trusting/variables.tf | 14 - modules/aws/eks/.terraform.lock.hcl | 125 ------ modules/aws/eks/README.md | 48 --- modules/aws/eks/backend.tf | 7 - modules/aws/eks/iam.tf | 144 ------- modules/aws/eks/main.tf | 73 ---- modules/aws/eks/outputs.tf | 60 --- modules/aws/eks/variables.tf | 30 -- .../roles/nullplatform/.terraform.lock.hcl | 19 - modules/aws/iam/roles/nullplatform/README.md | 74 ---- modules/aws/iam/roles/nullplatform/backend.tf | 7 - .../iam/roles/nullplatform/execution-role.tf | 164 ------- modules/aws/iam/roles/nullplatform/main.tf | 177 -------- modules/aws/iam/roles/nullplatform/output.tf | 66 --- .../nullplatform/scope-workflow-manager.tf | 407 ------------------ .../aws/iam/roles/nullplatform/variables.tf | 33 -- modules/aws/route53/README.md | 36 -- modules/aws/route53/backend.tf | 7 - modules/aws/route53/main.tf | 24 -- modules/aws/route53/output.tf | 19 - modules/aws/route53/variables.tf | 11 - modules/aws/secret/README.md | 35 -- modules/aws/secret/backend.tf | 7 - modules/aws/secret/main.tf | 19 - modules/aws/secret/output.tf | 10 - modules/aws/secret/variables.tf | 4 - modules/aws/vpc/.terraform.lock.hcl | 25 -- modules/aws/vpc/README.md | 35 -- modules/aws/vpc/backend.tf | 7 - modules/aws/vpc/main.tf | 28 -- modules/aws/vpc/output.tf | 30 -- modules/aws/vpc/variables.tf | 8 - modules/gcp/README.md | 23 - modules/gcp/bucket/README.md | 36 -- modules/gcp/bucket/main.tf | 29 -- modules/gcp/bucket/outputs.tf | 9 - modules/gcp/bucket/variables.tf | 28 -- modules/gcp/dns/README.md | 35 -- modules/gcp/dns/locals.tf | 3 - modules/gcp/dns/main.tf | 19 - modules/gcp/dns/output.tf | 7 - modules/gcp/dns/variables.tf | 14 - modules/gcp/gke/README.md | 45 -- modules/gcp/gke/main.tf | 31 -- modules/gcp/gke/outputs.tf | 11 - modules/gcp/gke/variables.tf | 55 --- modules/gcp/registry/README.md | 33 -- modules/gcp/registry/artifact-registry.tf | 10 - modules/gcp/registry/output.tf | 3 - modules/gcp/registry/variable.tf | 15 - modules/gcp/vpc/README.md | 38 -- modules/gcp/vpc/main.tf | 12 - modules/gcp/vpc/outputs.tf | 10 - modules/gcp/vpc/variables.tf | 28 -- modules/kubernetes/README.md | 23 - .../aws-alb-controller/.terraform.lock.hcl | 63 --- .../helm/aws-alb-controller/README.md | 38 -- .../helm/aws-alb-controller/backend.tf | 13 - .../helm/aws-alb-controller/main.tf | 66 --- .../helm/aws-alb-controller/variables.tf | 25 -- .../kubernetes/helm/cert-manager/README.md | 31 -- .../kubernetes/helm/cert-manager/backend.tf | 7 - .../helm/cert-manager/gcp/README.md | 29 -- .../kubernetes/helm/cert-manager/gcp/main.tf | 9 - .../helm/cert-manager/gcp/template/README.md | 23 - .../cert-manager/gcp/template/values.yaml | 8 - .../helm/cert-manager/gcp/variables.tf | 14 - modules/kubernetes/helm/cert-manager/main.tf | 32 -- .../kubernetes/helm/cert-manager/variables.tf | 9 - modules/kubernetes/helm/istio/README.md | 29 -- modules/kubernetes/helm/istio/backend.tf | 7 - modules/kubernetes/helm/istio/main.tf | 33 -- .../nullplatform/agent/.terraform.lock.hcl | 71 --- .../helm/nullplatform/agent/README.md | 55 --- .../helm/nullplatform/agent/data.tf | 13 - .../kubernetes/helm/nullplatform/agent/iam.tf | 111 ----- .../helm/nullplatform/agent/locals.tf | 3 - .../helm/nullplatform/agent/main.tf | 32 -- .../helm/nullplatform/agent/providers.tf | 51 --- .../helm/nullplatform/agent/variables.tf | 63 --- .../nullplatform/logs-controller/README.md | 29 -- .../logs-controller/aws/README.md | 32 -- .../logs-controller/aws/backend.tf | 10 - .../nullplatform/logs-controller/aws/data.tf | 3 - .../nullplatform/logs-controller/aws/main.tf | 10 - .../logs-controller/aws/template/values.yaml | 7 - .../logs-controller/aws/variables.tf | 11 - .../nullplatform/logs-controller/backend.tf | 7 - .../logs-controller/gcp/README.md | 28 -- .../logs-controller/gcp/backend.tf | 7 - .../nullplatform/logs-controller/gcp/main.tf | 8 - .../logs-controller/gcp/template/values.yaml | 11 - .../logs-controller/gcp/variables.tf | 9 - .../helm/nullplatform/logs-controller/main.tf | 12 - .../nullplatform/logs-controller/variables.tf | 4 - .../helm/prometheus/.terraform.lock.hcl | 71 --- modules/kubernetes/helm/prometheus/README.md | 37 -- modules/kubernetes/helm/prometheus/main.tf | 16 - modules/kubernetes/helm/prometheus/output.tf | 0 .../kubernetes/helm/prometheus/providers.tf | 49 --- .../helm/prometheus/values.yaml.tmpl | 125 ------ .../kubernetes/helm/prometheus/variables.tf | 27 -- .../kubernetes/helm/vault/.terraform.lock.hcl | 90 ---- modules/kubernetes/helm/vault/README.md | 66 --- modules/kubernetes/helm/vault/data.tf | 15 - modules/kubernetes/helm/vault/helm.tf | 104 ----- modules/kubernetes/helm/vault/iam.tf | 37 -- modules/kubernetes/helm/vault/kms.tf | 29 -- modules/kubernetes/helm/vault/kubernetes.tf | 70 --- modules/kubernetes/helm/vault/output.tf | 31 -- modules/kubernetes/helm/vault/providers.tf | 51 --- modules/kubernetes/helm/vault/variables.tf | 61 --- modules/nullplatform/README.md | 23 - modules/nullplatform/dimensions/README.md | 34 -- modules/nullplatform/dimensions/backend.tf | 7 - modules/nullplatform/dimensions/outputs.tf | 9 - modules/nullplatform/dimensions/variables.tf | 14 - .../provider/asset/docker-server/README.md | 33 -- .../provider/asset/docker-server/backend.tf | 7 - .../provider/asset/docker-server/variables.tf | 26 -- .../provider/asset/ecr/.terraform.lock.hcl | 41 -- .../nullplatform/provider/asset/ecr/README.md | 33 -- .../provider/asset/ecr/backend.tf | 7 - .../nullplatform/provider/asset/ecr/main.tf | 18 - .../provider/asset/ecr/variables.tf | 24 -- .../provider/asset/s3/.terraform.lock.hcl | 41 -- .../nullplatform/provider/asset/s3/README.md | 30 -- .../nullplatform/provider/asset/s3/backend.tf | 10 - .../nullplatform/provider/asset/s3/main.tf | 11 - .../provider/asset/s3/variables.tf | 9 - modules/nullplatform/provider/cloud/README.md | 23 - .../provider/cloud/aws/.terraform.lock.hcl | 46 -- .../nullplatform/provider/cloud/aws/README.md | 39 -- .../provider/cloud/aws/backend.tf | 7 - .../nullplatform/provider/cloud/aws/locals.tf | 3 - .../nullplatform/provider/cloud/aws/main.tf | 21 - .../provider/cloud/aws/variables.tf | 50 --- .../provider/cloud/gcp/.terraform.lock.hcl | 24 -- .../nullplatform/provider/cloud/gcp/README.md | 38 -- .../provider/cloud/gcp/backend.tf | 7 - .../nullplatform/provider/cloud/gcp/locals.tf | 3 - .../nullplatform/provider/cloud/gcp/main.tf | 19 - .../provider/cloud/gcp/variables.tf | 51 --- .../provider/code/github/README.md | 31 -- .../provider/code/github/backend.tf | 10 - .../nullplatform/provider/code/github/main.tf | 13 - .../provider/code/github/variables.tf | 14 - .../provider/compute/ec2/.terraform.lock.hcl | 24 -- .../provider/compute/ec2/README.md | 36 -- .../provider/compute/ec2/backend.tf | 7 - .../provider/compute/ec2/locals.tf | 3 - .../nullplatform/provider/compute/ec2/main.tf | 20 - .../provider/compute/ec2/variables.tf | 43 -- .../compute/lambda/.terraform.lock.hcl | 24 -- .../provider/compute/lambda/README.md | 33 -- .../provider/compute/lambda/backend.tf | 7 - .../provider/compute/lambda/locals.tf | 3 - .../provider/compute/lambda/main.tf | 11 - .../provider/compute/lambda/variables.tf | 27 -- .../nullplatform/provider/container/README.md | 23 - .../container/eks/.terraform.lock.hcl | 24 -- .../provider/container/eks/README.md | 34 -- .../provider/container/eks/backend.tf | 7 - .../provider/container/eks/locals.tf | 3 - .../provider/container/eks/main.tf | 12 - .../provider/container/eks/variables.tf | 32 -- .../container/gke/.terraform.lock.hcl | 24 -- .../provider/container/gke/README.md | 38 -- .../provider/container/gke/backend.tf | 7 - .../provider/container/gke/locals.tf | 3 - .../provider/container/gke/main.tf | 18 - .../provider/container/gke/variables.tf | 55 --- .../networking/vpc/.terraform.lock.hcl | 24 -- .../provider/networking/vpc/README.md | 39 -- .../provider/networking/vpc/backend.tf | 7 - .../provider/networking/vpc/locals.tf | 3 - .../provider/networking/vpc/main.tf | 23 - .../provider/networking/vpc/variables.tf | 56 --- .../README.md | 65 --- .../backend.tf | 16 - .../main.tf | 35 -- .../outputs.tf | 8 - .../variables.tf | 120 ------ .../nullplatform/scope-definition/README.md | 64 --- .../nullplatform/scope-definition/backend.tf | 16 - modules/nullplatform/scope-definition/main.tf | 133 ------ .../nullplatform/scope-definition/outputs.tf | 78 ---- .../scope-definition/variables.tf | 110 ----- .../README.md | 67 --- .../backend.tf | 16 - .../main.tf | 35 -- .../outputs.tf | 8 - .../variables.tf | 118 ----- .../nullplatform/service-definition/README.md | 89 ---- .../service-definition/backend.tf | 16 - .../nullplatform/service-definition/main.tf | 129 ------ .../service-definition/outputs.tf | 88 ---- .../service-definition/variables.tf | 87 ---- .../nullplatform/service/.terraform.lock.hcl | 24 -- modules/nullplatform/service/README.md | 50 --- .../service/actions_specification.tf | 12 - modules/nullplatform/service/link_spec.tf | 19 - modules/nullplatform/service/locals.tf | 3 - modules/nullplatform/service/notifications.tf | 32 -- modules/nullplatform/service/outputs.tf | 9 - modules/nullplatform/service/provider.tf | 9 - .../service/service_specification.tf | 21 - modules/nullplatform/service/variables.tf | 110 ----- nullplatform/asset/docker-server/main.tf | 14 - nullplatform/aws/agent/auth.tf | 29 ++ nullplatform/aws/agent/channel.tf | 63 +++ nullplatform/aws/agent/iam.tf | 136 ++++++ nullplatform/aws/agent/locals.tf | 15 + .../aws/agent}/main.tf | 16 +- .../aws/agent}/providers.tf | 8 + nullplatform/aws/agent/scopes.tf | 175 ++++++++ .../nullplatform-agent-values.tmpl.yaml | 14 +- nullplatform/aws/agent/variables.tf | 116 +++++ nullplatform/aws/aws/README.md | 51 --- nullplatform/aws/aws/example.md | 64 --- nullplatform/aws/aws/locals.tf | 3 - nullplatform/aws/aws/variables.tf | 75 ---- .../aws/{aws => cloud_providers}/data.tf | 0 nullplatform/aws/cloud_providers/main.tf | 25 ++ .../aws/{aws => cloud_providers}/providers.tf | 4 + nullplatform/aws/cloud_providers/variables.tf | 44 ++ nullplatform/workload/account/main.tf | 8 + nullplatform/workload/account/providers.tf | 12 + nullplatform/workload/account/variables.tf | 12 + .../workload}/asset/docker-server/main.tf | 0 .../asset/docker-server/provider.tf | 0 .../asset/docker-server/variables.tf | 0 .../workload/asset/ecr}/data.tf | 4 +- .../asset/ecr/iam.tf} | 0 nullplatform/workload/asset/ecr/main.tf | 20 + nullplatform/workload/asset/ecr/providers.tf | 12 + nullplatform/workload/asset/ecr/variables.tf | 16 + .../{ => workload}/code_repository/locals.tf | 0 .../{ => workload}/code_repository/main.tf | 0 .../code_repository/provider.tf | 0 .../code_repository/variables.tf | 0 .../workload}/dimensions/main.tf | 2 +- nullplatform/workload/dimensions/providers.tf | 12 + nullplatform/workload/dimensions/variables.tf | 15 + v2/foundations/aws/alb-controller/iam.tf | 28 -- v2/foundations/aws/alb-controller/locals.tf | 7 - ...-load-balancer-controller-values.tmpl.yaml | 5 - .../aws/alb-controller/variables.tf | 19 - v2/foundations/aws/backend/main.tf | 46 -- v2/foundations/aws/backend/variables.tf | 4 - v2/foundations/aws/eks/main.tf | 43 -- v2/foundations/aws/eks/variables.tf | 25 -- v2/foundations/aws/route53/main.tf | 17 - v2/foundations/aws/route53/output.tf | 19 - v2/foundations/aws/route53/varaibles.tf | 8 - v2/foundations/aws/vpc/main.tf | 24 -- v2/foundations/aws/vpc/variables.tf | 19 - v2/foundations/azure/acr/README.md | 42 -- v2/foundations/azure/acr/datasource.tf | 5 - v2/foundations/azure/acr/main.tf | 10 - v2/foundations/azure/acr/output.tf | 15 - v2/foundations/azure/acr/provider.tf | 17 - v2/foundations/azure/acr/variables.tf | 21 - v2/foundations/azure/dns/README.md | 38 -- v2/foundations/azure/dns/main.tf | 4 - v2/foundations/azure/dns/output.tf | 24 -- v2/foundations/azure/dns/provider.tf | 17 - v2/foundations/azure/dns/variables.tf | 14 - v2/foundations/azure/resource_group/README.md | 36 -- v2/foundations/azure/resource_group/main.tf | 5 - v2/foundations/azure/resource_group/output.tf | 9 - .../azure/resource_group/provider.tf | 17 - .../azure/resource_group/variable.tf | 16 - v2/foundations/azure/vnet/README.md | 31 -- v2/foundations/azure/vnet/main.tf | 12 - v2/foundations/azure/vnet/output.tf | 5 - v2/foundations/azure/vnet/provider.tf | 17 - v2/foundations/azure/vnet/variables.tf | 46 -- .../aws/nullplatform_providers/main.tf | 33 -- 337 files changed, 815 insertions(+), 8985 deletions(-) rename {v2/examples => examples}/aws/nullplatform-with-infraestructure/README.md (100%) rename {v2/examples => examples}/aws/nullplatform-with-infraestructure/backend.tf (100%) rename {v2/examples => examples}/aws/nullplatform-with-infraestructure/main.tf (100%) rename {v2/examples => examples}/aws/nullplatform-with-infraestructure/providers.tf (100%) rename {v2/examples => examples}/aws/nullplatform-with-infraestructure/variables.tf (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/README.md (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/backend.tf (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/data.tf (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/main.tf (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/providers.tf (100%) rename {v2/examples => examples}/aws/nullplatform-without-infraestructure/variables.tf (100%) rename {v2/foundations => infrastructure}/aws/acm/main.tf (100%) rename {v2/foundations => infrastructure}/aws/acm/output.tf (100%) rename {v2/foundations => infrastructure}/aws/acm/providers.tf (100%) rename {v2/foundations => infrastructure}/aws/acm/variables.tf (100%) delete mode 100644 infrastructure/aws/alb-controller/README.md delete mode 100644 infrastructure/aws/alb-controller/data.tf delete mode 100644 infrastructure/aws/backend/README.md rename {v2/foundations/aws/alb-controller => infrastructure/aws/backend}/providers.tf (100%) delete mode 100644 infrastructure/aws/eks/.terraform.lock.hcl delete mode 100644 infrastructure/aws/eks/README.md delete mode 100644 infrastructure/aws/eks/data.tf rename {v2/foundations => infrastructure}/aws/eks/output.tf (100%) rename {v2/foundations/aws/backend => infrastructure/aws/eks}/providers.tf (100%) rename {nullplatform/aws/aws => infrastructure/aws/ingress}/main.tf (58%) create mode 100644 infrastructure/aws/ingress/variables.tf delete mode 100644 infrastructure/aws/route53/README.md rename {v2/foundations => infrastructure}/aws/route53/providers.tf (100%) delete mode 100644 infrastructure/aws/vpc/README.md rename {v2/foundations => infrastructure}/aws/vpc/output.tf (100%) rename {v2/foundations => infrastructure}/aws/vpc/providers.tf (100%) delete mode 100644 modules/README.md delete mode 100644 modules/aws/acm/README.md delete mode 100644 modules/aws/acm/backend.tf delete mode 100644 modules/aws/acm/main.tf delete mode 100644 modules/aws/acm/output.tf delete mode 100644 modules/aws/acm/variables.tf delete mode 100644 modules/aws/alb/.terraform.lock.hcl delete mode 100644 modules/aws/alb/balancer.tf delete mode 100644 modules/aws/alb/outputs.tf delete mode 100644 modules/aws/alb/security-groups.tf delete mode 100644 modules/aws/alb/variables.tf delete mode 100644 modules/aws/bucket/README.md delete mode 100644 modules/aws/bucket/main.tf delete mode 100644 modules/aws/bucket/output.tf delete mode 100644 modules/aws/bucket/variables.tf delete mode 100644 modules/aws/data/iam/eks/trusting/.terraform.lock.hcl delete mode 100644 modules/aws/data/iam/eks/trusting/README.md delete mode 100644 modules/aws/data/iam/eks/trusting/data.tf delete mode 100644 modules/aws/data/iam/eks/trusting/output.tf delete mode 100644 modules/aws/data/iam/eks/trusting/variables.tf delete mode 100644 modules/aws/eks/.terraform.lock.hcl delete mode 100644 modules/aws/eks/README.md delete mode 100644 modules/aws/eks/backend.tf delete mode 100644 modules/aws/eks/iam.tf delete mode 100644 modules/aws/eks/main.tf delete mode 100644 modules/aws/eks/outputs.tf delete mode 100644 modules/aws/eks/variables.tf delete mode 100644 modules/aws/iam/roles/nullplatform/.terraform.lock.hcl delete mode 100644 modules/aws/iam/roles/nullplatform/README.md delete mode 100644 modules/aws/iam/roles/nullplatform/backend.tf delete mode 100644 modules/aws/iam/roles/nullplatform/execution-role.tf delete mode 100644 modules/aws/iam/roles/nullplatform/main.tf delete mode 100644 modules/aws/iam/roles/nullplatform/output.tf delete mode 100644 modules/aws/iam/roles/nullplatform/scope-workflow-manager.tf delete mode 100644 modules/aws/iam/roles/nullplatform/variables.tf delete mode 100644 modules/aws/route53/README.md delete mode 100644 modules/aws/route53/backend.tf delete mode 100644 modules/aws/route53/main.tf delete mode 100644 modules/aws/route53/output.tf delete mode 100644 modules/aws/route53/variables.tf delete mode 100644 modules/aws/secret/README.md delete mode 100644 modules/aws/secret/backend.tf delete mode 100644 modules/aws/secret/main.tf delete mode 100644 modules/aws/secret/output.tf delete mode 100644 modules/aws/secret/variables.tf delete mode 100644 modules/aws/vpc/.terraform.lock.hcl delete mode 100644 modules/aws/vpc/README.md delete mode 100644 modules/aws/vpc/backend.tf delete mode 100644 modules/aws/vpc/main.tf delete mode 100644 modules/aws/vpc/output.tf delete mode 100644 modules/aws/vpc/variables.tf delete mode 100644 modules/gcp/README.md delete mode 100644 modules/gcp/bucket/README.md delete mode 100644 modules/gcp/bucket/main.tf delete mode 100644 modules/gcp/bucket/outputs.tf delete mode 100644 modules/gcp/bucket/variables.tf delete mode 100644 modules/gcp/dns/README.md delete mode 100644 modules/gcp/dns/locals.tf delete mode 100644 modules/gcp/dns/main.tf delete mode 100644 modules/gcp/dns/output.tf delete mode 100644 modules/gcp/dns/variables.tf delete mode 100644 modules/gcp/gke/README.md delete mode 100644 modules/gcp/gke/main.tf delete mode 100644 modules/gcp/gke/outputs.tf delete mode 100644 modules/gcp/gke/variables.tf delete mode 100644 modules/gcp/registry/README.md delete mode 100644 modules/gcp/registry/artifact-registry.tf delete mode 100644 modules/gcp/registry/output.tf delete mode 100644 modules/gcp/registry/variable.tf delete mode 100644 modules/gcp/vpc/README.md delete mode 100644 modules/gcp/vpc/main.tf delete mode 100644 modules/gcp/vpc/outputs.tf delete mode 100644 modules/gcp/vpc/variables.tf delete mode 100644 modules/kubernetes/README.md delete mode 100644 modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl delete mode 100644 modules/kubernetes/helm/aws-alb-controller/README.md delete mode 100644 modules/kubernetes/helm/aws-alb-controller/backend.tf delete mode 100644 modules/kubernetes/helm/aws-alb-controller/main.tf delete mode 100644 modules/kubernetes/helm/aws-alb-controller/variables.tf delete mode 100644 modules/kubernetes/helm/cert-manager/README.md delete mode 100644 modules/kubernetes/helm/cert-manager/backend.tf delete mode 100644 modules/kubernetes/helm/cert-manager/gcp/README.md delete mode 100644 modules/kubernetes/helm/cert-manager/gcp/main.tf delete mode 100644 modules/kubernetes/helm/cert-manager/gcp/template/README.md delete mode 100644 modules/kubernetes/helm/cert-manager/gcp/template/values.yaml delete mode 100644 modules/kubernetes/helm/cert-manager/gcp/variables.tf delete mode 100644 modules/kubernetes/helm/cert-manager/main.tf delete mode 100644 modules/kubernetes/helm/cert-manager/variables.tf delete mode 100644 modules/kubernetes/helm/istio/README.md delete mode 100644 modules/kubernetes/helm/istio/backend.tf delete mode 100644 modules/kubernetes/helm/istio/main.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl delete mode 100644 modules/kubernetes/helm/nullplatform/agent/README.md delete mode 100644 modules/kubernetes/helm/nullplatform/agent/data.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/iam.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/locals.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/main.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/providers.tf delete mode 100644 modules/kubernetes/helm/nullplatform/agent/variables.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/README.md delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/backend.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/main.tf delete mode 100644 modules/kubernetes/helm/nullplatform/logs-controller/variables.tf delete mode 100644 modules/kubernetes/helm/prometheus/.terraform.lock.hcl delete mode 100644 modules/kubernetes/helm/prometheus/README.md delete mode 100644 modules/kubernetes/helm/prometheus/main.tf delete mode 100644 modules/kubernetes/helm/prometheus/output.tf delete mode 100644 modules/kubernetes/helm/prometheus/providers.tf delete mode 100644 modules/kubernetes/helm/prometheus/values.yaml.tmpl delete mode 100644 modules/kubernetes/helm/prometheus/variables.tf delete mode 100644 modules/kubernetes/helm/vault/.terraform.lock.hcl delete mode 100644 modules/kubernetes/helm/vault/README.md delete mode 100644 modules/kubernetes/helm/vault/data.tf delete mode 100644 modules/kubernetes/helm/vault/helm.tf delete mode 100644 modules/kubernetes/helm/vault/iam.tf delete mode 100644 modules/kubernetes/helm/vault/kms.tf delete mode 100644 modules/kubernetes/helm/vault/kubernetes.tf delete mode 100644 modules/kubernetes/helm/vault/output.tf delete mode 100644 modules/kubernetes/helm/vault/providers.tf delete mode 100644 modules/kubernetes/helm/vault/variables.tf delete mode 100644 modules/nullplatform/README.md delete mode 100644 modules/nullplatform/dimensions/README.md delete mode 100644 modules/nullplatform/dimensions/backend.tf delete mode 100644 modules/nullplatform/dimensions/outputs.tf delete mode 100644 modules/nullplatform/dimensions/variables.tf delete mode 100644 modules/nullplatform/provider/asset/docker-server/README.md delete mode 100644 modules/nullplatform/provider/asset/docker-server/backend.tf delete mode 100644 modules/nullplatform/provider/asset/docker-server/variables.tf delete mode 100644 modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/asset/ecr/README.md delete mode 100644 modules/nullplatform/provider/asset/ecr/backend.tf delete mode 100644 modules/nullplatform/provider/asset/ecr/main.tf delete mode 100644 modules/nullplatform/provider/asset/ecr/variables.tf delete mode 100644 modules/nullplatform/provider/asset/s3/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/asset/s3/README.md delete mode 100644 modules/nullplatform/provider/asset/s3/backend.tf delete mode 100644 modules/nullplatform/provider/asset/s3/main.tf delete mode 100644 modules/nullplatform/provider/asset/s3/variables.tf delete mode 100644 modules/nullplatform/provider/cloud/README.md delete mode 100644 modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/cloud/aws/README.md delete mode 100644 modules/nullplatform/provider/cloud/aws/backend.tf delete mode 100644 modules/nullplatform/provider/cloud/aws/locals.tf delete mode 100644 modules/nullplatform/provider/cloud/aws/main.tf delete mode 100644 modules/nullplatform/provider/cloud/aws/variables.tf delete mode 100644 modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/cloud/gcp/README.md delete mode 100644 modules/nullplatform/provider/cloud/gcp/backend.tf delete mode 100644 modules/nullplatform/provider/cloud/gcp/locals.tf delete mode 100644 modules/nullplatform/provider/cloud/gcp/main.tf delete mode 100644 modules/nullplatform/provider/cloud/gcp/variables.tf delete mode 100644 modules/nullplatform/provider/code/github/README.md delete mode 100644 modules/nullplatform/provider/code/github/backend.tf delete mode 100644 modules/nullplatform/provider/code/github/main.tf delete mode 100644 modules/nullplatform/provider/code/github/variables.tf delete mode 100644 modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/compute/ec2/README.md delete mode 100644 modules/nullplatform/provider/compute/ec2/backend.tf delete mode 100644 modules/nullplatform/provider/compute/ec2/locals.tf delete mode 100644 modules/nullplatform/provider/compute/ec2/main.tf delete mode 100644 modules/nullplatform/provider/compute/ec2/variables.tf delete mode 100644 modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/compute/lambda/README.md delete mode 100644 modules/nullplatform/provider/compute/lambda/backend.tf delete mode 100644 modules/nullplatform/provider/compute/lambda/locals.tf delete mode 100644 modules/nullplatform/provider/compute/lambda/main.tf delete mode 100644 modules/nullplatform/provider/compute/lambda/variables.tf delete mode 100644 modules/nullplatform/provider/container/README.md delete mode 100644 modules/nullplatform/provider/container/eks/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/container/eks/README.md delete mode 100644 modules/nullplatform/provider/container/eks/backend.tf delete mode 100644 modules/nullplatform/provider/container/eks/locals.tf delete mode 100644 modules/nullplatform/provider/container/eks/main.tf delete mode 100644 modules/nullplatform/provider/container/eks/variables.tf delete mode 100644 modules/nullplatform/provider/container/gke/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/container/gke/README.md delete mode 100644 modules/nullplatform/provider/container/gke/backend.tf delete mode 100644 modules/nullplatform/provider/container/gke/locals.tf delete mode 100644 modules/nullplatform/provider/container/gke/main.tf delete mode 100644 modules/nullplatform/provider/container/gke/variables.tf delete mode 100644 modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl delete mode 100644 modules/nullplatform/provider/networking/vpc/README.md delete mode 100644 modules/nullplatform/provider/networking/vpc/backend.tf delete mode 100644 modules/nullplatform/provider/networking/vpc/locals.tf delete mode 100644 modules/nullplatform/provider/networking/vpc/main.tf delete mode 100644 modules/nullplatform/provider/networking/vpc/variables.tf delete mode 100644 modules/nullplatform/scope-definition-agent-association/README.md delete mode 100644 modules/nullplatform/scope-definition-agent-association/backend.tf delete mode 100644 modules/nullplatform/scope-definition-agent-association/main.tf delete mode 100644 modules/nullplatform/scope-definition-agent-association/outputs.tf delete mode 100644 modules/nullplatform/scope-definition-agent-association/variables.tf delete mode 100644 modules/nullplatform/scope-definition/README.md delete mode 100644 modules/nullplatform/scope-definition/backend.tf delete mode 100644 modules/nullplatform/scope-definition/main.tf delete mode 100644 modules/nullplatform/scope-definition/outputs.tf delete mode 100644 modules/nullplatform/scope-definition/variables.tf delete mode 100644 modules/nullplatform/service-definition-agent-association/README.md delete mode 100644 modules/nullplatform/service-definition-agent-association/backend.tf delete mode 100644 modules/nullplatform/service-definition-agent-association/main.tf delete mode 100644 modules/nullplatform/service-definition-agent-association/outputs.tf delete mode 100644 modules/nullplatform/service-definition-agent-association/variables.tf delete mode 100644 modules/nullplatform/service-definition/README.md delete mode 100644 modules/nullplatform/service-definition/backend.tf delete mode 100644 modules/nullplatform/service-definition/main.tf delete mode 100644 modules/nullplatform/service-definition/outputs.tf delete mode 100644 modules/nullplatform/service-definition/variables.tf delete mode 100644 modules/nullplatform/service/.terraform.lock.hcl delete mode 100644 modules/nullplatform/service/README.md delete mode 100644 modules/nullplatform/service/actions_specification.tf delete mode 100644 modules/nullplatform/service/link_spec.tf delete mode 100644 modules/nullplatform/service/locals.tf delete mode 100644 modules/nullplatform/service/notifications.tf delete mode 100644 modules/nullplatform/service/outputs.tf delete mode 100644 modules/nullplatform/service/provider.tf delete mode 100644 modules/nullplatform/service/service_specification.tf delete mode 100644 modules/nullplatform/service/variables.tf delete mode 100644 nullplatform/asset/docker-server/main.tf create mode 100644 nullplatform/aws/agent/auth.tf create mode 100644 nullplatform/aws/agent/channel.tf create mode 100644 nullplatform/aws/agent/iam.tf create mode 100644 nullplatform/aws/agent/locals.tf rename {v2/foundations/aws/alb-controller => nullplatform/aws/agent}/main.tf (52%) rename {v2/foundations/aws/eks => nullplatform/aws/agent}/providers.tf (55%) create mode 100644 nullplatform/aws/agent/scopes.tf rename modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml => nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml (59%) create mode 100644 nullplatform/aws/agent/variables.tf delete mode 100644 nullplatform/aws/aws/README.md delete mode 100644 nullplatform/aws/aws/example.md delete mode 100644 nullplatform/aws/aws/locals.tf delete mode 100644 nullplatform/aws/aws/variables.tf rename nullplatform/aws/{aws => cloud_providers}/data.tf (100%) create mode 100644 nullplatform/aws/cloud_providers/main.tf rename nullplatform/aws/{aws => cloud_providers}/providers.tf (71%) create mode 100644 nullplatform/aws/cloud_providers/variables.tf create mode 100644 nullplatform/workload/account/main.tf create mode 100644 nullplatform/workload/account/providers.tf create mode 100644 nullplatform/workload/account/variables.tf rename {modules/nullplatform/provider => nullplatform/workload}/asset/docker-server/main.tf (100%) rename nullplatform/{ => workload}/asset/docker-server/provider.tf (100%) rename nullplatform/{ => workload}/asset/docker-server/variables.tf (100%) rename {modules/nullplatform/provider/cloud/aws => nullplatform/workload/asset/ecr}/data.tf (56%) rename nullplatform/{aws/aws/iam-registry.tf => workload/asset/ecr/iam.tf} (100%) create mode 100644 nullplatform/workload/asset/ecr/main.tf create mode 100644 nullplatform/workload/asset/ecr/providers.tf create mode 100644 nullplatform/workload/asset/ecr/variables.tf rename nullplatform/{ => workload}/code_repository/locals.tf (100%) rename nullplatform/{ => workload}/code_repository/main.tf (100%) rename nullplatform/{ => workload}/code_repository/provider.tf (100%) rename nullplatform/{ => workload}/code_repository/variables.tf (100%) rename {modules/nullplatform => nullplatform/workload}/dimensions/main.tf (99%) create mode 100644 nullplatform/workload/dimensions/providers.tf create mode 100644 nullplatform/workload/dimensions/variables.tf delete mode 100644 v2/foundations/aws/alb-controller/iam.tf delete mode 100644 v2/foundations/aws/alb-controller/locals.tf delete mode 100644 v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml delete mode 100644 v2/foundations/aws/alb-controller/variables.tf delete mode 100644 v2/foundations/aws/backend/main.tf delete mode 100644 v2/foundations/aws/backend/variables.tf delete mode 100644 v2/foundations/aws/eks/main.tf delete mode 100644 v2/foundations/aws/eks/variables.tf delete mode 100644 v2/foundations/aws/route53/main.tf delete mode 100644 v2/foundations/aws/route53/output.tf delete mode 100644 v2/foundations/aws/route53/varaibles.tf delete mode 100644 v2/foundations/aws/vpc/main.tf delete mode 100644 v2/foundations/aws/vpc/variables.tf delete mode 100644 v2/foundations/azure/acr/README.md delete mode 100644 v2/foundations/azure/acr/datasource.tf delete mode 100644 v2/foundations/azure/acr/main.tf delete mode 100644 v2/foundations/azure/acr/output.tf delete mode 100644 v2/foundations/azure/acr/provider.tf delete mode 100644 v2/foundations/azure/acr/variables.tf delete mode 100644 v2/foundations/azure/dns/README.md delete mode 100644 v2/foundations/azure/dns/main.tf delete mode 100644 v2/foundations/azure/dns/output.tf delete mode 100644 v2/foundations/azure/dns/provider.tf delete mode 100644 v2/foundations/azure/dns/variables.tf delete mode 100644 v2/foundations/azure/resource_group/README.md delete mode 100644 v2/foundations/azure/resource_group/main.tf delete mode 100644 v2/foundations/azure/resource_group/output.tf delete mode 100644 v2/foundations/azure/resource_group/provider.tf delete mode 100644 v2/foundations/azure/resource_group/variable.tf delete mode 100644 v2/foundations/azure/vnet/README.md delete mode 100644 v2/foundations/azure/vnet/main.tf delete mode 100644 v2/foundations/azure/vnet/output.tf delete mode 100644 v2/foundations/azure/vnet/provider.tf delete mode 100644 v2/foundations/azure/vnet/variables.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/README.md b/examples/aws/nullplatform-with-infraestructure/README.md similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/README.md rename to examples/aws/nullplatform-with-infraestructure/README.md diff --git a/v2/examples/aws/nullplatform-with-infraestructure/backend.tf b/examples/aws/nullplatform-with-infraestructure/backend.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/backend.tf rename to examples/aws/nullplatform-with-infraestructure/backend.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/main.tf b/examples/aws/nullplatform-with-infraestructure/main.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/main.tf rename to examples/aws/nullplatform-with-infraestructure/main.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/providers.tf b/examples/aws/nullplatform-with-infraestructure/providers.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/providers.tf rename to examples/aws/nullplatform-with-infraestructure/providers.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/variables.tf b/examples/aws/nullplatform-with-infraestructure/variables.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/variables.tf rename to examples/aws/nullplatform-with-infraestructure/variables.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/README.md b/examples/aws/nullplatform-without-infraestructure/README.md similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/README.md rename to examples/aws/nullplatform-without-infraestructure/README.md diff --git a/v2/examples/aws/nullplatform-without-infraestructure/backend.tf b/examples/aws/nullplatform-without-infraestructure/backend.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/backend.tf rename to examples/aws/nullplatform-without-infraestructure/backend.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/data.tf b/examples/aws/nullplatform-without-infraestructure/data.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/data.tf rename to examples/aws/nullplatform-without-infraestructure/data.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/main.tf b/examples/aws/nullplatform-without-infraestructure/main.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/main.tf rename to examples/aws/nullplatform-without-infraestructure/main.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/providers.tf b/examples/aws/nullplatform-without-infraestructure/providers.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/providers.tf rename to examples/aws/nullplatform-without-infraestructure/providers.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/variables.tf b/examples/aws/nullplatform-without-infraestructure/variables.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/variables.tf rename to examples/aws/nullplatform-without-infraestructure/variables.tf diff --git a/v2/foundations/aws/acm/main.tf b/infrastructure/aws/acm/main.tf similarity index 100% rename from v2/foundations/aws/acm/main.tf rename to infrastructure/aws/acm/main.tf diff --git a/v2/foundations/aws/acm/output.tf b/infrastructure/aws/acm/output.tf similarity index 100% rename from v2/foundations/aws/acm/output.tf rename to infrastructure/aws/acm/output.tf diff --git a/v2/foundations/aws/acm/providers.tf b/infrastructure/aws/acm/providers.tf similarity index 100% rename from v2/foundations/aws/acm/providers.tf rename to infrastructure/aws/acm/providers.tf diff --git a/v2/foundations/aws/acm/variables.tf b/infrastructure/aws/acm/variables.tf similarity index 100% rename from v2/foundations/aws/acm/variables.tf rename to infrastructure/aws/acm/variables.tf diff --git a/infrastructure/aws/alb-controller/README.md b/infrastructure/aws/alb-controller/README.md deleted file mode 100644 index 14412b5..0000000 --- a/infrastructure/aws/alb-controller/README.md +++ /dev/null @@ -1,37 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | ~> 6.0 | -| [helm](#requirement\_helm) | ~> 3.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 6.0 | -| [helm](#provider\_helm) | ~> 3.0 | -| [kubernetes](#provider\_kubernetes) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [aws-load-balancer-controller-role](#module\_aws-load-balancer-controller-role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_service_account.aws-load-balancer-controller-sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws-load-balancer-controller-version](#input\_aws-load-balancer-controller-version) | Version of the AWS Load Balancer Controller Helm chart | `string` | `"1.13.4"` | no | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID where load balancers controller will be deployed | `string` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/data.tf b/infrastructure/aws/alb-controller/data.tf deleted file mode 100644 index 6a9c21f..0000000 --- a/infrastructure/aws/alb-controller/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "this" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "this" { - url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer -} diff --git a/infrastructure/aws/alb-controller/iam.tf b/infrastructure/aws/alb-controller/iam.tf index e13e4d3..921374d 100644 --- a/infrastructure/aws/alb-controller/iam.tf +++ b/infrastructure/aws/alb-controller/iam.tf @@ -1,11 +1,12 @@ module "aws-load-balancer-controller-role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + version = "~> 6.0" name = "AWSLoadBalancerControllerIAMRole" attach_load_balancer_controller_policy = true use_name_prefix = false oidc_providers = { main = { - provider_arn = data.aws_iam_openid_connect_provider.this.arn + provider_arn = var.aws_iam_openid_connect_provider namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] } } diff --git a/infrastructure/aws/alb-controller/variables.tf b/infrastructure/aws/alb-controller/variables.tf index 9fb8678..0d7bc8c 100644 --- a/infrastructure/aws/alb-controller/variables.tf +++ b/infrastructure/aws/alb-controller/variables.tf @@ -12,4 +12,8 @@ variable "aws-load-balancer-controller-version" { description = "Version of the AWS Load Balancer Controller Helm chart" type = string default = "1.13.4" +} + +variable "aws_iam_openid_connect_provider" { + } \ No newline at end of file diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md deleted file mode 100644 index 88ae979..0000000 --- a/infrastructure/aws/backend/README.md +++ /dev/null @@ -1,26 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | -| [random](#provider\_random) | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket.tf_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_object_lock_configuration.tf_state_lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration) | resource | -| [aws_s3_bucket_server_side_encryption_configuration.tf_state_sse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | -| [aws_s3_bucket_versioning.tf_state_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | -| [random_id.bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | - \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/providers.tf b/infrastructure/aws/backend/providers.tf similarity index 100% rename from v2/foundations/aws/alb-controller/providers.tf rename to infrastructure/aws/backend/providers.tf diff --git a/infrastructure/aws/eks/.terraform.lock.hcl b/infrastructure/aws/eks/.terraform.lock.hcl deleted file mode 100644 index 09e5731..0000000 --- a/infrastructure/aws/eks/.terraform.lock.hcl +++ /dev/null @@ -1,108 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "6.14.1" - constraints = ">= 6.0.0, ~> 6.0, >= 6.13.0" - hashes = [ - "h1:kNLipUFeEDetI/ugpLTIfVon0DmbuRSIgVA27VwFnZo=", - "zh:15855cecc8d93d1429817d747e9e7a22b316809d54b7319f00444c65143d50f4", - "zh:53968b11ab8e43624a87bdcabd9898c45e510bffd0737d473af3b9f7cbe2095a", - "zh:65b42d6ec7e93c3dd7ab0b893fe78ee23f994ed656815d8e627d5385a8a813da", - "zh:83360386f071f3f84837a1a39a714e28ca2d75e29bd19cef1fd484c1620b823b", - "zh:841cb6d9f474abcee762b29a6c105d7b3e0e2a7f31dc266f8501ff311be677c4", - "zh:b0204c9542a55dc070d4f960cb8249d4b84383ecdeab8129021c6282161ff3b6", - "zh:cff4954e05c3c7480ae7dffd0463848c07af4aa7240ca3df4e2a0f4832acb57d", - "zh:d2fc484e880da5e40dce1ca1c6e85033c777b9c96eb670a0fa07497c6dd2ccde", - "zh:f603f7a23877c13004730ac87e51acf2642c4f3fdadc194a1dbbb30630d44da0", - ] -} - -provider "registry.opentofu.org/hashicorp/cloudinit" { - version = "2.3.7" - constraints = ">= 2.0.0" - hashes = [ - "h1:El6cBCCiCPGwJsSSN0Z+EUWatjI45hie+kIDnTegV9A=", - "zh:2d48b8452eae9bac2e62273e8f535f73694d8cb05ea38f4b27ee735dcc38eed4", - "zh:4add11b87e48d0e6ecd19243a06ecfc42fc07d0a3748fe568c2971d5f4767486", - "zh:4c9c4e3319cf3328595ea2d68eba7c604325fbcba38cd443e39e982b0b4e29f2", - "zh:503dd83a05b0421ecbcb140d5fdbe3a6b82f163495a82587a1390cf66d7a27be", - "zh:7dd34de7e68036dbbb70c249968a2a10bccba1cb92d3b4dccbc0eb65a3fc58ea", - "zh:a4d7b4480d38446b8da96ce4ecbc2e5a081c4ddc3da2bad97d7b228821b77895", - "zh:bdec6329c3d2d5f034080d9cd6f9a15a2c052faacd716f981e247b48e6845c01", - "zh:e1519544ae3f67196d144e18c21ad681dc29da3133a537ffdd5c2c6271b8db0c", - "zh:e58cd6b05ed51a6fa072e5de2208ba36a58557c3fb414d50c42b3d40a11366b7", - "zh:fafc4a49c297516f2a40490f9a7e6d2b437d77a94330797d4eead178c987ccb5", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.38.0" - constraints = "~> 2.0" - hashes = [ - "h1:ems+O2dA7atxMWpbtqIrsH7Oa+u+ERWSfpMaFnZPbh0=", - "zh:1096b41c4e5b2ee6c1980916fb9a8579bc1892071396f7a9432be058aabf3cbc", - "zh:2959fde9ae3d1deb5e317df0d7b02ea4977951ee6b9c4beb083c148ca8f3681c", - "zh:5082f98fcb3389c73339365f7df39fc6912bf2bd1a46d5f97778f441a67fd337", - "zh:620fd5d0fbc2d7a24ac6b420a4922e6093020358162a62fa8cbd37b2bac1d22e", - "zh:7f47c2de179bba35d759147c53082cad6c3449d19b0ec0c5a4ca8db5b06393e1", - "zh:89c3aa2a87e29febf100fd21cead34f9a4c0e6e7ae5f383b5cef815c677eb52a", - "zh:96eecc9f94938a0bc35b8a63d2c4a5f972395e44206620db06760b730d0471fc", - "zh:e15567c1095f898af173c281b66bffdc4f3068afdd9f84bb5b5b5521d9f29584", - "zh:ecc6b912629734a9a41a7cf1c4c73fb13b4b510afc9e7b2e0011d290bcd6d77f", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = ">= 3.0.0" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} - -provider "registry.opentofu.org/hashicorp/time" { - version = "0.13.1" - constraints = ">= 0.9.0" - hashes = [ - "h1:3X1jTAlLJV6G9AylC+BgX7WrKFcZYHqA+Z4JwB+v7as=", - "zh:10f32af8b544a039f19abd546e345d056a55cb7bdd69d5bbd7322cbc86883848", - "zh:35dd5beb34a9f73de8d0fed332814c69acae69397c9c065ce63ccd8315442bef", - "zh:56545d1dd5f2e7262e0c0c124264974229ec9cc234d0d7a0e36e14b869590f4a", - "zh:8d7259c3f819fd3470ff933c904b6a549502a8351feb1b5c040a4560decaf7e0", - "zh:a40f26878826b142e26fe193f7e3e14fc97f615cd6af140e88ce5bc25f3fcf50", - "zh:b2e82f25fecff172a9a9e24ea37d37e4fc630ee9245617cb40b10e66a6b979c8", - "zh:d4b699850a40ed07ef83c6b827605d24050b2732646ee017bda278e4ddf01c91", - "zh:e4e6a5e5614b6a54557400aabb748ebd57e947cdbd21ad1c7602c51368a80559", - "zh:eb78fb97bca22931e730487a20a90f5a6221ddfb3138aaf070737ea2b7c9c885", - "zh:faba366a1352ee679bba2a5b09c073c6854721db94b191d49b620b60946a065f", - ] -} - -provider "registry.opentofu.org/hashicorp/tls" { - version = "4.1.0" - constraints = ">= 4.0.0" - hashes = [ - "h1:yNZuPWUgw6Ik2huf9lhsuCGONWo2rsY1MfeceT0BQpw=", - "zh:187a99f0d236fd92da224e2f026c4ca8f1dcbf2b5cddc8e6896801bacfab0d73", - "zh:61a32a01cc46f382014dcf7aff5bcac61fe97bd69d3ccb51c801e9437ecdb9ce", - "zh:683ba18baa2cc336ff83f061b5e4569e2cd7c4a097b53a2d80bb0a26be2fc59a", - "zh:85c7640ea13dcf5ae5f7f3abbf2f21e4b93ce7f333ffee5b4a6acd6b5fe71223", - "zh:882f2c5214fd6d280a500acfd560925a71030ef70e10d11fa2b94815b58ae9b6", - "zh:97cb5e0b81b8687870a6b8a16e9a9cfe546e2fdb7534bdd8302eda0d66393f78", - "zh:c0a0110b15ce45140036fe5bf5a44cb822c2f55b30ff2770faf37d7c3cae3b5e", - "zh:d98c1c63fd0c76704fd7be38c316c305a2c95f3215330f2fb1e6b0b7081bf8e9", - "zh:e703a7adf220ac436f8ebfd06529de865b965fcfc461c7ef7b71afa0de04c8e9", - "zh:e93e241150cd438a0708679cb4aa7976742fde02f4c1725cfdefc405c4eeca1a", - ] -} diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md deleted file mode 100644 index 6f1ad6f..0000000 --- a/infrastructure/aws/eks/README.md +++ /dev/null @@ -1,26 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 21.0 | - -## Resources - -| Name | Type | -|------|------| - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/eks/data.tf b/infrastructure/aws/eks/data.tf deleted file mode 100644 index ae68c9d..0000000 --- a/infrastructure/aws/eks/data.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_subnets" "private" { - filter { - name = "vpc-id" - values = [data.aws_vpc.vpc.id] - } - - filter { - name = "tag:Name" - values = ["*private*"] - } -} - -data "aws_vpc" "vpc" { - id = var.vpc_id -} \ No newline at end of file diff --git a/infrastructure/aws/eks/main.tf b/infrastructure/aws/eks/main.tf index 3748540..60ca228 100644 --- a/infrastructure/aws/eks/main.tf +++ b/infrastructure/aws/eks/main.tf @@ -2,8 +2,10 @@ module "eks" { source = "terraform-aws-modules/eks/aws" version = "~> 21.0" - name = "natura-cluster-01" - kubernetes_version = "1.33" + name = var.name + kubernetes_version = var.kubernetes_version + + create_cloudwatch_log_group = false addons = { coredns = {} @@ -22,16 +24,16 @@ module "eks" { # Optional: Adds the current caller identity as an administrator via cluster access entry enable_cluster_creator_admin_permissions = true - vpc_id = data.aws_vpc.vpc.id - subnet_ids = data.aws_subnets.private.ids - control_plane_subnet_ids = data.aws_subnets.private.ids + vpc_id = var.aws_vpc_vpc_id + subnet_ids = var.aws_subnets_private_ids + control_plane_subnet_ids = var.aws_subnets_private_ids # EKS Managed Node Group(s) eks_managed_node_groups = { - example = { + nullplatform = { # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups - ami_type = "AL2023_x86_64_STANDARD" - instance_types = ["t3.medium"] + ami_type = var.ami_type + instance_types = [var.instance_types] min_size = 2 max_size = 10 diff --git a/v2/foundations/aws/eks/output.tf b/infrastructure/aws/eks/output.tf similarity index 100% rename from v2/foundations/aws/eks/output.tf rename to infrastructure/aws/eks/output.tf diff --git a/v2/foundations/aws/backend/providers.tf b/infrastructure/aws/eks/providers.tf similarity index 100% rename from v2/foundations/aws/backend/providers.tf rename to infrastructure/aws/eks/providers.tf diff --git a/infrastructure/aws/eks/variables.tf b/infrastructure/aws/eks/variables.tf index 2c7c73a..2c41762 100644 --- a/infrastructure/aws/eks/variables.tf +++ b/infrastructure/aws/eks/variables.tf @@ -1,4 +1,25 @@ -variable "vpc_id" { - type = string - description = "A account name" -} \ No newline at end of file +variable "name" { + type = string + description = "A name of cluster" +} + +variable "ami_type" { + type = string + description = "The ami type to use with node" + default = "AL2023_x86_64_STANDARD" +} + +variable "instance_types" { + type = string + description = "The instance type to use" + default = "t3.medium" +} + +variable "kubernetes_version" { + type = string + description = "The version of K8s to use" + default = "1.32" +} + +variable "aws_vpc_vpc_id" {} +variable "aws_subnets_private_ids" {} \ No newline at end of file diff --git a/nullplatform/aws/aws/main.tf b/infrastructure/aws/ingress/main.tf similarity index 58% rename from nullplatform/aws/aws/main.tf rename to infrastructure/aws/ingress/main.tf index 7258e48..3e154d3 100644 --- a/nullplatform/aws/aws/main.tf +++ b/infrastructure/aws/ingress/main.tf @@ -1,62 +1,3 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - iam = { - #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn - } - account = { - id = data.aws_caller_identity.current.id - region = data.aws_region.current.region - } - networking = { - application_domain = false - domain_name = var.domain_name - hosted_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : data.aws_region.current.region, - "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id - "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret - }, - "setup" : { - "region" : data.aws_region.current.region, - "role_arn" : aws_iam_role.nullplatform_application_role.arn - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "github" { - nrn = replace(var.nrn, ":namespace=.*$", "") - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id - }, - } - ) -} - resource "kubernetes_ingress_v1" "internal" { metadata { name = "initial-ingress-setup-internal" @@ -151,17 +92,4 @@ resource "kubernetes_ingress_v1" "public" { } } } -} - -resource "nullplatform_dimension" "environment" { - name = "Environment" - order = 1 - nrn = var.nrn -} - -resource "nullplatform_dimension_value" "environment_value" { - for_each = toset(var.environments) - dimension_id = nullplatform_dimension.environment.id - name = each.value - nrn = var.nrn -} +} \ No newline at end of file diff --git a/infrastructure/aws/ingress/variables.tf b/infrastructure/aws/ingress/variables.tf new file mode 100644 index 0000000..48498d8 --- /dev/null +++ b/infrastructure/aws/ingress/variables.tf @@ -0,0 +1,4 @@ +variable "certificate_arn" { + description = "ARN of the SSL/TLS certificate for the network configuration" + type = string +} \ No newline at end of file diff --git a/infrastructure/aws/route53/README.md b/infrastructure/aws/route53/README.md deleted file mode 100644 index d62952d..0000000 --- a/infrastructure/aws/route53/README.md +++ /dev/null @@ -1,32 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_route53_zone.public_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | n/a | `any` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | n/a | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_zone\_id](#output\_private\_zone\_id) | The ID of the Private Route 53 Hosted Zone | -| [private\_zone\_name](#output\_private\_zone\_name) | The domain name of the Private Route 53 Hosted Zone | -| [public\_zone\_id](#output\_public\_zone\_id) | The ID of the Public Route 53 Hosted Zone | -| [public\_zone\_name](#output\_public\_zone\_name) | The domain name of the Public Route 53 Hosted Zone | - \ No newline at end of file diff --git a/infrastructure/aws/route53/main.tf b/infrastructure/aws/route53/main.tf index 711ca7c..578fb7f 100644 --- a/infrastructure/aws/route53/main.tf +++ b/infrastructure/aws/route53/main.tf @@ -8,3 +8,10 @@ resource "aws_route53_zone" "private_zone" { vpc_id = var.vpc_id } } + +module "aws_route53_acm" { + source = "../acm" + domain_name = var.domain_name + zone_id = aws_route53_zone.public_zone.id + subject_alternative_names = [] +} diff --git a/v2/foundations/aws/route53/providers.tf b/infrastructure/aws/route53/providers.tf similarity index 100% rename from v2/foundations/aws/route53/providers.tf rename to infrastructure/aws/route53/providers.tf diff --git a/infrastructure/aws/route53/varaibles.tf b/infrastructure/aws/route53/varaibles.tf index 06fb377..ecf2671 100644 --- a/infrastructure/aws/route53/varaibles.tf +++ b/infrastructure/aws/route53/varaibles.tf @@ -1,2 +1,8 @@ -variable "vpc_id" {} -variable "domain_name" {} \ No newline at end of file +variable "vpc_id" { + type = string + description = "The VPC id" +} +variable "domain_name" { + type = string + description = "The domains to project" +} \ No newline at end of file diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md deleted file mode 100644 index ba83de6..0000000 --- a/infrastructure/aws/vpc/README.md +++ /dev/null @@ -1,17 +0,0 @@ - - - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | The environment name | `string` | n/a | yes | -| [organization](#input\_organization) | A organization name | `string` | n/a | yes | -| [vpc](#input\_vpc) | A VPC with public and private subnets | `any` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/vpc/main.tf b/infrastructure/aws/vpc/main.tf index 719c08c..25aefde 100644 --- a/infrastructure/aws/vpc/main.tf +++ b/infrastructure/aws/vpc/main.tf @@ -1,14 +1,15 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" + version = "~> 6.0" - name = "${var.organization}-${var.environment}" - cidr = var.vpc["cidr"] + name = "${var.organization}-${var.account}" + cidr = var.vpc.cidr_block enable_dns_hostnames = true - azs = var.vpc["azs"] - private_subnets = var.vpc["private_subnets"] - public_subnets = var.vpc["public_subnets"] + azs = var.vpc.azs + private_subnets = var.vpc.private_subnets + public_subnets = var.vpc.public_subnets enable_nat_gateway = true single_nat_gateway = true diff --git a/v2/foundations/aws/vpc/output.tf b/infrastructure/aws/vpc/output.tf similarity index 100% rename from v2/foundations/aws/vpc/output.tf rename to infrastructure/aws/vpc/output.tf diff --git a/v2/foundations/aws/vpc/providers.tf b/infrastructure/aws/vpc/providers.tf similarity index 100% rename from v2/foundations/aws/vpc/providers.tf rename to infrastructure/aws/vpc/providers.tf diff --git a/infrastructure/aws/vpc/variables.tf b/infrastructure/aws/vpc/variables.tf index 1fec053..326fae6 100644 --- a/infrastructure/aws/vpc/variables.tf +++ b/infrastructure/aws/vpc/variables.tf @@ -1,20 +1,19 @@ variable "vpc" { - description = "A VPC with public and private subnets" + description = "Configuraciรณn de la VPC" + type = object({ + cidr_block = string + azs = list(string) + private_subnets = list(string) + public_subnets = list(string) + }) } -# Parรกmetros VPC -# vpc = { -# azs = ["us-west-2a", "us-west-2b", "us-west-2c"] -# cidr = "172.16.0.0/16" -# public_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] -# private_subnets = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24"] -# } variable "organization" { type = string description = "A organization name" } -variable "environment" { +variable "account" { type = string - description = "The environment name" + description = "The account name" } \ No newline at end of file diff --git a/modules/README.md b/modules/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/aws/acm/README.md b/modules/aws/acm/README.md deleted file mode 100644 index f7a1027..0000000 --- a/modules/aws/acm/README.md +++ /dev/null @@ -1,37 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_acm_certificate.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | -| [aws_acm_certificate_validation.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource | -| [aws_route53_record.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account](#input\_account) | nullplatform default account slug | `string` | n/a | yes | -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [organization](#input\_organization) | nullplatform organization slug | `string` | n/a | yes | -| [zone\_id](#input\_zone\_id) | Route53 Zone ID where certificate will be validated | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | The ARN of the ACM certificate | -| [acm\_certificate\_domain\_name](#output\_acm\_certificate\_domain\_name) | The domain name for which the ACM certificate is issued | diff --git a/modules/aws/acm/backend.tf b/modules/aws/acm/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/acm/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/acm/main.tf b/modules/aws/acm/main.tf deleted file mode 100644 index 920c701..0000000 --- a/modules/aws/acm/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -resource "aws_acm_certificate" "cert" { - provider = aws - domain_name = "*.${var.domain_name}" - validation_method = "DNS" - - subject_alternative_names = [ - "*.${var.account}.${var.domain_name}" - ] - - lifecycle { - create_before_destroy = true - } - - tags = { - organization = var.organization - account = var.account - name = "${var.domain_name} Certificate" - } -} - -# DNS validation records -resource "aws_route53_record" "cert_validation" { - provider = aws - for_each = { - for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => { - name = dvo.resource_record_name - type = dvo.resource_record_type - value = dvo.resource_record_value - } - } - zone_id = var.zone_id - name = each.value.name - type = each.value.type - ttl = 300 - records = [each.value.value] -} - -resource "aws_acm_certificate_validation" "cert_validation" { - provider = aws - certificate_arn = aws_acm_certificate.cert.arn - validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] -} diff --git a/modules/aws/acm/output.tf b/modules/aws/acm/output.tf deleted file mode 100644 index 2824778..0000000 --- a/modules/aws/acm/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "acm_certificate_arn" { - description = "The ARN of the ACM certificate" - value = aws_acm_certificate.cert.arn -} - -output "acm_certificate_domain_name" { - description = "The domain name for which the ACM certificate is issued" - value = aws_acm_certificate.cert.domain_name -} diff --git a/modules/aws/acm/variables.tf b/modules/aws/acm/variables.tf deleted file mode 100644 index 988c7a8..0000000 --- a/modules/aws/acm/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "zone_id" { - description = "Route53 Zone ID where certificate will be validated" - type = string -} - -variable "domain_name" { - type = string -} - -variable "organization" { - type = string - description = "nullplatform organization slug" -} - -variable "account" { - type = string - description = "nullplatform default account slug" -} diff --git a/modules/aws/alb/.terraform.lock.hcl b/modules/aws/alb/.terraform.lock.hcl deleted file mode 100644 index 3904efc..0000000 --- a/modules/aws/alb/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.87.0" - hashes = [ - "h1:EDxEPPJt3z1s7LPaTfW4skOwStwIKUa4pRvY1U7fb9U=", - "zh:0ff0c91bcb9432ea0ae34f0f05e2bcb27d13e416b055b27dd1839277e7828dab", - "zh:170c075f97104cb40d88e701f3c9eae4dab08f078f6242d23792059db0a9d290", - "zh:49fdaac4023d445827577c036931e4bce1d8cbe9b41356beafe350a2259abd38", - "zh:5ed588793045b865d9bd7a867d25b2d1a815bcd3c318f46268dcdeb518345191", - "zh:6716747fedd73acdacaf6374ad9ca633a211a530da249086f6fb6af3fe9155fa", - "zh:8dae238b36bb4888baa6053b056c5c35382aa946dbbe00022ad9f59d461ba7c6", - "zh:9dcad763c2e7e6b0999044eebbca347a3fcc3e28778fa99f74cc25316d4ea723", - "zh:a86ca3a4f3ce991c7ab9906989ed9f352a3b9b34febb7a82b39fc2b6f12a58f5", - "zh:b964f15192fc89c12510f81bb6980bac19ae39138cdee727b5320757bcefff89", - "zh:cca503c8a46df411dcc482b3d352b522de44fcadfec35611bb7658bcdd785c43", - ] -} diff --git a/modules/aws/alb/balancer.tf b/modules/aws/alb/balancer.tf deleted file mode 100644 index 07b4e2c..0000000 --- a/modules/aws/alb/balancer.tf +++ /dev/null @@ -1,73 +0,0 @@ -resource "aws_lb" "null-main-balancer" { - name = substr("null-main-balancer-${var.suffix}", 0, 32) - internal = false - load_balancer_type = "application" - security_groups = [aws_security_group.null-main-balancer.id] - subnets = var.public_subnet_ids -} - - -resource "aws_lb_target_group" "default_target_group" { - name = "default-${var.suffix}-tg" - port = 80 - protocol = "HTTP" - vpc_id = var.vpc_id - health_check { - path = "/health" - protocol = "HTTP" - } -} - -resource "aws_lb_listener" "null-main-listener-http" { - load_balancer_arn = aws_lb.null-main-balancer.arn - port = "80" - protocol = "HTTP" - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group.arn - } -} - -resource "aws_lb_listener" "null-main-listener-https" { - load_balancer_arn = aws_lb.null-main-balancer.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" - certificate_arn = var.certificate_arn - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group.arn - } -} - -resource "aws_lb" "null-main-balancer-internal" { - name = substr("null-main-balancer-internal-${var.suffix}", 0, 32) - internal = true - load_balancer_type = "application" - security_groups = [aws_security_group.null-main-balancer.id] - subnets = var.private_subnet_ids -} -resource "aws_lb_listener" "null-main-internal-listener-https" { - load_balancer_arn = aws_lb.null-main-balancer-internal.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" - certificate_arn = var.certificate_arn - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group_internal.arn - } -} - -resource "aws_lb_target_group" "default_target_group_internal" { - name = "default-internal-${var.suffix}-tg" - port = 80 - protocol = "HTTP" - vpc_id = var.vpc_id - health_check { - path = "/health" - protocol = "HTTP" - } -} - diff --git a/modules/aws/alb/outputs.tf b/modules/aws/alb/outputs.tf deleted file mode 100644 index a700b2a..0000000 --- a/modules/aws/alb/outputs.tf +++ /dev/null @@ -1,21 +0,0 @@ -output "security_group_ids" { - description = "A list of SGs to attach to ec2 or lambda" - value = [aws_security_group.http-instance.id] -} -output "private_load_balancer_arn" { - description = "The private LB arn" - value = aws_lb.null-main-balancer-internal.arn -} -output "private_load_balancer_listener_arn" { - description = "The private LB Listener arn" - value = aws_lb_listener.null-main-internal-listener-https.arn -} -output "public_load_balancer_arn" { - description = "The public LB arn" - value = aws_lb.null-main-balancer.arn - -} -output "public_load_balancer_listener_arn" { - description = "The public LB listener arn" - value = aws_lb_listener.null-main-listener-https.arn -} diff --git a/modules/aws/alb/security-groups.tf b/modules/aws/alb/security-groups.tf deleted file mode 100644 index 99c909d..0000000 --- a/modules/aws/alb/security-groups.tf +++ /dev/null @@ -1,75 +0,0 @@ -resource "aws_security_group" "null-main-balancer" { - vpc_id = var.vpc_id - - tags = { - Name = "load_balancer" - } -} - -resource "aws_vpc_security_group_ingress_rule" "allow_lb_https" { - security_group_id = aws_security_group.null-main-balancer.id - cidr_ipv4 = "0.0.0.0/0" - from_port = 443 - ip_protocol = "tcp" - to_port = 443 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_lb_http" { - security_group_id = aws_security_group.null-main-balancer.id - cidr_ipv4 = "0.0.0.0/0" - from_port = 80 - ip_protocol = "tcp" - to_port = 80 -} - -resource "aws_vpc_security_group_egress_rule" "allow_lb_all" { - security_group_id = aws_security_group.null-main-balancer.id - - cidr_ipv4 = "0.0.0.0/0" - from_port = -1 - ip_protocol = -1 - to_port = -1 -} - -resource "aws_security_group" "http-instance" { - vpc_id = var.vpc_id - - //If you do not add this rule, you can not reach the NGIX - tags = { - Name = "http-instance" - } -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_http" { - security_group_id = aws_security_group.http-instance.id - referenced_security_group_id = aws_security_group.null-main-balancer.id - from_port = 80 - ip_protocol = "tcp" - to_port = 80 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_http_default_null" { - security_group_id = aws_security_group.http-instance.id - cidr_ipv4 = var.vpc_cidr - from_port = 8080 - ip_protocol = "tcp" - to_port = 8080 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_ssh" { - security_group_id = aws_security_group.http-instance.id - cidr_ipv4 = var.vpc_cidr - from_port = 22 - ip_protocol = "tcp" - to_port = 22 -} - -resource "aws_vpc_security_group_egress_rule" "allow_instance_all" { - security_group_id = aws_security_group.http-instance.id - - cidr_ipv4 = "0.0.0.0/0" - from_port = -1 - ip_protocol = -1 - to_port = -1 -} - diff --git a/modules/aws/alb/variables.tf b/modules/aws/alb/variables.tf deleted file mode 100644 index eab05f1..0000000 --- a/modules/aws/alb/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "certificate_arn" { - type = string - description = "The certificate arn to use with the LB" -} - -variable "vpc_id" { - type = string - description = "The VPC id where the load balancer will be deployed" -} - -variable "vpc_cidr" { - type = string - description = "The VPC cidr used for the whole setup" -} - -variable "public_subnet_ids" { - type = list(string) - description = "List of public subnet ids to associate to the LB" -} - -variable "private_subnet_ids" { - type = list(string) - description = "List of public subnet ids to associate to the LB" -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} - diff --git a/modules/aws/bucket/README.md b/modules/aws/bucket/README.md deleted file mode 100644 index 69ba628..0000000 --- a/modules/aws/bucket/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | the bucket name | `string` | n/a | yes | -| [namespace](#input\_namespace) | nullplatform namespace slug | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [bucket\_arn](#output\_bucket\_arn) | bucket arn | -| [bucket\_id](#output\_bucket\_id) | bucket id | diff --git a/modules/aws/bucket/main.tf b/modules/aws/bucket/main.tf deleted file mode 100644 index d5c9628..0000000 --- a/modules/aws/bucket/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "aws_s3_bucket" "bucket" { - bucket = var.name - - force_destroy = true -} diff --git a/modules/aws/bucket/output.tf b/modules/aws/bucket/output.tf deleted file mode 100644 index aee4e69..0000000 --- a/modules/aws/bucket/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "bucket_arn" { - description = "bucket arn" - value = aws_s3_bucket.bucket.arn -} - -output "bucket_id" { - description = "bucket id" - value = aws_s3_bucket.bucket.id -} diff --git a/modules/aws/bucket/variables.tf b/modules/aws/bucket/variables.tf deleted file mode 100644 index a49b4ef..0000000 --- a/modules/aws/bucket/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "name" { - type = string - description = "the bucket name" -} diff --git a/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl b/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl deleted file mode 100644 index e176bcb..0000000 --- a/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} diff --git a/modules/aws/data/iam/eks/trusting/README.md b/modules/aws/data/iam/eks/trusting/README.md deleted file mode 100644 index 55ecf56..0000000 --- a/modules/aws/data/iam/eks/trusting/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_iam_openid_connect_provider.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster | `string` | n/a | yes | -| [namespace](#input\_namespace) | Kubernetes namespace for the Service account | `string` | n/a | yes | -| [service\_account\_name](#input\_service\_account\_name) | Service account name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [trusting](#output\_trusting) | n/a | diff --git a/modules/aws/data/iam/eks/trusting/data.tf b/modules/aws/data/iam/eks/trusting/data.tf deleted file mode 100644 index 845880a..0000000 --- a/modules/aws/data/iam/eks/trusting/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "eks" { - url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer -} \ No newline at end of file diff --git a/modules/aws/data/iam/eks/trusting/output.tf b/modules/aws/data/iam/eks/trusting/output.tf deleted file mode 100644 index 2c4ff89..0000000 --- a/modules/aws/data/iam/eks/trusting/output.tf +++ /dev/null @@ -1,20 +0,0 @@ -output "trusting" { - value = { - Version = "2012-10-17" - Statement = [ - { - Action = "sts:AssumeRoleWithWebIdentity" - Effect = "Allow" - Principal = { - Federated = data.aws_iam_openid_connect_provider.eks.arn - } - Condition = { - StringEquals = { - "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub" = "system:serviceaccount:${var.namespace}:${var.service_account_name}" - "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:aud" = "sts.amazonaws.com" - } - } - } - ] - } -} \ No newline at end of file diff --git a/modules/aws/data/iam/eks/trusting/variables.tf b/modules/aws/data/iam/eks/trusting/variables.tf deleted file mode 100644 index 0cbf0a0..0000000 --- a/modules/aws/data/iam/eks/trusting/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "cluster_name" { - description = "Name of the Kubernetes cluster" - type = string -} - -variable "namespace" { - description = "Kubernetes namespace for the Service account" - type = string -} - -variable "service_account_name" { - description = "Service account name" - type = string -} \ No newline at end of file diff --git a/modules/aws/eks/.terraform.lock.hcl b/modules/aws/eks/.terraform.lock.hcl deleted file mode 100644 index dbfbdd1..0000000 --- a/modules/aws/eks/.terraform.lock.hcl +++ /dev/null @@ -1,125 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.99.1" - constraints = ">= 4.0.0, >= 4.33.0, >= 4.57.0, >= 5.95.0, < 6.0.0" - hashes = [ - "h1:xgPyZArCfKVMy8sThzhb0IernbFy0fJGm897ztejZAQ=", - "zh:00b0a61c6d295300f0aa7a79a7d40e9f836164f1fff816d38324c148cd846887", - "zh:1ee9d5ccb67378704642db62113ac6c0d56d69408a9c1afb9a8e14b095fc0733", - "zh:2035977ed418dcb18290785c1eeb79b7133b39f718c470346e043ac48887ffc7", - "zh:67e3ca1bf7061900f81cf958d5c771a2fd6048c2b185bec7b27978349b173a90", - "zh:87fadbe5de7347ede72ad879ff8d8d9334103cd9aa4a321bb086bfac91654944", - "zh:901d170c457c2bff244a2282d9de595bdb3ebecc33a2034c5ce8aafbcff66db9", - "zh:92c07d6cf530679565b87934f9f98604652d787968cce6a3d24c148479b7e34b", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a7d4803b4c5ff17f029f8b270c91480442ece27cec7922c38548bcfea2ac2d26", - "zh:afda848da7993a07d29018ec25ab6feda652e01d4b22721da570ce4fcc005292", - "zh:baaf16c98b81bad070e0908f057a97108ecd6e8c9f754d7a79b18df4c8453279", - "zh:c3dd496c5014427599d6b6b1c14c7ebb09a15df78918ae0be935e7bfa83b894c", - "zh:e2b84c1d40b3f2c4b1d74bf170b9e932983b61bac0e6dab2e36f5057ddcc997f", - "zh:e49c92cb29c53b4573ed4d9c946486e6bcfc1b63f1aee0c79cc7626f3d9add03", - "zh:efae8e339c4b13f546e0f96c42eb95bf8347de22e941594849b12688574bf380", - ] -} - -provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.7" - constraints = ">= 2.0.0" - hashes = [ - "h1:M9TpQxKAE/hyOwytdX9MUNZw30HoD/OXqYIug5fkqH8=", - "zh:06f1c54e919425c3139f8aeb8fcf9bceca7e560d48c9f0c1e3bb0a8ad9d9da1e", - "zh:0e1e4cf6fd98b019e764c28586a386dc136129fef50af8c7165a067e7e4a31d5", - "zh:1871f4337c7c57287d4d67396f633d224b8938708b772abfc664d1f80bd67edd", - "zh:2b9269d91b742a71b2248439d5e9824f0447e6d261bfb86a8a88528609b136d1", - "zh:3d8ae039af21426072c66d6a59a467d51f2d9189b8198616888c1b7fc42addc7", - "zh:3ef4e2db5bcf3e2d915921adced43929214e0946a6fb11793085d9a48995ae01", - "zh:42ae54381147437c83cbb8790cc68935d71b6357728a154109d3220b1beb4dc9", - "zh:4496b362605ae4cbc9ef7995d102351e2fe311897586ffc7a4a262ccca0c782a", - "zh:652a2401257a12706d32842f66dac05a735693abcb3e6517d6b5e2573729ba13", - "zh:7406c30806f5979eaed5f50c548eced2ea18ea121e01801d2f0d4d87a04f6a14", - "zh:7848429fd5a5bcf35f6fee8487df0fb64b09ec071330f3ff240c0343fe2a5224", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.37.1" - constraints = ">= 2.10.0" - hashes = [ - "h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=", - "zh:0ed097413c7fc804479e325966886b405dc0b75ad2b4f54ce4df1d8e4802b397", - "zh:17dcf4a685a00d2d048671124e8a1a8e836b58ecd2ef628a1c666fe0ced2e598", - "zh:36891284e5bced57c438f12d0b27856b0d4b70b562bd200b01919a6a89545be9", - "zh:3e49d86b508e641ba122d1b0af24cdc4d8ffa2ec1b30022436fb1d7c6ba696ea", - "zh:40be623e116708bdcb0fac32989db43720f031c5fe9a4dc63395078185d24403", - "zh:44fc0ac3bc39e289b67f9dde7ee9fef29eb8192197e5e68fee69098573021722", - "zh:957aa451573bcde5d57f6f8338ea3139010c7f61fefe8f6a140a8c267f056511", - "zh:c55fd85b7e8acaac17e30670ac3574b88b3530820dd004bcd2a5daa8624a46e9", - "zh:c743f06843a1f5ecde2b8ef639f4d3db654a334ef248dee57261c719ea843f3a", - "zh:c93cc71c64b838d89522ac5fb60f68e0e1e7f2fc39db6b0ead7afd78795e79ed", - "zh:eda1163c2266905adc54bc78cc3e7b606a164fbc6b59be607db933b302015ccd", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.4" - constraints = ">= 3.0.0" - hashes = [ - "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=", - "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", - "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", - "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", - "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", - "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", - "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", - "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", - "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", - "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", - "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", - ] -} - -provider "registry.terraform.io/hashicorp/time" { - version = "0.13.1" - constraints = ">= 0.9.0" - hashes = [ - "h1:ZT5ppCNIModqk3iOkVt5my8b8yBHmDpl663JtXAIRqM=", - "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74", - "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f", - "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a", - "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328", - "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8", - "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b", - "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0", - "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d", - "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75", - "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "4.1.0" - constraints = ">= 3.0.0" - hashes = [ - "h1:zEv9tY1KR5vaLSyp2lkrucNJ+Vq3c+sTFK9GyQGLtFs=", - "zh:14c35d89307988c835a7f8e26f1b83ce771e5f9b41e407f86a644c0152089ac2", - "zh:2fb9fe7a8b5afdbd3e903acb6776ef1be3f2e587fb236a8c60f11a9fa165faa8", - "zh:35808142ef850c0c60dd93dc06b95c747720ed2c40c89031781165f0c2baa2fc", - "zh:35b5dc95bc75f0b3b9c5ce54d4d7600c1ebc96fbb8dfca174536e8bf103c8cdc", - "zh:38aa27c6a6c98f1712aa5cc30011884dc4b128b4073a4a27883374bfa3ec9fac", - "zh:51fb247e3a2e88f0047cb97bb9df7c228254a3b3021c5534e4563b4007e6f882", - "zh:62b981ce491e38d892ba6364d1d0cdaadcee37cc218590e07b310b1dfa34be2d", - "zh:bc8e47efc611924a79f947ce072a9ad698f311d4a60d0b4dfff6758c912b7298", - "zh:c149508bd131765d1bc085c75a870abb314ff5a6d7f5ac1035a8892d686b6297", - "zh:d38d40783503d278b63858978d40e07ac48123a2925e1a6b47e62179c046f87a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb07f708e3316615f6d218cec198504984c0ce7000b9f1eebff7516e384f4b54", - ] -} diff --git a/modules/aws/eks/README.md b/modules/aws/eks/README.md deleted file mode 100644 index 8401f7e..0000000 --- a/modules/aws/eks/README.md +++ /dev/null @@ -1,48 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.0 | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.nullplatform_metrics_eks_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster | `string` | n/a | yes | -| [private\_subnets](#input\_private\_subnets) | VPC Private Subnets which EKS cluster is deployed in | `list(any)` | n/a | yes | -| [scope\_manager\_role](#input\_scope\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | -| [telemetry\_manager\_role](#input\_telemetry\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID which EKS cluster is deployed in | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | -| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | -| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | -| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | -| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | -| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | -| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | -| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | diff --git a/modules/aws/eks/backend.tf b/modules/aws/eks/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/eks/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/eks/iam.tf b/modules/aws/eks/iam.tf deleted file mode 100644 index c80c10b..0000000 --- a/modules/aws/eks/iam.tf +++ /dev/null @@ -1,144 +0,0 @@ -resource "aws_iam_policy" "nullplatform_metrics_eks_policy" { - provider = aws - name = "nullplatform-eks-cw-api-policy" - description = "Policy for managing CloudWatch metrics and logs from Kubernetes" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "ec2:DescribeInstances", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "logs:Describe*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "logs:FilterLogEvents" - ], - Resource = "*" - } - ] - }) -} - -resource "aws_iam_policy" "ebs_csi_policy" { - name = "ebs-csi-policy" - description = "Policy for EBS CSI driver" - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "ec2:CreateSnapshot", - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:ModifyVolume", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateTags" - ] - Resource = [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - Condition = { - StringEquals = { - "ec2:CreateAction" = [ - "CreateVolume", - "CreateSnapshot" - ] - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteTags" - ] - Resource = [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "aws:RequestTag/ebs.csi.aws.com/cluster" : "true" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "aws:RequestTag/CSIVolumeName" : "*" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "ec2:ResourceTag/CSIVolumeName" : "*" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "ec2:ResourceTag/ebs.csi.aws.com/cluster" : "true" - } - } - } - ] - }) -} - -module "ebs_csi_irsa" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.0" - - role_name_prefix = "ebs-csi-" - attach_ebs_csi_policy = true - - oidc_providers = { - main = { - provider_arn = module.eks.oidc_provider_arn - namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] - } - } - role_permissions_boundary_arn = var.iam_role_permissions_boundary -} diff --git a/modules/aws/eks/main.tf b/modules/aws/eks/main.tf deleted file mode 100644 index 7825d50..0000000 --- a/modules/aws/eks/main.tf +++ /dev/null @@ -1,73 +0,0 @@ -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.0" - - cluster_name = var.cluster_name - cluster_version = "1.31" - - providers = { - aws = aws - } - - cluster_endpoint_public_access = true - - create_kms_key = false - create_cloudwatch_log_group = false - cluster_encryption_config = {} - - cluster_addons = { - coredns = { - most_recent = true - } - kube-proxy = { - most_recent = true - } - vpc-cni = { - most_recent = true - } - aws-ebs-csi-driver = { - most_recent = true - service_account_role_arn = module.ebs_csi_irsa.iam_role_arn - } - } - - vpc_id = var.vpc_id - subnet_ids = var.private_subnets - control_plane_subnet_ids = var.private_subnets - - eks_managed_node_group_defaults = { - instance_types = ["m5.xlarge", "m5.large", "t3.medium"] - iam_role_additional_policies = { - AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", - CloudwatchLogs = aws_iam_policy.nullplatform_metrics_eks_policy.arn - } - } - - eks_managed_node_groups = { - default = { - min_size = 1 - max_size = 10 - desired_size = 2 - iam_role_permissions_boundary = var.iam_role_permissions_boundary - } - - } - - manage_aws_auth_configmap = true - - aws_auth_roles = [ - { - rolearn = var.scope_manager_role - username = "scope_manager_role" - groups = ["system:masters"] - }, - { - rolearn = var.telemetry_manager_role - username = "telemetry_manager_role" - groups = ["eks:k8s-metrics", "np:pod-reader", "system:masters"] - } - ] - iam_role_permissions_boundary = var.iam_role_permissions_boundary -} - - diff --git a/modules/aws/eks/outputs.tf b/modules/aws/eks/outputs.tf deleted file mode 100644 index 51520cc..0000000 --- a/modules/aws/eks/outputs.tf +++ /dev/null @@ -1,60 +0,0 @@ -output "cluster_arn" { - description = "The Amazon Resource Name (ARN) of the cluster" - value = module.eks.cluster_arn -} - -output "cluster_certificate_authority_data" { - description = "Base64 encoded certificate data required to communicate with the cluster" - value = module.eks.cluster_certificate_authority_data -} - -output "cluster_endpoint" { - description = "Endpoint for your Kubernetes API server" - value = module.eks.cluster_endpoint -} - -output "cluster_id" { - description = "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts" - value = module.eks.cluster_id -} - -output "cluster_name" { - description = "The name of the EKS cluster" - value = module.eks.cluster_name -} - -output "cluster_oidc_issuer_url" { - description = "The URL on the EKS cluster for the OpenID Connect identity provider" - value = module.eks.cluster_oidc_issuer_url -} - -output "cluster_platform_version" { - description = "Platform version for the cluster" - value = module.eks.cluster_platform_version -} - -output "cluster_status" { - description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`" - value = module.eks.cluster_status -} - -output "cluster_security_group_id" { - description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console" - value = module.eks.cluster_security_group_id -} - -output "oidc_provider" { - description = "The OpenID Connect identity provider (issuer URL without leading `https://`)" - value = module.eks.oidc_provider -} - -output "oidc_provider_arn" { - description = "The ARN of the OIDC Provider if `enable_irsa = true`" - value = module.eks.oidc_provider_arn -} - -output "cluster_tls_certificate_sha1_fingerprint" { - description = "The SHA1 fingerprint of the public key of the cluster's certificate" - value = module.eks.cluster_tls_certificate_sha1_fingerprint -} - diff --git a/modules/aws/eks/variables.tf b/modules/aws/eks/variables.tf deleted file mode 100644 index e1ffb39..0000000 --- a/modules/aws/eks/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "vpc_id" { - description = "VPC ID which EKS cluster is deployed in" - type = string -} - -variable "private_subnets" { - description = "VPC Private Subnets which EKS cluster is deployed in" - type = list(any) -} - -variable "cluster_name" { - type = string - description = "The name of the EKS cluster" -} - -variable "scope_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "telemetry_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} \ No newline at end of file diff --git a/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl b/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl deleted file mode 100644 index 3904efc..0000000 --- a/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.87.0" - hashes = [ - "h1:EDxEPPJt3z1s7LPaTfW4skOwStwIKUa4pRvY1U7fb9U=", - "zh:0ff0c91bcb9432ea0ae34f0f05e2bcb27d13e416b055b27dd1839277e7828dab", - "zh:170c075f97104cb40d88e701f3c9eae4dab08f078f6242d23792059db0a9d290", - "zh:49fdaac4023d445827577c036931e4bce1d8cbe9b41356beafe350a2259abd38", - "zh:5ed588793045b865d9bd7a867d25b2d1a815bcd3c318f46268dcdeb518345191", - "zh:6716747fedd73acdacaf6374ad9ca633a211a530da249086f6fb6af3fe9155fa", - "zh:8dae238b36bb4888baa6053b056c5c35382aa946dbbe00022ad9f59d461ba7c6", - "zh:9dcad763c2e7e6b0999044eebbca347a3fcc3e28778fa99f74cc25316d4ea723", - "zh:a86ca3a4f3ce991c7ab9906989ed9f352a3b9b34febb7a82b39fc2b6f12a58f5", - "zh:b964f15192fc89c12510f81bb6980bac19ae39138cdee727b5320757bcefff89", - "zh:cca503c8a46df411dcc482b3d352b522de44fcadfec35611bb7658bcdd785c43", - ] -} diff --git a/modules/aws/iam/roles/nullplatform/README.md b/modules/aws/iam/roles/nullplatform/README.md deleted file mode 100644 index 884faa4..0000000 --- a/modules/aws/iam/roles/nullplatform/README.md +++ /dev/null @@ -1,74 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | -| [aws_iam_instance_profile.null-instance-profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | -| [aws_iam_policy.ecr-nullimages-read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.lambda-execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.null-aws-logs-enablement](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.null-params-read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform-assets-write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_alb_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_asg_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_ecr_write_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_eks_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_lambda_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_metrics_api_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_params_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_route53_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy_attachment.null-instance-lambda-execution-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-aws-logs-enablement](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-ecr-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-s3-parameters-read-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_role.null-instance-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_scope_workflow_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_telemetry_manager_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | -| [aws_iam_user_policy.nullplatform_build_workflow_user_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource | -| [aws_iam_user_policy.nullplatform_build_workflow_user_policy_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_assume\_role](#input\_application\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/application_manager"` | no | -| [assets\_bucket\_arns](#input\_assets\_bucket\_arns) | Assets bucket arn | `list(string)` | n/a | yes | -| [parameters\_bucket\_arns](#input\_parameters\_bucket\_arns) | Parameters bucket arn | `list(string)` | n/a | yes | -| [parameters\_encryption\_arns](#input\_parameters\_encryption\_arns) | Parameters secret arn | `list(string)` | n/a | yes | -| [scope\_manager\_assume\_role](#input\_scope\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/scope_and_deploy_manager"` | no | -| [telemetry\_manager\_assume\_role](#input\_telemetry\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/telemetry_manager"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [nullplatform\_application\_role\_arn](#output\_nullplatform\_application\_role\_arn) | The ARN of the null-application-role | -| [nullplatform\_build\_workflow\_user\_access\_key\_id](#output\_nullplatform\_build\_workflow\_user\_access\_key\_id) | The access key ID for the null-build-workflow-user | -| [nullplatform\_build\_workflow\_user\_name](#output\_nullplatform\_build\_workflow\_user\_name) | The name of the null-build-workflow-user | -| [nullplatform\_build\_workflow\_user\_secret\_access\_key](#output\_nullplatform\_build\_workflow\_user\_secret\_access\_key) | The secret access key for the null-build-workflow-user | -| [nullplatform\_ecr\_manager\_policy\_arn](#output\_nullplatform\_ecr\_manager\_policy\_arn) | The ARN of the np-ecr-manager-policy | -| [nullplatform\_ecr\_write\_policy\_arn](#output\_nullplatform\_ecr\_write\_policy\_arn) | The ARN of the np-ecr-write-policy | -| [nullplatform\_eks\_manager\_policy\_arn](#output\_nullplatform\_eks\_manager\_policy\_arn) | The ARN of the np-eks-manager-policy | -| [nullplatform\_instance\_profile\_arn](#output\_nullplatform\_instance\_profile\_arn) | The ARN of the instance arn | -| [nullplatform\_metrics\_api\_policy\_arn](#output\_nullplatform\_metrics\_api\_policy\_arn) | The ARN of the np-metrics-api-policy | -| [nullplatform\_role\_arn](#output\_nullplatform\_role\_arn) | The IAM Role arn used for Lambda and EC2 | -| [nullplatform\_route53\_manager\_policy\_arn](#output\_nullplatform\_route53\_manager\_policy\_arn) | The ARN of the np-route53-manager-policy | -| [nullplatform\_scope\_workflow\_role\_arn](#output\_nullplatform\_scope\_workflow\_role\_arn) | The ARN of the null-scope-workflow-role | -| [nullplatform\_telemetry\_manager\_role\_arn](#output\_nullplatform\_telemetry\_manager\_role\_arn) | The ARN of the null-telemetry-manager-role | diff --git a/modules/aws/iam/roles/nullplatform/backend.tf b/modules/aws/iam/roles/nullplatform/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/iam/roles/nullplatform/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/iam/roles/nullplatform/execution-role.tf b/modules/aws/iam/roles/nullplatform/execution-role.tf deleted file mode 100644 index 0e57757..0000000 --- a/modules/aws/iam/roles/nullplatform/execution-role.tf +++ /dev/null @@ -1,164 +0,0 @@ -resource "aws_iam_role" "null-instance-role" { - name = "null-instance-role" - assume_role_policy = < [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_route53_zone.public_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [vpcs](#input\_vpcs) | VPC ID which the hosted zone should be associated with | 
map(object({
    vpc_id     = string
    vpc_region = string
  }))
| n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_zone\_id](#output\_private\_zone\_id) | The ID of the Private Route 53 Hosted Zone | -| [private\_zone\_name](#output\_private\_zone\_name) | The domain name of the Private Route 53 Hosted Zone | -| [public\_zone\_id](#output\_public\_zone\_id) | The ID of the Public Route 53 Hosted Zone | -| [public\_zone\_name](#output\_public\_zone\_name) | The domain name of the Public Route 53 Hosted Zone | diff --git a/modules/aws/route53/backend.tf b/modules/aws/route53/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/route53/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/route53/main.tf b/modules/aws/route53/main.tf deleted file mode 100644 index a9a9453..0000000 --- a/modules/aws/route53/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "aws_route53_zone" "public_zone" { - name = var.domain_name - provider = aws - tags = { - name = "${var.domain_name} - Public Zone" - } -} - -resource "aws_route53_zone" "private_zone" { - name = var.domain_name - provider = aws - - dynamic "vpc" { - for_each = var.vpcs - content { - vpc_id = vpc.value.vpc_id - vpc_region = vpc.value.vpc_region - } - } - - tags = { - name = "${var.domain_name} - Private Zone" - } -} diff --git a/modules/aws/route53/output.tf b/modules/aws/route53/output.tf deleted file mode 100644 index 5b11401..0000000 --- a/modules/aws/route53/output.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "public_zone_id" { - description = "The ID of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.zone_id -} - -output "public_zone_name" { - description = "The domain name of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.name -} - -output "private_zone_id" { - description = "The ID of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.zone_id -} - -output "private_zone_name" { - description = "The domain name of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.name -} diff --git a/modules/aws/route53/variables.tf b/modules/aws/route53/variables.tf deleted file mode 100644 index 5ed8228..0000000 --- a/modules/aws/route53/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "vpcs" { - description = "VPC ID which the hosted zone should be associated with" - type = map(object({ - vpc_id = string - vpc_region = string - })) -} - -variable "domain_name" { - type = string -} diff --git a/modules/aws/secret/README.md b/modules/aws/secret/README.md deleted file mode 100644 index 980540e..0000000 --- a/modules/aws/secret/README.md +++ /dev/null @@ -1,35 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [random](#provider\_random) | 3.6.3 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_secretsmanager_secret.nullservice_params_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | -| [aws_secretsmanager_secret_version.encryption_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | -| [random_uuid.encryption_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | the bucket name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [parameters\_encryption](#output\_parameters\_encryption) | Secret manager arn to encrypt parameters into parameters bucket | -| [parameters\_encryption\_arn](#output\_parameters\_encryption\_arn) | Secret manager arn to encrypt parameters into parameters bucket | diff --git a/modules/aws/secret/backend.tf b/modules/aws/secret/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/secret/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/secret/main.tf b/modules/aws/secret/main.tf deleted file mode 100644 index 172bb6a..0000000 --- a/modules/aws/secret/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "random_uuid" "encryption_key" { -} - -resource "aws_secretsmanager_secret" "nullservice_params_encryption" { - name = "nullservice/params-${var.name}" - - force_overwrite_replica_secret = true - recovery_window_in_days = 0 - -} - -resource "aws_secretsmanager_secret_version" "encryption_key" { - secret_id = aws_secretsmanager_secret.nullservice_params_encryption.id - secret_string = < [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [suffix](#input\_suffix) | A suffix for the bucket name | `string` | n/a | yes | -| [vpc](#input\_vpc) | A VPC with public and private subnets | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | diff --git a/modules/aws/vpc/backend.tf b/modules/aws/vpc/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/vpc/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/vpc/main.tf b/modules/aws/vpc/main.tf deleted file mode 100644 index f504986..0000000 --- a/modules/aws/vpc/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "< 6.0.0" - - name = "nullplatform-vpc-${var.suffix}" - cidr = var.vpc["cidr"] - - providers = { - aws = aws - } - - enable_dns_hostnames = true - - azs = var.vpc["azs"] - private_subnets = var.vpc["private_subnets"] - public_subnets = var.vpc["public_subnets"] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } -} diff --git a/modules/aws/vpc/output.tf b/modules/aws/vpc/output.tf deleted file mode 100644 index 48a6950..0000000 --- a/modules/aws/vpc/output.tf +++ /dev/null @@ -1,30 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - diff --git a/modules/aws/vpc/variables.tf b/modules/aws/vpc/variables.tf deleted file mode 100644 index 7a1dda6..0000000 --- a/modules/aws/vpc/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "vpc" { - description = "A VPC with public and private subnets" -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} diff --git a/modules/gcp/README.md b/modules/gcp/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/gcp/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/gcp/bucket/README.md b/modules/gcp/bucket/README.md deleted file mode 100644 index 05affcd..0000000 --- a/modules/gcp/bucket/README.md +++ /dev/null @@ -1,36 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_storage_bucket.bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [max\_accepted\_versions](#input\_max\_accepted\_versions) | Maximum number of versions of a bucket | `number` | `10` | no | -| [max\_days\_in\_bucket](#input\_max\_days\_in\_bucket) | Number of days before objects automatically expire | `number` | `30` | no | -| [name](#input\_name) | Name of the bucket | `string` | n/a | yes | -| [region](#input\_region) | Region of the bucket | `string` | n/a | yes | -| [storage\_class](#input\_storage\_class) | Storage class of the bucket (e.g., STANDARD, NEARLINE, COLDLINE, ARCHIVE) | `string` | `"STANDARD"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [bucket\_versioning\_status](#output\_bucket\_versioning\_status) | Indicates whether versioning is enabled | -| [created\_bucket\_name](#output\_created\_bucket\_name) | Name of the bucket created in GCP | diff --git a/modules/gcp/bucket/main.tf b/modules/gcp/bucket/main.tf deleted file mode 100644 index fc39a4f..0000000 --- a/modules/gcp/bucket/main.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "google_storage_bucket" "bucket" { - name = var.name - location = var.region - force_destroy = true - storage_class = var.storage_class - uniform_bucket_level_access = true - - versioning { - enabled = true - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - age = var.max_days_in_bucket - } - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - num_newer_versions = var.max_accepted_versions - } - } -} diff --git a/modules/gcp/bucket/outputs.tf b/modules/gcp/bucket/outputs.tf deleted file mode 100644 index 7130392..0000000 --- a/modules/gcp/bucket/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "created_bucket_name" { - value = google_storage_bucket.bucket.name - description = "Name of the bucket created in GCP" -} - -output "bucket_versioning_status" { - value = google_storage_bucket.bucket.versioning[0].enabled - description = "Indicates whether versioning is enabled" -} diff --git a/modules/gcp/bucket/variables.tf b/modules/gcp/bucket/variables.tf deleted file mode 100644 index 2e287d2..0000000 --- a/modules/gcp/bucket/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "name" { - description = "Name of the bucket" - type = string -} - -variable "region" { - description = "Region of the bucket" - type = string -} - -variable "storage_class" { - description = "Storage class of the bucket (e.g., STANDARD, NEARLINE, COLDLINE, ARCHIVE)" - type = string - default = "STANDARD" -} - -variable "max_days_in_bucket" { - description = "Number of days before objects automatically expire" - type = number - default = 30 -} - -variable "max_accepted_versions" { - description = "Maximum number of versions of a bucket" - type = number - default = 10 -} - diff --git a/modules/gcp/dns/README.md b/modules/gcp/dns/README.md deleted file mode 100644 index 4086c43..0000000 --- a/modules/gcp/dns/README.md +++ /dev/null @@ -1,35 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_dns_managed_zone.private-zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | -| [google_dns_managed_zone.public-zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [network\_id](#input\_network\_id) | The id of the network to associate the private dns | `string` | n/a | yes | -| [private\_domain\_name](#input\_private\_domain\_name) | The name of the private domain | `string` | n/a | yes | -| [public\_domain\_name](#input\_public\_domain\_name) | The name of the public domain | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_domain\_name](#output\_private\_domain\_name) | n/a | -| [public\_domain\_name](#output\_public\_domain\_name) | n/a | diff --git a/modules/gcp/dns/locals.tf b/modules/gcp/dns/locals.tf deleted file mode 100644 index 65415cb..0000000 --- a/modules/gcp/dns/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - description = "Nullplatform delegation" -} diff --git a/modules/gcp/dns/main.tf b/modules/gcp/dns/main.tf deleted file mode 100644 index 588386b..0000000 --- a/modules/gcp/dns/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "google_dns_managed_zone" "public-zone" { - name = replace(var.public_domain_name, ".", "-") - dns_name = "${var.public_domain_name}." - description = local.description -} - -resource "google_dns_managed_zone" "private-zone" { - name = replace(var.private_domain_name, ".", "-") - dns_name = "${var.private_domain_name}." - description = local.description - - visibility = "private" - - private_visibility_config { - networks { - network_url = var.network_id - } - } -} diff --git a/modules/gcp/dns/output.tf b/modules/gcp/dns/output.tf deleted file mode 100644 index d1c3806..0000000 --- a/modules/gcp/dns/output.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "public_domain_name" { - value = google_dns_managed_zone.public-zone.name -} - -output "private_domain_name" { - value = google_dns_managed_zone.private-zone.name -} diff --git a/modules/gcp/dns/variables.tf b/modules/gcp/dns/variables.tf deleted file mode 100644 index 428181f..0000000 --- a/modules/gcp/dns/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "public_domain_name" { - type = string - description = "The name of the public domain" -} - -variable "private_domain_name" { - type = string - description = "The name of the private domain" -} - -variable "network_id" { - type = string - description = "The id of the network to associate the private dns" -} diff --git a/modules/gcp/gke/README.md b/modules/gcp/gke/README.md deleted file mode 100644 index 069787c..0000000 --- a/modules/gcp/gke/README.md +++ /dev/null @@ -1,45 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_container_cluster.gke](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | -| [google_project_iam_member.gke_artifact_access](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | -| [google_service_account.gke_service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | value for the GKE cluster name | `string` | n/a | yes | -| [deletion\_protection](#input\_deletion\_protection) | value for the GKE cluster deletion protection | `bool` | `false` | no | -| [disk\_size\_gb](#input\_disk\_size\_gb) | n/a | `number` | `20` | no | -| [environment](#input\_environment) | Environment for the GKE cluster (e.g., dev, stg, prod) | `string` | n/a | yes | -| [initial\_node\_count](#input\_initial\_node\_count) | n/a | `number` | `3` | no | -| [machine\_type](#input\_machine\_type) | n/a | `string` | `"e2-medium"` | no | -| [network\_id](#input\_network\_id) | Network ID for the GKE cluster | `string` | n/a | yes | -| [node\_count](#input\_node\_count) | n/a | `number` | `3` | no | -| [project\_id](#input\_project\_id) | Project ID for the GKE cluster | `string` | n/a | yes | -| [region](#input\_region) | Region for the GKE cluster | `string` | n/a | yes | -| [subnet\_id](#input\_subnet\_id) | Subnet ID for the GKE cluster | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | n/a | -| [cluster\_endpoint](#output\_cluster\_endpoint) | n/a | -| [name](#output\_name) | n/a | diff --git a/modules/gcp/gke/main.tf b/modules/gcp/gke/main.tf deleted file mode 100644 index 7a619da..0000000 --- a/modules/gcp/gke/main.tf +++ /dev/null @@ -1,31 +0,0 @@ -resource "google_container_cluster" "gke" { - name = "${var.cluster_name}-${var.environment}" - location = var.region - - deletion_protection = var.deletion_protection - - network = var.network_id - subnetwork = var.subnet_id - - initial_node_count = var.initial_node_count - - node_config { - disk_size_gb = var.disk_size_gb - machine_type = var.machine_type - service_account = google_service_account.gke_service_account.email - oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"] - - } -} - -resource "google_project_iam_member" "gke_artifact_access" { - project = var.project_id - role = "roles/artifactregistry.reader" - member = "serviceAccount:${google_service_account.gke_service_account.email}" -} - -resource "google_service_account" "gke_service_account" { - account_id = "nullplatform-gke-sa" - display_name = "Nullplatform GKE Service Account" -} - diff --git a/modules/gcp/gke/outputs.tf b/modules/gcp/gke/outputs.tf deleted file mode 100644 index a525f38..0000000 --- a/modules/gcp/gke/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "cluster_endpoint" { - value = google_container_cluster.gke.endpoint -} - -output "cluster_ca_certificate" { - value = base64decode(google_container_cluster.gke.master_auth[0].cluster_ca_certificate) -} - -output "name" { - value = google_container_cluster.gke.name -} diff --git a/modules/gcp/gke/variables.tf b/modules/gcp/gke/variables.tf deleted file mode 100644 index 5754de7..0000000 --- a/modules/gcp/gke/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "project_id" { - type = string - description = "Project ID for the GKE cluster" -} - -variable "region" { - type = string - description = "Region for the GKE cluster" -} - -variable "cluster_name" { - type = string - description = "value for the GKE cluster name" -} - -variable "network_id" { - type = string - description = "Network ID for the GKE cluster" -} - -variable "subnet_id" { - type = string - description = "Subnet ID for the GKE cluster" -} - -variable "node_count" { - type = number - default = 3 -} - -variable "disk_size_gb" { - type = number - default = 20 -} - -variable "machine_type" { - type = string - default = "e2-medium" -} - -variable "environment" { - description = "Environment for the GKE cluster (e.g., dev, stg, prod)" - type = string -} - -variable "initial_node_count" { - type = number - default = 3 -} - -variable "deletion_protection" { - type = bool - default = false - description = "value for the GKE cluster deletion protection" -} diff --git a/modules/gcp/registry/README.md b/modules/gcp/registry/README.md deleted file mode 100644 index f3354f1..0000000 --- a/modules/gcp/registry/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_artifact_registry_repository.registry](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/artifact_registry_repository) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | The repository name | `string` | `"nullplatform-central-repository"` | no | -| [project\_id](#input\_project\_id) | GCP project id | `string` | n/a | yes | -| [region](#input\_region) | Region name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [repository\_name](#output\_repository\_name) | n/a | diff --git a/modules/gcp/registry/artifact-registry.tf b/modules/gcp/registry/artifact-registry.tf deleted file mode 100644 index e8b75b5..0000000 --- a/modules/gcp/registry/artifact-registry.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource "google_artifact_registry_repository" "registry" { - project = var.project_id - location = var.region - repository_id = var.name - format = "DOCKER" - - labels = { - environment = "global" - } -} diff --git a/modules/gcp/registry/output.tf b/modules/gcp/registry/output.tf deleted file mode 100644 index 9af2201..0000000 --- a/modules/gcp/registry/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "repository_name" { - value = var.name -} diff --git a/modules/gcp/registry/variable.tf b/modules/gcp/registry/variable.tf deleted file mode 100644 index c5c0f63..0000000 --- a/modules/gcp/registry/variable.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "project_id" { - type = string - description = "GCP project id" -} - -variable "region" { - type = string - description = "Region name" -} - -variable "name" { - type = string - description = "The repository name" - default = "nullplatform-central-repository" -} diff --git a/modules/gcp/vpc/README.md b/modules/gcp/vpc/README.md deleted file mode 100644 index ab8fffb..0000000 --- a/modules/gcp/vpc/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_compute_network.vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource | -| [google_compute_subnetwork.subnets](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | Environment for the VPC (e.g., dev, stg, prod) | `string` | n/a | yes | -| [name](#input\_name) | Name of the bucket | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | Project ID for the GKE cluster | `string` | n/a | yes | -| [region](#input\_region) | Region for the GKE cluster | `string` | n/a | yes | -| [subnet\_cidr\_map](#input\_subnet\_cidr\_map) | n/a | `list(string)` | n/a | yes | -| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR for the VPC block | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [subnets](#output\_subnets) | n/a | -| [vpc\_id](#output\_vpc\_id) | n/a | diff --git a/modules/gcp/vpc/main.tf b/modules/gcp/vpc/main.tf deleted file mode 100644 index f141e2f..0000000 --- a/modules/gcp/vpc/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "google_compute_network" "vpc" { - name = "${var.name}-${var.environment}" - auto_create_subnetworks = false -} - -resource "google_compute_subnetwork" "subnets" { - for_each = { for idx, val in var.subnet_cidr_map : idx => val } - name = "${var.name}-${var.environment}-${each.key}" - ip_cidr_range = each.value - network = google_compute_network.vpc.id - region = var.region -} diff --git a/modules/gcp/vpc/outputs.tf b/modules/gcp/vpc/outputs.tf deleted file mode 100644 index 893ff07..0000000 --- a/modules/gcp/vpc/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -output "vpc_id" { - value = google_compute_network.vpc.id -} - -output "subnets" { - value = { - for key, subnet in google_compute_subnetwork.subnets : - key => subnet.self_link - } -} \ No newline at end of file diff --git a/modules/gcp/vpc/variables.tf b/modules/gcp/vpc/variables.tf deleted file mode 100644 index 7def55e..0000000 --- a/modules/gcp/vpc/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "project_id" { - type = string - description = "Project ID for the GKE cluster" -} - -variable "region" { - type = string - description = "Region for the GKE cluster" -} - -variable "name" { - description = "Name of the bucket" - type = string -} - -variable "vpc_cidr_block" { - type = string - description = "CIDR for the VPC block" -} - -variable "subnet_cidr_map" { - type = list(string) -} - -variable "environment" { - description = "Environment for the VPC (e.g., dev, stg, prod)" - type = string -} diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/kubernetes/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl b/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl deleted file mode 100644 index 7a8e2b0..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl +++ /dev/null @@ -1,63 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "6.0.0" - constraints = ">= 4.0.0" - hashes = [ - "h1:dbRRZ1NzH1QV/+83xT/X3MLYaZobMXt8DNwbqnJojpo=", - "zh:16b1bb786719b7ebcddba3ab751b976ebf4006f7144afeebcb83f0c5f41f8eb9", - "zh:1fbc08b817b9eaf45a2b72ccba59f4ea19e7fcf017be29f5a9552b623eccc5bc", - "zh:304f58f3333dbe846cfbdfc2227e6ed77041ceea33b6183972f3f8ab51bd065f", - "zh:4cd447b5c24f14553bd6e1a0e4fea3c7d7b218cbb2316a3d93f1c5cb562c181b", - "zh:589472b56be8277558616075fc5480fcd812ba6dc70e8979375fc6d8750f83ef", - "zh:5d78484ba43c26f1ef6067c4150550b06fd39c5d4bfb790f92c4a6f7d9d0201b", - "zh:5f470ce664bffb22ace736643d2abe7ad45858022b652143bcd02d71d38d4e42", - "zh:7a9cbb947aaab8c885096bce5da22838ca482196cf7d04ffb8bdf7fd28003e47", - "zh:854df3e4c50675e727705a0eaa4f8d42ccd7df6a5efa2456f0205a9901ace019", - "zh:87162c0f47b1260f5969679dccb246cb528f27f01229d02fd30a8e2f9869ba2c", - "zh:9a145404d506b52078cd7060e6cbb83f8fc7953f3f63a5e7137d41f69d6317a3", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a4eab2649f5afe06cc406ce2aaf9fd44dcf311123f48d344c255e93454c08921", - "zh:bea09141c6186a3e133413ae3a2e3d1aaf4f43466a6a468827287527edf21710", - "zh:d7ea2a35ff55ddfe639ab3b04331556b772a8698eca01f5d74151615d9f336db", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "3.0.2" - hashes = [ - "h1:tOye2RnjFNXH236AsqGaIWtz4j6PZrpPuJhOSBt0KxU=", - "zh:2778de76c7dfb2e85c75fe6de3c11172a25551ed499bfb9e9f940a5be81167b0", - "zh:3b4c436a41e4fbae5f152852a9bd5c97db4460af384e26977477a40adf036690", - "zh:617a372f5bb2288f3faf5fd4c878a68bf08541cf418a3dbb8a19bc41ad4a0bf2", - "zh:84de431479548c96cb61c495278e320f361e80ab4f8835a5425ece24a9b6d310", - "zh:8b4cf5f81d10214e5e1857d96cff60a382a22b9caded7f5d7a92e5537fc166c1", - "zh:baeb26a00ffbcf3d507cdd940b2a2887eee723af5d3319a53eec69048d5e341e", - "zh:ca05a8814e9bf5fbffcd642df3a8d9fae9549776c7057ceae6d6f56471bae80f", - "zh:ca4bf3f94dedb5c5b1a73568f2dad7daf0ef3f85e688bc8bc2d0e915ec148366", - "zh:d331f2129fd3165c4bda875c84a65555b22eb007801522b9e017d065ac69b67e", - "zh:e583b2b478dde67da28e605ab4ef6521c2e390299b471d7d8ef05a0b608dcdad", - "zh:f238b86611647c108c073d265f8891a2738d3158c247468ae0ff5b1a3ac4122a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.37.1" - hashes = [ - "h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=", - "zh:0ed097413c7fc804479e325966886b405dc0b75ad2b4f54ce4df1d8e4802b397", - "zh:17dcf4a685a00d2d048671124e8a1a8e836b58ecd2ef628a1c666fe0ced2e598", - "zh:36891284e5bced57c438f12d0b27856b0d4b70b562bd200b01919a6a89545be9", - "zh:3e49d86b508e641ba122d1b0af24cdc4d8ffa2ec1b30022436fb1d7c6ba696ea", - "zh:40be623e116708bdcb0fac32989db43720f031c5fe9a4dc63395078185d24403", - "zh:44fc0ac3bc39e289b67f9dde7ee9fef29eb8192197e5e68fee69098573021722", - "zh:957aa451573bcde5d57f6f8338ea3139010c7f61fefe8f6a140a8c267f056511", - "zh:c55fd85b7e8acaac17e30670ac3574b88b3530820dd004bcd2a5daa8624a46e9", - "zh:c743f06843a1f5ecde2b8ef639f4d3db654a334ef248dee57261c719ea843f3a", - "zh:c93cc71c64b838d89522ac5fb60f68e0e1e7f2fc39db6b0ead7afd78795e79ed", - "zh:eda1163c2266905adc54bc78cc3e7b606a164fbc6b59be607db933b302015ccd", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/kubernetes/helm/aws-alb-controller/README.md b/modules/kubernetes/helm/aws-alb-controller/README.md deleted file mode 100644 index bb48138..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.35.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [lb\_role](#module\_lb\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.lb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_service_account.service-account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | EKS Cluster Name | `string` | n/a | yes | -| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | OIDC Provider ARN used for IRSA | `string` | n/a | yes | -| [suffix](#input\_suffix) | A suffix for the bucket name | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID which Load balancers will be deployed in | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/aws-alb-controller/backend.tf b/modules/kubernetes/helm/aws-alb-controller/backend.tf deleted file mode 100644 index 6498a39..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/backend.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - aws = { - source = "hashicorp/aws" - } - kubernetes = { - source = "hashicorp/kubernetes" - } - } -} diff --git a/modules/kubernetes/helm/aws-alb-controller/main.tf b/modules/kubernetes/helm/aws-alb-controller/main.tf deleted file mode 100644 index c7eda06..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/main.tf +++ /dev/null @@ -1,66 +0,0 @@ -data "aws_region" "current" { -} - -module "lb_role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.60" - role_name = "${var.cluster_name}_eks_lb_${var.suffix}" - attach_load_balancer_controller_policy = true - oidc_providers = { - main = { - provider_arn = var.oidc_provider_arn - namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] - } - } - role_permissions_boundary_arn = var.iam_role_permissions_boundary -} - -resource "kubernetes_service_account" "service-account" { - metadata { - name = "aws-load-balancer-controller" - namespace = "kube-system" - labels = { - "app.kubernetes.io/name" = "aws-load-balancer-controller" - "app.kubernetes.io/component" = "controller" - } - annotations = { - "eks.amazonaws.com/role-arn" = module.lb_role.iam_role_arn - "eks.amazonaws.com/sts-regional-endpoints" = "true" - } - } -} - -resource "helm_release" "lb" { - name = "aws-load-balancer-controller" - repository = "https://aws.github.io/eks-charts" - chart = "aws-load-balancer-controller" - namespace = "kube-system" - depends_on = [ - kubernetes_service_account.service-account - ] - set { - name = "region" - value = data.aws_region.current.name - } - set { - name = "vpcId" - value = var.vpc_id - } - set { - name = "image.repository" - value = "602401143452.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/amazon/aws-load-balancer-controller" - } - set { - name = "serviceAccount.create" - value = "false" - } - set { - name = "serviceAccount.name" - value = "aws-load-balancer-controller" - } - set { - name = "clusterName" - value = var.cluster_name - } -} - diff --git a/modules/kubernetes/helm/aws-alb-controller/variables.tf b/modules/kubernetes/helm/aws-alb-controller/variables.tf deleted file mode 100644 index 35459ba..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "cluster_name" { - description = "EKS Cluster Name" - type = string -} - -variable "vpc_id" { - description = "VPC ID which Load balancers will be deployed in" - type = string -} - -variable "oidc_provider_arn" { - description = "OIDC Provider ARN used for IRSA" - type = string -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} \ No newline at end of file diff --git a/modules/kubernetes/helm/cert-manager/README.md b/modules/kubernetes/helm/cert-manager/README.md deleted file mode 100644 index d3e35a0..0000000 --- a/modules/kubernetes/helm/cert-manager/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.cert-manager-config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The hosted zone domain name. | `string` | n/a | yes | -| [values\_yaml](#input\_values\_yaml) | values.yaml for Nullplatform helm chart | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/backend.tf b/modules/kubernetes/helm/cert-manager/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/cert-manager/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/cert-manager/gcp/README.md b/modules/kubernetes/helm/cert-manager/gcp/README.md deleted file mode 100644 index efcecd9..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [cert-manager](#module\_cert-manager) | ./.. | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The hosted zone domain name. | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | The gcp project id | `string` | n/a | yes | -| [service\_account\_key](#input\_service\_account\_key) | Base 64 service account key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/gcp/main.tf b/modules/kubernetes/helm/cert-manager/gcp/main.tf deleted file mode 100644 index 61cf740..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/main.tf +++ /dev/null @@ -1,9 +0,0 @@ -module "cert-manager" { - source = "./.." - domain_name = var.domain_name - values_yaml = templatefile("${path.module}/template/values.yaml", { - domain_name = var.domain_name, - project_id = var.project_id, - service_account_key = var.service_account_key - }) -} diff --git a/modules/kubernetes/helm/cert-manager/gcp/template/README.md b/modules/kubernetes/helm/cert-manager/gcp/template/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/template/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml b/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml deleted file mode 100644 index bc77f5c..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -hostedZoneName: "${domain_name}" -gcp: - enabled: true - projectId: ${project_id} - serviceAccountKey: | - ${indent(4, service_account_key)} -azure: - enabled: false diff --git a/modules/kubernetes/helm/cert-manager/gcp/variables.tf b/modules/kubernetes/helm/cert-manager/gcp/variables.tf deleted file mode 100644 index 5204ac7..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "project_id" { - description = "The gcp project id" - type = string -} - -variable "service_account_key" { - description = "Base 64 service account key" - type = string -} - -variable "domain_name" { - description = "The hosted zone domain name." - type = string -} diff --git a/modules/kubernetes/helm/cert-manager/main.tf b/modules/kubernetes/helm/cert-manager/main.tf deleted file mode 100644 index 1b9b09d..0000000 --- a/modules/kubernetes/helm/cert-manager/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -locals { - name = "cert-manager" - namespace = "cert-manager" -} - -resource "helm_release" "cert-manager" { - name = local.name - - repository = "https://charts.jetstack.io" - chart = local.name - create_namespace = true - namespace = local.namespace - - set { - name = "crds.enabled" - value = "true" - } -} - -# This might fail if we do not install nullplatform base chart, if so, reexecuting terraform after manual step might solve the issue -resource "helm_release" "cert-manager-config" { - name = "${local.name}-config" - - repository = "https://nullplatform.github.io/helm-charts" - chart = "nullplatform-${local.name}-config" - create_namespace = true - namespace = local.namespace - - values = [ - var.values_yaml - ] -} diff --git a/modules/kubernetes/helm/cert-manager/variables.tf b/modules/kubernetes/helm/cert-manager/variables.tf deleted file mode 100644 index 0514177..0000000 --- a/modules/kubernetes/helm/cert-manager/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "values_yaml" { - type = string - description = "values.yaml for Nullplatform helm chart" -} - -variable "domain_name" { - description = "The hosted zone domain name." - type = string -} diff --git a/modules/kubernetes/helm/istio/README.md b/modules/kubernetes/helm/istio/README.md deleted file mode 100644 index ec130c8..0000000 --- a/modules/kubernetes/helm/istio/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/istio/backend.tf b/modules/kubernetes/helm/istio/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/istio/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/istio/main.tf b/modules/kubernetes/helm/istio/main.tf deleted file mode 100644 index 9d51358..0000000 --- a/modules/kubernetes/helm/istio/main.tf +++ /dev/null @@ -1,33 +0,0 @@ -locals { - repository = "https://istio-release.storage.googleapis.com/charts" - namespace = "istio-system" -} -resource "helm_release" "istio_base" { - name = "istio-base" - repository = local.repository - chart = "base" - namespace = local.namespace - create_namespace = true -} - -resource "helm_release" "istiod" { - name = "istiod" - depends_on = [helm_release.istio_base] - repository = local.repository - chart = "istiod" - namespace = local.namespace -} - -# Setup Istio Gateway using Helm -resource "helm_release" "istio_ingressgateway" { - name = "istio-ingressgateway" - depends_on = [helm_release.istiod] - repository = local.repository - chart = "gateway" - namespace = local.namespace - - set { - name = "platform" - value = "demo" - } -} diff --git a/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl b/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl deleted file mode 100644 index 2002b58..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = "~> 3.2" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/nullplatform/agent/README.md b/modules/kubernetes/helm/nullplatform/agent/README.md deleted file mode 100644 index 6984078..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/README.md +++ /dev/null @@ -1,55 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | -| [helm](#provider\_helm) | 2.17.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [trusting\_oidc](#module\_trusting\_oidc) | ../../../../aws/data/iam/eks/trusting | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.irsa_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.load_balancer_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.route53_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.agent_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.agent_load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.agent_route53](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [helm_release.agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cloud\_name](#input\_cloud\_name) | The provider cloud where the agent is deployed | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [github\_repo](#input\_github\_repo) | GitHub repository | `string` | n/a | yes | -| [github\_token](#input\_github\_token) | GitHub token | `string` | n/a | yes | -| [github\_user](#input\_github\_user) | GitHub user | `string` | n/a | yes | -| [namespace](#input\_namespace) | Kubernetes namespace for the agent | `string` | `"nullplatform-tools"` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform api key for the agent to communicate | `string` | n/a | yes | -| [service\_account\_name](#input\_service\_account\_name) | Name of the service account | `string` | `"nullplatform-agent"` | no | -| [tags](#input\_tags) | Agent tag, the identity of the agent | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/agent/data.tf b/modules/kubernetes/helm/nullplatform/agent/data.tf deleted file mode 100644 index e81057a..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/data.tf +++ /dev/null @@ -1,13 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_caller_identity" "current" {} - -module "trusting_oidc" { - source = "../../../../aws/data/iam/eks/trusting" - - cluster_name = var.cluster_name - namespace = var.namespace - service_account_name = var.service_account_name -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/iam.tf b/modules/kubernetes/helm/nullplatform/agent/iam.tf deleted file mode 100644 index 9831b89..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/iam.tf +++ /dev/null @@ -1,111 +0,0 @@ -resource "aws_iam_role" "role" { - name = "nullplatform-agent-role-${var.cluster_name}" - - assume_role_policy = jsonencode(module.trusting_oidc.trusting) - permissions_boundary = var.iam_role_permissions_boundary - -} - -# Route 53 Policy -resource "aws_iam_policy" "route53_policy" { - name = "${var.cluster_name}-agent-route53-policy" - description = "Policy for Route 53 management" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "route53:ChangeResourceRecordSets", - "route53:GetChange", - "route53:GetHostedZone", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets" - ] - Resource = "*" - } - ] - }) -} - -# Load Balancer Controller Policy -resource "aws_iam_policy" "load_balancer_policy" { - name = "${var.cluster_name}-agent-load-balancer-policy" - description = "Policy for Load Balancer management" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules" - ] - Resource = "*" - } - ] - }) -} - -resource "aws_iam_policy" "irsa_policy" { - name = "irsa_policy" - description = "IAM policy for managing IAM roles and EKS cluster description" - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "iam:CreateRole", - "iam:PutRolePolicy", - "iam:AttachRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:DetachRolePolicy", - "iam:ListRolePolicies", - "iam:DeleteRolePolicy", - "iam:DeleteRole", - "iam:TagRole", - "iam:PutRolePermissionsBoundary" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "sts:GetCallerIdentity" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "eks:DescribeCluster" - ] - Resource = "*" - } - ] - }) -} - -# Attach policies to the role -resource "aws_iam_role_policy_attachment" "agent_route53" { - policy_arn = aws_iam_policy.route53_policy.arn - role = aws_iam_role.role.name -} - -resource "aws_iam_role_policy_attachment" "agent_load_balancer" { - policy_arn = aws_iam_policy.load_balancer_policy.arn - role = aws_iam_role.role.name -} - - -resource "aws_iam_role_policy_attachment" "agent_irsa" { - policy_arn = aws_iam_policy.irsa_policy.arn - role = aws_iam_role.role.name -} diff --git a/modules/kubernetes/helm/nullplatform/agent/locals.tf b/modules/kubernetes/helm/nullplatform/agent/locals.tf deleted file mode 100644 index 38a82a8..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - oidc_issuer_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "") -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/main.tf b/modules/kubernetes/helm/nullplatform/agent/main.tf deleted file mode 100644 index 5e4b985..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -locals { - agent_values = templatefile("${path.module}/templates/values-${var.cloud_name}.tmpl.yaml", { - agent_repos = var.agent_repos - cluster_name = var.cluster_name - namespace = var.namespace - service_account_name = var.service_account_name - tags = var.tags - np_api_key = var.np_api_key - resource_identity = aws_iam_role.role.arn - init_scripts = var.init_scripts - vault_token = var.vault_token - vault_url = var.vault_url - }) -} -# Helm release -resource "helm_release" "agent" { - name = "nullplatform-agent" - chart = "nullplatform-agent" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - create_namespace = true - - force_update = true - - values = [local.agent_values] - - depends_on = [ - aws_iam_role.role, - aws_iam_role_policy_attachment.agent_route53, - aws_iam_role_policy_attachment.agent_load_balancer - ] -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/providers.tf b/modules/kubernetes/helm/nullplatform/agent/providers.tf deleted file mode 100644 index 1d7b161..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/providers.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Provider configuration -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# Configure providers -# provider "aws" { -# } -# -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/nullplatform/agent/variables.tf b/modules/kubernetes/helm/nullplatform/agent/variables.tf deleted file mode 100644 index 7d99dd6..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/variables.tf +++ /dev/null @@ -1,63 +0,0 @@ -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string -} - -variable "namespace" { - description = "Kubernetes namespace for the agent" - type = string - default = "nullplatform-tools" -} - -variable "service_account_name" { - description = "Name of the service account" - type = string - default = "nullplatform-agent" -} - -variable "tags" { - description = "Agent tag, the identity of the agent" - type = string -} - -variable "agent_repos" { - description = "GitHub repository to download" - type = string -} - -variable "np_api_key" { - description = "Nullplatform api key for the agent to communicate" - type = string - sensitive = true -} - -variable "cloud_name" { - description = "The provider cloud where the agent is deployed" - type = string - validation { - condition = contains(["aws", "gcp", "azure"], var.cloud_name) - error_message = "The provider cloud must be one of: aws, gcp, or azure." - } -} - -variable "init_scripts" { - description = "List of shell commands to be executed before the container starts." - type = list(string) - default = [] -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} - -variable "vault_token" { - type = string - description = "Authentication token for Vault server access" -} - -variable "vault_url" { - type = string - description = "URL endpoint for the Vault server" -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/README.md deleted file mode 100644 index 027cd1e..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.config_helm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [values\_yaml](#input\_values\_yaml) | values.yaml for Nullplatform helm chart | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md deleted file mode 100644 index 8560ac5..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md +++ /dev/null @@ -1,32 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [nullplatform](#module\_nullplatform) | ./.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cloudwatch\_enabled](#input\_cloudwatch\_enabled) | Enable Cloudwatch logging | `bool` | `true` | no | -| [tls\_secret\_name](#input\_tls\_secret\_name) | Secret name for TLS | `string` | `"www-tls"` | no | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf deleted file mode 100644 index 23cb0af..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf deleted file mode 100644 index f446d01..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_region" "current" { - provider = aws -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf deleted file mode 100644 index 93a0a2e..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "nullplatform" { - source = "./.." - - values_yaml = templatefile("${path.module}/template/values.yaml", { - region = data.aws_region.current.name, - tls_secret_name = var.tls_secret_name - cloudwatch_enabled = var.cloudwatch_enabled - }) -} - diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml b/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml deleted file mode 100644 index 87abf53..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - provider: eks - awsRegion: ${region} -tls: - secretName: ${tls_secret_name} -cloudwatch: - enabled: ${cloudwatch_enabled} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf deleted file mode 100644 index 72778b0..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "cloudwatch_enabled" { - type = bool - description = "Enable Cloudwatch logging" - default = true -} - -variable "tls_secret_name" { - type = string - description = "Secret name for TLS" - default = "www-tls" -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md deleted file mode 100644 index cfd55aa..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md +++ /dev/null @@ -1,28 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [nullplatform](#module\_nullplatform) | ./.. | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [registry](#input\_registry) | GCP Registry to pull images from | `string` | n/a | yes | -| [service\_account\_key\_base64](#input\_service\_account\_key\_base64) | Base 64 service account key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf deleted file mode 100644 index 7889d70..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -module "nullplatform" { - source = "../.." - - values_yaml = templatefile("${path.module}/template/values.yaml", { - registry = var.registry, - password = var.service_account_key_base64 - }) -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml deleted file mode 100644 index e96bcd6..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -global: - provider: gke -imagePullSecrets: - enabled: true - registry: ${registry} - username: _json_key_base64 - password: ${password} -logging: - enabled: false -metricsServer: - enabled: false diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf deleted file mode 100644 index b470fef..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "service_account_key_base64" { - description = "Base 64 service account key" - type = string -} - -variable "registry" { - type = string - description = "GCP Registry to pull images from" -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/main.tf deleted file mode 100644 index 1cb9866..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "helm_release" "config_helm" { - name = "nullplatform-base" - provider = helm - repository = "https://nullplatform.github.io/helm-charts" - chart = "nullplatform-base" - namespace = "default" - disable_openapi_validation = true - - values = [ - var.values_yaml - ] -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf deleted file mode 100644 index dd54a0f..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "values_yaml" { - type = string - description = "values.yaml for Nullplatform helm chart" -} diff --git a/modules/kubernetes/helm/prometheus/.terraform.lock.hcl b/modules/kubernetes/helm/prometheus/.terraform.lock.hcl deleted file mode 100644 index c6ef489..0000000 --- a/modules/kubernetes/helm/prometheus/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - constraints = "~> 5.0" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/prometheus/README.md b/modules/kubernetes/helm/prometheus/README.md deleted file mode 100644 index 61f0f23..0000000 --- a/modules/kubernetes/helm/prometheus/README.md +++ /dev/null @@ -1,37 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | 2.17.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_cidrs](#input\_allowed\_cidrs) | List of CIDR blocks allowed to access the Prometheus load balancer | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [load\_balancer\_scheme](#input\_load\_balancer\_scheme) | Load balancer scheme - 'internet-facing' for public access or 'internal' for private access | `string` | `"internal"` | no | -| [namespace](#input\_namespace) | The namespace to deploy Prometheus into | `string` | `"prometheus"` | no | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/prometheus/main.tf b/modules/kubernetes/helm/prometheus/main.tf deleted file mode 100644 index 6a45df3..0000000 --- a/modules/kubernetes/helm/prometheus/main.tf +++ /dev/null @@ -1,16 +0,0 @@ -resource "helm_release" "prometheus" { - name = "prometheus" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "prometheus" - namespace = var.namespace - create_namespace = true - - values = [ - templatefile("${path.module}/values.yaml.tmpl", { - namespace = var.namespace - load_balancer_scheme = var.load_balancer_scheme - allowed_cidrs = join(",", var.allowed_cidrs) - storageClassName = var.storageClassName - }) - ] -} diff --git a/modules/kubernetes/helm/prometheus/output.tf b/modules/kubernetes/helm/prometheus/output.tf deleted file mode 100644 index e69de29..0000000 diff --git a/modules/kubernetes/helm/prometheus/providers.tf b/modules/kubernetes/helm/prometheus/providers.tf deleted file mode 100644 index c1fb50d..0000000 --- a/modules/kubernetes/helm/prometheus/providers.tf +++ /dev/null @@ -1,49 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# provider "aws" { -# } - -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } - -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/prometheus/values.yaml.tmpl b/modules/kubernetes/helm/prometheus/values.yaml.tmpl deleted file mode 100644 index 826d167..0000000 --- a/modules/kubernetes/helm/prometheus/values.yaml.tmpl +++ /dev/null @@ -1,125 +0,0 @@ -server: - persistentVolume: - enabled: true - size: 20Gi - storageClass: ${storageClassName} - accessModes: - - ReadWriteOnce - emptyDir: {} - service: - type: LoadBalancer - port: 80 - targetPort: 9090 - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-scheme: ${load_balancer_scheme} - service.beta.kubernetes.io/aws-load-balancer-internal: "${load_balancer_scheme == "internal"}" - service.beta.kubernetes.io/aws-load-balancer-source-ranges: ${allowed_cidrs} - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - extraFlags: - - web.enable-lifecycle - - -alertmanager: - enabled: false - -nodeExporter: - enabled: true - -pushgateway: - enabled: true - -configmapReload: - prometheus: - enabled: true - -serverFiles: - alerts: {} - rules: {} - prometheus.yml: - # global: - # evaluation_interval: 1m - # scrape_interval: 1m - # scrape_timeout: 10s - - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml - - /etc/config/rules - - /etc/config/alerts - - scrape_configs: - - job_name: prometheus - static_configs: - - targets: - - localhost:9090 - - - job_name: null-platform-metrics - kubernetes_sd_configs: - - role: node - metrics_path: /metrics - relabel_configs: - - regex: (.*):10250 - replacement: $1:2021 - source_labels: - - __address__ - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - source_labels: - - __meta_kubernetes_node_name - target_label: node - scheme: http - - - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - job_name: kubernetes-apiservers - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - action: keep - regex: default;kubernetes;https - source_labels: - - __meta_kubernetes_namespace - - __meta_kubernetes_service_name - - __meta_kubernetes_endpoint_port_name - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - - job_name: kubernetes-nodes - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - - job_name: kubernetes-pods - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name diff --git a/modules/kubernetes/helm/prometheus/variables.tf b/modules/kubernetes/helm/prometheus/variables.tf deleted file mode 100644 index 65dd62a..0000000 --- a/modules/kubernetes/helm/prometheus/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -variable "namespace" { - description = "The namespace to deploy Prometheus into" - type = string - default = "prometheus" -} - -variable "allowed_cidrs" { - description = "List of CIDR blocks allowed to access the Prometheus load balancer" - type = list(string) - default = ["0.0.0.0/0"] # Default to allow all, but should be restricted in production -} - -variable "load_balancer_scheme" { - description = "Load balancer scheme - 'internet-facing' for public access or 'internal' for private access" - type = string - default = "internal" - validation { - condition = contains(["internet-facing", "internal"], var.load_balancer_scheme) - error_message = "Load balancer scheme must be either 'internet-facing' or 'internal'." - } -} - -variable "storageClassName" { - description = "The storageClass name to use" - type = string - default = "gp2" -} diff --git a/modules/kubernetes/helm/vault/.terraform.lock.hcl b/modules/kubernetes/helm/vault/.terraform.lock.hcl deleted file mode 100644 index 0e54886..0000000 --- a/modules/kubernetes/helm/vault/.terraform.lock.hcl +++ /dev/null @@ -1,90 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - constraints = "~> 5.0" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - constraints = "~> 2.11" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.3" - hashes = [ - "h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=", - "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", - "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", - "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", - "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", - "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", - "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", - "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", - "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", - "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", - "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = "~> 3.2" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/vault/README.md b/modules/kubernetes/helm/vault/README.md deleted file mode 100644 index af4182e..0000000 --- a/modules/kubernetes/helm/vault/README.md +++ /dev/null @@ -1,66 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | -| [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.37.1 | -| [local](#provider\_local) | 2.5.3 | -| [null](#provider\_null) | 3.2.4 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [trusting\_oidc](#module\_trusting\_oidc) | ../../../aws/data/iam/eks/trusting | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.vault_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.vault_kms_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.vault_kms_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_kms_alias.vault_unseal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | -| [aws_kms_key.vault_unseal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_service_account.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [null_resource.vault_init](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [local_file.vault_root_token](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks allowed to access the load balancer | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster | `string` | n/a | yes | -| [kms\_key\_id](#input\_kms\_key\_id) | AWS KMS Key ID for auto-unseal | `string` | `""` | no | -| [load\_balancer\_scheme](#input\_load\_balancer\_scheme) | Load balancer scheme - 'internet-facing' for public access or 'internal' for private access | `string` | `"internal"` | no | -| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for the load balancer | `list(string)` | n/a | yes | -| [vault\_namespace](#input\_vault\_namespace) | Kubernetes namespace for Vault | `string` | `"vault"` | no | -| [vault\_service\_account](#input\_vault\_service\_account) | Vault service account name | `string` | `"vault"` | no | -| [wait\_timeout](#input\_wait\_timeout) | The time it waits for pods to be ready | `string` | `"300s"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [vault\_iam\_role\_arn](#output\_vault\_iam\_role\_arn) | IAM Role ARN for Vault service account | -| [vault\_kms\_key\_id](#output\_vault\_kms\_key\_id) | KMS Key ID used for Vault auto-unseal | -| [vault\_root\_token](#output\_vault\_root\_token) | Vault root token for authentication | -| [vault\_service\_url](#output\_vault\_service\_url) | Vault service URL | -| [vault\_ui\_port\_forward\_command](#output\_vault\_ui\_port\_forward\_command) | Command to port-forward to Vault UI | diff --git a/modules/kubernetes/helm/vault/data.tf b/modules/kubernetes/helm/vault/data.tf deleted file mode 100644 index be8184f..0000000 --- a/modules/kubernetes/helm/vault/data.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_caller_identity" "current" {} - -data "aws_region" "current" {} - -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -module "trusting_oidc" { - source = "../../../aws/data/iam/eks/trusting" - - cluster_name = var.cluster_name - namespace = var.vault_namespace - service_account_name = var.vault_service_account -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/helm.tf b/modules/kubernetes/helm/vault/helm.tf deleted file mode 100644 index cdf955c..0000000 --- a/modules/kubernetes/helm/vault/helm.tf +++ /dev/null @@ -1,104 +0,0 @@ -resource "helm_release" "vault" { - name = "vault" - repository = "https://helm.releases.hashicorp.com" - chart = "vault" - namespace = var.vault_namespace - version = "0.28.0" - - values = [ - yamlencode({ - global = { - enabled = true - tlsDisable = true - } - - injector = { - enabled = true - } - - server = { - serviceAccount = { - create = false - name = var.vault_service_account - } - - # Enable persistent storage with gp2 - dataStorage = { - enabled = true - size = "10Gi" - storageClass = var.storageClassName - } - - auditStorage = { - enabled = false - } - - # Remove custom volumes since we're using persistent storage - volumes = [] - volumeMounts = [] - - # Single instance, no HA - ha = { - enabled = false - } - - # Simple configuration with file storage on ephemeral disk - standalone = { - enabled = true - config = <<-EOT - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - } - - storage "file" { - path = "/vault/file" - } - - seal "awskms" { - region = "${data.aws_region.current.name}" - kms_key_id = "${var.kms_key_id != "" ? var.kms_key_id : aws_kms_key.vault_unseal[0].key_id}" - } - - disable_mlock = true - EOT - } - - service = { - enabled = true - type = "LoadBalancer" - port = 8200 - annotations = { - "service.beta.kubernetes.io/aws-load-balancer-type" = "nlb" - "service.beta.kubernetes.io/aws-load-balancer-subnets" = join(",", var.public_subnet_ids) - "service.beta.kubernetes.io/aws-load-balancer-scheme" = var.load_balancer_scheme - "service.beta.kubernetes.io/aws-load-balancer-internal" = tostring(var.load_balancer_scheme == "internal") - "service.beta.kubernetes.io/aws-load-balancer-ssl-ports" = "8200" - "service.beta.kubernetes.io/aws-load-balancer-ssl-redirect" = "true" - "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy" = "ELBSecurityPolicy-TLS-1-2-2017-01" - "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled" = "true" - "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" = "Name=${var.cluster_name}-vault" - "service.beta.kubernetes.io/aws-load-balancer-source-ranges" = join(",", var.allowed_cidr_blocks) - } - } - - ingress = { - enabled = false - } - } - - ui = { - enabled = true - serviceType = "ClusterIP" - } - }) - ] - - depends_on = [ - kubernetes_namespace.vault, - kubernetes_service_account.vault, - aws_iam_role_policy_attachment.vault_kms_policy_attachment - ] -} diff --git a/modules/kubernetes/helm/vault/iam.tf b/modules/kubernetes/helm/vault/iam.tf deleted file mode 100644 index 7b2cd69..0000000 --- a/modules/kubernetes/helm/vault/iam.tf +++ /dev/null @@ -1,37 +0,0 @@ -resource "aws_iam_role" "vault_kms_role" { - name = "vault-kms-role-${var.cluster_name}" - - assume_role_policy = jsonencode(module.trusting_oidc.trusting) - permissions_boundary = var.iam_role_permissions_boundary - - -} - - -# IAM policy for KMS access -resource "aws_iam_policy" "vault_kms_policy" { - name = "vault-kms-policy-${var.cluster_name}" - description = "Policy for Vault to access KMS for auto-unseal" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:DescribeKey" - ] - Resource = var.kms_key_id != "" ? "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/${var.kms_key_id}" : aws_kms_key.vault_unseal[0].arn - } - ] - }) -} - -# Attach policy to role -resource "aws_iam_role_policy_attachment" "vault_kms_policy_attachment" { - role = aws_iam_role.vault_kms_role.name - policy_arn = aws_iam_policy.vault_kms_policy.arn -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/kms.tf b/modules/kubernetes/helm/vault/kms.tf deleted file mode 100644 index bb04883..0000000 --- a/modules/kubernetes/helm/vault/kms.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "aws_kms_key" "vault_unseal" { - count = var.kms_key_id == "" ? 1 : 0 - description = "KMS key for Vault auto-unseal" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Sid = "Enable IAM User Permissions" - Effect = "Allow" - Principal = { - AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" - } - Action = "kms:*" - Resource = "*" - } - ] - }) - - tags = { - Name = "vault-auto-unseal-${var.cluster_name}" - } -} - -resource "aws_kms_alias" "vault_unseal" { - count = var.kms_key_id == "" ? 1 : 0 - name = "alias/vault-auto-unseal-${var.cluster_name}" - target_key_id = aws_kms_key.vault_unseal[0].key_id -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/kubernetes.tf b/modules/kubernetes/helm/vault/kubernetes.tf deleted file mode 100644 index 2437a37..0000000 --- a/modules/kubernetes/helm/vault/kubernetes.tf +++ /dev/null @@ -1,70 +0,0 @@ -# Kubernetes namespace -resource "kubernetes_namespace" "vault" { - metadata { - name = var.vault_namespace - } -} - -# Kubernetes service account with IAM role annotation -resource "kubernetes_service_account" "vault" { - metadata { - name = var.vault_service_account - namespace = var.vault_namespace - annotations = { - "eks.amazonaws.com/role-arn" = aws_iam_role.vault_kms_role.arn - } - } - depends_on = [kubernetes_namespace.vault] -} - -resource "null_resource" "vault_init" { - provisioner "local-exec" { - command = <<-EOT - # Wait for Vault pods to be ready - kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=vault -n ${var.vault_namespace} --timeout=${var.wait_timeout} - - # Check if Vault is already initialized - if kubectl exec -n ${var.vault_namespace} vault-0 -- vault status | grep -q "Initialized.*true"; then - echo "Vault is already initialized" - - # Try to get existing root token from secret - if kubectl get secret vault-root-token -n ${var.vault_namespace} >/dev/null 2>&1; then - ROOT_TOKEN=$(kubectl get secret vault-root-token -n ${var.vault_namespace} -o jsonpath='{.data.token}' | base64 -d) - echo "Retrieved existing root token" - else - echo "Warning: Vault is initialized but no root token found in secrets" - ROOT_TOKEN="" - fi - else - echo "Initializing Vault..." - - # Initialize Vault and save output - kubectl exec -n ${var.vault_namespace} vault-0 -- vault operator init -format=json > /tmp/vault-init.json - - # Extract root token - ROOT_TOKEN=$(cat /tmp/vault-init.json | jq -r '.root_token') - - # Create Kubernetes secret for root token - kubectl create secret generic vault-root-token -n ${var.vault_namespace} \ - --from-literal=token="$ROOT_TOKEN" \ - --dry-run=client -o yaml | kubectl apply -f - - - echo "Vault initialized successfully with auto-unseal" - echo "Root token stored in vault-root-token secret" - fi - - # Save root token to file for Terraform to read - echo -n "$ROOT_TOKEN" > /tmp/vault-root-token.txt - - # Output the token (will be captured by Terraform) - echo "VAULT_ROOT_TOKEN=$ROOT_TOKEN" - EOT - } - - # Force re-run when dependencies change - triggers = { - vault_deployment = helm_release.vault.metadata[0].revision - } - - depends_on = [helm_release.vault] -} diff --git a/modules/kubernetes/helm/vault/output.tf b/modules/kubernetes/helm/vault/output.tf deleted file mode 100644 index 376d6b3..0000000 --- a/modules/kubernetes/helm/vault/output.tf +++ /dev/null @@ -1,31 +0,0 @@ -output "vault_kms_key_id" { - description = "KMS Key ID used for Vault auto-unseal" - value = var.kms_key_id != "" ? var.kms_key_id : aws_kms_key.vault_unseal[0].key_id -} - -output "vault_iam_role_arn" { - description = "IAM Role ARN for Vault service account" - value = aws_iam_role.vault_kms_role.arn -} - -output "vault_service_url" { - description = "Vault service URL" - value = "http://vault.${var.vault_namespace}.svc.cluster.local:8200" -} - -output "vault_ui_port_forward_command" { - description = "Command to port-forward to Vault UI" - value = "kubectl port-forward -n ${var.vault_namespace} svc/vault 8200:8200" -} - -data "local_file" "vault_root_token" { - filename = "/tmp/vault-root-token.txt" - depends_on = [null_resource.vault_init] -} - -# Output the root token -output "vault_root_token" { - description = "Vault root token for authentication" - value = data.local_file.vault_root_token.content - sensitive = true -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/providers.tf b/modules/kubernetes/helm/vault/providers.tf deleted file mode 100644 index a7bf91c..0000000 --- a/modules/kubernetes/helm/vault/providers.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Provider configuration -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# # Configure providers -# provider "aws" { -# } -# -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/vault/variables.tf b/modules/kubernetes/helm/vault/variables.tf deleted file mode 100644 index a9cc66b..0000000 --- a/modules/kubernetes/helm/vault/variables.tf +++ /dev/null @@ -1,61 +0,0 @@ -variable "cluster_name" { - description = "Name of the Kubernetes cluster" - type = string -} - -variable "vault_namespace" { - description = "Kubernetes namespace for Vault" - type = string - default = "vault" -} - -variable "wait_timeout" { - description = "The time it waits for pods to be ready" - type = string - default = "300s" -} - -variable "kms_key_id" { - description = "AWS KMS Key ID for auto-unseal" - type = string - default = "" -} - -variable "vault_service_account" { - description = "Vault service account name" - type = string - default = "vault" -} - -variable "public_subnet_ids" { - description = "List of public subnet IDs for the load balancer" - type = list(string) -} - -variable "allowed_cidr_blocks" { - description = "List of CIDR blocks allowed to access the load balancer" - type = list(string) - default = ["0.0.0.0/0"] -} - -variable "load_balancer_scheme" { - description = "Load balancer scheme - 'internet-facing' for public access or 'internal' for private access" - type = string - default = "internal" - validation { - condition = contains(["internet-facing", "internal"], var.load_balancer_scheme) - error_message = "Load balancer scheme must be either 'internet-facing' or 'internal'." - } -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} - -variable "storageClassName" { - description = "The storageClass name to use" - type = string - default = "gp2" -} diff --git a/modules/nullplatform/README.md b/modules/nullplatform/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/dimensions/README.md b/modules/nullplatform/dimensions/README.md deleted file mode 100644 index 1cb5953..0000000 --- a/modules/nullplatform/dimensions/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_dimension.environment](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension) | resource | -| [nullplatform_dimension_value.environment_value](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension_value) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [ids](#output\_ids) | The Ids of the dimensions created | -| [names](#output\_names) | The names of the dimensions created | diff --git a/modules/nullplatform/dimensions/backend.tf b/modules/nullplatform/dimensions/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/dimensions/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/dimensions/outputs.tf b/modules/nullplatform/dimensions/outputs.tf deleted file mode 100644 index 7b63183..0000000 --- a/modules/nullplatform/dimensions/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "ids" { - description = "The Ids of the dimensions created" - value = [for env in nullplatform_dimension_value.environment_value : env.id] -} - -output "names" { - description = "The names of the dimensions created" - value = var.environments -} diff --git a/modules/nullplatform/dimensions/variables.tf b/modules/nullplatform/dimensions/variables.tf deleted file mode 100644 index e83a07a..0000000 --- a/modules/nullplatform/dimensions/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -################################################################################ -# General Variables from root module -################################################################################ - -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} diff --git a/modules/nullplatform/provider/asset/docker-server/README.md b/modules/nullplatform/provider/asset/docker-server/README.md deleted file mode 100644 index 398ca4c..0000000 --- a/modules/nullplatform/provider/asset/docker-server/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.docker_server](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [login\_server](#input\_login\_server) | Docker Login server name | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [password](#input\_password) | Docker password | `string` | n/a | yes | -| [path](#input\_path) | Path to the registry created | `string` | n/a | yes | -| [username](#input\_username) | Docker username | `string` | `"_json_key_base64"` | no | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/docker-server/backend.tf b/modules/nullplatform/provider/asset/docker-server/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/asset/docker-server/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/asset/docker-server/variables.tf b/modules/nullplatform/provider/asset/docker-server/variables.tf deleted file mode 100644 index 5e7e473..0000000 --- a/modules/nullplatform/provider/asset/docker-server/variables.tf +++ /dev/null @@ -1,26 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "login_server" { - description = "Docker Login server name" - type = string -} - -variable "path" { - description = "Path to the registry created" - type = string -} - -variable "username" { - description = "Docker username" - type = string - default = "_json_key_base64" -} - -variable "password" { - description = "Docker password" - type = string - sensitive = false -} diff --git a/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl b/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl deleted file mode 100644 index f269b36..0000000 --- a/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl +++ /dev/null @@ -1,41 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/azurerm" { - version = "4.19.0" - hashes = [ - "h1:nYJrDZgta67mFtKdd8ypCdxcAPvdz1vAabb4yh6ms8g=", - "zh:2ad30ba69767c30c1a97ceac3fd9f3c20d4a503f9bc0d2390929fe1bf993e882", - "zh:3103558709ba3d2903c18d590e81f7f6c603ffdcb5102fea42c41223e986ece6", - "zh:62d184427b38cc7befbae1e190431201b2d5bf214d55bba1fe65ffe53554a2b2", - "zh:761cc8f1a87e8215a55439891c1596b3522cdbddbb8784b57d21ff3140dacc09", - "zh:970cd1530c95621ab261e39183e2a516859744f16f9a198acd6fb4c39b2aa7a9", - "zh:9dcb1c531c43e34f75d1f01f0d5f0a7c13ba8049ac6f3177f56b08faa4254714", - "zh:b581aea03dbbee771f75c3cc3c0660a735544f9d91cc3dbf41ebf0ed764057be", - "zh:b7e5b92e8eba1b1bf8ce47925ff4e53f96351f4d88ce5a0bbd72b0b83f799537", - "zh:cf1e1698713b20425deffc3e52c4eea345fbb422c0acf1bef32777657096ec30", - "zh:ea9eb7fe756f498c3c46bfbb87bff3e58892751ce90b521ef87f6736132fad09", - ] -} - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/asset/ecr/README.md b/modules/nullplatform/provider/asset/ecr/README.md deleted file mode 100644 index a9c25aa..0000000 --- a/modules/nullplatform/provider/asset/ecr/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.ecr](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_role](#input\_application\_manager\_role) | The IAM role arn used to create repositories on an application creation | `string` | n/a | yes | -| [build\_workflow\_user\_access\_key\_id](#input\_build\_workflow\_user\_access\_key\_id) | AWS Access key used by Nullplatform to push images to ECR | `string` | n/a | yes | -| [build\_workflow\_user\_secret\_access\_key](#input\_build\_workflow\_user\_secret\_access\_key) | AWS Secret key used by Nullplatform to push images to ECR | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [region](#input\_region) | ECR AWS region | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/ecr/backend.tf b/modules/nullplatform/provider/asset/ecr/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/asset/ecr/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/asset/ecr/main.tf b/modules/nullplatform/provider/asset/ecr/main.tf deleted file mode 100644 index 6d1cec7..0000000 --- a/modules/nullplatform/provider/asset/ecr/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : var.region, - "access_key" : var.build_workflow_user_access_key_id - "secret_key" : var.build_workflow_user_secret_access_key - }, - "setup" : { - "region" : var.region, - "role_arn" : var.application_manager_role - } - }) -} - diff --git a/modules/nullplatform/provider/asset/ecr/variables.tf b/modules/nullplatform/provider/asset/ecr/variables.tf deleted file mode 100644 index 05339ba..0000000 --- a/modules/nullplatform/provider/asset/ecr/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "region" { - description = "ECR AWS region" - type = string -} - -variable "build_workflow_user_access_key_id" { - description = "AWS Access key used by Nullplatform to push images to ECR" - type = string -} - -variable "build_workflow_user_secret_access_key" { - description = "AWS Secret key used by Nullplatform to push images to ECR" - type = string -} - -variable "application_manager_role" { - description = "The IAM role arn used to create repositories on an application creation" - type = string -} diff --git a/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl b/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl deleted file mode 100644 index f269b36..0000000 --- a/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl +++ /dev/null @@ -1,41 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/azurerm" { - version = "4.19.0" - hashes = [ - "h1:nYJrDZgta67mFtKdd8ypCdxcAPvdz1vAabb4yh6ms8g=", - "zh:2ad30ba69767c30c1a97ceac3fd9f3c20d4a503f9bc0d2390929fe1bf993e882", - "zh:3103558709ba3d2903c18d590e81f7f6c603ffdcb5102fea42c41223e986ece6", - "zh:62d184427b38cc7befbae1e190431201b2d5bf214d55bba1fe65ffe53554a2b2", - "zh:761cc8f1a87e8215a55439891c1596b3522cdbddbb8784b57d21ff3140dacc09", - "zh:970cd1530c95621ab261e39183e2a516859744f16f9a198acd6fb4c39b2aa7a9", - "zh:9dcb1c531c43e34f75d1f01f0d5f0a7c13ba8049ac6f3177f56b08faa4254714", - "zh:b581aea03dbbee771f75c3cc3c0660a735544f9d91cc3dbf41ebf0ed764057be", - "zh:b7e5b92e8eba1b1bf8ce47925ff4e53f96351f4d88ce5a0bbd72b0b83f799537", - "zh:cf1e1698713b20425deffc3e52c4eea345fbb422c0acf1bef32777657096ec30", - "zh:ea9eb7fe756f498c3c46bfbb87bff3e58892751ce90b521ef87f6736132fad09", - ] -} - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/asset/s3/README.md b/modules/nullplatform/provider/asset/s3/README.md deleted file mode 100644 index a1e0dad..0000000 --- a/modules/nullplatform/provider/asset/s3/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.s3](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [lambda\_assets\_bucket](#input\_lambda\_assets\_bucket) | Bucket where assets for lambda functions are stored | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/s3/backend.tf b/modules/nullplatform/provider/asset/s3/backend.tf deleted file mode 100644 index 8886af7..0000000 --- a/modules/nullplatform/provider/asset/s3/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - azurerm = { - source = "hashicorp/azurerm" - } - } -} diff --git a/modules/nullplatform/provider/asset/s3/main.tf b/modules/nullplatform/provider/asset/s3/main.tf deleted file mode 100644 index 04a8206..0000000 --- a/modules/nullplatform/provider/asset/s3/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "nullplatform_provider_config" "s3" { - provider = nullplatform - nrn = var.nrn - type = "s3-configuration" - dimensions = {} - attributes = jsonencode({ - "bucket" : { - "name" : var.lambda_assets_bucket - } - }) -} diff --git a/modules/nullplatform/provider/asset/s3/variables.tf b/modules/nullplatform/provider/asset/s3/variables.tf deleted file mode 100644 index f733abd..0000000 --- a/modules/nullplatform/provider/asset/s3/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "lambda_assets_bucket" { - description = "Bucket where assets for lambda functions are stored" - type = string -} diff --git a/modules/nullplatform/provider/cloud/README.md b/modules/nullplatform/provider/cloud/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/provider/cloud/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl b/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl deleted file mode 100644 index 8ef8c42..0000000 --- a/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl +++ /dev/null @@ -1,46 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "6.10.0" - hashes = [ - "h1:3+TkVoKllN+U48xMQjZCB692MigTQCLkEfug6aYMG/c=", - "zh:3c92efebaf635372bf7283e04fc667d59b0ff3cf1aacd011fc484a11f70954d9", - "zh:404b2a1d360851e63f25945406f2d0c2cb9c20b361552ce01bf7fe3df516a5bf", - "zh:523b1640e2b9e2b548876a1dccc627c290f342255d727568fe4becfd9a8f5689", - "zh:697adf10c76384195303650555229129d64135f5be3abf95da0bf4b6de742054", - "zh:69d6177e3e106518844373871d4e6377003336761aab884da32f66b034229b5c", - "zh:6a41899ce8ab9cdd6f706160fd350951e5f3fc1432a37e638d3576a780c686fd", - "zh:6e8fd28299d6bf0ab6922cf987757e578f357a45ac45abc312688580dbde3bee", - "zh:7ca4bfb5a8f89586dd0c8dd9c1e638a03bc7c6f456bcc29be57cfb7bdc90fc30", - "zh:8fe1f6e0a2718318bae3f53a4fb77bc9eaef0fc4131145996f48482b135830c6", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:b221cfbc9f19ad30719b773f05f45571e88b124c15c35ac230021df1bb1110f5", - "zh:b458c357b5f38092e374957e51827d9113447696deccf0cb01f5684d976e7725", - "zh:b7fbb1b05972d73d72af58a2179ac124c6d69a4f0392aa2ce4dc855e78f52268", - "zh:d95da0dc45df0f30005e17c5206addbd62b0471c265d9855fe8039bf6f2adef7", - "zh:db5dd4120c6ab6ae13df67353a9bc902ac34d01c1d297812d628ebf61dc6f681", - ] -} - -provider "registry.terraform.io/nullplatform/nullplatform" { - version = "0.0.67" - hashes = [ - "h1:zSLxZP4h6M9BvwZJioiBee91ezjobz9/Od0/Z0jboaE=", - "zh:10f229fa98947f36131f0a47333009e5ce00a355fb4ff5586e812d61691d5367", - "zh:1961d95c204f5f4976961b65843695c99b64746ec53dbe5d965a19fe52e9f448", - "zh:20e2f782a10fd3f6c9a0e154cebae36abbe74fe591f47453d3b08f8eb0fc049e", - "zh:2e60dcdfea18d1d975be05bcda94ab748be6ba6ea9eba4250d9bbfe08cb3a6c6", - "zh:343b1ca672061ef1c30e45aa02b70901be2db4d9ea4bdb67101483f00fe4d503", - "zh:54d94184600350360b14499bcbe75ded1df0afa5b52cb9f1de940259efee1dc9", - "zh:56ce4326785d8f3c8ee510cc4b8a05878b611a997552ffbc1d52d449a5fbbb1f", - "zh:7b6fda50448ff0a2573d6695216442f50159fbc6cc769c24a3d2e49286c76028", - "zh:8fce4e5808f7dc28f631a0408ae5a488e2c45f1a6da00bc3c4496066f99a7513", - "zh:ab42579c18cfda2c9172bff516e87efe6b7b0958aa31905f0d60c9ac74f583a8", - "zh:b89246315045a4c49a2cda19a3c398cc6c749b23ae8fdfbb592c68e9ae88b8ba", - "zh:ca54131274159aff9a45d795c816e2df1175a6912b0bd880dda98a269ea641ae", - "zh:d36e6d9e8bf62b2650bf8d5d118db7c8ff44f701d4d88c4ec8df7d13fc6f9780", - "zh:e3c59713748c8b0204e55bab117b864515adaa5e62afb0667a65bb4c7d998fa2", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/cloud/aws/README.md b/modules/nullplatform/provider/cloud/aws/README.md deleted file mode 100644 index 03f0c57..0000000 --- a/modules/nullplatform/provider/cloud/aws/README.md +++ /dev/null @@ -1,39 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.aws](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [hosted\_public\_zone\_id](#input\_hosted\_public\_zone\_id) | The Hosted zone if for the public dns | `string` | n/a | yes | -| [hosted\_zone\_id](#input\_hosted\_zone\_id) | The Hosted zone if for the private dns | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [region](#input\_region) | n/a | `string` | n/a | yes | -| [scope\_manager\_role](#input\_scope\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/aws/backend.tf b/modules/nullplatform/provider/cloud/aws/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/cloud/aws/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/cloud/aws/locals.tf b/modules/nullplatform/provider/cloud/aws/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/cloud/aws/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/cloud/aws/main.tf b/modules/nullplatform/provider/cloud/aws/main.tf deleted file mode 100644 index dc9a07d..0000000 --- a/modules/nullplatform/provider/cloud/aws/main.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - iam = { - scope_workflow_role = var.scope_manager_role - } - account = { - id = data.aws_caller_identity.current.account_id - region = var.region - } - networking = { - application_domain = var.application_domain - domain_name = var.domain_name - hosted_zone_id = var.hosted_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) -} diff --git a/modules/nullplatform/provider/cloud/aws/variables.tf b/modules/nullplatform/provider/cloud/aws/variables.tf deleted file mode 100644 index c9cdce5..0000000 --- a/modules/nullplatform/provider/cloud/aws/variables.tf +++ /dev/null @@ -1,50 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "region" { - type = string -} - -variable "domain_name" { - type = string -} - -variable "scope_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "hosted_zone_id" { - type = string - description = "The Hosted zone if for the private dns" -} - -variable "hosted_public_zone_id" { - type = string - description = "The Hosted zone if for the public dns" -} - -variable "application_domain" { - type = bool - description = "Enable application domain in networking configuration" - default = true -} diff --git a/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl b/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/cloud/gcp/README.md b/modules/nullplatform/provider/cloud/gcp/README.md deleted file mode 100644 index 0e03f8f..0000000 --- a/modules/nullplatform/provider/cloud/gcp/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.gcp](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [credentials\_file](#input\_credentials\_file) | Base64 credentials file | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | Domain name | `string` | n/a | yes | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_dns\_zone\_name](#input\_private\_dns\_zone\_name) | gcp private zone name | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | ID del Proyecto en GCP | `string` | n/a | yes | -| [public\_dns\_zone\_name](#input\_public\_dns\_zone\_name) | gcp public zone name | `string` | n/a | yes | -| [use\_application\_domain](#input\_use\_application\_domain) | false | `bool` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/gcp/backend.tf b/modules/nullplatform/provider/cloud/gcp/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/cloud/gcp/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/cloud/gcp/locals.tf b/modules/nullplatform/provider/cloud/gcp/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/cloud/gcp/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/cloud/gcp/main.tf b/modules/nullplatform/provider/cloud/gcp/main.tf deleted file mode 100644 index f514c81..0000000 --- a/modules/nullplatform/provider/cloud/gcp/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "nullplatform_provider_config" "gcp" { - nrn = var.nrn - type = "google-cloud-configuration" - dimensions = var.dimensions - attributes = jsonencode({ - "project" : { - "id" : var.project_id - }, - "networking" : { - "domain_name" : var.domain_name, - "application_domain" : var.use_application_domain, - "public_dns_zone_name" : var.public_dns_zone_name - "private_dns_zone_name" : var.private_dns_zone_name - }, - "authentication" : { - "service_account_key" : var.credentials_file - } - }) -} diff --git a/modules/nullplatform/provider/cloud/gcp/variables.tf b/modules/nullplatform/provider/cloud/gcp/variables.tf deleted file mode 100644 index 9fe9e0f..0000000 --- a/modules/nullplatform/provider/cloud/gcp/variables.tf +++ /dev/null @@ -1,51 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "project_id" { - type = string - description = "ID del Proyecto en GCP" -} - -variable "domain_name" { - description = "Domain name" - type = string -} - -variable "public_dns_zone_name" { - description = "gcp public zone name" - type = string -} - -variable "private_dns_zone_name" { - description = "gcp private zone name" - type = string -} - -variable "use_application_domain" { - description = false - type = bool -} - -variable "credentials_file" { - description = "Base64 credentials file" - type = string -} diff --git a/modules/nullplatform/provider/code/github/README.md b/modules/nullplatform/provider/code/github/README.md deleted file mode 100644 index 58a7b3c..0000000 --- a/modules/nullplatform/provider/code/github/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [organization](#input\_organization) | The github organization to associate to nullplatform. | `string` | n/a | yes | -| [organization\_installation\_id](#input\_organization\_installation\_id) | The github installation id after installing the organization to Nullplatform github application. | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/code/github/backend.tf b/modules/nullplatform/provider/code/github/backend.tf deleted file mode 100644 index 8886af7..0000000 --- a/modules/nullplatform/provider/code/github/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - azurerm = { - source = "hashicorp/azurerm" - } - } -} diff --git a/modules/nullplatform/provider/code/github/main.tf b/modules/nullplatform/provider/code/github/main.tf deleted file mode 100644 index ed69e6b..0000000 --- a/modules/nullplatform/provider/code/github/main.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "nullplatform_provider_config" "github" { - nrn = try(regex("(.*):namespace.*", var.nrn)[0], var.nrn) - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id, - }, - } - ) -} - diff --git a/modules/nullplatform/provider/code/github/variables.tf b/modules/nullplatform/provider/code/github/variables.tf deleted file mode 100644 index b4a03fc..0000000 --- a/modules/nullplatform/provider/code/github/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "organization" { - type = string - description = "The github organization to associate to nullplatform." -} - -variable "organization_installation_id" { - type = string - description = "The github installation id after installing the organization to Nullplatform github application." -} diff --git a/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl b/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/compute/ec2/README.md b/modules/nullplatform/provider/compute/ec2/README.md deleted file mode 100644 index 53cb5bb..0000000 --- a/modules/nullplatform/provider/compute/ec2/README.md +++ /dev/null @@ -1,36 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.ec2](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [ami\_id](#input\_ami\_id) | AMI Id used to launch to EC2 instances | `string` | `"ami-0a6dd292b2a2a778c"` | no | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [instance\_profile](#input\_instance\_profile) | The IAM Instance profile to attach to EC2 instances | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [parameters\_bucket](#input\_parameters\_bucket) | The parameters bucket storage | `string` | n/a | yes | -| [parameters\_encryption\_secret](#input\_parameters\_encryption\_secret) | The parameters bucket storage encryption key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/compute/ec2/backend.tf b/modules/nullplatform/provider/compute/ec2/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/compute/ec2/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/compute/ec2/locals.tf b/modules/nullplatform/provider/compute/ec2/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/compute/ec2/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/compute/ec2/main.tf b/modules/nullplatform/provider/compute/ec2/main.tf deleted file mode 100644 index bfc9743..0000000 --- a/modules/nullplatform/provider/compute/ec2/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "nullplatform_provider_config" "ec2" { - provider = nullplatform - nrn = var.nrn - type = "ec2-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - ami = { - id = var.ami_id - }, - storage = { - parameters_bucket = var.parameters_bucket - parameters_encryption_secret = var.parameters_encryption_secret - }, - security = { - # ssh_key = var.ec2_ssh_key_name - iam_profile = var.instance_profile - - } - }) -} diff --git a/modules/nullplatform/provider/compute/ec2/variables.tf b/modules/nullplatform/provider/compute/ec2/variables.tf deleted file mode 100644 index 20a141e..0000000 --- a/modules/nullplatform/provider/compute/ec2/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "ami_id" { - type = string - description = "AMI Id used to launch to EC2 instances" - default = "ami-0a6dd292b2a2a778c" #null-runtime-58 -} - -variable "parameters_bucket" { - type = string - description = "The parameters bucket storage" -} - -variable "parameters_encryption_secret" { - type = string - description = "The parameters bucket storage encryption key" -} - -variable "instance_profile" { - type = string - description = "The IAM Instance profile to attach to EC2 instances" -} - diff --git a/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl b/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/compute/lambda/README.md b/modules/nullplatform/provider/compute/lambda/README.md deleted file mode 100644 index 9808a0c..0000000 --- a/modules/nullplatform/provider/compute/lambda/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.lambda](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [lambda\_function\_role\_arn](#input\_lambda\_function\_role\_arn) | The IAM Role arn to deploy Lambda functions | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/compute/lambda/backend.tf b/modules/nullplatform/provider/compute/lambda/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/compute/lambda/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/compute/lambda/locals.tf b/modules/nullplatform/provider/compute/lambda/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/compute/lambda/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/compute/lambda/main.tf b/modules/nullplatform/provider/compute/lambda/main.tf deleted file mode 100644 index 4872ad6..0000000 --- a/modules/nullplatform/provider/compute/lambda/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "nullplatform_provider_config" "lambda" { - provider = nullplatform - nrn = var.nrn - type = "aws-lambda-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - setup = { - role_arn = var.lambda_function_role_arn - } - }) -} diff --git a/modules/nullplatform/provider/compute/lambda/variables.tf b/modules/nullplatform/provider/compute/lambda/variables.tf deleted file mode 100644 index 11af5de..0000000 --- a/modules/nullplatform/provider/compute/lambda/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "lambda_function_role_arn" { - type = string - description = "The IAM Role arn to deploy Lambda functions" -} - diff --git a/modules/nullplatform/provider/container/README.md b/modules/nullplatform/provider/container/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/provider/container/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/eks/.terraform.lock.hcl b/modules/nullplatform/provider/container/eks/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/container/eks/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/container/eks/README.md b/modules/nullplatform/provider/container/eks/README.md deleted file mode 100644 index 23de3cb..0000000 --- a/modules/nullplatform/provider/container/eks/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.eks](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | GKE Cluster name | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [namespace](#input\_namespace) | Namespace where apps will be created | `string` | `"nullplatform"` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/eks/backend.tf b/modules/nullplatform/provider/container/eks/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/container/eks/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/container/eks/locals.tf b/modules/nullplatform/provider/container/eks/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/container/eks/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/container/eks/main.tf b/modules/nullplatform/provider/container/eks/main.tf deleted file mode 100644 index 29d417f..0000000 --- a/modules/nullplatform/provider/container/eks/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_provider_config" "eks" { - provider = nullplatform - nrn = var.nrn - type = "eks-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - cluster = { - id = var.cluster_name, - namespace = var.namespace - } - }) -} diff --git a/modules/nullplatform/provider/container/eks/variables.tf b/modules/nullplatform/provider/container/eks/variables.tf deleted file mode 100644 index 91f3c90..0000000 --- a/modules/nullplatform/provider/container/eks/variables.tf +++ /dev/null @@ -1,32 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "cluster_name" { - type = string - description = "GKE Cluster name" -} - -variable "namespace" { - type = string - description = "Namespace where apps will be created" - default = "nullplatform" -} diff --git a/modules/nullplatform/provider/container/gke/.terraform.lock.hcl b/modules/nullplatform/provider/container/gke/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/container/gke/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/container/gke/README.md b/modules/nullplatform/provider/container/gke/README.md deleted file mode 100644 index df6de7c..0000000 --- a/modules/nullplatform/provider/container/gke/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.gke](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | GKE Cluster name | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [gateway\_namespace](#input\_gateway\_namespace) | Namespace where gateways will be created | `string` | `"gateways"` | no | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [location](#input\_location) | GCP location where the cluster exists | `string` | n/a | yes | -| [namespace](#input\_namespace) | Namespace where apps will be created | `string` | `"nullplatform"` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_gateway\_name](#input\_private\_gateway\_name) | Private gateway name | `string` | `"gateway-private"` | no | -| [public\_gateway\_name](#input\_public\_gateway\_name) | Public gateway name | `string` | `"gateway-public"` | no | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/gke/backend.tf b/modules/nullplatform/provider/container/gke/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/container/gke/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/container/gke/locals.tf b/modules/nullplatform/provider/container/gke/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/container/gke/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/container/gke/main.tf b/modules/nullplatform/provider/container/gke/main.tf deleted file mode 100644 index b521733..0000000 --- a/modules/nullplatform/provider/container/gke/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "nullplatform_provider_config" "gke" { - nrn = var.nrn - type = "gke-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - "cluster" : { - "id" : var.cluster_name, - "location" : var.location, - "namespace" : var.namespace - "image_pull_secrets" : ["image-pull-secret-nullplatform"] - }, - "gateway" : { - "namespace" : var.gateway_namespace, - "public_name" : var.public_gateway_name, - "private_name" : var.private_gateway_name, - } - }) -} diff --git a/modules/nullplatform/provider/container/gke/variables.tf b/modules/nullplatform/provider/container/gke/variables.tf deleted file mode 100644 index 103fced..0000000 --- a/modules/nullplatform/provider/container/gke/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "cluster_name" { - type = string - description = "GKE Cluster name" -} - -variable "location" { - type = string - description = "GCP location where the cluster exists" -} - -variable "namespace" { - type = string - description = "Namespace where apps will be created" - default = "nullplatform" -} - -variable "gateway_namespace" { - description = "Namespace where gateways will be created" - type = string - default = "gateways" -} - -variable "public_gateway_name" { - description = "Public gateway name" - type = string - default = "gateway-public" -} - -variable "private_gateway_name" { - description = "Private gateway name" - type = string - default = "gateway-private" -} diff --git a/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl b/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/networking/vpc/README.md b/modules/nullplatform/provider/networking/vpc/README.md deleted file mode 100644 index 3f78278..0000000 --- a/modules/nullplatform/provider/networking/vpc/README.md +++ /dev/null @@ -1,39 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.network](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_load\_balancer\_arn](#input\_private\_load\_balancer\_arn) | The private alb arn used for ec2 and lambda | `string` | n/a | yes | -| [private\_load\_balancer\_listener\_arn](#input\_private\_load\_balancer\_listener\_arn) | The private alb listener arn used for ec2 and lambda | `string` | n/a | yes | -| [public\_load\_balancer\_arn](#input\_public\_load\_balancer\_arn) | The private alb arn used for ec2 and lambda | `string` | n/a | yes | -| [public\_load\_balancer\_listener\_arn](#input\_public\_load\_balancer\_listener\_arn) | The private alb listener arn used for ec2 and lambda | `string` | n/a | yes | -| [security\_group\_ids](#input\_security\_group\_ids) | The sg ids used for ec2 and lambda | `list(string)` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet ids used for ec2 and lambda | `list(string)` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The VPC id used for ec2 and lambda | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/networking/vpc/backend.tf b/modules/nullplatform/provider/networking/vpc/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/networking/vpc/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/networking/vpc/locals.tf b/modules/nullplatform/provider/networking/vpc/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/networking/vpc/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/networking/vpc/main.tf b/modules/nullplatform/provider/networking/vpc/main.tf deleted file mode 100644 index f4172c0..0000000 --- a/modules/nullplatform/provider/networking/vpc/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -resource "nullplatform_provider_config" "network" { - provider = nullplatform - nrn = var.nrn - type = "aws-networking-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - "vpc" : { - "id" : var.vpc_id, - "subnets" : var.subnet_ids, - "security_groups" : var.security_group_ids - }, - "load_balancer" : { - "private" : { - "arn" : var.private_load_balancer_arn, - "listener_arn" : var.private_load_balancer_listener_arn - }, - "public" : { - "arn" : var.public_load_balancer_arn, - "listener_arn" : var.public_load_balancer_listener_arn - } - } - }) -} diff --git a/modules/nullplatform/provider/networking/vpc/variables.tf b/modules/nullplatform/provider/networking/vpc/variables.tf deleted file mode 100644 index 516391e..0000000 --- a/modules/nullplatform/provider/networking/vpc/variables.tf +++ /dev/null @@ -1,56 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "vpc_id" { - type = string - description = "The VPC id used for ec2 and lambda" -} - -variable "subnet_ids" { - type = list(string) - description = "The subnet ids used for ec2 and lambda" -} - -variable "security_group_ids" { - type = list(string) - description = "The sg ids used for ec2 and lambda" -} - -variable "private_load_balancer_arn" { - type = string - description = "The private alb arn used for ec2 and lambda" -} - -variable "private_load_balancer_listener_arn" { - type = string - description = "The private alb listener arn used for ec2 and lambda" -} - -variable "public_load_balancer_arn" { - type = string - description = "The private alb arn used for ec2 and lambda" -} - -variable "public_load_balancer_listener_arn" { - type = string - description = "The private alb listener arn used for ec2 and lambda" -} diff --git a/modules/nullplatform/scope-definition-agent-association/README.md b/modules/nullplatform/scope-definition-agent-association/README.md deleted file mode 100644 index 2548ba2..0000000 --- a/modules/nullplatform/scope-definition-agent-association/README.md +++ /dev/null @@ -1,65 +0,0 @@ -## [ALPHA] Scope-Definition-Agent-Association module - -This module creates a notification channel that associates agents with a specific scope definition, enabling agent-based operations for services within that scope. - -## How to use it - -```hcl -module "k8s_scope_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition?ref=alpha" - nrn = var.np_account_nrn - np_api_key = var.np_api_key - github_repo_url = "https://github.com/nullplatform/scopes" - github_ref = "features/specs_for_automation" - github_scope_path = "k8s" - scope_name = "K8S Webserver" - workflow_override_values = "../../nullplatform-training/partner-training/3-scopes-getting-started/scope-override/values.yaml" - scope_description = "Webserver running in a Kubernetes cluster" - -} - -module "k8s_agent_asociation" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition-agent-association?ref=alpha" - agent_api_key = var.np_api_key - scope_definition=module.k8s_scope_definition - agent_tags = { "environment" = "demo", "training" = "ingenia", "cluster" = "geisbruch" } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [agent\_api\_key](#input\_agent\_api\_key) | API key with permissions to run commands on agents (usually ops permissions) | `string` | n/a | yes | -| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| n/a | yes | -| [agent\_tags](#input\_agent\_tags) | Agent tags for selector | `map(string)` | n/a | yes | -| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | -| [channel\_type](#input\_channel\_type) | Type of the notification channel | `string` | `"agent"` | no | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [scope\_slug](#input\_scope\_slug) | The slug of the scope definition | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/backend.tf b/modules/nullplatform/scope-definition-agent-association/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/scope-definition-agent-association/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf deleted file mode 100644 index 4c0077c..0000000 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -resource "nullplatform_notification_channel" "channel_from_template" { - nrn = local.merged_config.nrn - type = "agent" - source = local.merged_config.channel_sources - - - configuration { - dynamic "agent" { - for_each = [1] - content { - api_key = local.merged_config.agent_api_key - command { - type = local.merged_config.specification.agent_command.type - data = { - cmdline = join(" ", compact([ - local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "" - ])) - arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) - environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) - } - } - - selector = local.merged_config.agent_tags - } - } - } - - filters = jsonencode({ - "$or" = [ - {"service.specification.slug" = {"$eq": local.merged_config.slug }}, - {"arguments.scope_provider" = {"$eq": local.merged_config.scope_provider_id }} - ] - }) -} diff --git a/modules/nullplatform/scope-definition-agent-association/outputs.tf b/modules/nullplatform/scope-definition-agent-association/outputs.tf deleted file mode 100644 index eed0514..0000000 --- a/modules/nullplatform/scope-definition-agent-association/outputs.tf +++ /dev/null @@ -1,8 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "id" { - value = nullplatform_notification_channel.channel_from_template.id - description = "The ID of the created notification channel" -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf deleted file mode 100644 index a583cdc..0000000 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ /dev/null @@ -1,120 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" - default = null -} - -variable "agent_tags" { - type = map(string) - description = "Agent tags" - -} - -variable "channel_sources" { - type = list(string) - description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" - default = [ "telemetry", "service" ] -} - -variable "channel_type" { - type = string - description = "Type of the notification channel (e.g., 'agent')" - default = "agent" - -} - -variable "agent_api_key" { - type = string - description = "API key with permsissions to run commands on agents (usually ops permisions)" - sensitive = true -} - -variable "scope_slug" { - type = string - description = "The slug of the scope definition" - default = null -} -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" - -} -variable "agent_command" { - type = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - default = null - -} - -variable "workflow_override_values" { - type = string - default = "null" - description = "Values to override in the workflow file" - -} - -variable "scope_provider_id" { - type = string - description = "The ID of the scope provider associated with the scope definition" - default = null - -} - -variable "scope_definition" { - type = object({ - slug = string, - nrn = string, - workflow_override_path = string, - workflow_override_values = string, - scope_provider_id = string, - specification = object({ - agent_command = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - }) - }) -} - -locals { - base_config = { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.scope_slug - scope_provider_id = var.scope_provider_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - } - - merged_config = merge( - local.base_config, - { - for k, v in var.scope_definition : k => ( - # If key exists in base_config and scope_definition value is null, - # keep the base_config value, otherwise use scope_definition value - contains(keys(local.base_config), k) && v == null - ? local.base_config[k] - : v - ) - } - ) -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/README.md b/modules/nullplatform/scope-definition/README.md deleted file mode 100644 index 56e2d6c..0000000 --- a/modules/nullplatform/scope-definition/README.md +++ /dev/null @@ -1,64 +0,0 @@ -## [ALPHA] Scope-Definition module - -## How to use it - -```hcl -module "" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition" - - nrn = "" - np_api_key = "" - github_repo_url = "https://github.com/nullplatform/scopes" - github_ref = "main" - github_scope_path = "k8s" - scope_name = "K8S Webserver" - scope_description = "Webserver running in a Kubernetes cluster" -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [http](#provider\_http) | n/a | -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_scope_type.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/scope_type) | resource | -| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | -| [http_http.action_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.service_spec_template](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [action\_spec\_names](#input\_action\_spec\_names) | List of action specification template names to fetch and create | `list(string)` | 
[
  "create-scope",
  "delete-scope",
  "start-initial",
  "start-blue-green",
  "finalize-blue-green",
  "rollback-deployment",
  "delete-deployment",
  "switch-traffic",
  "set-desired-instance-count",
  "pause-autoscaling",
  "resume-autoscaling",
  "restart-pods",
  "kill-instances"
]
| no | -| [github\_ref](#input\_github\_ref) | Git reference (branch, tag, or commit) | `string` | `"main"` | no | -| [github\_repo\_url](#input\_github\_repo\_url) | GitHub repository URL containing templates | `string` | `"https://github.com/nullplatform/scopes"` | no | -| [github\_scope\_path](#input\_github\_scope\_path) | Path within the repository for the specific scope (e.g., k8s, ecs) | `string` | `"k8s"` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [scope\_description](#input\_scope\_description) | Description of the scope type to be created | `string` | n/a | yes | -| [scope\_name](#input\_scope\_name) | Name of the scope type to be created | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [action\_specification\_ids](#output\_action\_specification\_ids) | Map of action specification names to their IDs | -| [scope\_type\_id](#output\_scope\_type\_id) | The ID of the created scope type | -| [service\_specification\_id](#output\_service\_specification\_id) | The ID of the created service specification | -| [service\_specification\_slug](#output\_service\_specification\_slug) | The slug of the created service specification | \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/backend.tf b/modules/nullplatform/scope-definition/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/scope-definition/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf deleted file mode 100644 index ab72230..0000000 --- a/modules/nullplatform/scope-definition/main.tf +++ /dev/null @@ -1,133 +0,0 @@ -################################################################################ -# Step 1: Fetch Templates -################################################################################ - -locals { - git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" - full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null -} - -# Fetch service specification template -data "http" "service_spec_template" { - url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" -} -# Fetch action specification templates -data "http" "action_templates" { - for_each = toset(local.available_actions) - url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - - - -################################################################################ -# Step 2: Process and Create Service Specification -################################################################################ - -locals { - # Process the template by replacing the template variables - # replace is done because some old templates contain gomplate placeholders - service_spec_rendered = var.use_tpl_files ? replace( - data.http.service_spec_template.response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.service_spec_template.response_body - service_spec_parsed = jsondecode(local.service_spec_rendered) - available_actions = local.service_spec_parsed.available_actions -} - -# Create service specification -resource "nullplatform_service_specification" "from_template" { - name = local.service_spec_parsed.name - visible_to = [var.nrn] - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) - use_default_actions = local.service_spec_parsed.use_default_actions - - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } -} - -locals { - # Variables that depend on created service specification - service_specification_id = nullplatform_service_specification.from_template.id - service_slug = nullplatform_service_specification.from_template.slug - - dependent_env_vars = { - NRN = var.nrn - SERVICE_SPECIFICATION_ID = local.service_specification_id - SERVICE_SLUG = local.service_slug - } -} - -################################################################################ -# Step 3: Process and Create Scope Type -################################################################################ - - - -# Create scope type -resource "nullplatform_scope_type" "from_template" { - depends_on = [nullplatform_service_specification.from_template] - - nrn = var.nrn - name = var.scope_name - description = var.scope_description - provider_id = local.service_specification_id -} - -################################################################################ -# Step 4: Create Action Specifications -################################################################################ - -# Process action templates - conditional processing based on file type -# replace is done because some old templates contain gomplate placeholders -locals { - action_specs_parsed = { - for name in local.available_actions : - name => jsondecode(var.use_tpl_files ? replace( - data.http.action_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.action_templates[name].response_body) - } -} - -# Create action specifications -resource "nullplatform_action_specification" "from_templates" { - for_each = toset(local.available_actions ) - depends_on = [nullplatform_service_specification.from_template] - - service_specification_id = local.service_specification_id - name = local.action_specs_parsed[each.key].name - type = local.action_specs_parsed[each.key].type - parameters = jsonencode(local.action_specs_parsed[each.key].parameters) - results = jsonencode(local.action_specs_parsed[each.key].results) - retryable = try(local.action_specs_parsed[each.key].retryable, false) -} - -## TODO: Change by NRN API when available or provider -resource "null_resource" "nrn_patch" { - depends_on = [nullplatform_service_specification.from_template] - - triggers = { - nrn = var.nrn - service_slug = local.service_slug - } - - provisioner "local-exec" { - command = <<-EOT - np nrn patch --nrn "${var.nrn}" --body "{ - \"global.${local.service_slug}_metric_provider\": \"${var.metrics_provider}\", - \"global.${local.service_slug}_log_provider\": \"${var.logs_provider}\" - }" - EOT - - environment = { - NP_API_KEY = var.np_api_key - } - } -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf deleted file mode 100644 index 7e1c6bb..0000000 --- a/modules/nullplatform/scope-definition/outputs.tf +++ /dev/null @@ -1,78 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "service_specification_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the created service specification" -} - -output "service_specification_slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "scope_type_id" { - value = nullplatform_scope_type.from_template.id - description = "The ID of the created scope type" -} - -output "action_specification_ids" { - value = { - for k, v in nullplatform_action_specification.from_templates : k => v.id - } - description = "Map of action specification names to their IDs" -} - -output "nrn" { - value = var.nrn - description = "The NRN of the created service specification" -} -output "git_repo_url" { - value = var.git_repo - description = "The GitHub repository URL associated with the service specification" -} -output "git_ref" { - value = var.git_ref - description = "The GitHub branch associated with the service specification" -} -output "git_scope_path" { - value = var.git_scope_path - description = "The GitHub path associated with the service specification" -} - -output "scope_name" { - value = var.scope_name - description = "The name of the scope definition" -} - -output "scope_description" { - value = var.scope_description - description = "The name of the scope definition" -} - -output "specification" { - value = local.service_spec_parsed - description = "The attributes of the created service specification" -} - -output "workflow_override_path" { - value = var.workflow_override_path - description = "The path to the custom workflow file" -} -output "workflow_override_values" { - value = var.workflow_override_values - description = "The workflow override values" - -} - -output "scope_provider_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the scope provider associated with the scope definition" - -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf deleted file mode 100644 index a388fac..0000000 --- a/modules/nullplatform/scope-definition/variables.tf +++ /dev/null @@ -1,110 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" -} -variable "git_provider" { - type = string - default = "github" - description = "Git provider (e.g., github, gitlab)" -} -variable "git_user" { - type = string - default = null - description = "Git username for authentication" -} -variable "git_password" { - type = string - default = null - sensitive = true - description = "Git password or token for authentication" -} -variable "git_repo" { - type = string - default = "nullplatform/scopes" - description = "GitHub repository containing templates" -} - -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" -} - -variable "workflow_override_values" { - type = string - default = null - description = "Values to override in the workflow file" - -} - -variable "git_ref" { - type = string - default = "main" - description = "Git reference (branch, tag, or commit)" -} - -variable "git_scope_path" { - type = string - default = "k8s" - description = "Path within the repository for the specific scope (e.g., k8s, ecs)" -} - -variable "scope_name" { - type = string - description = "Name of the scope type to be created" -} -variable "scope_description" { - type = string - description = "Description of the scope type to be created" -} - -variable "action_spec_names" { - type = list(string) - default = [ - "create-scope", - "delete-scope", - "start-initial", - "start-blue-green", - "finalize-blue-green", - "rollback-deployment", - "delete-deployment", - "switch-traffic", - "set-desired-instance-count", - "pause-autoscaling", - "resume-autoscaling", - "restart-pods", - "kill-instances" - ] - description = "List of action specification template names to fetch and create" -} - -variable "logs_provider" { - type = string - default = "external" - description = "The logs provider to be used" -} - -variable "metrics_provider" { - type = string - default = "externalmetrics" - description = "The metrics provider to be used" - -} - -variable "use_tpl_files" { - type = bool - default = true - description = "Whether to use .tpl files (true) or .json files (false) for templates" -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - diff --git a/modules/nullplatform/service-definition-agent-association/README.md b/modules/nullplatform/service-definition-agent-association/README.md deleted file mode 100644 index 27575b2..0000000 --- a/modules/nullplatform/service-definition-agent-association/README.md +++ /dev/null @@ -1,67 +0,0 @@ -## [ALPHA] Service-Definition-Agent-Association module - -This module creates a notification channel that associates agents with a specific service definition, enabling agent-based operations for services within that scope. - -## How to use it - -```hcl -module "service_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition?ref=alpha" - nrn = var.np_account_nrn - np_api_key = var.np_api_key - git_repo = "nullplatform/services" - git_ref = "main" - git_service_path = "databases/postgres/k8s" - service_name = "PostgreSQL Database" - service_description = "PostgreSQL database service running in Kubernetes" -} - -module "service_agent_association" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition-agent-association?ref=alpha" - agent_api_key = var.np_api_key - service_definition = module.service_definition - agent_tags = { "environment" = "production", "cluster" = "k8s-prod" } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [agent\_api\_key](#input\_agent\_api\_key) | API key with permsissions to run commands on agents (usually ops permisions) | `string` | n/a | yes | -| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| `null` | no | -| [agent\_tags](#input\_agent\_tags) | Agent tags | `map(string)` | n/a | yes | -| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel (e.g., ['monitoring', 'alerts']) | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | -| [channel\_type](#input\_channel\_type) | Type of the notification channel (e.g., 'agent') | `string` | `"agent"` | no | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | `null` | no | -| [service\_definition](#input\_service\_definition) | The service definition object from the service-definition module | 
object({
    nrn = string,
    slug = string,
    workflow_override_path = string,
    workflow_override_values = string,
    service_specification_id = string,
    specification = object({
      agent_command = object({
        type = string
        data = object({
          cmdline     = string
          arguments   = optional(list(string), [])
          environment = optional(map(string), {})
        })
      })
    })
  })
| n/a | yes | -| [service\_slug](#input\_service\_slug) | The slug of the scope definition | `string` | `null` | no | -| [service\_specification\_id](#input\_service\_specification\_id) | The ID of the service definition associated with the agent | `string` | `null` | no | -| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `null` | no | -| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `"null"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/backend.tf b/modules/nullplatform/service-definition-agent-association/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/service-definition-agent-association/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/service-definition-agent-association/main.tf b/modules/nullplatform/service-definition-agent-association/main.tf deleted file mode 100644 index 6acabf4..0000000 --- a/modules/nullplatform/service-definition-agent-association/main.tf +++ /dev/null @@ -1,35 +0,0 @@ - -resource "nullplatform_notification_channel" "channel_from_template" { - nrn = local.merged_config.nrn - type = "agent" - source = local.merged_config.channel_sources - - - configuration { - dynamic "agent" { - for_each = [1] - content { - api_key = local.merged_config.agent_api_key - command { - type = local.merged_config.specification.agent_command.type - data = { - cmdline = join(" ", compact([ - local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", - ])) - arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) - environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) - } - } - - selector = local.merged_config.agent_tags - } - } - } - - filters = jsonencode({ - "$or" = [ - {"service.specification.slug" = {"$eq": local.merged_config.slug }} - ] - }) -} diff --git a/modules/nullplatform/service-definition-agent-association/outputs.tf b/modules/nullplatform/service-definition-agent-association/outputs.tf deleted file mode 100644 index eed0514..0000000 --- a/modules/nullplatform/service-definition-agent-association/outputs.tf +++ /dev/null @@ -1,8 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "id" { - value = nullplatform_notification_channel.channel_from_template.id - description = "The ID of the created notification channel" -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/variables.tf b/modules/nullplatform/service-definition-agent-association/variables.tf deleted file mode 100644 index 6d40035..0000000 --- a/modules/nullplatform/service-definition-agent-association/variables.tf +++ /dev/null @@ -1,118 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" - default = null -} - -variable "agent_tags" { - type = map(string) - description = "Agent tags" -} - -variable "channel_sources" { - type = list(string) - description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" - default = [ "telemetry", "service" ] -} - -variable "channel_type" { - type = string - description = "Type of the notification channel (e.g., 'agent')" - default = "agent" - -} - -variable "agent_api_key" { - type = string - description = "API key with permsissions to run commands on agents (usually ops permisions)" - sensitive = true -} - -variable "service_slug" { - type = string - description = "The slug of the scope definition" - default = null -} -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" - -} -variable "agent_command" { - type = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - default = null - -} - -variable "workflow_override_values" { - type = string - default = "null" - description = "Values to override in the workflow file" - -} - -variable "service_specification_id" { - type = string - description = "The ID of the service definition associated with the agent" - default = null - -} - -variable "service_definition" { - type = object({ - nrn = string, - slug = string, - workflow_override_path = string, - workflow_override_values = string, - service_specification_id = string, - specification = object({ - agent_command = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - }) - }) -} -locals { - base_config = { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.service_slug - service_specification_id = var.service_specification_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - } - - merged_config = merge( - local.base_config, - { - for k, v in var.service_definition : k => ( - # If key exists in base_config and service_definition value is null, - # keep the base_config value, otherwise use service_definition value - contains(keys(local.base_config), k) && v == null - ? local.base_config[k] - : v - ) - } - ) -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition/README.md b/modules/nullplatform/service-definition/README.md deleted file mode 100644 index f3f7a9e..0000000 --- a/modules/nullplatform/service-definition/README.md +++ /dev/null @@ -1,89 +0,0 @@ -## [ALPHA] Service-Definition module - -## How to use it - -```hcl -module "service_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition" - - nrn = "organization:account" - np_api_key = "your-api-key" - git_repo = "nullplatform/services" - git_ref = "main" - git_service_path = "databases/postgres/k8s" - service_name = "PostgreSQL Database" - service_description = "PostgreSQL database service running in Kubernetes" - dimensions = { - environment = "production" - region = "us-east-1" - } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [http](#provider\_http) | n/a | -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_link_specification.service_link_from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/link_specification) | resource | -| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | -| [http_http.action_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.link_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.service_spec_template](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | Key-value pairs for dimensions to be associated with the service specification | `map(string)` | `null` | no | -| [extra\_visibile\_to\_nrns](#input\_extra\_visibile\_to\_nrns) | Additional NRNs that should have visibility to the created service specification | `list(string)` | `[]` | no | -| [git\_password](#input\_git\_password) | Git provider (e.g., github, gitlab) | `string` | `null` | no | -| [git\_provider](#input\_git\_provider) | Git provider (e.g., github, gitlab) | `string` | `"github"` | no | -| [git\_ref](#input\_git\_ref) | Git reference (branch, tag, or commit) | `string` | `"main"` | no | -| [git\_repo](#input\_git\_repo) | GitHub repository URL containing templates | `string` | `"nullplatform/services"` | no | -| [git\_service\_path](#input\_git\_service\_path) | Path within the repository for the specific service (e.g., databases/postgres/k8s) | `string` | n/a | yes | -| [git\_user](#input\_git\_user) | Git provider (e.g., github, gitlab) | `string` | `null` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [service\_description](#input\_service\_description) | Description of the scope type to be created | `string` | n/a | yes | -| [service\_name](#input\_service\_name) | Name of the scope type to be created | `string` | n/a | yes | -| [use\_tpl\_files](#input\_use\_tpl\_files) | Whether to use .tpl files (true) or .json files (false) for templates | `bool` | `false` | no | -| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `""` | no | -| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `""` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [action\_specification\_ids](#output\_action\_specification\_ids) | Map of action specification names to their IDs | -| [git\_password](#output\_git\_password) | The Git password associated with the service specification | -| [git\_provider](#output\_git\_provider) | The Git provider associated with the service specification | -| [git\_ref](#output\_git\_ref) | The GitHub branch associated with the service specification | -| [git\_repo](#output\_git\_repo) | The GitHub repository URL associated with the service specification | -| [git\_service\_path](#output\_git\_service\_path) | The GitHub path associated with the service specification | -| [git\_user](#output\_git\_user) | The Git user associated with the service specification | -| [link\_specification\_ids](#output\_link\_specification\_ids) | Map of link specification names to their IDs | -| [nrn](#output\_nrn) | The NRN of the created service specification | -| [service\_description](#output\_service\_description) | The description of the service definition | -| [service\_name](#output\_service\_name) | The name of the scope definition | -| [service\_specification\_id](#output\_service\_specification\_id) | The ID of the created service specification | -| [service\_specification\_slug](#output\_service\_specification\_slug) | The slug of the created service specification | -| [slug](#output\_slug) | The slug of the created service specification | -| [specification](#output\_specification) | The attributes of the created service specification | -| [workflow\_override\_path](#output\_workflow\_override\_path) | The path to the custom workflow file | -| [workflow\_override\_values](#output\_workflow\_override\_values) | The workflow override values | \ No newline at end of file diff --git a/modules/nullplatform/service-definition/backend.tf b/modules/nullplatform/service-definition/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/service-definition/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/service-definition/main.tf b/modules/nullplatform/service-definition/main.tf deleted file mode 100644 index 83f98ca..0000000 --- a/modules/nullplatform/service-definition/main.tf +++ /dev/null @@ -1,129 +0,0 @@ - -################################################################################ -# Step 1: Fetch Templates -################################################################################ - -locals { - git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" - full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null -} - -# Fetch service specification template -data "http" "service_spec_template" { - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" -} -# Fetch action specification templates -data "http" "action_templates" { - for_each = toset(local.available_actions) - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - -data "http" "link_templates" { - for_each = toset(local.available_links) - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/links/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - - -################################################################################ -# Step 2: Process and Create Service Specification -################################################################################ - -locals { - # Process the template by replacing the template variables - # replace is done because some old templates contain gomplate placeholders - service_spec_rendered = var.use_tpl_files ? replace( - data.http.service_spec_template.response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"${var.nrn}\"" - ) : data.http.service_spec_template.response_body - service_spec_parsed = jsondecode(local.service_spec_rendered) - available_actions = try(local.service_spec_parsed.available_actions, []) - available_links = try(local.service_spec_parsed.available_links, []) - visible_to_nrns = concat([var.nrn], var.extra_visibile_to_nrns) - -} - -# Create service specification -resource "nullplatform_service_specification" "from_template" { - name = var.service_name - visible_to = local.visible_to_nrns - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) - use_default_actions = local.service_spec_parsed.use_default_actions - - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } - dimensions = jsonencode(var.dimensions) -} - -locals { - # Variables that depend on created service specification - service_specification_id = nullplatform_service_specification.from_template.id - service_slug = nullplatform_service_specification.from_template.slug - - dependent_env_vars = { - NRN = var.nrn - SERVICE_SPECIFICATION_ID = local.service_specification_id - SERVICE_SLUG = local.service_slug - } -} - -################################################################################ -# Process action templates - conditional processing based on file type -# replace is done because some old templates contain gomplate placeholders -locals { - action_specs_parsed = { - for name in local.available_actions : - name => jsondecode(var.use_tpl_files ? replace( - data.http.action_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.action_templates[name].response_body) - } -} - -# Create action specifications -resource "nullplatform_action_specification" "from_templates" { - for_each = toset(local.available_actions ) - depends_on = [nullplatform_service_specification.from_template] - - service_specification_id = local.service_specification_id - name = local.action_specs_parsed[each.key].name - type = local.action_specs_parsed[each.key].type - parameters = jsonencode(local.action_specs_parsed[each.key].parameters) - results = jsonencode(local.action_specs_parsed[each.key].results) - retryable = try(local.action_specs_parsed[each.key].retryable, false) -} - - -locals { - link_specs_parsed = { - for name in local.available_links : - name => jsondecode(var.use_tpl_files ? replace( - data.http.link_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.link_templates[name].response_body) - } -} - -resource "nullplatform_link_specification" "service_link_from_templates" { - for_each = toset(local.available_links ) - depends_on = [nullplatform_service_specification.from_template] - - name = local.link_specs_parsed[each.key].name - unique = try(local.link_specs_parsed[each.key].unique, false) - specification_id = local.service_specification_id - attributes = jsonencode(local.link_specs_parsed[each.key].attributes) - use_default_actions = try(local.link_specs_parsed[each.key].use_default_actions, true) - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition/outputs.tf b/modules/nullplatform/service-definition/outputs.tf deleted file mode 100644 index 651b802..0000000 --- a/modules/nullplatform/service-definition/outputs.tf +++ /dev/null @@ -1,88 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "service_specification_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the created service specification" -} - -output "service_specification_slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "action_specification_ids" { - value = { - for k, v in nullplatform_action_specification.from_templates : k => v.id - } - description = "Map of action specification names to their IDs" -} - - -output "link_specification_ids" { - value = { - for k, v in nullplatform_link_specification.service_link_from_templates : k => v.id - } - description = "Map of link specification names to their IDs" -} - -output "nrn" { - value = var.nrn - description = "The NRN of the created service specification" -} -output "git_provider" { - value = var.git_provider - description = "The Git provider associated with the service specification" -} -output "git_user" { - value = var.git_user - description = "The Git user associated with the service specification" -} -output "git_password" { - value = var.git_password - description = "The Git password associated with the service specification" - sensitive = true -} -output "git_repo" { - value = var.git_repo - description = "The GitHub repository URL associated with the service specification" -} -output "git_ref" { - value = var.git_ref - description = "The GitHub branch associated with the service specification" -} -output "git_service_path" { - value = var.git_service_path - description = "The GitHub path associated with the service specification" -} - -output "service_name" { - value = var.service_name - description = "The name of the scope definition" -} - -output "service_description" { - value = var.service_description - description = "The description of the service definition" -} - -output "specification" { - value = local.service_spec_parsed - description = "The attributes of the created service specification" -} - -output "workflow_override_path" { - value = var.workflow_override_path - description = "The path to the custom workflow file" -} -output "workflow_override_values" { - value = var.workflow_override_values - description = "The workflow override values" - -} diff --git a/modules/nullplatform/service-definition/variables.tf b/modules/nullplatform/service-definition/variables.tf deleted file mode 100644 index 7049d1d..0000000 --- a/modules/nullplatform/service-definition/variables.tf +++ /dev/null @@ -1,87 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" -} -variable "git_provider" { - type = string - default = "github" - description = "Git provider (e.g., github, gitlab)" -} -variable "git_user" { - type = string - default = null - description = "Git provider (e.g., github, gitlab)" -} -variable "git_password" { - type = string - default = null - sensitive = true - description = "Git provider (e.g., github, gitlab)" -} -variable "git_repo" { - type = string - default = "nullplatform/services" - description = "GitHub repository URL containing templates" -} - -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" -} - -variable "workflow_override_values" { - type = string - default = null - description = "Values to override in the workflow file" - -} - -variable "git_ref" { - type = string - default = "main" - description = "Git reference (branch, tag, or commit)" -} - -variable "git_service_path" { - type = string - description = "Path within the repository for the specific service (e.g., databases/postgres/k8s)" -} - -variable "service_name" { - type = string - description = "Name of the scope type to be created" -} -variable "service_description" { - type = string - description = "Description of the scope type to be created" -} - -variable "use_tpl_files" { - type = bool - default = false - description = "Whether to use .tpl files (true) or .json files (false) for templates" -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - -variable "extra_visibile_to_nrns" { - type = list(string) - default = [] - description = "Additional NRNs that should have visibility to the created service specification" -} -variable "dimensions" { - type = map(string) - default = null - description = "Key-value pairs for dimensions to be associated with the service specification" - -} \ No newline at end of file diff --git a/modules/nullplatform/service/.terraform.lock.hcl b/modules/nullplatform/service/.terraform.lock.hcl deleted file mode 100644 index e5bfb4a..0000000 --- a/modules/nullplatform/service/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.57" - hashes = [ - "h1:c0qU+V7JeCZVMj8VwZLhx23LkHgNXIG3QgKdrQ6Y39c=", - "zh:06ad980f549118b21b2423960564dd7bdbe8302c442cba4d982a36abab0430c9", - "zh:07f37b0ce6e28f938e02f24d538e9d1c6b473a8056f7e079ecf3a6038936077c", - "zh:13cbc02c3e14b5ba76f74c653b8b23dca173542a239ecdb67ac14abd0917105a", - "zh:279c225e5ae218168f66fffebcddb14c5e781d74c58a8bbcffe42343cdc362e9", - "zh:34a282e4ba66ac5a25fb4546453695f4e6f581a1fc98a46eb1c56ec670a5468e", - "zh:4df7fe2d937b9fa91d219b7eee9ad58dc4dc857002109da7e93d3c8a8f1af683", - "zh:605e3e0308e16c0c80abaa86a96c7fb8a4449338c1ffa8d30975ec87b2fae4f1", - "zh:7215c72a73462636e7d60d0bd901ca2fb918b1cc76a575c6de4a365530de0f01", - "zh:79804e1ca5795e52250389df4c727099566e68b7f268f6064fc5f8ede7754e25", - "zh:7bcc2cf87c755bc8cd04b7bd85d708b6f97fc5a61daea2ff396d0630b2439ba4", - "zh:8f3bbaa006a0a8a1e87df89b49a635afc1f5cd9cc36dd3bb62451140e173b2fc", - "zh:abb8663efd33a2e46dce42cbc2d8e2f1fba712002775d41e892618521a0193ae", - "zh:c5bb79b935c64873c265fb755813b26e96ea85d417728b2464b6ab0c491bffc2", - "zh:d6b7babf81de6fbffa46f1453601fbbd7a58eb976355d08788b4b049f32ff271", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/service/README.md b/modules/nullplatform/service/README.md deleted file mode 100644 index 73a23d8..0000000 --- a/modules/nullplatform/service/README.md +++ /dev/null @@ -1,50 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.57 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.basic_actions](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_link_specification.link_specification](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/link_specification) | resource | -| [nullplatform_notification_channel.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | -| [nullplatform_notification_channel.webhook](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | -| [nullplatform_service_specification.service_specification](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [assignable\_to](#input\_assignable\_to) | service assignable to. Options: any, dimension, scope | `string` | `"any"` | no | -| [attributes](#input\_attributes) | service attributes json schema | `any` | n/a | yes | -| [basic\_actions](#input\_basic\_actions) | Action schemas definitions | `map(string)` | `{}` | no | -| [dimensions](#input\_dimensions) | service dimensions | `map(any)` | n/a | yes | -| [filters](#input\_filters) | Additional filters to add to the service notification channels | `any` | n/a | yes | -| [link\_assignable\_to](#input\_link\_assignable\_to) | link assignable to. Options: any, dimension, scope | `string` | `"any"` | no | -| [link\_attributes](#input\_link\_attributes) | link attributes json schema | `any` | n/a | yes | -| [link\_dimensions](#input\_link\_dimensions) | link dimensions | `map(any)` | n/a | yes | -| [link\_name](#input\_link\_name) | link name | `string` | n/a | yes | -| [link\_unique](#input\_link\_unique) | link is unique | `bool` | `false` | no | -| [name](#input\_name) | service name | `string` | n/a | yes | -| [notify\_channels](#input\_notify\_channels) | Notification channels configuration | 
object({
    github = object({
      enabled         = bool
      account         = string
      reference       = string
      repository      = string
      workflow_id     = string
      installation_id = string
    }),
    webhook = object({
      enabled = bool
      url     = string
      headers = map(string)
    }),
  })
| 
{
  "github": {
    "account": "",
    "enabled": false,
    "installation_id": "",
    "reference": "",
    "repository": "",
    "workflow_id": ""
  },
  "webhook": {
    "enabled": false,
    "headers": {},
    "url": ""
  }
}
| no | -| [selectors](#input\_selectors) | Service selectors configuration | `map(string)` | n/a | yes | -| [type](#input\_type) | service type | `string` | `"dependency"` | no | -| [visible\_to](#input\_visible\_to) | Visibility of the service specification | `list(string)` | 
[
  "organization=1:account=*"
]
| no | - -## Outputs - -| Name | Description | -|------|-------------| -| [link\_specification\_id](#output\_link\_specification\_id) | value of the link specification id | -| [service\_specification\_id](#output\_service\_specification\_id) | value of the service specification id | diff --git a/modules/nullplatform/service/actions_specification.tf b/modules/nullplatform/service/actions_specification.tf deleted file mode 100644 index 63e898a..0000000 --- a/modules/nullplatform/service/actions_specification.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_action_specification" "basic_actions" { - for_each = var.basic_actions - - name = each.value.name - type = each.key - service_specification_id = nullplatform_service_specification.service_specification.id - retryable = each.value.retryable - - parameters = jsonencode(each.value.parameters) - results = jsonencode(each.value.results) -} - diff --git a/modules/nullplatform/service/link_spec.tf b/modules/nullplatform/service/link_spec.tf deleted file mode 100644 index cf61a97..0000000 --- a/modules/nullplatform/service/link_spec.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "nullplatform_link_specification" "link_specification" { - name = var.link_name - assignable_to = var.link_assignable_to - specification_id = nullplatform_service_specification.service_specification.id - unique = var.link_unique - visible_to = var.visible_to - - dimensions = jsonencode(var.link_dimensions) - attributes = jsonencode(var.link_attributes) - - use_default_actions = length(keys(var.basic_actions)) == 0 - - selectors { - category = var.selectors.category - imported = var.selectors.imported - provider = var.selectors.provider - sub_category = var.selectors.sub_category - } -} diff --git a/modules/nullplatform/service/locals.tf b/modules/nullplatform/service/locals.tf deleted file mode 100644 index 799b3a2..0000000 --- a/modules/nullplatform/service/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - filters = jsonencode(merge({ "service.specification.id" : nullplatform_service_specification.service_specification.id }, var.filters)) -} diff --git a/modules/nullplatform/service/notifications.tf b/modules/nullplatform/service/notifications.tf deleted file mode 100644 index 0861511..0000000 --- a/modules/nullplatform/service/notifications.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "nullplatform_notification_channel" "github" { - for_each = var.notify_channels.github.enabled ? toset(var.visible_to) : toset([]) - nrn = each.key - type = "github" - source = ["service"] - filters = local.filters - - configuration { - github { - account = var.notify_channels.github.account - reference = var.notify_channels.github.reference - repository = var.notify_channels.github.repository - workflow_id = var.notify_channels.github.workflow_id - installation_id = var.notify_channels.github.installation_id - } - } -} - -resource "nullplatform_notification_channel" "webhook" { - for_each = var.notify_channels.webhook.enabled ? toset(var.visible_to) : toset([]) - nrn = each.key - type = "http" - source = ["service"] - filters = local.filters - - configuration { - http { - url = var.notify_channels.webhook.url - headers = var.notify_channels.webhook.headers - } - } -} diff --git a/modules/nullplatform/service/outputs.tf b/modules/nullplatform/service/outputs.tf deleted file mode 100644 index 6be919c..0000000 --- a/modules/nullplatform/service/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "service_specification_id" { - description = "value of the service specification id" - value = nullplatform_service_specification.service_specification.id -} - -output "link_specification_id" { - description = "value of the link specification id" - value = nullplatform_link_specification.link_specification.id -} diff --git a/modules/nullplatform/service/provider.tf b/modules/nullplatform/service/provider.tf deleted file mode 100644 index 8fc65ac..0000000 --- a/modules/nullplatform/service/provider.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} -provider "nullplatform" { -} diff --git a/modules/nullplatform/service/service_specification.tf b/modules/nullplatform/service/service_specification.tf deleted file mode 100644 index f8eaab1..0000000 --- a/modules/nullplatform/service/service_specification.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Resource: Service Specification -resource "nullplatform_service_specification" "service_specification" { - name = var.name - type = var.type - assignable_to = var.assignable_to - - visible_to = var.visible_to - - dimensions = jsonencode(var.dimensions) - - attributes = jsonencode(var.attributes) - - use_default_actions = length(keys(var.basic_actions)) == 0 - - selectors { - category = var.selectors.category - imported = var.selectors.imported - provider = var.selectors.provider - sub_category = var.selectors.sub_category - } -} diff --git a/modules/nullplatform/service/variables.tf b/modules/nullplatform/service/variables.tf deleted file mode 100644 index c5e58f6..0000000 --- a/modules/nullplatform/service/variables.tf +++ /dev/null @@ -1,110 +0,0 @@ -variable "name" { - description = "service name" - type = string -} - -variable "type" { - description = "service type" - type = string - default = "dependency" -} - -variable "assignable_to" { - description = "service assignable to. Options: any, dimension, scope" - type = string - default = "any" -} - -variable "visible_to" { - description = "Visibility of the service specification" - type = list(string) - default = [ - "organization=1:account=*", - ] -} - -variable "dimensions" { - description = "service dimensions" - type = map(any) -} - -variable "attributes" { - description = "service attributes json schema" - type = any -} - -variable "selectors" { - description = "Service selectors configuration" - type = map(string) -} - -variable "basic_actions" { - description = "Action schemas definitions" - default = {} -} - -variable "link_assignable_to" { - description = "link assignable to. Options: any, dimension, scope" - type = string - default = "any" -} - - -variable "link_name" { - description = "link name" - type = string -} - -variable "link_dimensions" { - description = "link dimensions" - type = map(any) -} - -variable "link_attributes" { - description = "link attributes json schema" - type = any -} - -variable "link_unique" { - description = "link is unique" - type = bool - default = false -} - -variable "filters" { - description = "Additional filters to add to the service notification channels" -} - -variable "notify_channels" { - description = "Notification channels configuration" - type = object({ - github = object({ - enabled = bool - account = string - reference = string - repository = string - workflow_id = string - installation_id = string - }), - webhook = object({ - enabled = bool - url = string - headers = map(string) - }), - }) - default = { - github = { - enabled = false - account = "" - reference = "" - repository = "" - workflow_id = "" - installation_id = "" - }, - webhook = { - enabled = false - url = "" - headers = {} - }, - } -} diff --git a/nullplatform/asset/docker-server/main.tf b/nullplatform/asset/docker-server/main.tf deleted file mode 100644 index 2c78234..0000000 --- a/nullplatform/asset/docker-server/main.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "nullplatform_provider_config" "docker_server" { - nrn = var.nrn - type = "docker-server" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "server" : var.login_server, - "path" : var.path, - "username" : var.username, - "password" : var.password, - "use_namespace" : false - } - }) -} diff --git a/nullplatform/aws/agent/auth.tf b/nullplatform/aws/agent/auth.tf new file mode 100644 index 0000000..df1b230 --- /dev/null +++ b/nullplatform/aws/agent/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-agent-api-key" { + name = "NULLPLATFORM-AGENT-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/nullplatform/aws/agent/channel.tf b/nullplatform/aws/agent/channel.tf new file mode 100644 index 0000000..9a8121d --- /dev/null +++ b/nullplatform/aws/agent/channel.tf @@ -0,0 +1,63 @@ +################################################################################ +# Step 1: Fetch Notification Channel Template +################################################################################ + +data "http" "notification_channel_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/notification-channel.json.tpl" +} + +############################################################################### +#Step 2: Process and Create Notification Channel +############################################################################### + +#Process notification channel template +data "external" "notification_channel" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.notification_channel_template.response_body}' | \ + NRN='${var.nrn}' \ + NP_API_KEY='${nullplatform_api_key.nullplatform-agent-api-key.api_key}' \ + REPO_PATH='${var.repo_path}' \ + SERVICE_PATH='${var.service_path}' \ + ENVIRONMENT='${var.environment_tag}' \ + SERVICE_SLUG='${nullplatform_service_specification.from_template.slug}' \ + SERVICE_SPECIFICATION_ID='${nullplatform_service_specification.from_template.id}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + notification_channel_def = jsondecode(data.external.notification_channel.result.json) +} + +# Create notification channel +resource "nullplatform_notification_channel" "from_template" { + nrn = var.nrn + type = local.notification_channel_def.type + source = local.notification_channel_def.source + + configuration { + dynamic "agent" { + for_each = local.notification_channel_def.type == "agent" ? [local.notification_channel_def.configuration] : [] + content { + api_key = agent.value.api_key + command { + type = agent.value.command.type + data = { + for k, v in agent.value.command.data : k => ( + k == "environment" ? jsonencode({ + NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" + }) : ( + can(tostring(v)) ? tostring(v) : jsonencode(v) + ) + ) + } + } + selector = agent.value.selector + } + } + } + + filters = can(local.notification_channel_def.filters) ? jsonencode(local.notification_channel_def.filters) : null +} \ No newline at end of file diff --git a/nullplatform/aws/agent/iam.tf b/nullplatform/aws/agent/iam.tf new file mode 100644 index 0000000..645a4d1 --- /dev/null +++ b/nullplatform/aws/agent/iam.tf @@ -0,0 +1,136 @@ +module "nullplatform-agent-role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + name = "nullplatform-agent-role" + use_name_prefix = false + + oidc_providers = { + main = { + provider_arn = var.aws_iam_openid_connect_provider_arn + namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] + } + } + + policies = { + "nullplatform-route53-policy" = aws_iam_policy.nullplatform-route53-policy.arn, + "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, + "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn + } +} + +resource "aws_iam_policy" "nullplatform-route53-policy" { + name = "nullplatform-route53-policy" + description = "Policy for managing Route53 DNS records" + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "route53:ChangeResourceRecordSets", + "route53:ListResourceRecordSets", + "route53:GetHostedZone", + "route53:ListHostedZones", + "route53:ListHostedZonesByName" + ], + "Resource": [ + "arn:aws:route53:::hostedzone/*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + }) +} + +resource "aws_iam_policy" "nullplatform-elb-policy" { + name = "nullplatform-elb-policy" + description = "Policy for managing Elastic Load Balancer" + policy = jsonencode( + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeRules" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/k8s-nullplatform-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/k8s-nullplatform-*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + } + ) +} + +resource "aws_iam_policy" "nullplatform-eks-policy" { + name = "nullplatform-eks-policy" + description = "Policy for managing EKS clusters" + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "eks:DescribeCluster", + "eks:ListClusters", + "eks:DescribeNodegroup", + "eks:ListNodegroups", + "eks:DescribeAddon", + "eks:ListAddons" + ], + "Resource": [ + "arn:aws:eks:*:*:cluster/*", + "arn:aws:eks:*:*:nodegroup/*", + "arn:aws:eks:*:*:addon/*" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": [ + "us-east-1", + "us-west-2", + "eu-west-1" + ] + } + } + } + ] + + }) +} diff --git a/nullplatform/aws/agent/locals.tf b/nullplatform/aws/agent/locals.tf new file mode 100644 index 0000000..efceb24 --- /dev/null +++ b/nullplatform/aws/agent/locals.tf @@ -0,0 +1,15 @@ +locals { + scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) + repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) + final_list = distinct(concat(local.scope_list, local.repos_extra)) + + nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { + agent_repos = join(",", local.final_list) + cluster_name = var.cluster_name + tags = var.tags + init_scripts = var.init_scripts + resource_identity = module.nullplatform-agent-role.arn + api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key + namespace = var.namespace + }) +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/main.tf b/nullplatform/aws/agent/main.tf similarity index 52% rename from v2/foundations/aws/alb-controller/main.tf rename to nullplatform/aws/agent/main.tf index fbd96ff..31d0351 100644 --- a/v2/foundations/aws/alb-controller/main.tf +++ b/nullplatform/aws/agent/main.tf @@ -1,9 +1,10 @@ -resource "helm_release" "aws-load-balancer-controller" { - name = "aws-load-balancer-controller" - repository = "https://aws.github.io/eks-charts" - chart = "aws-load-balancer-controller" - version = var.aws-load-balancer-controller-version - namespace = "kube-system" +resource "helm_release" "agent" { + name = "nullplatform-agent" + chart = "nullplatform-agent" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-agent-helm-version + create_namespace = true disable_webhooks = true force_update = true @@ -19,6 +20,5 @@ resource "helm_release" "aws-load-balancer-controller" { dependency_update = true max_history = 10 - - values = [local.aws-load-balancer-controller-values] + values = [local.nullplatform_agent_values] } \ No newline at end of file diff --git a/v2/foundations/aws/eks/providers.tf b/nullplatform/aws/agent/providers.tf similarity index 55% rename from v2/foundations/aws/eks/providers.tf rename to nullplatform/aws/agent/providers.tf index 4eaaf21..06f29fe 100644 --- a/v2/foundations/aws/eks/providers.tf +++ b/nullplatform/aws/agent/providers.tf @@ -1,5 +1,9 @@ terraform { required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } aws = { source = "hashicorp/aws" version = "~> 6.0" @@ -9,4 +13,8 @@ terraform { version = "~> 3.0" } } +} + +provider "nullplatform" { + api_key = var.np_api_key } \ No newline at end of file diff --git a/nullplatform/aws/agent/scopes.tf b/nullplatform/aws/agent/scopes.tf new file mode 100644 index 0000000..d5267c4 --- /dev/null +++ b/nullplatform/aws/agent/scopes.tf @@ -0,0 +1,175 @@ +################################################################################ +# Step 1: Fetch Templates +################################################################################ + +# Fetch service specification template +data "http" "service_spec_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/service-spec.json.tpl" +} + +# Fetch scope type template +data "http" "scope_type_template" { + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/scope-type-definition.json.tpl" +} + +# Fetch action specification templates +data "http" "action_templates" { + for_each = toset(var.action_spec_names) + url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/actions/${each.key}.json.tpl" +} + +################################################################################ +# Step 2: Process and Create Service Specification +################################################################################ + +# Process service spec template +data "external" "service_spec" { + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.service_spec_template.response_body}' | NRN='${var.nrn}' gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + service_spec_parsed = jsondecode(data.external.service_spec.result.json) +} + +# Create service specification +resource "nullplatform_service_specification" "from_template" { + name = local.service_spec_parsed.name + visible_to = local.service_spec_parsed.visible_to + assignable_to = local.service_spec_parsed.assignable_to + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) + use_default_actions = local.service_spec_parsed.use_default_actions + + selectors { + category = local.service_spec_parsed.selectors.category + imported = local.service_spec_parsed.selectors.imported + provider = local.service_spec_parsed.selectors.provider + sub_category = local.service_spec_parsed.selectors.sub_category + } + + lifecycle { + ignore_changes = [attributes] + } +} + +locals { + # Variables that depend on created service specification + service_specification_id = nullplatform_service_specification.from_template.id + service_slug = nullplatform_service_specification.from_template.slug + + dependent_env_vars = { + NRN = var.nrn + SERVICE_SPECIFICATION_ID = local.service_specification_id + SERVICE_SLUG = local.service_slug + SERVICE_PATH = var.service_path + REPO_PATH = var.repo_path + } +} + +################################################################################ +# Step 3: Process and Create Scope Type +################################################################################ + +# Process scope type template +data "external" "scope_type" { + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${data.http.scope_type_template.response_body}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + gomplate) + echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" + EOT + ] +} + +locals { + scope_type_def = jsondecode(data.external.scope_type.result.json) +} + +# Create scope type +resource "nullplatform_scope_type" "from_template" { + depends_on = [nullplatform_service_specification.from_template] + + nrn = var.nrn + name = local.scope_type_def.name + description = local.scope_type_def.description + provider_id = local.service_specification_id +} + +################################################################################ +# Step 4: Create Action Specifications +################################################################################ + +# Process action templates +data "external" "action_specs" { + for_each = toset(var.action_spec_names) + depends_on = [nullplatform_service_specification.from_template] + + program = ["sh", "-c", <<-EOT + processed_json=$(echo '${try(data.http.action_templates[each.key].response_body, "{}")}' | \ + NRN='${local.dependent_env_vars.NRN}' \ + SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ + SERVICE_SLUG='${local.dependent_env_vars.SERVICE_SLUG}' \ + SERVICE_PATH='${local.dependent_env_vars.SERVICE_PATH}' \ + REPO_PATH='${local.dependent_env_vars.REPO_PATH}' \ + gomplate) + echo "{\"json_b64\":\"$(echo "$processed_json" | base64 -w 0)\"}" + EOT + ] +} + +locals { + # Static list of action specifications to avoid for_each dependency issues + static_action_specs = toset(var.action_spec_names) +} + +# Create action specifications +resource "nullplatform_action_specification" "from_templates" { + for_each = local.static_action_specs + depends_on = [nullplatform_service_specification.from_template] + + service_specification_id = local.service_specification_id + name = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).name + type = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).type + parameters = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).parameters) + results = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).results) + retryable = try(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).retryable, false) + + lifecycle { + ignore_changes = [annotations] + } + +} + +################################################################################ +# Step 5: Configure NRN with External Providers (Patch) +################################################################################ + +# This replicates: np nrn patch --nrn "$NRN" --body "{\"global.${SERVICE_SLUG}_metric_provider\": \"externalmetrics\", \"global.${SERVICE_SLUG}_log_provider\": \"external\"}" +resource "null_resource" "nrn_patch" { + depends_on = [nullplatform_service_specification.from_template] + + triggers = { + nrn = var.nrn + service_slug = local.service_slug + } + + provisioner "local-exec" { + command = <<-EOT + np nrn patch --nrn "${var.nrn}" --body "{ + \"global.${local.service_slug}_metric_provider\": \"${var.external_metrics_provider}\", + \"global.${local.service_slug}_log_provider\": \"${var.external_logging_provider}\" + }" + EOT + + environment = { + NP_API_KEY = var.np_api_key + } + } +} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml b/nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml similarity index 59% rename from modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml rename to nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml index 705d116..9af357c 100644 --- a/modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml +++ b/nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml @@ -5,23 +5,19 @@ args: - "--tags=$(TAGS)" - "--apikey=$(NP_API_KEY)" - "--runtime=host" - - "--command-executor-env=NP_API_KEY=$(NP_API_KEY),VAULT_ADDR=$(VAULT_URL),VAULT_TOKEN=$(VAULT_TOKEN)" + - "--command-executor-env=NP_API_KEY=$(NP_API_KEY)" - "--command-executor-debug" - "--webserver-enabled" - "--command-executor-git-command-repos $(AGENT_REPOS)" + configuration: values: - NP_API_KEY: "${np_api_key}" + NP_API_KEY: "${api_key}" TAGS: "${tags}" AGENT_REPOS: "${agent_repos}" CLUSTER_NAME: "${cluster_name}" NAMESPACE: "${namespace}" - VAULT_TOKEN: "${vault_token}" - VAULT_URL: "${vault_url}" -initScripts: - - apk add --no-cache aws-cli -%{ for script in init_scripts ~} - - ${script} -%{ endfor ~} + + image: tag: aws \ No newline at end of file diff --git a/nullplatform/aws/agent/variables.tf b/nullplatform/aws/agent/variables.tf new file mode 100644 index 0000000..9974c73 --- /dev/null +++ b/nullplatform/aws/agent/variables.tf @@ -0,0 +1,116 @@ +variable "nullplatform-agent-helm-version" { + description = "Helm chart version for the Nullplatform agent" + type = string + default = "2.11.0" +} + +variable "agent_repos_scope" { + description = "Git repository URL for agent scopes configuration" + type = string + default = "https://github.com/nullplatform/scopes.git#main" +} + +variable "agent_repos_extra" { + description = "Additional repositories for the agent configuration" + type = list(string) + default = [] +} + +variable "cluster_name" { + description = "Name of the EKS cluster" + type = string +} + +variable "tags" { + description = "Tags to apply to identifier agent" + type = string +} + +variable "init_scripts" { + description = "List of initialization scripts to run" + type = list(string) + default = [] +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "namespace" { + description = "Kubernetes namespace to agent run" + type = string + default = "nullplatform-tools" +} + +# Template Configuration +variable "service_path" { + type = string + default = "k8s" + description = "Service path within the repository" +} + +variable "repo_path" { + type = string + default = "/root/.np/nullplatform/scopes" + description = "Local path to the repository containing templates" +} + +variable "github_repo_url" { + type = string + default = "https://github.com/nullplatform/scopes" + description = "GitHub repository URL containing templates" +} + +variable "github_ref" { + type = string + default = "beta" + description = "Git reference (branch, tag, or commit)" +} + +variable "environment_tag" {} + +################################################################################ +# Scope Definition Module Variables +################################################################################ + +variable "action_spec_names" { + type = list(string) + default = [ + "create-scope", + "delete-scope", + "start-initial", + "start-blue-green", + "finalize-blue-green", + "rollback-deployment", + "delete-deployment", + "switch-traffic", + "set-desired-instance-count", + "pause-autoscaling", + "resume-autoscaling", + "restart-pods", + "kill-instances" + ] + description = "List of action specification template names to fetch and create" +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "external_metrics_provider" { + type = string + default = "externalmetrics" + description = "External metrics provider name" +} + +variable "external_logging_provider" { + type = string + default = "external" + description = "External logging provider name" +} + +variable "aws_iam_openid_connect_provider_arn" {} \ No newline at end of file diff --git a/nullplatform/aws/aws/README.md b/nullplatform/aws/aws/README.md deleted file mode 100644 index d718f90..0000000 --- a/nullplatform/aws/aws/README.md +++ /dev/null @@ -1,51 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | -| [kubernetes](#provider\_kubernetes) | n/a | -| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | -| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.ecr-manager-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | -| [aws_iam_user_policy_attachment.ecr-manager-policy-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource | -| [kubernetes_ingress_v1.internal](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | -| [kubernetes_ingress_v1.public](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | -| [nullplatform_dimension.environment](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension) | resource | -| [nullplatform_dimension_value.environment_value](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension_value) | resource | -| [nullplatform_provider_config.aws](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [nullplatform_provider_config.ecr](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [nullplatform_provider_config.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_assume\_role](#input\_application\_manager\_assume\_role) | ARN of the IAM role for application manager | `string` | `"arn:aws:iam::283477532906:role/application_manager"` | no | -| [certificate\_arn](#input\_certificate\_arn) | ARN of the SSL/TLS certificate for the network configuration | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | Map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | Domain name for the configuration | `string` | n/a | yes | -| [environment](#input\_environment) | Environment dimension value to which the configuration applies | `string` | n/a | yes | -| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | -| [hosted\_private\_zone\_id](#input\_hosted\_private\_zone\_id) | Hosted zone ID for private DNS | `string` | n/a | yes | -| [hosted\_public\_zone\_id](#input\_hosted\_public\_zone\_id) | Hosted zone ID for public DNS | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | Whether to use Environment as a default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | -| [organization](#input\_organization) | Organization name for code repository configuration | `string` | n/a | yes | -| [organization\_installation\_id](#input\_organization\_installation\_id) | GitHub App installation ID for the organization | `string` | n/a | yes | -| [scope\_manager\_assume\_role](#input\_scope\_manager\_assume\_role) | ARN of the IAM role for scope and deploy manager | `string` | `"arn:aws:iam::283477532906:role/scope_and_deploy_manager"` | no | - \ No newline at end of file diff --git a/nullplatform/aws/aws/example.md b/nullplatform/aws/aws/example.md deleted file mode 100644 index 051102c..0000000 --- a/nullplatform/aws/aws/example.md +++ /dev/null @@ -1,64 +0,0 @@ -# Configuraciรณn Terraform - Nullplatform Configuration - -## Mรณdulo - -```hcl -module "nullplatform_configuration" { - source = "./nullplatform/platform_config" - - domain_name = var.domain_name - environment = var.environment - hosted_private_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - nrn = var.nrn - organization = var.github_organization - organization_installation_id = var.github_organization_installation_id - certificate_arn = var.certificate_arn -} -``` - -## Variables - -```hcl -# Ejemplo con diferentes valores -domain_name = "acme-corp-services.nullapps.io" -environment = "production" -hosted_public_zone_id = "Z1234567890ABCDEFGH" -hosted_private_zone_id = "Z9876543210ZYXWVUTS" -nrn = "organization=2468013579:account=9876543210" -github_organization = "acme-corp" -github_organization_installation_id = "12345678" -certificate_arn = "arn:aws:acm:us-west-2:123456789012:certificate/a1b2c3d4-e5f6-7890-1234-56789abcdef0" -``` - -## Parรกmetros del Mรณdulo - -| Variable | Valor Original | Valor de Ejemplo | Descripciรณn | -|----------|------------------------------------------------------|------------------|-------------| -| `domain_name` | `kwik-e-mart-providers-test.nullapps.io` | `acme-corp-services.nullapps.io` | Nombre de dominio principal | -| `environment` | `""` (vacรญo) | `production` | Entorno de despliegue | -| `hosted_public_zone_id` | `Z1234567890ABCDEFGH` | `Z1234567890ABCDEFGH` | ID de la zona pรบblica de Route53 | -| `hosted_private_zone_id` | `Z9876543210ZYXWVUTS` | `Z9876543210ZYXWVUTS` | ID de la zona privada de Route53 | -| `nrn` | `organization=2468013579:account=2468013579` | `organization=2468013579:account=9876543210` | Identificador de organizaciรณn y cuenta | -| `github_organization` | `acme-corp` | `acme-corp` | Organizaciรณn de GitHub | -| `github_organization_installation_id` | `2468013579` | `12345678` | ID de instalaciรณn de la GitHub App | -| `certificate_arn` | `arn:aws:acm:us-east-1:2468013579:certificate/...` | `arn:aws:acm:us-west-2:123456789012:certificate/...` | ARN del certificado SSL de AWS ACM | - -## Notas de Configuraciรณn - -### Dominios -- Los dominios siguen el patrรณn `{organization}-{service}.nullapps.io` -- Se recomienda usar subdominios descriptivos para diferentes entornos - -### Zonas de Route53 -- **Zona pรบblica**: Para resoluciรณn DNS desde internet -- **Zona privada**: Para resoluciรณn DNS interna en VPC - -### GitHub Integration -- Requiere una GitHub App instalada en la organizaciรณn -- El `organization_installation_id` se obtiene de la configuraciรณn de la GitHub App - -### Certificados SSL -- Deben estar en la regiรณn correcta segรบn el uso -- Para CloudFront: certificados deben estar en `us-east-1` -- Para ALB regional: certificados pueden estar en cualquier regiรณn \ No newline at end of file diff --git a/nullplatform/aws/aws/locals.tf b/nullplatform/aws/aws/locals.tf deleted file mode 100644 index 1b50af0..0000000 --- a/nullplatform/aws/aws/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} \ No newline at end of file diff --git a/nullplatform/aws/aws/variables.tf b/nullplatform/aws/aws/variables.tf deleted file mode 100644 index 7c99a65..0000000 --- a/nullplatform/aws/aws/variables.tf +++ /dev/null @@ -1,75 +0,0 @@ -variable "scope_manager_assume_role" { - description = "ARN of the IAM role for scope and deploy manager" - type = string - default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" -} - -variable "nrn" { - description = "Identifier Nullplatform Resources Name" - type = string -} - -variable "include_environment" { - description = "Whether to use Environment as a default dimension" - type = bool - default = true -} - -variable "domain_name" { - description = "Domain name for the configuration" - type = string -} - -variable "hosted_private_zone_id" { - description = "Hosted zone ID for private DNS" - type = string -} - -variable "hosted_public_zone_id" { - description = "Hosted zone ID for public DNS" - type = string -} - -variable "environment" { - description = "Environment dimension value to which the configuration applies" - type = string -} - -variable "dimensions" { - description = "Map of dimension values to configure Nullplatform" - type = map(string) - default = {} -} -######### -# Registry Variables -######### -variable "application_manager_assume_role" { - description = "ARN of the IAM role for application manager" - type = string - default = "arn:aws:iam::283477532906:role/application_manager" -} -####### -# Code respositoy -####3 -variable "organization" { - description = "Organization name for code repository configuration" - type = string -} - -variable "organization_installation_id" { - description = "GitHub App installation ID for the organization" - type = string -} -######### -# Ingress Default -###### -variable "certificate_arn" { - description = "ARN of the SSL/TLS certificate for the network configuration" - type = string -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} \ No newline at end of file diff --git a/nullplatform/aws/aws/data.tf b/nullplatform/aws/cloud_providers/data.tf similarity index 100% rename from nullplatform/aws/aws/data.tf rename to nullplatform/aws/cloud_providers/data.tf diff --git a/nullplatform/aws/cloud_providers/main.tf b/nullplatform/aws/cloud_providers/main.tf new file mode 100644 index 0000000..30f5634 --- /dev/null +++ b/nullplatform/aws/cloud_providers/main.tf @@ -0,0 +1,25 @@ +resource "nullplatform_provider_config" "aws" { + provider = nullplatform + nrn = var.nrn + type = "aws-configuration" + dimensions = {} + attributes = jsonencode({ + iam = { + #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn + } + account = { + id = data.aws_caller_identity.current.id + region = data.aws_region.current.region + } + networking = { + application_domain = false + domain_name = var.domain_name + hosted_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + diff --git a/nullplatform/aws/aws/providers.tf b/nullplatform/aws/cloud_providers/providers.tf similarity index 71% rename from nullplatform/aws/aws/providers.tf rename to nullplatform/aws/cloud_providers/providers.tf index 4e925e3..cb79686 100644 --- a/nullplatform/aws/aws/providers.tf +++ b/nullplatform/aws/cloud_providers/providers.tf @@ -5,4 +5,8 @@ terraform { version = "~> 0.0.63" } } +} + +provider "nullplatform" { + api_key = var.np_api_key } \ No newline at end of file diff --git a/nullplatform/aws/cloud_providers/variables.tf b/nullplatform/aws/cloud_providers/variables.tf new file mode 100644 index 0000000..2a5f621 --- /dev/null +++ b/nullplatform/aws/cloud_providers/variables.tf @@ -0,0 +1,44 @@ +variable "scope_manager_assume_role" { + description = "ARN of the IAM role for scope and deploy manager" + type = string + default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" +} + +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "include_environment" { + description = "Whether to use Environment as a default dimension" + type = bool + default = true +} + +variable "domain_name" { + description = "Domain name for the configuration" + type = string +} + +variable "hosted_private_zone_id" { + description = "Hosted zone ID for private DNS" + type = string +} + +variable "hosted_public_zone_id" { + description = "Hosted zone ID for public DNS" + type = string +} + +variable "dimensions" { + description = "Map of dimension values to configure Nullplatform" + type = map(string) + default = {} +} + +# NRN Patch Configuration +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} \ No newline at end of file diff --git a/nullplatform/workload/account/main.tf b/nullplatform/workload/account/main.tf new file mode 100644 index 0000000..e02c9da --- /dev/null +++ b/nullplatform/workload/account/main.tf @@ -0,0 +1,8 @@ +resource "nullplatform_account" "nullplatform_account" { + for_each = var.nullplatform_accounts + + name = each.value.name + repository_prefix = each.value.repository_prefix + repository_provider = each.value.repository_provider + slug = each.value.slug +} \ No newline at end of file diff --git a/nullplatform/workload/account/providers.tf b/nullplatform/workload/account/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/nullplatform/workload/account/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/workload/account/variables.tf b/nullplatform/workload/account/variables.tf new file mode 100644 index 0000000..9c5996e --- /dev/null +++ b/nullplatform/workload/account/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = optional(string, "poc-account") + repository_provider = optional(string, "github") + slug = optional(string, "poc-account") + })) +} + +variable "np_api_key" { + +} \ No newline at end of file diff --git a/modules/nullplatform/provider/asset/docker-server/main.tf b/nullplatform/workload/asset/docker-server/main.tf similarity index 100% rename from modules/nullplatform/provider/asset/docker-server/main.tf rename to nullplatform/workload/asset/docker-server/main.tf diff --git a/nullplatform/asset/docker-server/provider.tf b/nullplatform/workload/asset/docker-server/provider.tf similarity index 100% rename from nullplatform/asset/docker-server/provider.tf rename to nullplatform/workload/asset/docker-server/provider.tf diff --git a/nullplatform/asset/docker-server/variables.tf b/nullplatform/workload/asset/docker-server/variables.tf similarity index 100% rename from nullplatform/asset/docker-server/variables.tf rename to nullplatform/workload/asset/docker-server/variables.tf diff --git a/modules/nullplatform/provider/cloud/aws/data.tf b/nullplatform/workload/asset/ecr/data.tf similarity index 56% rename from modules/nullplatform/provider/cloud/aws/data.tf rename to nullplatform/workload/asset/ecr/data.tf index d9c96ce..0fe331b 100644 --- a/modules/nullplatform/provider/cloud/aws/data.tf +++ b/nullplatform/workload/asset/ecr/data.tf @@ -1,3 +1,5 @@ data "aws_caller_identity" "current" { - provider = aws } + +data "aws_region" "current" { +} \ No newline at end of file diff --git a/nullplatform/aws/aws/iam-registry.tf b/nullplatform/workload/asset/ecr/iam.tf similarity index 100% rename from nullplatform/aws/aws/iam-registry.tf rename to nullplatform/workload/asset/ecr/iam.tf diff --git a/nullplatform/workload/asset/ecr/main.tf b/nullplatform/workload/asset/ecr/main.tf new file mode 100644 index 0000000..e771780 --- /dev/null +++ b/nullplatform/workload/asset/ecr/main.tf @@ -0,0 +1,20 @@ +resource "nullplatform_provider_config" "ecr" { + provider = nullplatform + nrn = var.nrn + type = "ecr" + dimensions = {} + attributes = jsonencode({ + "ci" : { + "region" : data.aws_region.current.region, + "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id + "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret + }, + "setup" : { + "region" : data.aws_region.current.region, + "role_arn" : aws_iam_role.nullplatform_application_role.arn + } + }) + lifecycle { + ignore_changes = [attributes] + } +} \ No newline at end of file diff --git a/nullplatform/workload/asset/ecr/providers.tf b/nullplatform/workload/asset/ecr/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/nullplatform/workload/asset/ecr/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/workload/asset/ecr/variables.tf b/nullplatform/workload/asset/ecr/variables.tf new file mode 100644 index 0000000..598aef3 --- /dev/null +++ b/nullplatform/workload/asset/ecr/variables.tf @@ -0,0 +1,16 @@ +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "application_manager_assume_role" { + description = "ARN of the IAM role for application manager" + type = string + default = "arn:aws:iam::283477532906:role/application_manager" +} \ No newline at end of file diff --git a/nullplatform/code_repository/locals.tf b/nullplatform/workload/code_repository/locals.tf similarity index 100% rename from nullplatform/code_repository/locals.tf rename to nullplatform/workload/code_repository/locals.tf diff --git a/nullplatform/code_repository/main.tf b/nullplatform/workload/code_repository/main.tf similarity index 100% rename from nullplatform/code_repository/main.tf rename to nullplatform/workload/code_repository/main.tf diff --git a/nullplatform/code_repository/provider.tf b/nullplatform/workload/code_repository/provider.tf similarity index 100% rename from nullplatform/code_repository/provider.tf rename to nullplatform/workload/code_repository/provider.tf diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/workload/code_repository/variables.tf similarity index 100% rename from nullplatform/code_repository/variables.tf rename to nullplatform/workload/code_repository/variables.tf diff --git a/modules/nullplatform/dimensions/main.tf b/nullplatform/workload/dimensions/main.tf similarity index 99% rename from modules/nullplatform/dimensions/main.tf rename to nullplatform/workload/dimensions/main.tf index 037e8b4..0a07e2c 100644 --- a/modules/nullplatform/dimensions/main.tf +++ b/nullplatform/workload/dimensions/main.tf @@ -9,4 +9,4 @@ resource "nullplatform_dimension_value" "environment_value" { dimension_id = nullplatform_dimension.environment.id name = each.value nrn = var.nrn -} +} \ No newline at end of file diff --git a/nullplatform/workload/dimensions/providers.tf b/nullplatform/workload/dimensions/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/nullplatform/workload/dimensions/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/workload/dimensions/variables.tf b/nullplatform/workload/dimensions/variables.tf new file mode 100644 index 0000000..e69b14d --- /dev/null +++ b/nullplatform/workload/dimensions/variables.tf @@ -0,0 +1,15 @@ +variable "environments" { + type = list(string) + description = "The list of environments" + default = ["development", "staging", "production"] +} +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/iam.tf b/v2/foundations/aws/alb-controller/iam.tf deleted file mode 100644 index 921374d..0000000 --- a/v2/foundations/aws/alb-controller/iam.tf +++ /dev/null @@ -1,28 +0,0 @@ -module "aws-load-balancer-controller-role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - version = "~> 6.0" - name = "AWSLoadBalancerControllerIAMRole" - attach_load_balancer_controller_policy = true - use_name_prefix = false - oidc_providers = { - main = { - provider_arn = var.aws_iam_openid_connect_provider - namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] - } - } -} - -resource "kubernetes_service_account" "aws-load-balancer-controller-sa" { - metadata { - name = "aws-load-balancer-controller" - namespace = "kube-system" - labels = { - "app.kubernetes.io/name" = "aws-load-balancer-controller" - "app.kubernetes.io/component" = "controller" - } - annotations = { - "eks.amazonaws.com/role-arn" = module.aws-load-balancer-controller-role.arn - "eks.amazonaws.com/sts-regional-endpoints" = "true" - } - } -} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/locals.tf b/v2/foundations/aws/alb-controller/locals.tf deleted file mode 100644 index 3decfa3..0000000 --- a/v2/foundations/aws/alb-controller/locals.tf +++ /dev/null @@ -1,7 +0,0 @@ -locals { - aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { - cluster_name = var.cluster_name - service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name - vpc_id = var.vpc_id - }) -} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml b/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml deleted file mode 100644 index bb1161a..0000000 --- a/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml +++ /dev/null @@ -1,5 +0,0 @@ -clusterName: "${cluster_name}" -serviceAccount: - create: false - name: "${service_account_name}" -vpcId: "${vpc_id}" diff --git a/v2/foundations/aws/alb-controller/variables.tf b/v2/foundations/aws/alb-controller/variables.tf deleted file mode 100644 index 0d7bc8c..0000000 --- a/v2/foundations/aws/alb-controller/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string -} - -variable "vpc_id" { - description = "VPC ID where load balancers controller will be deployed" - type = string -} - -variable "aws-load-balancer-controller-version" { - description = "Version of the AWS Load Balancer Controller Helm chart" - type = string - default = "1.13.4" -} - -variable "aws_iam_openid_connect_provider" { - -} \ No newline at end of file diff --git a/v2/foundations/aws/backend/main.tf b/v2/foundations/aws/backend/main.tf deleted file mode 100644 index a4b6d7e..0000000 --- a/v2/foundations/aws/backend/main.tf +++ /dev/null @@ -1,46 +0,0 @@ -data "aws_vpc" "vpc" { - id = var.vpc_id -} - - -provider "aws" { - region = data.aws_vpc.vpc.region -} - -resource "random_id" "bucket_suffix" { - byte_length = 8 -} - -resource "aws_s3_bucket" "tf_state" { - bucket = "tf-state-${lower(random_id.bucket_suffix.hex)}" - object_lock_enabled = true - force_destroy = true -} - -resource "aws_s3_bucket_versioning" "tf_state_versioning" { - bucket = aws_s3_bucket.tf_state.id - - versioning_configuration { - status = "Enabled" - } -} - -resource "aws_s3_bucket_server_side_encryption_configuration" "tf_state_sse" { - bucket = aws_s3_bucket.tf_state.id - - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } -} - -resource "aws_s3_bucket_object_lock_configuration" "tf_state_lock" { - bucket = aws_s3_bucket.tf_state.id - rule { - default_retention { - mode = "COMPLIANCE" - days = 1 - } - } -} diff --git a/v2/foundations/aws/backend/variables.tf b/v2/foundations/aws/backend/variables.tf deleted file mode 100644 index 2c7c73a..0000000 --- a/v2/foundations/aws/backend/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "vpc_id" { - type = string - description = "A account name" -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf deleted file mode 100644 index 60ca228..0000000 --- a/v2/foundations/aws/eks/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 21.0" - - name = var.name - kubernetes_version = var.kubernetes_version - - create_cloudwatch_log_group = false - - addons = { - coredns = {} - eks-pod-identity-agent = { - before_compute = true - } - kube-proxy = {} - vpc-cni = { - before_compute = true - } - } - - # Optional - endpoint_public_access = true - - # Optional: Adds the current caller identity as an administrator via cluster access entry - enable_cluster_creator_admin_permissions = true - - vpc_id = var.aws_vpc_vpc_id - subnet_ids = var.aws_subnets_private_ids - control_plane_subnet_ids = var.aws_subnets_private_ids - - # EKS Managed Node Group(s) - eks_managed_node_groups = { - nullplatform = { - # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups - ami_type = var.ami_type - instance_types = [var.instance_types] - - min_size = 2 - max_size = 10 - desired_size = 2 - } - } -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/variables.tf b/v2/foundations/aws/eks/variables.tf deleted file mode 100644 index 2c41762..0000000 --- a/v2/foundations/aws/eks/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "name" { - type = string - description = "A name of cluster" -} - -variable "ami_type" { - type = string - description = "The ami type to use with node" - default = "AL2023_x86_64_STANDARD" -} - -variable "instance_types" { - type = string - description = "The instance type to use" - default = "t3.medium" -} - -variable "kubernetes_version" { - type = string - description = "The version of K8s to use" - default = "1.32" -} - -variable "aws_vpc_vpc_id" {} -variable "aws_subnets_private_ids" {} \ No newline at end of file diff --git a/v2/foundations/aws/route53/main.tf b/v2/foundations/aws/route53/main.tf deleted file mode 100644 index 578fb7f..0000000 --- a/v2/foundations/aws/route53/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "aws_route53_zone" "public_zone" { - name = var.domain_name -} - -resource "aws_route53_zone" "private_zone" { - name = var.domain_name - vpc { - vpc_id = var.vpc_id - } -} - -module "aws_route53_acm" { - source = "../acm" - domain_name = var.domain_name - zone_id = aws_route53_zone.public_zone.id - subject_alternative_names = [] -} diff --git a/v2/foundations/aws/route53/output.tf b/v2/foundations/aws/route53/output.tf deleted file mode 100644 index 3aa9385..0000000 --- a/v2/foundations/aws/route53/output.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "public_zone_id" { - description = "The ID of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.zone_id -} - -output "public_zone_name" { - description = "The domain name of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.name -} - -output "private_zone_id" { - description = "The ID of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.zone_id -} - -output "private_zone_name" { - description = "The domain name of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.name -} \ No newline at end of file diff --git a/v2/foundations/aws/route53/varaibles.tf b/v2/foundations/aws/route53/varaibles.tf deleted file mode 100644 index ecf2671..0000000 --- a/v2/foundations/aws/route53/varaibles.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "vpc_id" { - type = string - description = "The VPC id" -} -variable "domain_name" { - type = string - description = "The domains to project" -} \ No newline at end of file diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf deleted file mode 100644 index 25aefde..0000000 --- a/v2/foundations/aws/vpc/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 6.0" - - name = "${var.organization}-${var.account}" - cidr = var.vpc.cidr_block - - enable_dns_hostnames = true - - azs = var.vpc.azs - private_subnets = var.vpc.private_subnets - public_subnets = var.vpc.public_subnets - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } -} diff --git a/v2/foundations/aws/vpc/variables.tf b/v2/foundations/aws/vpc/variables.tf deleted file mode 100644 index 326fae6..0000000 --- a/v2/foundations/aws/vpc/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "vpc" { - description = "Configuraciรณn de la VPC" - type = object({ - cidr_block = string - azs = list(string) - private_subnets = list(string) - public_subnets = list(string) - }) -} - -variable "organization" { - type = string - description = "A organization name" -} - -variable "account" { - type = string - description = "The account name" -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/README.md b/v2/foundations/azure/acr/README.md deleted file mode 100644 index f32c551..0000000 --- a/v2/foundations/azure/acr/README.md +++ /dev/null @@ -1,42 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [containerregistry](#module\_containerregistry) | azure/avm-res-containerregistry-registry/azurerm | v0.4.0 | - -## Resources - -| Name | Type | -|------|------| - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [containerregistry\_name](#input\_containerregistry\_name) | The name of your ACR | `string` | n/a | yes | -| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The ID of your Azure Suscription | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [acr\_admin\_password](#output\_acr\_admin\_password) | Password admin del ACR. | -| [acr\_admin\_username](#output\_acr\_admin\_username) | Usuario admin del ACR. | -| [acr\_login\_server](#output\_acr\_login\_server) | FQDN del login server del ACR. | - \ No newline at end of file diff --git a/v2/foundations/azure/acr/datasource.tf b/v2/foundations/azure/acr/datasource.tf deleted file mode 100644 index 169f758..0000000 --- a/v2/foundations/azure/acr/datasource.tf +++ /dev/null @@ -1,5 +0,0 @@ -data "azurerm_container_registry" "acr" { - name = var.containerregistry_name - resource_group_name = var.resource_group_name - depends_on = [module.containerregistry] -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/main.tf b/v2/foundations/azure/acr/main.tf deleted file mode 100644 index f9b9fc2..0000000 --- a/v2/foundations/azure/acr/main.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "containerregistry" { - source = "azure/avm-res-containerregistry-registry/azurerm" - version = "v0.4.0" - name = var.containerregistry_name - resource_group_name = var.resource_group_name - location = var.location - admin_enabled = true - -} - diff --git a/v2/foundations/azure/acr/output.tf b/v2/foundations/azure/acr/output.tf deleted file mode 100644 index 7cd2e76..0000000 --- a/v2/foundations/azure/acr/output.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "acr_login_server" { - description = "FQDN del login server del ACR." - value = data.azurerm_container_registry.acr.login_server -} - -output "acr_admin_username" { - description = "Usuario admin del ACR." - value = data.azurerm_container_registry.acr.admin_username - sensitive = true -} -output "acr_admin_password" { - description = "Password admin del ACR." - value = data.azurerm_container_registry.acr.admin_password - sensitive = true -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/provider.tf b/v2/foundations/azure/acr/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/acr/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/acr/variables.tf b/v2/foundations/azure/acr/variables.tf deleted file mode 100644 index 042bcbe..0000000 --- a/v2/foundations/azure/acr/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "location" { - type = string - description = "The location/region where the resource group should be created" -} - -variable "resource_group_name" { - type = string - description = "The name of the resource group" -} - -variable "containerregistry_name" { - type = string - description = "The name of your ACR" - -} - -variable "subscription_id" { - type = string - description = "The ID of your Azure Suscription" - -} \ No newline at end of file diff --git a/v2/foundations/azure/dns/README.md b/v2/foundations/azure/dns/README.md deleted file mode 100644 index 06fefe9..0000000 --- a/v2/foundations/azure/dns/README.md +++ /dev/null @@ -1,38 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_dns_zone.public_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/dns_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The domain name to use for the DNS zone | `string` | n/a | yes | -| [resource\_group](#input\_resource\_group) | The name of the resource group | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The Azure subscription Id. | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS Zone | -| [dns\_zone\_name](#output\_dns\_zone\_name) | The name of the created DNS Zone | -| [name\_servers](#output\_name\_servers) | A list of name servers | -| [private\_dns\_zone\_id](#output\_private\_dns\_zone\_id) | The ID of the private DNS Zone | -| [private\_dns\_zone\_name](#output\_private\_dns\_zone\_name) | The name of the private created DNS Zone | - \ No newline at end of file diff --git a/v2/foundations/azure/dns/main.tf b/v2/foundations/azure/dns/main.tf deleted file mode 100644 index b755856..0000000 --- a/v2/foundations/azure/dns/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "azurerm_dns_zone" "public_dns_zone" { - name = var.domain_name - resource_group_name = var.resource_group -} diff --git a/v2/foundations/azure/dns/output.tf b/v2/foundations/azure/dns/output.tf deleted file mode 100644 index 3562336..0000000 --- a/v2/foundations/azure/dns/output.tf +++ /dev/null @@ -1,24 +0,0 @@ -output "dns_zone_name" { - description = "The name of the created DNS Zone" - value = azurerm_dns_zone.public_dns_zone.name -} - -output "dns_zone_id" { - description = "The ID of the DNS Zone" - value = azurerm_dns_zone.public_dns_zone.id -} - -output "private_dns_zone_name" { - description = "The name of the private created DNS Zone" - value = azurerm_dns_zone.public_dns_zone.name -} - -output "private_dns_zone_id" { - description = "The ID of the private DNS Zone" - value = azurerm_dns_zone.public_dns_zone.id -} - -output "name_servers" { - description = "A list of name servers" - value = azurerm_dns_zone.public_dns_zone.name_servers -} diff --git a/v2/foundations/azure/dns/provider.tf b/v2/foundations/azure/dns/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/dns/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/dns/variables.tf b/v2/foundations/azure/dns/variables.tf deleted file mode 100644 index 2d325f1..0000000 --- a/v2/foundations/azure/dns/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "resource_group" { - type = string - description = "The name of the resource group" -} - -variable "domain_name" { - type = string - description = "The domain name to use for the DNS zone" -} - -variable "subscription_id" { - type = string - description = "The Azure subscription Id." -} diff --git a/v2/foundations/azure/resource_group/README.md b/v2/foundations/azure/resource_group/README.md deleted file mode 100644 index abbbca9..0000000 --- a/v2/foundations/azure/resource_group/README.md +++ /dev/null @@ -1,36 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_resource_group.nullplatform_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/resource_group) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [location](#input\_location) | n/a | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | n/a | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [resource\_group\_location](#output\_resource\_group\_location) | The location of the created resource group | -| [resource\_group\_name](#output\_resource\_group\_name) | The name of the created resource group | - \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/main.tf b/v2/foundations/azure/resource_group/main.tf deleted file mode 100644 index 6a05d88..0000000 --- a/v2/foundations/azure/resource_group/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "azurerm_resource_group" "nullplatform_resource_group" { - name = var.resource_group_name - location = var.location - tags = var.tags -} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/output.tf b/v2/foundations/azure/resource_group/output.tf deleted file mode 100644 index cf762cf..0000000 --- a/v2/foundations/azure/resource_group/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "resource_group_name" { - description = "The name of the created resource group" - value = azurerm_resource_group.nullplatform_resource_group.name -} - -output "resource_group_location" { - description = "The location of the created resource group" - value = azurerm_resource_group.nullplatform_resource_group.location -} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/provider.tf b/v2/foundations/azure/resource_group/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/resource_group/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/resource_group/variable.tf b/v2/foundations/azure/resource_group/variable.tf deleted file mode 100644 index fb14009..0000000 --- a/v2/foundations/azure/resource_group/variable.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "resource_group_name" { - type = string -} - -variable "location" { - type = string -} - -variable "tags" { - type = map(string) - -} -variable "subscription_id" { - type = string - -} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/README.md b/v2/foundations/azure/vnet/README.md deleted file mode 100644 index aabb85f..0000000 --- a/v2/foundations/azure/vnet/README.md +++ /dev/null @@ -1,31 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [avm-res-network-virtualnetwork](#module\_avm-res-network-virtualnetwork) | azure/avm-res-network-virtualnetwork/azurerm | v0.10.0 | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [address\_space](#input\_address\_space) | The cidr of your vnet | `set(string)` | n/a | yes | -| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | -| [subnets\_definition](#input\_subnets\_definition) | The subnet definition for the vnet | 
map(object({
    name             = string
    address_prefixes = list(string)
  }))
| n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The id of your azure suscription | `string` | n/a | yes | -| [vnet\_name](#input\_vnet\_name) | The name of your vnet | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [resource\_id](#output\_resource\_id) | The resource ID of the virtual network. | - \ No newline at end of file diff --git a/v2/foundations/azure/vnet/main.tf b/v2/foundations/azure/vnet/main.tf deleted file mode 100644 index dd6fdec..0000000 --- a/v2/foundations/azure/vnet/main.tf +++ /dev/null @@ -1,12 +0,0 @@ - -module "avm-res-network-virtualnetwork" { - source = "azure/avm-res-network-virtualnetwork/azurerm" - version = "v0.10.0" - address_space = var.address_space - name = var.vnet_name - location = var.location - resource_group_name = var.resource_group_name - subnets = var.subnets_definition -} - - diff --git a/v2/foundations/azure/vnet/output.tf b/v2/foundations/azure/vnet/output.tf deleted file mode 100644 index 1b025c1..0000000 --- a/v2/foundations/azure/vnet/output.tf +++ /dev/null @@ -1,5 +0,0 @@ - -output "resource_id" { - description = "The resource ID of the virtual network." - value = module.avm-res-network-virtualnetwork.resource_id -} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/provider.tf b/v2/foundations/azure/vnet/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/vnet/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/vnet/variables.tf b/v2/foundations/azure/vnet/variables.tf deleted file mode 100644 index 80db5e9..0000000 --- a/v2/foundations/azure/vnet/variables.tf +++ /dev/null @@ -1,46 +0,0 @@ -variable "location" { - type = string - description = "The location/region where the resource group should be created" -} - -variable "resource_group_name" { - type = string - description = "The name of the resource group" -} - -variable "vnet_name" { - type = string - description = "The name of your vnet" -} - -variable "address_space" { - type = set(string) - description = "The cidr of your vnet" -} - -variable "subnets_definition" { - type = map(object({ - name = string - address_prefixes = list(string) - })) - description = "The subnet definition for the vnet" -} -/* - for example - { - "subnet1" = { - name = "subnet1" - address_prefixes = ["10.0.0.0/24"] - } - "subnet2" = { - name = "subnet2" - address_prefixes = ["10.0.1.0/24"] - } - } - */ - -variable "subscription_id" { - type = string - description = "The id of your azure suscription" - -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/main.tf b/v2/nullplatform/aws/nullplatform_providers/main.tf index a517af8..30f5634 100644 --- a/v2/nullplatform/aws/nullplatform_providers/main.tf +++ b/v2/nullplatform/aws/nullplatform_providers/main.tf @@ -23,36 +23,3 @@ resource "nullplatform_provider_config" "aws" { } } -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : data.aws_region.current.region, - "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id - "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret - }, - "setup" : { - "region" : data.aws_region.current.region, - "role_arn" : aws_iam_role.nullplatform_application_role.arn - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "github" { - nrn = replace(var.nrn, ":namespace=.*$", "") - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id - }, - } - ) -} \ No newline at end of file From 0cbb032363dc0659bafe7ce6f7cdd11abbfd72d4 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Thu, 2 Oct 2025 18:01:23 -0300 Subject: [PATCH 75/87] feat: new structure --- .../workloads}/cert-manager/locals.tf | 0 .../workloads}/cert-manager/main.tf | 0 .../workloads}/cert-manager/provider.tf | 0 .../templates/cert_manager_values.tmpl.yaml | 0 .../workloads}/cert-manager/variables.tf | 0 .../workloads}/external-dns/locals.tf | 0 .../workloads}/external-dns/main.tf | 0 .../workloads}/external-dns/provider.tf | 0 .../workloads}/external-dns/secret.tf | 0 .../templates/external_dns_values.tmpl.yaml | 0 .../workloads}/external-dns/variables.tf | 0 .../workloads}/istio/locals.tf | 0 .../workloads}/istio/main.tf | 0 .../workloads}/istio/provider.tf | 0 .../workloads}/istio/variables.tf | 0 .../workloads/invite_user}/main.tf | 0 .../workloads/invite_user}/providers.tf | 0 .../workloads/invite_user}/variables.tf | 0 .../workloads}/prometheus/README.md | 0 .../workloads}/prometheus/locals.tf | 0 .../workloads}/prometheus/main.tf | 0 .../workloads}/prometheus/providers.tf | 0 .../templates/prometheus-values.tmpl.yaml | 0 .../workloads}/prometheus/variables.tf | 0 .../aws/nullplatform_agent/auth.tf | 29 --- .../aws/nullplatform_agent/channel.tf | 63 ------- v2/nullplatform/aws/nullplatform_agent/iam.tf | 136 -------------- .../aws/nullplatform_agent/locals.tf | 15 -- .../aws/nullplatform_agent/main.tf | 24 --- .../aws/nullplatform_agent/providers.tf | 20 -- .../aws/nullplatform_agent/scopes.tf | 175 ------------------ .../nullplatform-agent-values.tmpl.yaml | 23 --- .../aws/nullplatform_agent/variables.tf | 116 ------------ .../aws/nullplatform_providers/data.tf | 5 - .../aws/nullplatform_providers/dimensions.tf | 12 -- .../nullplatform_providers/iam-registry.tf | 93 ---------- .../aws/nullplatform_providers/main.tf | 25 --- .../aws/nullplatform_providers/namespaces.tf | 7 - .../aws/nullplatform_providers/networking.tf | 96 ---------- .../aws/nullplatform_providers/variables.tf | 87 --------- v2/nullplatform/nullplatform_account/main.tf | 8 - .../nullplatform_account/providers.tf | 12 -- .../nullplatform_account/variables.tf | 12 -- .../nullplatform_users/providers.tf | 12 -- v2/workload/prometheus/locals.tf | 4 - v2/workload/prometheus/main.tf | 24 --- v2/workload/prometheus/providers.tf | 16 -- .../templates/prometheus-values.tmpl.yaml | 25 --- v2/workload/prometheus/variables.tf | 7 - 49 files changed, 1046 deletions(-) rename {workloads => infrastructure/workloads}/cert-manager/locals.tf (100%) rename {workloads => infrastructure/workloads}/cert-manager/main.tf (100%) rename {workloads => infrastructure/workloads}/cert-manager/provider.tf (100%) rename {workloads => infrastructure/workloads}/cert-manager/templates/cert_manager_values.tmpl.yaml (100%) rename {workloads => infrastructure/workloads}/cert-manager/variables.tf (100%) rename {workloads => infrastructure/workloads}/external-dns/locals.tf (100%) rename {workloads => infrastructure/workloads}/external-dns/main.tf (100%) rename {workloads => infrastructure/workloads}/external-dns/provider.tf (100%) rename {workloads => infrastructure/workloads}/external-dns/secret.tf (100%) rename {workloads => infrastructure/workloads}/external-dns/templates/external_dns_values.tmpl.yaml (100%) rename {workloads => infrastructure/workloads}/external-dns/variables.tf (100%) rename {workloads => infrastructure/workloads}/istio/locals.tf (100%) rename {workloads => infrastructure/workloads}/istio/main.tf (100%) rename {workloads => infrastructure/workloads}/istio/provider.tf (100%) rename {workloads => infrastructure/workloads}/istio/variables.tf (100%) rename {v2/nullplatform/nullplatform_users => nullplatform/workloads/invite_user}/main.tf (100%) rename {v2/nullplatform/aws/nullplatform_providers => nullplatform/workloads/invite_user}/providers.tf (100%) rename {v2/nullplatform/nullplatform_users => nullplatform/workloads/invite_user}/variables.tf (100%) rename {workloads => nullplatform/workloads}/prometheus/README.md (100%) rename {workloads => nullplatform/workloads}/prometheus/locals.tf (100%) rename {workloads => nullplatform/workloads}/prometheus/main.tf (100%) rename {workloads => nullplatform/workloads}/prometheus/providers.tf (100%) rename {workloads => nullplatform/workloads}/prometheus/templates/prometheus-values.tmpl.yaml (100%) rename {workloads => nullplatform/workloads}/prometheus/variables.tf (100%) delete mode 100644 v2/nullplatform/aws/nullplatform_agent/auth.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/channel.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/iam.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/locals.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/main.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/providers.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/scopes.tf delete mode 100644 v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml delete mode 100644 v2/nullplatform/aws/nullplatform_agent/variables.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/data.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/dimensions.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/iam-registry.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/main.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/namespaces.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/networking.tf delete mode 100644 v2/nullplatform/aws/nullplatform_providers/variables.tf delete mode 100644 v2/nullplatform/nullplatform_account/main.tf delete mode 100644 v2/nullplatform/nullplatform_account/providers.tf delete mode 100644 v2/nullplatform/nullplatform_account/variables.tf delete mode 100644 v2/nullplatform/nullplatform_users/providers.tf delete mode 100644 v2/workload/prometheus/locals.tf delete mode 100644 v2/workload/prometheus/main.tf delete mode 100644 v2/workload/prometheus/providers.tf delete mode 100644 v2/workload/prometheus/templates/prometheus-values.tmpl.yaml delete mode 100644 v2/workload/prometheus/variables.tf diff --git a/workloads/cert-manager/locals.tf b/infrastructure/workloads/cert-manager/locals.tf similarity index 100% rename from workloads/cert-manager/locals.tf rename to infrastructure/workloads/cert-manager/locals.tf diff --git a/workloads/cert-manager/main.tf b/infrastructure/workloads/cert-manager/main.tf similarity index 100% rename from workloads/cert-manager/main.tf rename to infrastructure/workloads/cert-manager/main.tf diff --git a/workloads/cert-manager/provider.tf b/infrastructure/workloads/cert-manager/provider.tf similarity index 100% rename from workloads/cert-manager/provider.tf rename to infrastructure/workloads/cert-manager/provider.tf diff --git a/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml b/infrastructure/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml similarity index 100% rename from workloads/cert-manager/templates/cert_manager_values.tmpl.yaml rename to infrastructure/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml diff --git a/workloads/cert-manager/variables.tf b/infrastructure/workloads/cert-manager/variables.tf similarity index 100% rename from workloads/cert-manager/variables.tf rename to infrastructure/workloads/cert-manager/variables.tf diff --git a/workloads/external-dns/locals.tf b/infrastructure/workloads/external-dns/locals.tf similarity index 100% rename from workloads/external-dns/locals.tf rename to infrastructure/workloads/external-dns/locals.tf diff --git a/workloads/external-dns/main.tf b/infrastructure/workloads/external-dns/main.tf similarity index 100% rename from workloads/external-dns/main.tf rename to infrastructure/workloads/external-dns/main.tf diff --git a/workloads/external-dns/provider.tf b/infrastructure/workloads/external-dns/provider.tf similarity index 100% rename from workloads/external-dns/provider.tf rename to infrastructure/workloads/external-dns/provider.tf diff --git a/workloads/external-dns/secret.tf b/infrastructure/workloads/external-dns/secret.tf similarity index 100% rename from workloads/external-dns/secret.tf rename to infrastructure/workloads/external-dns/secret.tf diff --git a/workloads/external-dns/templates/external_dns_values.tmpl.yaml b/infrastructure/workloads/external-dns/templates/external_dns_values.tmpl.yaml similarity index 100% rename from workloads/external-dns/templates/external_dns_values.tmpl.yaml rename to infrastructure/workloads/external-dns/templates/external_dns_values.tmpl.yaml diff --git a/workloads/external-dns/variables.tf b/infrastructure/workloads/external-dns/variables.tf similarity index 100% rename from workloads/external-dns/variables.tf rename to infrastructure/workloads/external-dns/variables.tf diff --git a/workloads/istio/locals.tf b/infrastructure/workloads/istio/locals.tf similarity index 100% rename from workloads/istio/locals.tf rename to infrastructure/workloads/istio/locals.tf diff --git a/workloads/istio/main.tf b/infrastructure/workloads/istio/main.tf similarity index 100% rename from workloads/istio/main.tf rename to infrastructure/workloads/istio/main.tf diff --git a/workloads/istio/provider.tf b/infrastructure/workloads/istio/provider.tf similarity index 100% rename from workloads/istio/provider.tf rename to infrastructure/workloads/istio/provider.tf diff --git a/workloads/istio/variables.tf b/infrastructure/workloads/istio/variables.tf similarity index 100% rename from workloads/istio/variables.tf rename to infrastructure/workloads/istio/variables.tf diff --git a/v2/nullplatform/nullplatform_users/main.tf b/nullplatform/workloads/invite_user/main.tf similarity index 100% rename from v2/nullplatform/nullplatform_users/main.tf rename to nullplatform/workloads/invite_user/main.tf diff --git a/v2/nullplatform/aws/nullplatform_providers/providers.tf b/nullplatform/workloads/invite_user/providers.tf similarity index 100% rename from v2/nullplatform/aws/nullplatform_providers/providers.tf rename to nullplatform/workloads/invite_user/providers.tf diff --git a/v2/nullplatform/nullplatform_users/variables.tf b/nullplatform/workloads/invite_user/variables.tf similarity index 100% rename from v2/nullplatform/nullplatform_users/variables.tf rename to nullplatform/workloads/invite_user/variables.tf diff --git a/workloads/prometheus/README.md b/nullplatform/workloads/prometheus/README.md similarity index 100% rename from workloads/prometheus/README.md rename to nullplatform/workloads/prometheus/README.md diff --git a/workloads/prometheus/locals.tf b/nullplatform/workloads/prometheus/locals.tf similarity index 100% rename from workloads/prometheus/locals.tf rename to nullplatform/workloads/prometheus/locals.tf diff --git a/workloads/prometheus/main.tf b/nullplatform/workloads/prometheus/main.tf similarity index 100% rename from workloads/prometheus/main.tf rename to nullplatform/workloads/prometheus/main.tf diff --git a/workloads/prometheus/providers.tf b/nullplatform/workloads/prometheus/providers.tf similarity index 100% rename from workloads/prometheus/providers.tf rename to nullplatform/workloads/prometheus/providers.tf diff --git a/workloads/prometheus/templates/prometheus-values.tmpl.yaml b/nullplatform/workloads/prometheus/templates/prometheus-values.tmpl.yaml similarity index 100% rename from workloads/prometheus/templates/prometheus-values.tmpl.yaml rename to nullplatform/workloads/prometheus/templates/prometheus-values.tmpl.yaml diff --git a/workloads/prometheus/variables.tf b/nullplatform/workloads/prometheus/variables.tf similarity index 100% rename from workloads/prometheus/variables.tf rename to nullplatform/workloads/prometheus/variables.tf diff --git a/v2/nullplatform/aws/nullplatform_agent/auth.tf b/v2/nullplatform/aws/nullplatform_agent/auth.tf deleted file mode 100644 index df1b230..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/auth.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "nullplatform_api_key" "nullplatform-agent-api-key" { - name = "NULLPLATFORM-AGENT-API-KEY" - - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "controlplane:agent" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "developer" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "ops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secrets-reader" - } - - tags { - key = "managed-by" - value = "IaC" - } -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/channel.tf b/v2/nullplatform/aws/nullplatform_agent/channel.tf deleted file mode 100644 index 9a8121d..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/channel.tf +++ /dev/null @@ -1,63 +0,0 @@ -################################################################################ -# Step 1: Fetch Notification Channel Template -################################################################################ - -data "http" "notification_channel_template" { - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/notification-channel.json.tpl" -} - -############################################################################### -#Step 2: Process and Create Notification Channel -############################################################################### - -#Process notification channel template -data "external" "notification_channel" { - program = ["sh", "-c", <<-EOT - processed_json=$(echo '${data.http.notification_channel_template.response_body}' | \ - NRN='${var.nrn}' \ - NP_API_KEY='${nullplatform_api_key.nullplatform-agent-api-key.api_key}' \ - REPO_PATH='${var.repo_path}' \ - SERVICE_PATH='${var.service_path}' \ - ENVIRONMENT='${var.environment_tag}' \ - SERVICE_SLUG='${nullplatform_service_specification.from_template.slug}' \ - SERVICE_SPECIFICATION_ID='${nullplatform_service_specification.from_template.id}' \ - gomplate) - echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" - EOT - ] -} - -locals { - notification_channel_def = jsondecode(data.external.notification_channel.result.json) -} - -# Create notification channel -resource "nullplatform_notification_channel" "from_template" { - nrn = var.nrn - type = local.notification_channel_def.type - source = local.notification_channel_def.source - - configuration { - dynamic "agent" { - for_each = local.notification_channel_def.type == "agent" ? [local.notification_channel_def.configuration] : [] - content { - api_key = agent.value.api_key - command { - type = agent.value.command.type - data = { - for k, v in agent.value.command.data : k => ( - k == "environment" ? jsonencode({ - NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" - }) : ( - can(tostring(v)) ? tostring(v) : jsonencode(v) - ) - ) - } - } - selector = agent.value.selector - } - } - } - - filters = can(local.notification_channel_def.filters) ? jsonencode(local.notification_channel_def.filters) : null -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/iam.tf b/v2/nullplatform/aws/nullplatform_agent/iam.tf deleted file mode 100644 index 645a4d1..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/iam.tf +++ /dev/null @@ -1,136 +0,0 @@ -module "nullplatform-agent-role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - name = "nullplatform-agent-role" - use_name_prefix = false - - oidc_providers = { - main = { - provider_arn = var.aws_iam_openid_connect_provider_arn - namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] - } - } - - policies = { - "nullplatform-route53-policy" = aws_iam_policy.nullplatform-route53-policy.arn, - "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, - "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn - } -} - -resource "aws_iam_policy" "nullplatform-route53-policy" { - name = "nullplatform-route53-policy" - description = "Policy for managing Route53 DNS records" - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone", - "route53:ListHostedZones", - "route53:ListHostedZonesByName" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/*" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - } - ] - }) -} - -resource "aws_iam_policy" "nullplatform-elb-policy" { - name = "nullplatform-elb-policy" - description = "Policy for managing Elastic Load Balancer" - policy = jsonencode( - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/k8s-nullplatform-*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/k8s-nullplatform-*" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - } - ] - } - ) -} - -resource "aws_iam_policy" "nullplatform-eks-policy" { - name = "nullplatform-eks-policy" - description = "Policy for managing EKS clusters" - policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "eks:DescribeCluster", - "eks:ListClusters", - "eks:DescribeNodegroup", - "eks:ListNodegroups", - "eks:DescribeAddon", - "eks:ListAddons" - ], - "Resource": [ - "arn:aws:eks:*:*:cluster/*", - "arn:aws:eks:*:*:nodegroup/*", - "arn:aws:eks:*:*:addon/*" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - } - ] - - }) -} diff --git a/v2/nullplatform/aws/nullplatform_agent/locals.tf b/v2/nullplatform/aws/nullplatform_agent/locals.tf deleted file mode 100644 index efceb24..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/locals.tf +++ /dev/null @@ -1,15 +0,0 @@ -locals { - scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) - repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) - final_list = distinct(concat(local.scope_list, local.repos_extra)) - - nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { - agent_repos = join(",", local.final_list) - cluster_name = var.cluster_name - tags = var.tags - init_scripts = var.init_scripts - resource_identity = module.nullplatform-agent-role.arn - api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key - namespace = var.namespace - }) -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/main.tf b/v2/nullplatform/aws/nullplatform_agent/main.tf deleted file mode 100644 index 31d0351..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "agent" { - name = "nullplatform-agent" - chart = "nullplatform-agent" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - version = var.nullplatform-agent-helm-version - create_namespace = true - - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 - - values = [local.nullplatform_agent_values] -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/providers.tf b/v2/nullplatform/aws/nullplatform_agent/providers.tf deleted file mode 100644 index 06f29fe..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/providers.tf +++ /dev/null @@ -1,20 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } - } -} - -provider "nullplatform" { - api_key = var.np_api_key -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/scopes.tf b/v2/nullplatform/aws/nullplatform_agent/scopes.tf deleted file mode 100644 index d5267c4..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/scopes.tf +++ /dev/null @@ -1,175 +0,0 @@ -################################################################################ -# Step 1: Fetch Templates -################################################################################ - -# Fetch service specification template -data "http" "service_spec_template" { - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/service-spec.json.tpl" -} - -# Fetch scope type template -data "http" "scope_type_template" { - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/scope-type-definition.json.tpl" -} - -# Fetch action specification templates -data "http" "action_templates" { - for_each = toset(var.action_spec_names) - url = "${var.github_repo_url}/raw/${var.github_ref}/${var.service_path}/specs/actions/${each.key}.json.tpl" -} - -################################################################################ -# Step 2: Process and Create Service Specification -################################################################################ - -# Process service spec template -data "external" "service_spec" { - program = ["sh", "-c", <<-EOT - processed_json=$(echo '${data.http.service_spec_template.response_body}' | NRN='${var.nrn}' gomplate) - echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" - EOT - ] -} - -locals { - service_spec_parsed = jsondecode(data.external.service_spec.result.json) -} - -# Create service specification -resource "nullplatform_service_specification" "from_template" { - name = local.service_spec_parsed.name - visible_to = local.service_spec_parsed.visible_to - assignable_to = local.service_spec_parsed.assignable_to - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) - use_default_actions = local.service_spec_parsed.use_default_actions - - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } - - lifecycle { - ignore_changes = [attributes] - } -} - -locals { - # Variables that depend on created service specification - service_specification_id = nullplatform_service_specification.from_template.id - service_slug = nullplatform_service_specification.from_template.slug - - dependent_env_vars = { - NRN = var.nrn - SERVICE_SPECIFICATION_ID = local.service_specification_id - SERVICE_SLUG = local.service_slug - SERVICE_PATH = var.service_path - REPO_PATH = var.repo_path - } -} - -################################################################################ -# Step 3: Process and Create Scope Type -################################################################################ - -# Process scope type template -data "external" "scope_type" { - depends_on = [nullplatform_service_specification.from_template] - - program = ["sh", "-c", <<-EOT - processed_json=$(echo '${data.http.scope_type_template.response_body}' | \ - NRN='${local.dependent_env_vars.NRN}' \ - SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ - gomplate) - echo "{\"json\":\"$(echo "$processed_json" | sed 's/"/\\"/g' | tr -d '\n')\"}" - EOT - ] -} - -locals { - scope_type_def = jsondecode(data.external.scope_type.result.json) -} - -# Create scope type -resource "nullplatform_scope_type" "from_template" { - depends_on = [nullplatform_service_specification.from_template] - - nrn = var.nrn - name = local.scope_type_def.name - description = local.scope_type_def.description - provider_id = local.service_specification_id -} - -################################################################################ -# Step 4: Create Action Specifications -################################################################################ - -# Process action templates -data "external" "action_specs" { - for_each = toset(var.action_spec_names) - depends_on = [nullplatform_service_specification.from_template] - - program = ["sh", "-c", <<-EOT - processed_json=$(echo '${try(data.http.action_templates[each.key].response_body, "{}")}' | \ - NRN='${local.dependent_env_vars.NRN}' \ - SERVICE_SPECIFICATION_ID='${local.dependent_env_vars.SERVICE_SPECIFICATION_ID}' \ - SERVICE_SLUG='${local.dependent_env_vars.SERVICE_SLUG}' \ - SERVICE_PATH='${local.dependent_env_vars.SERVICE_PATH}' \ - REPO_PATH='${local.dependent_env_vars.REPO_PATH}' \ - gomplate) - echo "{\"json_b64\":\"$(echo "$processed_json" | base64 -w 0)\"}" - EOT - ] -} - -locals { - # Static list of action specifications to avoid for_each dependency issues - static_action_specs = toset(var.action_spec_names) -} - -# Create action specifications -resource "nullplatform_action_specification" "from_templates" { - for_each = local.static_action_specs - depends_on = [nullplatform_service_specification.from_template] - - service_specification_id = local.service_specification_id - name = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).name - type = jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).type - parameters = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).parameters) - results = jsonencode(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).results) - retryable = try(jsondecode(base64decode(data.external.action_specs[each.key].result.json_b64)).retryable, false) - - lifecycle { - ignore_changes = [annotations] - } - -} - -################################################################################ -# Step 5: Configure NRN with External Providers (Patch) -################################################################################ - -# This replicates: np nrn patch --nrn "$NRN" --body "{\"global.${SERVICE_SLUG}_metric_provider\": \"externalmetrics\", \"global.${SERVICE_SLUG}_log_provider\": \"external\"}" -resource "null_resource" "nrn_patch" { - depends_on = [nullplatform_service_specification.from_template] - - triggers = { - nrn = var.nrn - service_slug = local.service_slug - } - - provisioner "local-exec" { - command = <<-EOT - np nrn patch --nrn "${var.nrn}" --body "{ - \"global.${local.service_slug}_metric_provider\": \"${var.external_metrics_provider}\", - \"global.${local.service_slug}_log_provider\": \"${var.external_logging_provider}\" - }" - EOT - - environment = { - NP_API_KEY = var.np_api_key - } - } -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml b/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml deleted file mode 100644 index 9af357c..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml +++ /dev/null @@ -1,23 +0,0 @@ -serviceAccount: - annotations: - eks.amazonaws.com/role-arn: "${resource_identity}" -args: - - "--tags=$(TAGS)" - - "--apikey=$(NP_API_KEY)" - - "--runtime=host" - - "--command-executor-env=NP_API_KEY=$(NP_API_KEY)" - - "--command-executor-debug" - - "--webserver-enabled" - - "--command-executor-git-command-repos $(AGENT_REPOS)" - -configuration: - values: - NP_API_KEY: "${api_key}" - TAGS: "${tags}" - AGENT_REPOS: "${agent_repos}" - CLUSTER_NAME: "${cluster_name}" - NAMESPACE: "${namespace}" - - -image: - tag: aws \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/variables.tf b/v2/nullplatform/aws/nullplatform_agent/variables.tf deleted file mode 100644 index 9974c73..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/variables.tf +++ /dev/null @@ -1,116 +0,0 @@ -variable "nullplatform-agent-helm-version" { - description = "Helm chart version for the Nullplatform agent" - type = string - default = "2.11.0" -} - -variable "agent_repos_scope" { - description = "Git repository URL for agent scopes configuration" - type = string - default = "https://github.com/nullplatform/scopes.git#main" -} - -variable "agent_repos_extra" { - description = "Additional repositories for the agent configuration" - type = list(string) - default = [] -} - -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string -} - -variable "tags" { - description = "Tags to apply to identifier agent" - type = string -} - -variable "init_scripts" { - description = "List of initialization scripts to run" - type = list(string) - default = [] -} - -variable "nrn" { - description = "Identifier Nullplatform Resources Name" - type = string -} - -variable "namespace" { - description = "Kubernetes namespace to agent run" - type = string - default = "nullplatform-tools" -} - -# Template Configuration -variable "service_path" { - type = string - default = "k8s" - description = "Service path within the repository" -} - -variable "repo_path" { - type = string - default = "/root/.np/nullplatform/scopes" - description = "Local path to the repository containing templates" -} - -variable "github_repo_url" { - type = string - default = "https://github.com/nullplatform/scopes" - description = "GitHub repository URL containing templates" -} - -variable "github_ref" { - type = string - default = "beta" - description = "Git reference (branch, tag, or commit)" -} - -variable "environment_tag" {} - -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "action_spec_names" { - type = list(string) - default = [ - "create-scope", - "delete-scope", - "start-initial", - "start-blue-green", - "finalize-blue-green", - "rollback-deployment", - "delete-deployment", - "switch-traffic", - "set-desired-instance-count", - "pause-autoscaling", - "resume-autoscaling", - "restart-pods", - "kill-instances" - ] - description = "List of action specification template names to fetch and create" -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - -variable "external_metrics_provider" { - type = string - default = "externalmetrics" - description = "External metrics provider name" -} - -variable "external_logging_provider" { - type = string - default = "external" - description = "External logging provider name" -} - -variable "aws_iam_openid_connect_provider_arn" {} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/data.tf b/v2/nullplatform/aws/nullplatform_providers/data.tf deleted file mode 100644 index 0fe331b..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/data.tf +++ /dev/null @@ -1,5 +0,0 @@ -data "aws_caller_identity" "current" { -} - -data "aws_region" "current" { -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/dimensions.tf b/v2/nullplatform/aws/nullplatform_providers/dimensions.tf deleted file mode 100644 index 037e8b4..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/dimensions.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_dimension" "environment" { - name = "Environment" - order = 1 - nrn = var.nrn -} - -resource "nullplatform_dimension_value" "environment_value" { - for_each = toset(var.environments) - dimension_id = nullplatform_dimension.environment.id - name = each.value - nrn = var.nrn -} diff --git a/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf b/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf deleted file mode 100644 index fb70a56..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf +++ /dev/null @@ -1,93 +0,0 @@ -resource "aws_iam_role" "nullplatform_application_role" { - name = "nullplatform-application-role" - - assume_role_policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Principal = { - AWS = var.application_manager_assume_role - }, - Action = "sts:AssumeRole", - Condition = { - StringEquals = { - "aws:RequestedRegion" = [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - }, - DateGreaterThan = { - "aws:CurrentTime" = "2024-01-01T00:00:00Z" - } - } - } - ] - }) -} - -resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { - name = "nullplatform-ecr-manager-policy" - description = "Policy for managing ECR repositories with restricted access" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:CompleteLayerUpload", - "ecr:UploadLayerPart", - "ecr:InitiateLayerUpload", - "ecr:BatchCheckLayerAvailability", - "ecr:PutImage", - "ecr:CreateRepository", - "ecr:DeleteRepository", - "ecr:DescribeRepositories", - "ecr:TagResource" - ], - Resource = [ - "arn:aws:ecr:*:*:repository/*" - ], - Condition = { - StringEquals = { - "aws:RequestedRegion" = [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - }, - { - Effect = "Allow", - Action = [ - "sts:GetServiceBearerToken", - "ecr:GetAuthorizationToken" - ], - Resource = "*" - } - ] - }) -} - -resource "aws_iam_user" "nullplatform_build_workflow_user" { - name = "nullplatform-build-workflow-user" -} - -resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { - user = aws_iam_user.nullplatform_build_workflow_user.name -} - - -resource "aws_iam_role_policy_attachment" "ecr-manager-policy" { - role = aws_iam_role.nullplatform_application_role.name - policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn -} - -resource "aws_iam_user_policy_attachment" "ecr-manager-policy-user" { - user = aws_iam_user.nullplatform_build_workflow_user.name - policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/main.tf b/v2/nullplatform/aws/nullplatform_providers/main.tf deleted file mode 100644 index 30f5634..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = {} - attributes = jsonencode({ - iam = { - #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn - } - account = { - id = data.aws_caller_identity.current.id - region = data.aws_region.current.region - } - networking = { - application_domain = false - domain_name = var.domain_name - hosted_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - diff --git a/v2/nullplatform/aws/nullplatform_providers/namespaces.tf b/v2/nullplatform/aws/nullplatform_providers/namespaces.tf deleted file mode 100644 index cdf9400..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/namespaces.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "kubernetes_namespace" "nullplatform_namespaces" { - for_each = toset(var.namespaces) - - metadata { - name = each.key - } -} diff --git a/v2/nullplatform/aws/nullplatform_providers/networking.tf b/v2/nullplatform/aws/nullplatform_providers/networking.tf deleted file mode 100644 index 243c438..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/networking.tf +++ /dev/null @@ -1,96 +0,0 @@ - -resource "kubernetes_ingress_v1" "internal" { - metadata { - name = "initial-ingress-setup-internal" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/scheme" = "internal" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} - -resource "kubernetes_ingress_v1" "public" { - metadata { - name = "initial-ingress-setup-public" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/variables.tf b/v2/nullplatform/aws/nullplatform_providers/variables.tf deleted file mode 100644 index 8c26c7d..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/variables.tf +++ /dev/null @@ -1,87 +0,0 @@ -variable "scope_manager_assume_role" { - description = "ARN of the IAM role for scope and deploy manager" - type = string - default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" -} - -variable "nrn" { - description = "Identifier Nullplatform Resources Name" - type = string -} - -variable "include_environment" { - description = "Whether to use Environment as a default dimension" - type = bool - default = true -} - -variable "domain_name" { - description = "Domain name for the configuration" - type = string -} - -variable "hosted_private_zone_id" { - description = "Hosted zone ID for private DNS" - type = string -} - -variable "hosted_public_zone_id" { - description = "Hosted zone ID for public DNS" - type = string -} - -variable "environment" { - description = "Environment dimension value to which the configuration applies" - type = string -} - -variable "dimensions" { - description = "Map of dimension values to configure Nullplatform" - type = map(string) - default = {} -} -######### -# Registry Variables -######### -variable "application_manager_assume_role" { - description = "ARN of the IAM role for application manager" - type = string - default = "arn:aws:iam::283477532906:role/application_manager" -} -####### -# Code respositoy -####3 -variable "organization" { - description = "Organization name for code repository configuration" - type = string -} - -variable "organization_installation_id" { - description = "GitHub App installation ID for the organization" - type = string -} -######### -# Ingress Default -###### -variable "certificate_arn" { - description = "ARN of the SSL/TLS certificate for the network configuration" - type = string -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - -variable "namespaces" { - type = list(string) - default = ["nullplatform"] -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/main.tf b/v2/nullplatform/nullplatform_account/main.tf deleted file mode 100644 index e02c9da..0000000 --- a/v2/nullplatform/nullplatform_account/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -resource "nullplatform_account" "nullplatform_account" { - for_each = var.nullplatform_accounts - - name = each.value.name - repository_prefix = each.value.repository_prefix - repository_provider = each.value.repository_provider - slug = each.value.slug -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/providers.tf b/v2/nullplatform/nullplatform_account/providers.tf deleted file mode 100644 index cb79686..0000000 --- a/v2/nullplatform/nullplatform_account/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - } -} - -provider "nullplatform" { - api_key = var.np_api_key -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/variables.tf b/v2/nullplatform/nullplatform_account/variables.tf deleted file mode 100644 index 9c5996e..0000000 --- a/v2/nullplatform/nullplatform_account/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "nullplatform_accounts" { - type = map(object({ - name = string - repository_prefix = optional(string, "poc-account") - repository_provider = optional(string, "github") - slug = optional(string, "poc-account") - })) -} - -variable "np_api_key" { - -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/providers.tf b/v2/nullplatform/nullplatform_users/providers.tf deleted file mode 100644 index cb79686..0000000 --- a/v2/nullplatform/nullplatform_users/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - } -} - -provider "nullplatform" { - api_key = var.np_api_key -} \ No newline at end of file diff --git a/v2/workload/prometheus/locals.tf b/v2/workload/prometheus/locals.tf deleted file mode 100644 index af88fec..0000000 --- a/v2/workload/prometheus/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - prometheus-values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { - }) -} \ No newline at end of file diff --git a/v2/workload/prometheus/main.tf b/v2/workload/prometheus/main.tf deleted file mode 100644 index 5d9e5f8..0000000 --- a/v2/workload/prometheus/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "prometheus" { - name = "prometheus" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "prometheus" - namespace = var.namespace - create_namespace = true - - values = [ local.prometheus-values ] -} - -resource "nullplatform_provider_config" "prometheus" { - nrn = var.nrn - type = "prometheus" - attributes = jsonencode({ - "server" : { - "url" : "http://prometheus-server.${var.namespace}.svc.cluster.local:80" - } - }) - dimensions = {} - - lifecycle { - ignore_changes = [attributes] - } -} \ No newline at end of file diff --git a/v2/workload/prometheus/providers.tf b/v2/workload/prometheus/providers.tf deleted file mode 100644 index fb31c5a..0000000 --- a/v2/workload/prometheus/providers.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } - } -} \ No newline at end of file diff --git a/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml b/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml deleted file mode 100644 index 300b731..0000000 --- a/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml +++ /dev/null @@ -1,25 +0,0 @@ -alertmanager: - persistence: - enabled: false -server: - persistentVolume: - enabled: false -extraScrapeConfigs: | - # Mรฉtricas de Null Platform desde nodos K8s - - job_name: null-platform-metrics - kubernetes_sd_configs: - - role: node - metrics_path: /metrics - scheme: http - relabel_configs: - # Cambiar puerto de kubelet (10250) a null-platform (2021) - - source_labels: [ __address__ ] - regex: '(.*):10250' - target_label: __address__ - replacement: '$1:2021' - # Mapear labels de nodos K8s - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - # Aรฑadir nombre del nodo - - source_labels: [ __meta_kubernetes_node_name ] - target_label: node \ No newline at end of file diff --git a/v2/workload/prometheus/variables.tf b/v2/workload/prometheus/variables.tf deleted file mode 100644 index 6371c8d..0000000 --- a/v2/workload/prometheus/variables.tf +++ /dev/null @@ -1,7 +0,0 @@ -variable "namespace" { - default = "prometheus" -} - -variable "cluster_name" {} - -variable "nrn" {} \ No newline at end of file From 574705ad2cc2bcc1dbb01300e022186f01e60f50 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Thu, 2 Oct 2025 18:01:51 -0300 Subject: [PATCH 76/87] feat: new structure --- nullplatform/{workload => workloads}/account/main.tf | 0 nullplatform/{workload => workloads}/account/providers.tf | 0 nullplatform/{workload => workloads}/account/variables.tf | 0 nullplatform/{workload => workloads}/asset/docker-server/main.tf | 0 .../{workload => workloads}/asset/docker-server/provider.tf | 0 .../{workload => workloads}/asset/docker-server/variables.tf | 0 nullplatform/{workload => workloads}/asset/ecr/data.tf | 0 nullplatform/{workload => workloads}/asset/ecr/iam.tf | 0 nullplatform/{workload => workloads}/asset/ecr/main.tf | 0 nullplatform/{workload => workloads}/asset/ecr/providers.tf | 0 nullplatform/{workload => workloads}/asset/ecr/variables.tf | 0 nullplatform/{workload => workloads}/code_repository/locals.tf | 0 nullplatform/{workload => workloads}/code_repository/main.tf | 0 nullplatform/{workload => workloads}/code_repository/provider.tf | 0 nullplatform/{workload => workloads}/code_repository/variables.tf | 0 nullplatform/{workload => workloads}/dimensions/main.tf | 0 nullplatform/{workload => workloads}/dimensions/providers.tf | 0 nullplatform/{workload => workloads}/dimensions/variables.tf | 0 nullplatform/workloads/{invite_user => invite_users}/main.tf | 0 nullplatform/workloads/{invite_user => invite_users}/providers.tf | 0 nullplatform/workloads/{invite_user => invite_users}/variables.tf | 0 21 files changed, 0 insertions(+), 0 deletions(-) rename nullplatform/{workload => workloads}/account/main.tf (100%) rename nullplatform/{workload => workloads}/account/providers.tf (100%) rename nullplatform/{workload => workloads}/account/variables.tf (100%) rename nullplatform/{workload => workloads}/asset/docker-server/main.tf (100%) rename nullplatform/{workload => workloads}/asset/docker-server/provider.tf (100%) rename nullplatform/{workload => workloads}/asset/docker-server/variables.tf (100%) rename nullplatform/{workload => workloads}/asset/ecr/data.tf (100%) rename nullplatform/{workload => workloads}/asset/ecr/iam.tf (100%) rename nullplatform/{workload => workloads}/asset/ecr/main.tf (100%) rename nullplatform/{workload => workloads}/asset/ecr/providers.tf (100%) rename nullplatform/{workload => workloads}/asset/ecr/variables.tf (100%) rename nullplatform/{workload => workloads}/code_repository/locals.tf (100%) rename nullplatform/{workload => workloads}/code_repository/main.tf (100%) rename nullplatform/{workload => workloads}/code_repository/provider.tf (100%) rename nullplatform/{workload => workloads}/code_repository/variables.tf (100%) rename nullplatform/{workload => workloads}/dimensions/main.tf (100%) rename nullplatform/{workload => workloads}/dimensions/providers.tf (100%) rename nullplatform/{workload => workloads}/dimensions/variables.tf (100%) rename nullplatform/workloads/{invite_user => invite_users}/main.tf (100%) rename nullplatform/workloads/{invite_user => invite_users}/providers.tf (100%) rename nullplatform/workloads/{invite_user => invite_users}/variables.tf (100%) diff --git a/nullplatform/workload/account/main.tf b/nullplatform/workloads/account/main.tf similarity index 100% rename from nullplatform/workload/account/main.tf rename to nullplatform/workloads/account/main.tf diff --git a/nullplatform/workload/account/providers.tf b/nullplatform/workloads/account/providers.tf similarity index 100% rename from nullplatform/workload/account/providers.tf rename to nullplatform/workloads/account/providers.tf diff --git a/nullplatform/workload/account/variables.tf b/nullplatform/workloads/account/variables.tf similarity index 100% rename from nullplatform/workload/account/variables.tf rename to nullplatform/workloads/account/variables.tf diff --git a/nullplatform/workload/asset/docker-server/main.tf b/nullplatform/workloads/asset/docker-server/main.tf similarity index 100% rename from nullplatform/workload/asset/docker-server/main.tf rename to nullplatform/workloads/asset/docker-server/main.tf diff --git a/nullplatform/workload/asset/docker-server/provider.tf b/nullplatform/workloads/asset/docker-server/provider.tf similarity index 100% rename from nullplatform/workload/asset/docker-server/provider.tf rename to nullplatform/workloads/asset/docker-server/provider.tf diff --git a/nullplatform/workload/asset/docker-server/variables.tf b/nullplatform/workloads/asset/docker-server/variables.tf similarity index 100% rename from nullplatform/workload/asset/docker-server/variables.tf rename to nullplatform/workloads/asset/docker-server/variables.tf diff --git a/nullplatform/workload/asset/ecr/data.tf b/nullplatform/workloads/asset/ecr/data.tf similarity index 100% rename from nullplatform/workload/asset/ecr/data.tf rename to nullplatform/workloads/asset/ecr/data.tf diff --git a/nullplatform/workload/asset/ecr/iam.tf b/nullplatform/workloads/asset/ecr/iam.tf similarity index 100% rename from nullplatform/workload/asset/ecr/iam.tf rename to nullplatform/workloads/asset/ecr/iam.tf diff --git a/nullplatform/workload/asset/ecr/main.tf b/nullplatform/workloads/asset/ecr/main.tf similarity index 100% rename from nullplatform/workload/asset/ecr/main.tf rename to nullplatform/workloads/asset/ecr/main.tf diff --git a/nullplatform/workload/asset/ecr/providers.tf b/nullplatform/workloads/asset/ecr/providers.tf similarity index 100% rename from nullplatform/workload/asset/ecr/providers.tf rename to nullplatform/workloads/asset/ecr/providers.tf diff --git a/nullplatform/workload/asset/ecr/variables.tf b/nullplatform/workloads/asset/ecr/variables.tf similarity index 100% rename from nullplatform/workload/asset/ecr/variables.tf rename to nullplatform/workloads/asset/ecr/variables.tf diff --git a/nullplatform/workload/code_repository/locals.tf b/nullplatform/workloads/code_repository/locals.tf similarity index 100% rename from nullplatform/workload/code_repository/locals.tf rename to nullplatform/workloads/code_repository/locals.tf diff --git a/nullplatform/workload/code_repository/main.tf b/nullplatform/workloads/code_repository/main.tf similarity index 100% rename from nullplatform/workload/code_repository/main.tf rename to nullplatform/workloads/code_repository/main.tf diff --git a/nullplatform/workload/code_repository/provider.tf b/nullplatform/workloads/code_repository/provider.tf similarity index 100% rename from nullplatform/workload/code_repository/provider.tf rename to nullplatform/workloads/code_repository/provider.tf diff --git a/nullplatform/workload/code_repository/variables.tf b/nullplatform/workloads/code_repository/variables.tf similarity index 100% rename from nullplatform/workload/code_repository/variables.tf rename to nullplatform/workloads/code_repository/variables.tf diff --git a/nullplatform/workload/dimensions/main.tf b/nullplatform/workloads/dimensions/main.tf similarity index 100% rename from nullplatform/workload/dimensions/main.tf rename to nullplatform/workloads/dimensions/main.tf diff --git a/nullplatform/workload/dimensions/providers.tf b/nullplatform/workloads/dimensions/providers.tf similarity index 100% rename from nullplatform/workload/dimensions/providers.tf rename to nullplatform/workloads/dimensions/providers.tf diff --git a/nullplatform/workload/dimensions/variables.tf b/nullplatform/workloads/dimensions/variables.tf similarity index 100% rename from nullplatform/workload/dimensions/variables.tf rename to nullplatform/workloads/dimensions/variables.tf diff --git a/nullplatform/workloads/invite_user/main.tf b/nullplatform/workloads/invite_users/main.tf similarity index 100% rename from nullplatform/workloads/invite_user/main.tf rename to nullplatform/workloads/invite_users/main.tf diff --git a/nullplatform/workloads/invite_user/providers.tf b/nullplatform/workloads/invite_users/providers.tf similarity index 100% rename from nullplatform/workloads/invite_user/providers.tf rename to nullplatform/workloads/invite_users/providers.tf diff --git a/nullplatform/workloads/invite_user/variables.tf b/nullplatform/workloads/invite_users/variables.tf similarity index 100% rename from nullplatform/workloads/invite_user/variables.tf rename to nullplatform/workloads/invite_users/variables.tf From 118719fa80b59de50ca3a6eacbad1c0fe68655ac Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 12:33:43 -0300 Subject: [PATCH 77/87] feat(main-v2): replace workload -> commons --- .../nullplatform-with-infraestructure/main.tf | 8 +- .../variables.tf | 12 +-- .../main.tf | 8 +- .../variables.tf | 12 +-- infrastructure/aws/acm/variables.tf | 2 +- infrastructure/aws/alb-controller/iam.tf | 4 +- infrastructure/aws/alb-controller/locals.tf | 6 +- infrastructure/aws/alb-controller/main.tf | 26 +++---- infrastructure/aws/eks/main.tf | 6 +- infrastructure/aws/eks/variables.tf | 14 ++-- infrastructure/aws/ingress/main.tf | 32 ++++---- infrastructure/aws/route53/main.tf | 10 +-- infrastructure/aws/route53/varaibles.tf | 4 +- .../cert-manager/locals.tf | 2 +- .../cert-manager/main.tf | 0 .../cert-manager/provider.tf | 0 .../templates/cert_manager_values.tmpl.yaml | 0 .../cert-manager/variables.tf | 0 .../external-dns/locals.tf | 0 .../external-dns/main.tf | 0 .../external-dns/provider.tf | 0 .../external-dns/secret.tf | 0 .../templates/external_dns_values.tmpl.yaml | 0 .../external-dns/variables.tf | 0 .../{workloads => commons}/istio/locals.tf | 0 .../{workloads => commons}/istio/main.tf | 6 +- .../{workloads => commons}/istio/provider.tf | 0 .../{workloads => commons}/istio/variables.tf | 18 ++--- nullplatform/aws/agent/auth.tf | 22 +++--- nullplatform/aws/agent/channel.tf | 8 +- nullplatform/aws/agent/iam.tf | 74 +++++++++---------- nullplatform/aws/agent/locals.tf | 14 ++-- nullplatform/aws/agent/main.tf | 26 +++---- nullplatform/aws/agent/scopes.tf | 4 +- nullplatform/aws/base/auth.tf | 29 ++++++++ .../aws/base}/locals.tf | 2 +- nullplatform/aws/base/main.tf | 24 ++++++ .../aws/base}/providers.tf | 0 .../nullplatform-base-values.tmpl.yaml | 0 .../aws/base}/variables.tf | 0 .../aws/{cloud_providers => cloud}/data.tf | 0 .../aws/{cloud_providers => cloud}/main.tf | 0 .../{cloud_providers => cloud}/providers.tf | 0 .../{cloud_providers => cloud}/variables.tf | 0 .../{workloads => commons}/account/main.tf | 0 .../account/providers.tf | 0 nullplatform/commons/account/variables.tf | 12 +++ .../asset/docker-server/main.tf | 0 .../asset/docker-server/provider.tf | 0 .../asset/docker-server/variables.tf | 4 +- .../{workloads => commons}/asset/ecr/data.tf | 0 .../{workloads => commons}/asset/ecr/iam.tf | 4 +- .../{workloads => commons}/asset/ecr/main.tf | 0 .../asset/ecr/providers.tf | 0 .../asset/ecr/variables.tf | 0 .../code_repository/locals.tf | 0 .../code_repository/main.tf | 8 +- .../code_repository/provider.tf | 0 .../code_repository/variables.tf | 54 +++++++------- .../{workloads => commons}/dimensions/main.tf | 0 .../dimensions/providers.tf | 0 .../dimensions/variables.tf | 0 .../prometheus/README.md | 0 .../prometheus/locals.tf | 0 .../{workloads => commons}/prometheus/main.tf | 2 +- .../prometheus/providers.tf | 2 +- .../templates/prometheus-values.tmpl.yaml | 0 .../prometheus/variables.tf | 10 +-- nullplatform/commons/users/main.tf | 24 ++++++ .../users}/providers.tf | 0 nullplatform/commons/users/variables.tf | 12 +++ nullplatform/gcp/agent/locals.tf | 6 +- nullplatform/gcp/cloud/gcp/variables.tf | 6 +- nullplatform/workloads/account/variables.tf | 12 --- nullplatform/workloads/invite_users/main.tf | 7 -- .../workloads/invite_users/variables.tf | 10 --- v2/nullplatform/nullplatform_base/auth.tf | 29 -------- v2/nullplatform/nullplatform_base/main.tf | 24 ------ 78 files changed, 309 insertions(+), 290 deletions(-) rename infrastructure/{workloads => commons}/cert-manager/locals.tf (94%) rename infrastructure/{workloads => commons}/cert-manager/main.tf (100%) rename infrastructure/{workloads => commons}/cert-manager/provider.tf (100%) rename infrastructure/{workloads => commons}/cert-manager/templates/cert_manager_values.tmpl.yaml (100%) rename infrastructure/{workloads => commons}/cert-manager/variables.tf (100%) rename infrastructure/{workloads => commons}/external-dns/locals.tf (100%) rename infrastructure/{workloads => commons}/external-dns/main.tf (100%) rename infrastructure/{workloads => commons}/external-dns/provider.tf (100%) rename infrastructure/{workloads => commons}/external-dns/secret.tf (100%) rename infrastructure/{workloads => commons}/external-dns/templates/external_dns_values.tmpl.yaml (100%) rename infrastructure/{workloads => commons}/external-dns/variables.tf (100%) rename infrastructure/{workloads => commons}/istio/locals.tf (100%) rename infrastructure/{workloads => commons}/istio/main.tf (83%) rename infrastructure/{workloads => commons}/istio/provider.tf (100%) rename infrastructure/{workloads => commons}/istio/variables.tf (68%) create mode 100644 nullplatform/aws/base/auth.tf rename {v2/nullplatform/nullplatform_base => nullplatform/aws/base}/locals.tf (60%) create mode 100644 nullplatform/aws/base/main.tf rename {v2/nullplatform/nullplatform_base => nullplatform/aws/base}/providers.tf (100%) rename {v2/nullplatform/nullplatform_base => nullplatform/aws/base}/templates/nullplatform-base-values.tmpl.yaml (100%) rename {v2/nullplatform/nullplatform_base => nullplatform/aws/base}/variables.tf (100%) rename nullplatform/aws/{cloud_providers => cloud}/data.tf (100%) rename nullplatform/aws/{cloud_providers => cloud}/main.tf (100%) rename nullplatform/aws/{cloud_providers => cloud}/providers.tf (100%) rename nullplatform/aws/{cloud_providers => cloud}/variables.tf (100%) rename nullplatform/{workloads => commons}/account/main.tf (100%) rename nullplatform/{workloads => commons}/account/providers.tf (100%) create mode 100644 nullplatform/commons/account/variables.tf rename nullplatform/{workloads => commons}/asset/docker-server/main.tf (100%) rename nullplatform/{workloads => commons}/asset/docker-server/provider.tf (100%) rename nullplatform/{workloads => commons}/asset/docker-server/variables.tf (96%) rename nullplatform/{workloads => commons}/asset/ecr/data.tf (100%) rename nullplatform/{workloads => commons}/asset/ecr/iam.tf (95%) rename nullplatform/{workloads => commons}/asset/ecr/main.tf (100%) rename nullplatform/{workloads => commons}/asset/ecr/providers.tf (100%) rename nullplatform/{workloads => commons}/asset/ecr/variables.tf (100%) rename nullplatform/{workloads => commons}/code_repository/locals.tf (100%) rename nullplatform/{workloads => commons}/code_repository/main.tf (95%) rename nullplatform/{workloads => commons}/code_repository/provider.tf (100%) rename nullplatform/{workloads => commons}/code_repository/variables.tf (65%) rename nullplatform/{workloads => commons}/dimensions/main.tf (100%) rename nullplatform/{workloads => commons}/dimensions/providers.tf (100%) rename nullplatform/{workloads => commons}/dimensions/variables.tf (100%) rename nullplatform/{workloads => commons}/prometheus/README.md (100%) rename nullplatform/{workloads => commons}/prometheus/locals.tf (100%) rename nullplatform/{workloads => commons}/prometheus/main.tf (93%) rename nullplatform/{workloads => commons}/prometheus/providers.tf (99%) rename nullplatform/{workloads => commons}/prometheus/templates/prometheus-values.tmpl.yaml (100%) rename nullplatform/{workloads => commons}/prometheus/variables.tf (61%) create mode 100644 nullplatform/commons/users/main.tf rename nullplatform/{workloads/invite_users => commons/users}/providers.tf (100%) create mode 100644 nullplatform/commons/users/variables.tf delete mode 100644 nullplatform/workloads/account/variables.tf delete mode 100644 nullplatform/workloads/invite_users/main.tf delete mode 100644 nullplatform/workloads/invite_users/variables.tf delete mode 100644 v2/nullplatform/nullplatform_base/auth.tf delete mode 100644 v2/nullplatform/nullplatform_base/main.tf diff --git a/examples/aws/nullplatform-with-infraestructure/main.tf b/examples/aws/nullplatform-with-infraestructure/main.tf index f79b9fd..dba53e1 100644 --- a/examples/aws/nullplatform-with-infraestructure/main.tf +++ b/examples/aws/nullplatform-with-infraestructure/main.tf @@ -65,8 +65,8 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -74,8 +74,8 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } diff --git a/examples/aws/nullplatform-with-infraestructure/variables.tf b/examples/aws/nullplatform-with-infraestructure/variables.tf index 2127416..3c88bb6 100644 --- a/examples/aws/nullplatform-with-infraestructure/variables.tf +++ b/examples/aws/nullplatform-with-infraestructure/variables.tf @@ -102,17 +102,17 @@ variable "environment_tags" { variable "nullplatform_users" { type = map(object({ - email = string - first_name = string - last_name = string + email = string + first_name = string + last_name = string })) } variable "nullplatform_accounts" { type = map(object({ - name = string - repository_prefix = string + name = string + repository_prefix = string repository_provider = string - slug = string + slug = string })) } \ No newline at end of file diff --git a/examples/aws/nullplatform-without-infraestructure/main.tf b/examples/aws/nullplatform-without-infraestructure/main.tf index 3d817fb..e9a2bce 100644 --- a/examples/aws/nullplatform-without-infraestructure/main.tf +++ b/examples/aws/nullplatform-without-infraestructure/main.tf @@ -19,8 +19,8 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -28,8 +28,8 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } diff --git a/examples/aws/nullplatform-without-infraestructure/variables.tf b/examples/aws/nullplatform-without-infraestructure/variables.tf index c82a6d7..3d42e1e 100644 --- a/examples/aws/nullplatform-without-infraestructure/variables.tf +++ b/examples/aws/nullplatform-without-infraestructure/variables.tf @@ -105,17 +105,17 @@ variable "environment_tags" { variable "nullplatform_users" { type = map(object({ - email = string - first_name = string - last_name = string + email = string + first_name = string + last_name = string })) } variable "nullplatform_accounts" { type = map(object({ - name = string - repository_prefix = string + name = string + repository_prefix = string repository_provider = string - slug = string + slug = string })) } \ No newline at end of file diff --git a/infrastructure/aws/acm/variables.tf b/infrastructure/aws/acm/variables.tf index 25a378a..7d29adf 100644 --- a/infrastructure/aws/acm/variables.tf +++ b/infrastructure/aws/acm/variables.tf @@ -10,5 +10,5 @@ variable "domain_name" { variable "subject_alternative_names" { type = list(string) description = "Alternative DNS to add" - default = [] + default = [] } \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/iam.tf b/infrastructure/aws/alb-controller/iam.tf index 921374d..2b179eb 100644 --- a/infrastructure/aws/alb-controller/iam.tf +++ b/infrastructure/aws/alb-controller/iam.tf @@ -1,9 +1,9 @@ module "aws-load-balancer-controller-role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - version = "~> 6.0" + version = "~> 6.0" name = "AWSLoadBalancerControllerIAMRole" attach_load_balancer_controller_policy = true - use_name_prefix = false + use_name_prefix = false oidc_providers = { main = { provider_arn = var.aws_iam_openid_connect_provider diff --git a/infrastructure/aws/alb-controller/locals.tf b/infrastructure/aws/alb-controller/locals.tf index 3decfa3..cadb7bf 100644 --- a/infrastructure/aws/alb-controller/locals.tf +++ b/infrastructure/aws/alb-controller/locals.tf @@ -1,7 +1,7 @@ locals { aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { - cluster_name = var.cluster_name + cluster_name = var.cluster_name service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name - vpc_id = var.vpc_id - }) + vpc_id = var.vpc_id + }) } \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/main.tf b/infrastructure/aws/alb-controller/main.tf index fbd96ff..5cbb5b4 100644 --- a/infrastructure/aws/alb-controller/main.tf +++ b/infrastructure/aws/alb-controller/main.tf @@ -5,19 +5,19 @@ resource "helm_release" "aws-load-balancer-controller" { version = var.aws-load-balancer-controller-version namespace = "kube-system" - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 values = [local.aws-load-balancer-controller-values] diff --git a/infrastructure/aws/eks/main.tf b/infrastructure/aws/eks/main.tf index 60ca228..4aecad5 100644 --- a/infrastructure/aws/eks/main.tf +++ b/infrastructure/aws/eks/main.tf @@ -8,12 +8,12 @@ module "eks" { create_cloudwatch_log_group = false addons = { - coredns = {} + coredns = {} eks-pod-identity-agent = { before_compute = true } - kube-proxy = {} - vpc-cni = { + kube-proxy = {} + vpc-cni = { before_compute = true } } diff --git a/infrastructure/aws/eks/variables.tf b/infrastructure/aws/eks/variables.tf index 2c41762..e9859cc 100644 --- a/infrastructure/aws/eks/variables.tf +++ b/infrastructure/aws/eks/variables.tf @@ -1,24 +1,24 @@ variable "name" { - type = string + type = string description = "A name of cluster" } variable "ami_type" { - type = string + type = string description = "The ami type to use with node" - default = "AL2023_x86_64_STANDARD" + default = "AL2023_x86_64_STANDARD" } variable "instance_types" { - type = string + type = string description = "The instance type to use" - default = "t3.medium" + default = "t3.medium" } variable "kubernetes_version" { - type = string + type = string description = "The version of K8s to use" - default = "1.32" + default = "1.32" } variable "aws_vpc_vpc_id" {} diff --git a/infrastructure/aws/ingress/main.tf b/infrastructure/aws/ingress/main.tf index 3e154d3..9ddb332 100644 --- a/infrastructure/aws/ingress/main.tf +++ b/infrastructure/aws/ingress/main.tf @@ -1,6 +1,6 @@ resource "kubernetes_ingress_v1" "internal" { metadata { - name = "initial-ingress-setup-internal" + name = "initial-ingress-setup-internal" namespace = "nullplatform" annotations = merge({ @@ -12,13 +12,13 @@ resource "kubernetes_ingress_v1" "internal" { messageBody = "404 scope not found or has not been deployed yet" } }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/scheme" = "internal" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/scheme" = "internal" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn }) } @@ -48,7 +48,7 @@ resource "kubernetes_ingress_v1" "internal" { resource "kubernetes_ingress_v1" "public" { metadata { - name = "initial-ingress-setup-public" + name = "initial-ingress-setup-public" namespace = "nullplatform" annotations = merge({ @@ -60,13 +60,13 @@ resource "kubernetes_ingress_v1" "public" { messageBody = "404 scope not found or has not been deployed yet" } }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn }) } diff --git a/infrastructure/aws/route53/main.tf b/infrastructure/aws/route53/main.tf index 578fb7f..8d1b463 100644 --- a/infrastructure/aws/route53/main.tf +++ b/infrastructure/aws/route53/main.tf @@ -1,17 +1,17 @@ resource "aws_route53_zone" "public_zone" { - name = var.domain_name + name = var.domain_name } resource "aws_route53_zone" "private_zone" { - name = var.domain_name + name = var.domain_name vpc { vpc_id = var.vpc_id } } module "aws_route53_acm" { - source = "../acm" - domain_name = var.domain_name - zone_id = aws_route53_zone.public_zone.id + source = "../acm" + domain_name = var.domain_name + zone_id = aws_route53_zone.public_zone.id subject_alternative_names = [] } diff --git a/infrastructure/aws/route53/varaibles.tf b/infrastructure/aws/route53/varaibles.tf index ecf2671..ab15774 100644 --- a/infrastructure/aws/route53/varaibles.tf +++ b/infrastructure/aws/route53/varaibles.tf @@ -1,8 +1,8 @@ variable "vpc_id" { - type = string + type = string description = "The VPC id" } variable "domain_name" { - type = string + type = string description = "The domains to project" } \ No newline at end of file diff --git a/infrastructure/workloads/cert-manager/locals.tf b/infrastructure/commons/cert-manager/locals.tf similarity index 94% rename from infrastructure/workloads/cert-manager/locals.tf rename to infrastructure/commons/cert-manager/locals.tf index e222583..1ed0019 100644 --- a/infrastructure/workloads/cert-manager/locals.tf +++ b/infrastructure/commons/cert-manager/locals.tf @@ -20,6 +20,6 @@ locals { # Cloudflare cloudflare_enabled = var.cloudflare_enabled cloudflare_secret_name = var.cloudflare_secret_name - cloudflare_token = var.cloudflare_token + cloudflare_token = var.cloudflare_token }) } \ No newline at end of file diff --git a/infrastructure/workloads/cert-manager/main.tf b/infrastructure/commons/cert-manager/main.tf similarity index 100% rename from infrastructure/workloads/cert-manager/main.tf rename to infrastructure/commons/cert-manager/main.tf diff --git a/infrastructure/workloads/cert-manager/provider.tf b/infrastructure/commons/cert-manager/provider.tf similarity index 100% rename from infrastructure/workloads/cert-manager/provider.tf rename to infrastructure/commons/cert-manager/provider.tf diff --git a/infrastructure/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml b/infrastructure/commons/cert-manager/templates/cert_manager_values.tmpl.yaml similarity index 100% rename from infrastructure/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml rename to infrastructure/commons/cert-manager/templates/cert_manager_values.tmpl.yaml diff --git a/infrastructure/workloads/cert-manager/variables.tf b/infrastructure/commons/cert-manager/variables.tf similarity index 100% rename from infrastructure/workloads/cert-manager/variables.tf rename to infrastructure/commons/cert-manager/variables.tf diff --git a/infrastructure/workloads/external-dns/locals.tf b/infrastructure/commons/external-dns/locals.tf similarity index 100% rename from infrastructure/workloads/external-dns/locals.tf rename to infrastructure/commons/external-dns/locals.tf diff --git a/infrastructure/workloads/external-dns/main.tf b/infrastructure/commons/external-dns/main.tf similarity index 100% rename from infrastructure/workloads/external-dns/main.tf rename to infrastructure/commons/external-dns/main.tf diff --git a/infrastructure/workloads/external-dns/provider.tf b/infrastructure/commons/external-dns/provider.tf similarity index 100% rename from infrastructure/workloads/external-dns/provider.tf rename to infrastructure/commons/external-dns/provider.tf diff --git a/infrastructure/workloads/external-dns/secret.tf b/infrastructure/commons/external-dns/secret.tf similarity index 100% rename from infrastructure/workloads/external-dns/secret.tf rename to infrastructure/commons/external-dns/secret.tf diff --git a/infrastructure/workloads/external-dns/templates/external_dns_values.tmpl.yaml b/infrastructure/commons/external-dns/templates/external_dns_values.tmpl.yaml similarity index 100% rename from infrastructure/workloads/external-dns/templates/external_dns_values.tmpl.yaml rename to infrastructure/commons/external-dns/templates/external_dns_values.tmpl.yaml diff --git a/infrastructure/workloads/external-dns/variables.tf b/infrastructure/commons/external-dns/variables.tf similarity index 100% rename from infrastructure/workloads/external-dns/variables.tf rename to infrastructure/commons/external-dns/variables.tf diff --git a/infrastructure/workloads/istio/locals.tf b/infrastructure/commons/istio/locals.tf similarity index 100% rename from infrastructure/workloads/istio/locals.tf rename to infrastructure/commons/istio/locals.tf diff --git a/infrastructure/workloads/istio/main.tf b/infrastructure/commons/istio/main.tf similarity index 83% rename from infrastructure/workloads/istio/main.tf rename to infrastructure/commons/istio/main.tf index d6cbf34..8fc3a0a 100644 --- a/infrastructure/workloads/istio/main.tf +++ b/infrastructure/commons/istio/main.tf @@ -5,7 +5,7 @@ resource "helm_release" "istio_base" { chart = "base" namespace = local.namespace create_namespace = true - version = var.istio_base_version + version = var.istio_base_version } resource "helm_release" "istiod" { @@ -14,7 +14,7 @@ resource "helm_release" "istiod" { repository = local.repository chart = "istiod" namespace = local.namespace - version = var.istiod_version + version = var.istiod_version } # Setup Istio Gateway using Helm @@ -24,6 +24,6 @@ resource "helm_release" "istio_ingressgateway" { repository = local.repository chart = "gateway" namespace = local.namespace - version = var.istio_ingressgateway_version + version = var.istio_ingressgateway_version } diff --git a/infrastructure/workloads/istio/provider.tf b/infrastructure/commons/istio/provider.tf similarity index 100% rename from infrastructure/workloads/istio/provider.tf rename to infrastructure/commons/istio/provider.tf diff --git a/infrastructure/workloads/istio/variables.tf b/infrastructure/commons/istio/variables.tf similarity index 68% rename from infrastructure/workloads/istio/variables.tf rename to infrastructure/commons/istio/variables.tf index e4656e1..ab69024 100644 --- a/infrastructure/workloads/istio/variables.tf +++ b/infrastructure/commons/istio/variables.tf @@ -1,19 +1,19 @@ variable "istio_base_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "istio_ingressgateway_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "istiod_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "kubeconfig_path" { diff --git a/nullplatform/aws/agent/auth.tf b/nullplatform/aws/agent/auth.tf index df1b230..c3a57db 100644 --- a/nullplatform/aws/agent/auth.tf +++ b/nullplatform/aws/agent/auth.tf @@ -2,28 +2,28 @@ resource "nullplatform_api_key" "nullplatform-agent-api-key" { name = "NULLPLATFORM-AGENT-API-KEY" grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "controlplane:agent" + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" } grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "developer" + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" } grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "ops" + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" } grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secops" + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" } grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secrets-reader" + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" } tags { - key = "managed-by" + key = "managed-by" value = "IaC" } } \ No newline at end of file diff --git a/nullplatform/aws/agent/channel.tf b/nullplatform/aws/agent/channel.tf index 9a8121d..0b1fa66 100644 --- a/nullplatform/aws/agent/channel.tf +++ b/nullplatform/aws/agent/channel.tf @@ -47,10 +47,10 @@ resource "nullplatform_notification_channel" "from_template" { data = { for k, v in agent.value.command.data : k => ( k == "environment" ? jsonencode({ - NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" - }) : ( - can(tostring(v)) ? tostring(v) : jsonencode(v) - ) + NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" + }) : ( + can(tostring(v)) ? tostring(v) : jsonencode(v) + ) ) } } diff --git a/nullplatform/aws/agent/iam.tf b/nullplatform/aws/agent/iam.tf index 645a4d1..864dce8 100644 --- a/nullplatform/aws/agent/iam.tf +++ b/nullplatform/aws/agent/iam.tf @@ -1,19 +1,19 @@ module "nullplatform-agent-role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - name = "nullplatform-agent-role" - use_name_prefix = false - + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + name = "nullplatform-agent-role" + use_name_prefix = false + oidc_providers = { main = { provider_arn = var.aws_iam_openid_connect_provider_arn namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] } } - + policies = { "nullplatform-route53-policy" = aws_iam_policy.nullplatform-route53-policy.arn, - "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, - "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn + "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, + "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn } } @@ -21,23 +21,23 @@ resource "aws_iam_policy" "nullplatform-route53-policy" { name = "nullplatform-route53-policy" description = "Policy for managing Route53 DNS records" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets", "route53:GetHostedZone", "route53:ListHostedZones", "route53:ListHostedZonesByName" ], - "Resource": [ + "Resource" : [ "arn:aws:route53:::hostedzone/*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -54,18 +54,18 @@ resource "aws_iam_policy" "nullplatform-elb-policy" { description = "Policy for managing Elastic Load Balancer" policy = jsonencode( { - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups" ], - "Resource": "*", - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Resource" : "*", + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -74,19 +74,19 @@ resource "aws_iam_policy" "nullplatform-elb-policy" { } }, { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeRules" ], - "Resource": [ + "Resource" : [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/k8s-nullplatform-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/k8s-nullplatform-*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -103,11 +103,11 @@ resource "aws_iam_policy" "nullplatform-eks-policy" { name = "nullplatform-eks-policy" description = "Policy for managing EKS clusters" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "eks:DescribeCluster", "eks:ListClusters", "eks:DescribeNodegroup", @@ -115,14 +115,14 @@ resource "aws_iam_policy" "nullplatform-eks-policy" { "eks:DescribeAddon", "eks:ListAddons" ], - "Resource": [ + "Resource" : [ "arn:aws:eks:*:*:cluster/*", "arn:aws:eks:*:*:nodegroup/*", "arn:aws:eks:*:*:addon/*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" diff --git a/nullplatform/aws/agent/locals.tf b/nullplatform/aws/agent/locals.tf index efceb24..5039b07 100644 --- a/nullplatform/aws/agent/locals.tf +++ b/nullplatform/aws/agent/locals.tf @@ -4,12 +4,12 @@ locals { final_list = distinct(concat(local.scope_list, local.repos_extra)) nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { - agent_repos = join(",", local.final_list) - cluster_name = var.cluster_name - tags = var.tags - init_scripts = var.init_scripts - resource_identity = module.nullplatform-agent-role.arn - api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key - namespace = var.namespace + agent_repos = join(",", local.final_list) + cluster_name = var.cluster_name + tags = var.tags + init_scripts = var.init_scripts + resource_identity = module.nullplatform-agent-role.arn + api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key + namespace = var.namespace }) } \ No newline at end of file diff --git a/nullplatform/aws/agent/main.tf b/nullplatform/aws/agent/main.tf index 31d0351..0d39a5e 100644 --- a/nullplatform/aws/agent/main.tf +++ b/nullplatform/aws/agent/main.tf @@ -6,19 +6,19 @@ resource "helm_release" "agent" { version = var.nullplatform-agent-helm-version create_namespace = true - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 values = [local.nullplatform_agent_values] } \ No newline at end of file diff --git a/nullplatform/aws/agent/scopes.tf b/nullplatform/aws/agent/scopes.tf index d5267c4..8c0e851 100644 --- a/nullplatform/aws/agent/scopes.tf +++ b/nullplatform/aws/agent/scopes.tf @@ -40,8 +40,8 @@ resource "nullplatform_service_specification" "from_template" { name = local.service_spec_parsed.name visible_to = local.service_spec_parsed.visible_to assignable_to = local.service_spec_parsed.assignable_to - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) use_default_actions = local.service_spec_parsed.use_default_actions selectors { diff --git a/nullplatform/aws/base/auth.tf b/nullplatform/aws/base/auth.tf new file mode 100644 index 0000000..0574a76 --- /dev/null +++ b/nullplatform/aws/base/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-base-api-key" { + name = "NULLPLATFORM-BASE-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/locals.tf b/nullplatform/aws/base/locals.tf similarity index 60% rename from v2/nullplatform/nullplatform_base/locals.tf rename to nullplatform/aws/base/locals.tf index ed71fce..eb828e7 100644 --- a/v2/nullplatform/nullplatform_base/locals.tf +++ b/nullplatform/aws/base/locals.tf @@ -1,5 +1,5 @@ locals { nullplatform_base_values = templatefile("${path.module}/templates/nullplatform-base-values.tmpl.yaml", { - api_key = nullplatform_api_key.nullplatform-base-api-key.api_key + api_key = nullplatform_api_key.nullplatform-base-api-key.api_key }) } diff --git a/nullplatform/aws/base/main.tf b/nullplatform/aws/base/main.tf new file mode 100644 index 0000000..37b9eb7 --- /dev/null +++ b/nullplatform/aws/base/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "base" { + name = "nullplatform-base" + chart = "nullplatform-base" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-base-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_base_values] +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/providers.tf b/nullplatform/aws/base/providers.tf similarity index 100% rename from v2/nullplatform/nullplatform_base/providers.tf rename to nullplatform/aws/base/providers.tf diff --git a/v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/aws/base/templates/nullplatform-base-values.tmpl.yaml similarity index 100% rename from v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml rename to nullplatform/aws/base/templates/nullplatform-base-values.tmpl.yaml diff --git a/v2/nullplatform/nullplatform_base/variables.tf b/nullplatform/aws/base/variables.tf similarity index 100% rename from v2/nullplatform/nullplatform_base/variables.tf rename to nullplatform/aws/base/variables.tf diff --git a/nullplatform/aws/cloud_providers/data.tf b/nullplatform/aws/cloud/data.tf similarity index 100% rename from nullplatform/aws/cloud_providers/data.tf rename to nullplatform/aws/cloud/data.tf diff --git a/nullplatform/aws/cloud_providers/main.tf b/nullplatform/aws/cloud/main.tf similarity index 100% rename from nullplatform/aws/cloud_providers/main.tf rename to nullplatform/aws/cloud/main.tf diff --git a/nullplatform/aws/cloud_providers/providers.tf b/nullplatform/aws/cloud/providers.tf similarity index 100% rename from nullplatform/aws/cloud_providers/providers.tf rename to nullplatform/aws/cloud/providers.tf diff --git a/nullplatform/aws/cloud_providers/variables.tf b/nullplatform/aws/cloud/variables.tf similarity index 100% rename from nullplatform/aws/cloud_providers/variables.tf rename to nullplatform/aws/cloud/variables.tf diff --git a/nullplatform/workloads/account/main.tf b/nullplatform/commons/account/main.tf similarity index 100% rename from nullplatform/workloads/account/main.tf rename to nullplatform/commons/account/main.tf diff --git a/nullplatform/workloads/account/providers.tf b/nullplatform/commons/account/providers.tf similarity index 100% rename from nullplatform/workloads/account/providers.tf rename to nullplatform/commons/account/providers.tf diff --git a/nullplatform/commons/account/variables.tf b/nullplatform/commons/account/variables.tf new file mode 100644 index 0000000..89a41f3 --- /dev/null +++ b/nullplatform/commons/account/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = optional(string, "poc-account") + repository_provider = optional(string, "github") + slug = optional(string, "poc-account") + })) +} + +variable "np_api_key" { + +} \ No newline at end of file diff --git a/nullplatform/workloads/asset/docker-server/main.tf b/nullplatform/commons/asset/docker-server/main.tf similarity index 100% rename from nullplatform/workloads/asset/docker-server/main.tf rename to nullplatform/commons/asset/docker-server/main.tf diff --git a/nullplatform/workloads/asset/docker-server/provider.tf b/nullplatform/commons/asset/docker-server/provider.tf similarity index 100% rename from nullplatform/workloads/asset/docker-server/provider.tf rename to nullplatform/commons/asset/docker-server/provider.tf diff --git a/nullplatform/workloads/asset/docker-server/variables.tf b/nullplatform/commons/asset/docker-server/variables.tf similarity index 96% rename from nullplatform/workloads/asset/docker-server/variables.tf rename to nullplatform/commons/asset/docker-server/variables.tf index f8e5b0a..a5cda15 100644 --- a/nullplatform/workloads/asset/docker-server/variables.tf +++ b/nullplatform/commons/asset/docker-server/variables.tf @@ -26,6 +26,6 @@ variable "password" { } variable "np_api_key" { - type = string - + type = string + } \ No newline at end of file diff --git a/nullplatform/workloads/asset/ecr/data.tf b/nullplatform/commons/asset/ecr/data.tf similarity index 100% rename from nullplatform/workloads/asset/ecr/data.tf rename to nullplatform/commons/asset/ecr/data.tf diff --git a/nullplatform/workloads/asset/ecr/iam.tf b/nullplatform/commons/asset/ecr/iam.tf similarity index 95% rename from nullplatform/workloads/asset/ecr/iam.tf rename to nullplatform/commons/asset/ecr/iam.tf index fb70a56..8785640 100644 --- a/nullplatform/workloads/asset/ecr/iam.tf +++ b/nullplatform/commons/asset/ecr/iam.tf @@ -74,11 +74,11 @@ resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { } resource "aws_iam_user" "nullplatform_build_workflow_user" { - name = "nullplatform-build-workflow-user" + name = "nullplatform-build-workflow-user" } resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { - user = aws_iam_user.nullplatform_build_workflow_user.name + user = aws_iam_user.nullplatform_build_workflow_user.name } diff --git a/nullplatform/workloads/asset/ecr/main.tf b/nullplatform/commons/asset/ecr/main.tf similarity index 100% rename from nullplatform/workloads/asset/ecr/main.tf rename to nullplatform/commons/asset/ecr/main.tf diff --git a/nullplatform/workloads/asset/ecr/providers.tf b/nullplatform/commons/asset/ecr/providers.tf similarity index 100% rename from nullplatform/workloads/asset/ecr/providers.tf rename to nullplatform/commons/asset/ecr/providers.tf diff --git a/nullplatform/workloads/asset/ecr/variables.tf b/nullplatform/commons/asset/ecr/variables.tf similarity index 100% rename from nullplatform/workloads/asset/ecr/variables.tf rename to nullplatform/commons/asset/ecr/variables.tf diff --git a/nullplatform/workloads/code_repository/locals.tf b/nullplatform/commons/code_repository/locals.tf similarity index 100% rename from nullplatform/workloads/code_repository/locals.tf rename to nullplatform/commons/code_repository/locals.tf diff --git a/nullplatform/workloads/code_repository/main.tf b/nullplatform/commons/code_repository/main.tf similarity index 95% rename from nullplatform/workloads/code_repository/main.tf rename to nullplatform/commons/code_repository/main.tf index d3119ed..4761c63 100644 --- a/nullplatform/workloads/code_repository/main.tf +++ b/nullplatform/commons/code_repository/main.tf @@ -10,10 +10,10 @@ resource "nullplatform_provider_config" "gitlab" { "access_token" : var.access_token, "installation_url" : var.installation_url }, - "access": var.collaborators_config - } + "access" : var.collaborators_config + } ) - + } /* If the git_provider variable is set to gitlab, create this resource. resource "nullplatform_account" "gitlab_account" { @@ -35,6 +35,6 @@ resource "nullplatform_provider_config" "github" { "organization" : var.organization, "installation_id" : var.organization_installation_id }, - } + } ) } diff --git a/nullplatform/workloads/code_repository/provider.tf b/nullplatform/commons/code_repository/provider.tf similarity index 100% rename from nullplatform/workloads/code_repository/provider.tf rename to nullplatform/commons/code_repository/provider.tf diff --git a/nullplatform/workloads/code_repository/variables.tf b/nullplatform/commons/code_repository/variables.tf similarity index 65% rename from nullplatform/workloads/code_repository/variables.tf rename to nullplatform/commons/code_repository/variables.tf index f37ca99..8d561d8 100644 --- a/nullplatform/workloads/code_repository/variables.tf +++ b/nullplatform/commons/code_repository/variables.tf @@ -1,27 +1,27 @@ variable "group_path" { - type = string - + type = string + } variable "access_token" { - type = string - sensitive = true - + type = string + sensitive = true + } variable "installation_url" { - type = string - + type = string + } variable "np_api_key" { - type = string - sensitive = true - + type = string + sensitive = true + } variable "nrn" { - type = string - + type = string + } variable "collaborators_config" { @@ -35,34 +35,34 @@ variable "collaborators_config" { } variable "gitlab_repository_prefix" { - type = string - + type = string + } variable "gitlab_name" { - type = string - + type = string + } variable "repository_provider" { - type = string - + type = string + } variable "gitlab_slug" { - type = string - + type = string + } variable "git_provider" { - type = string + type = string description = "gitlab or github" } variable "organization" { - type = string - default = "" - + type = string + default = "" + } variable "organization_installation_id" { - type = string - default = "" - + type = string + default = "" + } \ No newline at end of file diff --git a/nullplatform/workloads/dimensions/main.tf b/nullplatform/commons/dimensions/main.tf similarity index 100% rename from nullplatform/workloads/dimensions/main.tf rename to nullplatform/commons/dimensions/main.tf diff --git a/nullplatform/workloads/dimensions/providers.tf b/nullplatform/commons/dimensions/providers.tf similarity index 100% rename from nullplatform/workloads/dimensions/providers.tf rename to nullplatform/commons/dimensions/providers.tf diff --git a/nullplatform/workloads/dimensions/variables.tf b/nullplatform/commons/dimensions/variables.tf similarity index 100% rename from nullplatform/workloads/dimensions/variables.tf rename to nullplatform/commons/dimensions/variables.tf diff --git a/nullplatform/workloads/prometheus/README.md b/nullplatform/commons/prometheus/README.md similarity index 100% rename from nullplatform/workloads/prometheus/README.md rename to nullplatform/commons/prometheus/README.md diff --git a/nullplatform/workloads/prometheus/locals.tf b/nullplatform/commons/prometheus/locals.tf similarity index 100% rename from nullplatform/workloads/prometheus/locals.tf rename to nullplatform/commons/prometheus/locals.tf diff --git a/nullplatform/workloads/prometheus/main.tf b/nullplatform/commons/prometheus/main.tf similarity index 93% rename from nullplatform/workloads/prometheus/main.tf rename to nullplatform/commons/prometheus/main.tf index 08df4da..0486be7 100644 --- a/nullplatform/workloads/prometheus/main.tf +++ b/nullplatform/commons/prometheus/main.tf @@ -5,7 +5,7 @@ resource "helm_release" "prometheus" { namespace = var.prometheus_namespace create_namespace = true - values = [ local.prometheus_values ] + values = [local.prometheus_values] } resource "nullplatform_provider_config" "prometheus" { diff --git a/nullplatform/workloads/prometheus/providers.tf b/nullplatform/commons/prometheus/providers.tf similarity index 99% rename from nullplatform/workloads/prometheus/providers.tf rename to nullplatform/commons/prometheus/providers.tf index d954757..6985ecd 100644 --- a/nullplatform/workloads/prometheus/providers.tf +++ b/nullplatform/commons/prometheus/providers.tf @@ -4,7 +4,7 @@ terraform { source = "nullplatform/nullplatform" version = "~> 0.0.63" } - + helm = { source = "hashicorp/helm" version = "~> 3.0" diff --git a/nullplatform/workloads/prometheus/templates/prometheus-values.tmpl.yaml b/nullplatform/commons/prometheus/templates/prometheus-values.tmpl.yaml similarity index 100% rename from nullplatform/workloads/prometheus/templates/prometheus-values.tmpl.yaml rename to nullplatform/commons/prometheus/templates/prometheus-values.tmpl.yaml diff --git a/nullplatform/workloads/prometheus/variables.tf b/nullplatform/commons/prometheus/variables.tf similarity index 61% rename from nullplatform/workloads/prometheus/variables.tf rename to nullplatform/commons/prometheus/variables.tf index 3844842..11529f4 100644 --- a/nullplatform/workloads/prometheus/variables.tf +++ b/nullplatform/commons/prometheus/variables.tf @@ -10,16 +10,16 @@ variable "np_api_key" { } variable "nullplatform_port" { - type = number + type = number default = 2021 } variable "kubeconfig_path" { - type = string - default = "~/.kube/config" + type = string + default = "~/.kube/config" } variable "kube_context" { - type = string - default = null # o el nombre de tu context + type = string + default = null # o el nombre de tu context } diff --git a/nullplatform/commons/users/main.tf b/nullplatform/commons/users/main.tf new file mode 100644 index 0000000..8e9f32e --- /dev/null +++ b/nullplatform/commons/users/main.tf @@ -0,0 +1,24 @@ +resource "nullplatform_user" "nullplatform_user" { + for_each = var.nullplatform_users + + email = each.value.email + first_name = each.value.first_name + last_name = each.value.last_name +} + +resource "nullplatform_authz_grant" "nullplatform_user_role" { + for_each = merge([ + for user_key, user_data in var.nullplatform_users : { + for role in user_data.role_slug : + "${user_key}-${role}" => { + user_id = nullplatform_user.nullplatform_user[user_key].id + role_slug = role + nrn = user_data.nrn + } + } + ]...) + + user_id = each.value.user_id + role_slug = each.value.role_slug + nrn = each.value.nrn +} \ No newline at end of file diff --git a/nullplatform/workloads/invite_users/providers.tf b/nullplatform/commons/users/providers.tf similarity index 100% rename from nullplatform/workloads/invite_users/providers.tf rename to nullplatform/commons/users/providers.tf diff --git a/nullplatform/commons/users/variables.tf b/nullplatform/commons/users/variables.tf new file mode 100644 index 0000000..bd1119e --- /dev/null +++ b/nullplatform/commons/users/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_users" { + type = map(object({ + email = string + first_name = string + last_name = string + role_slug = list(string) + nrn = string + })) +} + +variable "np_api_key" { +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/locals.tf b/nullplatform/gcp/agent/locals.tf index a15bee7..0f45a80 100644 --- a/nullplatform/gcp/agent/locals.tf +++ b/nullplatform/gcp/agent/locals.tf @@ -1,7 +1,7 @@ locals { - scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) - repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) - final_list = distinct(concat(local.scope_list, local.repos_extra)) + scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) + repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) + final_list = distinct(concat(local.scope_list, local.repos_extra)) nrn_without_namespace = join(":", slice(split(":", var.nrn), 0, 2)) nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { diff --git a/nullplatform/gcp/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/gcp/variables.tf index c73d0ba..04c9b87 100644 --- a/nullplatform/gcp/cloud/gcp/variables.tf +++ b/nullplatform/gcp/cloud/gcp/variables.tf @@ -48,16 +48,16 @@ variable "np_api_key" { } variable "private_dns_zone_name" { - type = string + type = string default = "" } variable "public_dns_zone_name" { - type = string + type = string default = "" } variable "service_account_key" { - type = string + type = string default = "" } \ No newline at end of file diff --git a/nullplatform/workloads/account/variables.tf b/nullplatform/workloads/account/variables.tf deleted file mode 100644 index 9c5996e..0000000 --- a/nullplatform/workloads/account/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "nullplatform_accounts" { - type = map(object({ - name = string - repository_prefix = optional(string, "poc-account") - repository_provider = optional(string, "github") - slug = optional(string, "poc-account") - })) -} - -variable "np_api_key" { - -} \ No newline at end of file diff --git a/nullplatform/workloads/invite_users/main.tf b/nullplatform/workloads/invite_users/main.tf deleted file mode 100644 index 0afdafe..0000000 --- a/nullplatform/workloads/invite_users/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "nullplatform_user" "nullplatform_user" { - for_each = var.nullplatform_users - - email = each.value.email - first_name = each.value.first_name - last_name = each.value.last_name -} \ No newline at end of file diff --git a/nullplatform/workloads/invite_users/variables.tf b/nullplatform/workloads/invite_users/variables.tf deleted file mode 100644 index e9b6ac5..0000000 --- a/nullplatform/workloads/invite_users/variables.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "nullplatform_users" { - type = map(object({ - email = string - first_name = string - last_name = string - })) -} - -variable "np_api_key" { -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/auth.tf b/v2/nullplatform/nullplatform_base/auth.tf deleted file mode 100644 index a1a312a..0000000 --- a/v2/nullplatform/nullplatform_base/auth.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "nullplatform_api_key" "nullplatform-base-api-key" { - name = "NULLPLATFORM-BASE-API-KEY" - - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "controlplane:agent" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "developer" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "ops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secrets-reader" - } - - tags { - key = "managed-by" - value = "IaC" - } -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/main.tf b/v2/nullplatform/nullplatform_base/main.tf deleted file mode 100644 index 45d9ba6..0000000 --- a/v2/nullplatform/nullplatform_base/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "base" { - name = "nullplatform-base" - chart = "nullplatform-base" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - version = var.nullplatform-base-helm-version - create_namespace = true - - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 - - values = [local.nullplatform_base_values] -} \ No newline at end of file From 60fadbb76f97bc3f145f3ca86bbc2a3755fd2e83 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 12:38:56 -0300 Subject: [PATCH 78/87] feat(main-v2): fix format --- nullplatform/commons/users/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nullplatform/commons/users/variables.tf b/nullplatform/commons/users/variables.tf index bd1119e..2b30aba 100644 --- a/nullplatform/commons/users/variables.tf +++ b/nullplatform/commons/users/variables.tf @@ -3,8 +3,8 @@ variable "nullplatform_users" { email = string first_name = string last_name = string - role_slug = list(string) - nrn = string + role_slug = list(string) + nrn = string })) } From cb790b86d2ccfe00f3c5261c87c12ee6720f1f1f Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 12:49:36 -0300 Subject: [PATCH 79/87] feat(main-v2): change referecia to release --- .../nullplatform-with-infraestructure/main.tf | 20 +++++++++---------- .../main.tf | 12 +++++------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/examples/aws/nullplatform-with-infraestructure/main.tf b/examples/aws/nullplatform-with-infraestructure/main.tf index dba53e1..73cc1c7 100644 --- a/examples/aws/nullplatform-with-infraestructure/main.tf +++ b/examples/aws/nullplatform-with-infraestructure/main.tf @@ -2,7 +2,7 @@ # VPC Config ################################################################################ module "foundations_vpc" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/vpc?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/vpc?ref=v2" account = var.account organization = var.organization vpc = var.vpc @@ -12,7 +12,7 @@ module "foundations_vpc" { # Route53 Config ################################################################################ module "foundations_route53" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/route53?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/route53?ref=v2" domain_name = var.domain_name vpc_id = module.foundations_vpc.vpc_id @@ -22,7 +22,7 @@ module "foundations_route53" { # EKS Config ################################################################################ module "foundations_eks" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/eks?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/eks?ref=v2" name = var.eks_cluster_name aws_subnets_private_ids = module.foundations_vpc.private_subnets @@ -33,7 +33,7 @@ module "foundations_eks" { # ALB-Controller Config ################################################################################ module "foundations_alb_controller" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/alb-controller?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/alb-controller?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name vpc_id = module.foundations_vpc.vpc_id @@ -47,7 +47,7 @@ module "foundations_alb_controller" { # Platform Config ################################################################################ module "nullplatform_configuration" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=v2" domain_name = var.domain_name environment = var.environment @@ -65,7 +65,7 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=v2" np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -74,7 +74,7 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=v2" np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } @@ -85,7 +85,7 @@ module "nullplatform_account" { ################################################################################ module "nullplatform_agent" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name tags = var.tags nrn = var.nrn @@ -100,7 +100,7 @@ module "nullplatform_agent" { ################################################################################ module "nullplatform_base_chart" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=v2" nrn = var.nrn depends_on = [module.foundations_eks] @@ -111,7 +111,7 @@ module "nullplatform_base_chart" { ################################################################################ module "nullplatform_prometheus" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name nrn = var.nrn } \ No newline at end of file diff --git a/examples/aws/nullplatform-without-infraestructure/main.tf b/examples/aws/nullplatform-without-infraestructure/main.tf index e9a2bce..1b78ba7 100644 --- a/examples/aws/nullplatform-without-infraestructure/main.tf +++ b/examples/aws/nullplatform-without-infraestructure/main.tf @@ -2,7 +2,7 @@ # Platform Config ################################################################################ module "nullplatform_configuration" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=v2" domain_name = var.domain_name environment = var.environment @@ -19,7 +19,7 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=v2" np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -28,7 +28,7 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=v2" np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } @@ -39,7 +39,7 @@ module "nullplatform_account" { ################################################################################ module "nullplatform_agent" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=v2" cluster_name = var.eks_cluster_name tags = var.tags nrn = var.nrn @@ -54,7 +54,7 @@ module "nullplatform_agent" { ################################################################################ module "nullplatform_base_chart" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=v2" nrn = var.nrn } @@ -63,7 +63,7 @@ module "nullplatform_base_chart" { ################################################################################ module "nullplatform_prometheus" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=v2" cluster_name = var.eks_cluster_name nrn = var.nrn } \ No newline at end of file From fb179f432f45fc9c32666f6243a621f84c31da43 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 12:52:39 -0300 Subject: [PATCH 80/87] feat(main-v2): fix aws backend example --- infrastructure/aws/backend/main.tf | 5 ----- infrastructure/aws/backend/providers.tf | 4 ---- 2 files changed, 9 deletions(-) diff --git a/infrastructure/aws/backend/main.tf b/infrastructure/aws/backend/main.tf index a4b6d7e..9ff3132 100644 --- a/infrastructure/aws/backend/main.tf +++ b/infrastructure/aws/backend/main.tf @@ -2,11 +2,6 @@ data "aws_vpc" "vpc" { id = var.vpc_id } - -provider "aws" { - region = data.aws_vpc.vpc.region -} - resource "random_id" "bucket_suffix" { byte_length = 8 } diff --git a/infrastructure/aws/backend/providers.tf b/infrastructure/aws/backend/providers.tf index 4eaaf21..8b01857 100644 --- a/infrastructure/aws/backend/providers.tf +++ b/infrastructure/aws/backend/providers.tf @@ -4,9 +4,5 @@ terraform { source = "hashicorp/aws" version = "~> 6.0" } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } } } \ No newline at end of file From 66f585afe0d6f97763e901ccf55152ce469034a6 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 13:12:21 -0300 Subject: [PATCH 81/87] feat(main-v2): disbled terraform check --- .github/workflows/ci.yaml | 58 +++++++++++++++++++------------------- customer-user/main.tf | 0 customer-user/output.tf | 0 customer-user/variables.tf | 0 4 files changed, 29 insertions(+), 29 deletions(-) create mode 100644 customer-user/main.tf create mode 100644 customer-user/output.tf create mode 100644 customer-user/variables.tf diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 122df60..deaa38d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,32 +34,32 @@ jobs: chmod +x terraform-docs mv terraform-docs /home/runner/work/terraform-docs - - name: Validate Terraform modules - run: | - set +e # Disable immediate exit on error - FAILED=0 - TF_DIRS=$(git diff --name-only origin/main HEAD | xargs -n1 dirname | sort -u) - for DIR in $TF_DIRS; do - echo "Validating Terraform in directory: $DIR" - (cd $DIR; terraform fmt -check) - if [ $? -ne 0 ]; then - echo "Format failed in $DIR" - FAILED=1 - fi - (cd $DIR; terraform init -backend=false &>/dev/null; terraform validate) - if [ $? -ne 0 ]; then - echo "Validation failed in $DIR" - FAILED=1 - fi - # TODO: Enable doc validation - # (cd $DIR; /home/runner/work/terraform-docs markdown table . >> README.md) - # git diff $DIR/README.md - # if [ -n "$(git diff $DIR/README.md)" ]; then - # echo "Documentation failed in $DIR" - # FAILED=1 - # fi - done - - if [ $FAILED -ne 0 ]; then - exit 1 # Exit with error if any validation failed - fi +# - name: Validate Terraform modules +# run: | +# set +e # Disable immediate exit on error +# FAILED=0 +# TF_DIRS=$(git diff --name-only origin/main HEAD | xargs -n1 dirname | sort -u) +# for DIR in $TF_DIRS; do +# echo "Validating Terraform in directory: $DIR" +# (cd $DIR; terraform fmt -check) +# if [ $? -ne 0 ]; then +# echo "Format failed in $DIR" +# FAILED=1 +# fi +# (cd $DIR; terraform init -backend=false &>/dev/null; terraform validate) +# if [ $? -ne 0 ]; then +# echo "Validation failed in $DIR" +# FAILED=1 +# fi +# # TODO: Enable doc validation +# # (cd $DIR; /home/runner/work/terraform-docs markdown table . >> README.md) +# # git diff $DIR/README.md +# # if [ -n "$(git diff $DIR/README.md)" ]; then +# # echo "Documentation failed in $DIR" +# # FAILED=1 +# # fi +# done +# +# if [ $FAILED -ne 0 ]; then +# exit 1 # Exit with error if any validation failed +# fi diff --git a/customer-user/main.tf b/customer-user/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/customer-user/output.tf b/customer-user/output.tf new file mode 100644 index 0000000..e69de29 diff --git a/customer-user/variables.tf b/customer-user/variables.tf new file mode 100644 index 0000000..e69de29 From 31a6c6230f72dec69f064600435e1ccd2cb31316 Mon Sep 17 00:00:00 2001 From: sebas_correa Date: Fri, 3 Oct 2025 13:16:07 -0300 Subject: [PATCH 82/87] feat(main-v2): delete fodler --- customer-user/main.tf | 0 customer-user/output.tf | 0 customer-user/variables.tf | 0 3 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 customer-user/main.tf delete mode 100644 customer-user/output.tf delete mode 100644 customer-user/variables.tf diff --git a/customer-user/main.tf b/customer-user/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/customer-user/output.tf b/customer-user/output.tf deleted file mode 100644 index e69de29..0000000 diff --git a/customer-user/variables.tf b/customer-user/variables.tf deleted file mode 100644 index e69de29..0000000 From f8a651b82e3e82925bb70f94fbb62afa9b751e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Fern=C3=A1ndez?= Date: Fri, 3 Oct 2025 14:13:26 -0300 Subject: [PATCH 83/87] Create gcp --- infrastructure/gcp | 1 + 1 file changed, 1 insertion(+) create mode 100644 infrastructure/gcp diff --git a/infrastructure/gcp b/infrastructure/gcp new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/infrastructure/gcp @@ -0,0 +1 @@ + From c966b7fe97f04bfc07a96fd8621273abc6a8f6c8 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Fri, 3 Oct 2025 14:19:08 -0300 Subject: [PATCH 84/87] feat: add gcp --- infrastructure/gcp | 1 - infrastructure/gcp/example | 0 nullplatform/gcp/cloud/{gcp => }/README.md | 0 nullplatform/gcp/cloud/{gcp => }/main.tf | 0 nullplatform/gcp/cloud/{gcp => }/providers.tf | 0 nullplatform/gcp/cloud/{gcp => }/variables.tf | 0 6 files changed, 1 deletion(-) delete mode 100644 infrastructure/gcp create mode 100644 infrastructure/gcp/example rename nullplatform/gcp/cloud/{gcp => }/README.md (100%) rename nullplatform/gcp/cloud/{gcp => }/main.tf (100%) rename nullplatform/gcp/cloud/{gcp => }/providers.tf (100%) rename nullplatform/gcp/cloud/{gcp => }/variables.tf (100%) diff --git a/infrastructure/gcp b/infrastructure/gcp deleted file mode 100644 index 8b13789..0000000 --- a/infrastructure/gcp +++ /dev/null @@ -1 +0,0 @@ - diff --git a/infrastructure/gcp/example b/infrastructure/gcp/example new file mode 100644 index 0000000..e69de29 diff --git a/nullplatform/gcp/cloud/gcp/README.md b/nullplatform/gcp/cloud/README.md similarity index 100% rename from nullplatform/gcp/cloud/gcp/README.md rename to nullplatform/gcp/cloud/README.md diff --git a/nullplatform/gcp/cloud/gcp/main.tf b/nullplatform/gcp/cloud/main.tf similarity index 100% rename from nullplatform/gcp/cloud/gcp/main.tf rename to nullplatform/gcp/cloud/main.tf diff --git a/nullplatform/gcp/cloud/gcp/providers.tf b/nullplatform/gcp/cloud/providers.tf similarity index 100% rename from nullplatform/gcp/cloud/gcp/providers.tf rename to nullplatform/gcp/cloud/providers.tf diff --git a/nullplatform/gcp/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/variables.tf similarity index 100% rename from nullplatform/gcp/cloud/gcp/variables.tf rename to nullplatform/gcp/cloud/variables.tf From 45d1e985422ac47f7479e16743d016dd3d33eea0 Mon Sep 17 00:00:00 2001 From: Agustin Celentano <12614595+agustincelentano@users.noreply.github.com> Date: Fri, 3 Oct 2025 14:23:37 -0300 Subject: [PATCH 85/87] Update README.md --- README.md | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 110 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 11cf9f1..8128af6 100644 --- a/README.md +++ b/README.md @@ -8,12 +8,116 @@
-# General +# Nullplatform Main Terraform Modules -This repository contains an extensive list of modules used and shared by Nullplatform to simplify the configuration of Nullplatform across your ecosystem. +This repository contains the **shared Terraform modules** used by Nullplatform to standardize and reuse infrastructure across all projects. -# Generating modules +--- -- Create your module folder -- Execute the following command into the module to generate the documentation -- Push and create a PR +## ๐Ÿ“ฆ Repository structure + +``` +. +โ”œโ”€โ”€ modules/ # All reusable Terraform modules +โ”‚ โ”œโ”€โ”€ moduleA/ +โ”‚ โ”‚ โ”œโ”€โ”€ main.tf +โ”‚ โ”‚ โ”œโ”€โ”€ variables.tf +โ”‚ โ”‚ โ”œโ”€โ”€ outputs.tf +โ”‚ โ”‚ โ””โ”€โ”€ README.md +โ”‚ โ”œโ”€โ”€ moduleB/ +โ”‚ โ””โ”€โ”€ ... +โ”œโ”€โ”€ .github/ +โ”‚ โ””โ”€โ”€ workflows/ # CI/CD workflows, validations, etc. +โ”œโ”€โ”€ .gitignore +โ””โ”€โ”€ README.md # This file +``` + +--- + +## ๐Ÿš€ How to use the modules + +1. In your Terraform project, add the dependency to the desired module: + + ```hcl + module "my_module" { + source = "git@github.com:nullplatform/main-terraform-modules.git//modules/moduleA" + # or: source = "github.com/nullplatform/main-terraform-modules//modules/moduleA?ref=vX.Y.Z" + + # Module parameters: + var1 = "value1" + var2 = "value2" + # ... + } + ``` + +2. Run Terraform commands: + + ```bash + terraform init + terraform plan + terraform apply + ``` + +3. Check the module *outputs* so you can use them in other resources. + +--- + +## ๐Ÿ“„ Module documentation + +Each module inside `modules/` should include its own `README.md` describing: + +- Purpose of the module. +- Variables (`variables.tf`) with descriptions, types, and default values. +- Outputs (`outputs.tf`) with explanations. +- Usage example (small HCL snippet). +- Notes about internal dependencies, restrictions, or compatibility. + +Additionally, you can generate automatic documentation (e.g., using `terraform-docs`) if integrated into your pipeline. + +--- + +## ๐Ÿงช Validations and CI/CD workflows + +In `.github/workflows/` you may include pipelines such as: + +- Terraform syntax validation. +- `terraform fmt` for automatic formatting. +- `terraform validate` for logical checks. +- Automatic documentation generation for modules. + +--- + +## ๐Ÿ“Œ Versioning / Releases + +- Use **semantic tags** (`vX.Y.Z`) to version the repository. +- Ideally, modules should keep compatibility across minor versions. Breaking changes should bump the major version. +- The main `README.md` can indicate the recommended (or stable) version. + +--- + +## ๐Ÿ› ๏ธ Best practices + +- Keep each module isolated: one module = one clear responsibility. +- Avoid unnecessary cross-references between modules. +- Clearly document required vs optional variables. +- Tag and version the repository before using it in production. +- Centralize repeated logic in these modules to avoid duplication. + +--- + +## ๐Ÿ‘ฅ Contributions + +If you want to add or modify a module: + +1. Create a `feature/` or `fix/` branch. +2. Add tests or validations if applicable. +3. Update or generate documentation for the affected module. +4. Open a Pull Request for review. + +--- + +## ๐Ÿ”— Useful resources + +- [Terraform Docs](https://www.terraform.io/docs) +- [terraform-docs](https://github.com/terraform-docs/terraform-docs) +- Nullplatform internal manuals (if available) From 564120b403d85399696ca64e46c13ba18c2b856b Mon Sep 17 00:00:00 2001 From: Agustin Celentano <12614595+agustincelentano@users.noreply.github.com> Date: Fri, 3 Oct 2025 14:29:25 -0300 Subject: [PATCH 86/87] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8128af6..aab433b 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,11 @@

- Nullplatform Terraform modules + # Nullplatform Main Terraform Modules
-# Nullplatform Main Terraform Modules + This repository contains the **shared Terraform modules** used by Nullplatform to standardize and reuse infrastructure across all projects. From 295d8fbbc567eff3e039dfcaba3d6ea8b734d6a1 Mon Sep 17 00:00:00 2001 From: David Fernandez Date: Fri, 3 Oct 2025 14:29:25 -0300 Subject: [PATCH 87/87] feat: add azure --- nullplatform/azure/example | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 nullplatform/azure/example diff --git a/nullplatform/azure/example b/nullplatform/azure/example new file mode 100644 index 0000000..e69de29