jlengrand/engine
1
0
Fork 0
mirror of https://github.com/jlengrand/engine.git synced 2026-03-10 08:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: adding externaldns support for DO

Browse Source
This commit is contained in:
Pierre Mavro
2020-12-03 12:06:23 +01:00
committed by Pierre Mavro
parent d7d13d9985
commit 534cbd8926
14 changed files with 710 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@@ -1724,6 +1724,7 @@ dependencies = [
"dirs 3.0.1",
"dns-lookup",
"flate2",
"futures 0.3.7",
"gethostname",
"git2",
"itertools",

572
lib/digitalocean/bootstrap/chart_values/external-dns.j2.yaml Normal file
View File

@@ -0,0 +1,572 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
## Bitnami external-dns image version
## ref: https://hub.docker.com/r/bitnami/external-dns/tags/
##
image:
registry: docker.io
repository: bitnami/external-dns
tag: 0.7.3-debian-10-r20
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## String to partially override external-dns.fullname template (will maintain the release name)
# nameOverride:
## String to fully override external-dns.fullname template
# fullnameOverride:
## K8s resources type to be observed for new DNS entries by ExternalDNS
##
sources:
# - crd
- service
- ingress
## DNS provider where the DNS records will be created. Available providers are:
## - alibabacloud, aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136, transip
##
provider: {{ external_dns_provider }}
## Flags related to processing sources
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272
##
## Limit sources of endpoints to a specific namespace (default: all namespaces)
##
namespace: ""
## Templated strings that are used to generate DNS names from sources that don't define a hostname themselves
##
fqdnTemplates: []
## Combine FQDN template and annotations instead of overwriting
##
combineFQDNAnnotation: false
## Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set
##
ignoreHostnameAnnotation: false
## Allow external-dns to publish DNS records for ClusterIP services
##
publishInternalServices: false
## Allow external-dns to publish host-ip for headless services
##
publishHostIP: false
## The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)
##
serviceTypeFilter: []
## Alibaba cloud configuration to be set via arguments/env. variables
##
alibabacloud:
## These will be added to /etc/kubernetes/alibaba-cloud.json via secret
accessKeyId: ""
accessKeySecret: ""
regionId: ""
## Use an existing secret with key "alibaba-cloud.json" defined.
## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret
##
# secretName:
## Zone Filter. Available values are: public, private, or no value for both
##
zoneType: ""
## AWS configuration to be set via arguments/env. variables
##
aws:
## AWS credentials
##
credentials:
secretKey: ""
accessKey: ""
## pre external-dns 0.5.9 home dir should be `/root/.aws`
##
mountPath: "/.aws"
## Use an existing secret with key "credentials" defined.
## This ignores aws.credentials.secretKey, and aws.credentials.accessKey
##
# secretName:
## AWS region
##
region: "us-east-1"
## Zone Filter. Available values are: public, private
##
zoneType: ""
## AWS Role to assume
##
assumeRoleArn: ""
## Maximum number of changes that will be applied in each batch
##
batchChangeSize: 1000
## Zone Tag Filter
##
zoneTags: []
## Enable AWS Prefer CNAME. Available values are: true, false
##
preferCNAME: ""
## Enable AWS evaluation of target health. Available values are: true, false
##
evaluateTargetHealth: ""
## Azure configuration to be set via arguments/env. variables
##
azure:
## When a secret to load azure.json is not specified,
## the host's /etc/kubernetes/azure.json will be used
##
## Deprecated: please use tenantId, subscriptionId, aadClientId and aadClientSecret values instead.
##
secretName: ""
## Azure resource group to use
##
cloud: ""
## Azure Cloud to use
##
resourceGroup: ""
## Azure tenant ID to use
##
tenantId: ""
## Azure subscription ID to use
##
subscriptionId: ""
## Azure Application Client ID to use
##
aadClientId: ""
## Azure Application Client Secret to use
##
aadClientSecret: ""
## If you use Azure MSI, this should be set to true
##
useManagedIdentityExtension: false
## Cloudflare configuration to be set via arguments/env. variables
##
{% if external_dns_provider == "cloudflare" %}
cloudflare:
## `CF_API_TOKEN` to set in the environment
##
apiToken: "{{ cloudflare_api_token }}"
## `CF_API_KEY` to set in the environment
##
apiKey: ""
## Use an existing secret with keys "cloudflare_api_token" or "cloudflare_api_key" defined.
## This ignores cloudflare.apiToken, and cloudflare.apiKey
##
# secretName:
## `CF_API_EMAIL` to set in the environment
##
email: "{{ cloudflare_email }}"
## Enable the proxy feature of Cloudflare
##
proxied: {{ cloudflare_proxied|default(value="false") }}
{% endif %}
## CoreDNS configuration to be set via arguments/env variables
##
coredns:
## Comma-separated list of the etcd endpoints
## Secure (https) endpoints can be used as well, in that case `etcdTLS` section
## should be filled in accordingly
##
etcdEndpoints: "https://etcd-extdns:2379"
## Configuration of the secure communication and client authentication to the etcd cluster
## If enabled all the values under this key must hold a valid data
##
etcdTLS:
## Enable or disable secure communication and client authentication to the etcd cluster
##
enabled: true
## Name of the existing secret containing cert files for client communication
## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
## ref (secret creation):
## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication
##
secretName: "etcd-client-certs"
## Location of the mounted certificates inside external-dns pod
##
mountPath: "/etc/coredns/tls/etcd"
## CA PEM file used to sign etcd TLS cert, should exist in the secret provided above
##
caFilename: "ca.crt"
## Certificate PEM file, should exist in the secret provided above
## Will be used by external-dns to authenticate against etcd
##
certFilename: "cert.pem"
## Private key PEM file, should exist in the secret provided above
## Will be used by external-dns to authenticate against etcd
##
keyFilename: "key.pem"
## OpenStack Designate provider configuration to be set via arguments/env. variables
##
designate:
## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret
## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument
##
# username: "someuser"
# password: "p@55w0rd"
# authUrl: "https://mykeystone.example.net:5000/v3/"
# regionName: "dev"
# userDomainName: "development"
# projectName: "myteamname"
## Use a host path custom CA (optional)
## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath
##
# customCAHostPath: /path/to/cafile
## Use a custom CA (optional)
##
customCA:
enabled: false
## The content of the custom CA file
##
content: ""
## Location to mount custom CA
##
mountPath: "/config/designate"
## Custom CA filename
##
filename: "designate-ca.pem"
## DigitalOcean configuration to be set via arguments/env. variables
##
digitalocean:
## `DO_TOKEN` to set in the environment
##
apiToken: ""
## Use an existing secret with key "digitalocean_api_token" defined.
## This ignores digitalocean.apiToken
##
# secretName:
## Google configuration to be set via arguments/env. variables
##
google:
## Google Project to use
##
project: ""
## Google Application Credentials
##
serviceAccountSecret: ""
serviceAccountSecretKey: "credentials.json"
serviceAccountKey: ""
## OVH configuration to be set via arguments/env. variables
##
ovh:
consumerKey: ""
applicationKey: ""
applicationSecret: ""
## Infoblox configuration to be set via arguments/env. variables
##
infoblox:
## Required keys
##
wapiUsername: "admin"
wapiPassword: ""
gridHost: ""
view: ""
## Optional keys
##
domainFilter: ""
noSslVerify: false
wapiPort: ""
wapiVersion: ""
wapiConnectionPoolSize: ""
wapiHttpTimeout: ""
## RFC 2136 configuration to be set via arguments/env. variables
##
rfc2136:
host: ""
port: 53
zone: ""
tsigSecret: ""
tsigSecretAlg: hmac-sha256
tsigKeyname: externaldns-key
tsigAxfr: true
## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
minTTL: "0s"
## PowerDNS configuration to be set via arguments/env. variables
##
pdns:
apiUrl: ""
apiPort: "8081"
apiKey: ""
## Use an external secret where pdns_api_key is defined
##
# secretName: ""
## TransIP configuration to be set via arguments/env. variables
##
transip:
## Account name to be used
##
account: ""
##
## API key that is authorised for the account
apiKey: ""
## VinylDNS configuration to be set via arguments/env. variables
##
vinyldns:
host: ""
accessKey: ""
secretKey: ""
## Limit possible target zones by domain suffixes (optional)
##
domainFilters: {{ managed_dns_domains_helm_format }}
## Exclude subdomains (optional)
##
excludeDomains: []
## Limit possible target zones by zone id (optional)
##
zoneIdFilters: []
## Filter sources managed by external-dns via annotation using label selector semantics (optional)
##
annotationFilter: ""
## When enabled, prints DNS record changes rather than actually performing them
##
dryRun: false
## Adjust the interval for DNS updates
##
interval: "1m"
## When enabled, triggers run loop on create/update/delete events (optional, in addition of regular interval)
##
triggerLoopOnEvent: true
## Verbosity of the ExternalDNS logs. Available values are:
## - panic, debug, info, warn, error, fatal
##
logLevel: info
## Formats of the ExternalDNS logs. Available values are:
## - text, json
##
logFormat: text
## Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only)
##
policy: sync
## Registry Type. Available types are: txt, noop
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md
##
registry: "txt"
## TXT Registry Identifier
##
txtOwnerId: "{{ oks_cluster_id }}"
## Prefix to create a TXT record with a name following the pattern prefix.<CNAME record>
##
txtPrefix: "qvy-{{ oks_cluster_id }}-"
## Extra Arguments to passed to external-dns
##
extraArgs: {}
## Extra env. variable to set on external-dns container.
##
## extraEnv:
## - name: VARNAME1
## value: value1
## - name: VARNAME2
## valueFrom:
## secretKeyRef:
## name: existing-secret
## key: varname2-key
extraEnv: []
## Replica count
##
replicas: 1
## Affinity for pod assignment (this value is evaluated as a template)
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment (this value is evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
##
nodeSelector: {}
## Tolerations for pod assignment (this value is evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
##
tolerations: []
## Annotations for external-dns pods
##
podAnnotations: {}
## Additional labels for the pod(s).
##
podLabels: {}
## Pod priority class name
##
priorityClassName: ""
## Options for the source type "crd"
##
crd:
## Install and use the integrated DNSEndpoint CRD
create: false
## Change these to use an external DNSEndpoint CRD (E.g. from kubefed)
apiversion: ""
kind: ""
## Kubernetes svc configutarion
##
service:
## Kubernetes svc type
##
type: ClusterIP
port: 7979
## Specify the nodePort value for the LoadBalancer and NodePort service types for the client port
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Static clusterIP or None for headless services
##
# clusterIP: ""
## External IP list to use with ClusterIP service type
##
externalIPs: []
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
# loadBalancerIP:
## Address that are allowed when svc is LoadBalancer
##
loadBalancerSourceRanges: []
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## ServiceAccount parameters
## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
create: true
## Service Account for pods
##
name:
## Annotations for the Service Account
##
annotations: {}
## RBAC parameteres (clusterRole and clusterRoleBinding)
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
##
rbac:
create: true
## Deploys ClusterRole by Default
clusterRole: true
## RBAC API version
##
apiVersion: v1beta1
## Podsecuritypolicy
##
pspEnabled: false
## Kubernetes Security Context
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
podSecurityContext:
fsGroup: 1001
runAsUser: 1001
runAsNonRoot: true
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 50m
# memory: 50Mi
# requests:
# memory: 50Mi
# cpu: 10m
## Liveness Probe. The block is directly forwarded into the deployment, so you can use whatever livenessProbe configuration you want.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
## Readiness Probe. The block is directly forwarded into the deployment, so you can use whatever readinessProbe configuration you want.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure extra volumes
extraVolumes: []
## Configure extra volumeMounts
extraVolumeMounts: []
## Prometheus Exporter / Metrics
##
metrics:
enabled: true
## Metrics exporter pod Annotation and Labels
##
# podAnnotations:
# prometheus.io/scrape: "true"
# prometheus.io/port: "7979"
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
enabled: false
## Namespace in which Prometheus is running
##
# namespace: monitoring
## Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# interval: 10s
## Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# scrapeTimeout: 10s
## ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
# selector:
# prometheus: my-prometheus

0
lib/digitalocean/bootstrap/doks_gen_kubectl-config.j2.tf → lib/digitalocean/bootstrap/doks-gen-kubectl-config.j2.tf
View File

39
lib/digitalocean/bootstrap/helm-external-dns.tf Normal file
View File

@@ -0,0 +1,39 @@
resource "helm_release" "externaldns" {
name = "externaldns"
chart = "common/charts/external-dns"
namespace = "kube-system"
atomic = true
max_history = 50
values = [file("chart_values/external-dns.yaml")]
// make a fake arg to avoid TF to validate update on failure because of the atomic option
set {
name = "fake"
value = timestamp()
}
set {
name = "resources.limits.cpu"
value = "50m"
}
set {
name = "resources.requests.cpu"
value = "50m"
}
set {
name = "resources.limits.memory"
value = "50Mi"
}
set {
name = "resources.requests.memory"
value = "50Mi"
}
depends_on = [
digitalocean_kubernetes_cluster.kubernetes_cluster
]
}

7
src/cloud_provider/aws/kubernetes/mod.rs
View File

@@ -33,6 +33,7 @@ pub mod node;
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct Options {
// AWS related
pub eks_zone_a_subnet_blocks: Vec<String>,
pub eks_zone_b_subnet_blocks: Vec<String>,
pub eks_zone_c_subnet_blocks: Vec<String>,
@@ -51,12 +52,12 @@ pub struct Options {
pub vpc_cidr_block: String,
pub eks_cidr_subnet: String,
pub eks_access_cidr_blocks: Vec<String>,
pub qovery_api_url: String,
pub tls_email_report: String,
pub rds_cidr_subnet: String,
pub documentdb_cidr_subnet: String,
pub elasticache_cidr_subnet: String,
pub elasticsearch_cidr_subnet: String,
// Qovery
pub qovery_api_url: String,
pub engine_version_controller_token: String,
pub agent_version_controller_token: String,
pub grafana_admin_user: String,
@@ -64,6 +65,8 @@ pub struct Options {
pub discord_api_key: String,
pub qovery_nats_url: String,
pub qovery_ssh_key: String,
// Others
pub tls_email_report: String,
}
pub struct EKS<'a> {

4
src/cloud_provider/digitalocean/application.rs
View File

@@ -163,8 +163,8 @@ impl Create for Application {
let workspace_dir = self.workspace_directory();
// retrieve the cluster uuid, useful to link DO registry to k8s cluster
let kube_id = kubernetes.name();
let cluster_uuid_res = get_uuid_of_cluster_from_name(digitalocean.token.as_str(), kube_id);
let cluster_uuid_res =
get_uuid_of_cluster_from_name(digitalocean.token.as_str(), kubernetes.name());
match cluster_uuid_res {
// ensure DO registry is linked to k8s cluster
Ok(uuid) => match subscribe_kube_cluster_to_container_registry(

2
src/cloud_provider/digitalocean/databases/postgresql.rs
View File

@@ -2,7 +2,7 @@ use crate::cloud_provider::kubernetes::Kubernetes;
use crate::cloud_provider::service::Service;
use crate::cloud_provider::service::{Create, DatabaseOptions};
use crate::cloud_provider::DeploymentTarget;
use crate::error::{cast_simple_error_to_engine_error, EngineError};
use crate::error::EngineError;
use crate::models::{Action, Context, Environment};
use tera::Context as TeraContext;
pub struct PostgreSQL {

160
src/cloud_provider/digitalocean/kubernetes/mod.rs
View File

@@ -1,5 +1,4 @@
use crate::cloud_provider::common::workerNodeDataTemplate::WorkerNodeDataTemplate;
use crate::cloud_provider::digitalocean::common::get_uuid_of_cluster_from_name;
use crate::cloud_provider::digitalocean::kubernetes::node::Node;
use crate::cloud_provider::digitalocean::DO;
use crate::cloud_provider::environment::Environment;
@@ -13,11 +12,10 @@ use crate::models::{
ProgressScope,
};
use crate::string::terraform_list_format;
use crate::{cmd, dns_provider};
use crate::dns_provider;
use digitalocean::api::Region;
use itertools::Itertools;
use serde::{Deserialize, Serialize};
use std::borrow::Borrow;
use std::rc::Rc;
use std::str::FromStr;
use tera::Context as TeraContext;
@@ -27,10 +25,20 @@ pub mod node;
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct Options {
// Digital Ocean
pub vpc_cidr_block: String,
pub vpc_name: String,
// Qovery
pub qovery_api_url: String,
pub tls_email_report: String,
pub engine_version_controller_token: String,
pub agent_version_controller_token: String,
pub grafana_admin_user: String,
pub grafana_admin_password: String,
pub discord_api_key: String,
pub qovery_nats_url: String,
pub qovery_ssh_key: String,
// Others
pub tls_email_report: String,
}
pub struct DOKS<'a> {
@@ -84,57 +92,88 @@ impl<'a> DOKS<'a> {
fn tera_context(&self) -> TeraContext {
let mut context = TeraContext::new();
// VPC segmentation
let vpc_name = format!("qovery-{}", &self.id);
context.insert("vpc_name", &vpc_name);
let qovery_api_url = self.options.qovery_api_url.clone();
// Basics
let test_cluster = match self.context.metadata() {
Some(meta) => match meta.test {
Some(true) => true,
_ => false,
},
_ => false,
};
// Options
context.insert("qovery_api_url", &qovery_api_url);
context.insert("dns_email_report", &self.options.tls_email_report); // Pierre suggested renaming to tls_email_report
// OKS
context.insert("oks_cluster_id", &self.id());
context.insert("oks_version", &self.version());
context.insert("oks_master_size", "s-1vcpu-2gb");
// Network
let vpc_name = &self.options.vpc_name;
context.insert("vpc_name", vpc_name);
let vpc_cidr_block = self.options.vpc_cidr_block.clone();
context.insert("vpc_cidr_block", &vpc_cidr_block);
// Qovery
context.insert(
"engine_version_controller_token",
&self.options.engine_version_controller_token,
);
context.insert("qovery_api_url", self.options.qovery_api_url.as_str());
context.insert("qovery_nats_url", self.options.qovery_nats_url.as_str());
context.insert("qovery_ssh_key", self.options.qovery_ssh_key.as_str());
context.insert("discord_api_key", self.options.discord_api_key.as_str());
// TLS
let lets_encrypt_url = match self.context.metadata() {
Some(meta) => match meta.test {
Some(true) => "https://acme-staging-v02.api.letsencrypt.org/directory",
_ => "https://acme-v02.api.letsencrypt.org/directory",
},
_ => "https://acme-v02.api.letsencrypt.org/directory",
let lets_encrypt_url = match &test_cluster {
true => "https://acme-staging-v02.api.letsencrypt.org/directory",
false => "https://acme-v02.api.letsencrypt.org/directory",
};
context.insert("acme_server_url", lets_encrypt_url);
context.insert("dns_email_report", &self.options.tls_email_report);
// DNS management
let managed_dns = vec![self.dns_provider.name()];
context.insert("managed_dns", &managed_dns);
let managed_dns_helm_format = managed_dns
let managed_dns_list = vec![self.dns_provider.name()];
let managed_dns_domains_helm_format = vec![format!("\"{}\"", self.dns_provider.domain())];
let managed_dns_domains_terraform_format =
terraform_list_format(vec![self.dns_provider.domain().to_string()]);
let managed_dns_resolvers: Vec<String> = self
.dns_provider
.resolvers()
.iter()
.map(|name| format!("\"{}\"", name))
.collect::<Vec<_>>(); // Todo: make it customizable
context.insert("managed_dns_helm_format", &managed_dns_helm_format);
let managed_dns_terraform_format = managed_dns
.iter()
.map(|name| format!("{{{}}}", name))
.collect::<Vec<_>>()
.join(",");
.map(|x| format!("{}", x.clone().to_string()))
.collect();
let managed_dns_resolvers_terraform_format = terraform_list_format(managed_dns_resolvers);
context.insert("managed_dns", &managed_dns_list);
context.insert(
"managed_dns_terraform_format",
&managed_dns_terraform_format,
"managed_dns_domains_helm_format",
&managed_dns_domains_helm_format,
);
context.insert("cloudflare_api_token", self.dns_provider.token());
context.insert(
"managed_dns_domains_terraform_format",
&managed_dns_domains_terraform_format,
);
context.insert(
"managed_dns_resolvers_terraform_format",
&managed_dns_resolvers_terraform_format,
);
match self.dns_provider.kind() {
dns_provider::Kind::CLOUDFLARE => {
context.insert("external_dns_provider", "cloudflare");
context.insert("cloudflare_api_token", self.dns_provider.token());
context.insert("cloudflare_email", self.dns_provider.account());
}
};
// Digital Ocean
context.insert("digitalocean_token", &self.cloud_provider.token);
context.insert("do_region", &self.region);
// Sapces Credentiales
context.insert("spaces_access_id", &self.cloud_provider.spaces_access_id);
context.insert("spaces_secret_key", &self.cloud_provider.spaces_secret_key);
let space_kubeconfig_bucket = get_space_bucket_kubeconfig_name(self.id.clone());
context.insert("space_bucket_kubeconfig", &space_kubeconfig_bucket);
// AWS S3 tfstate storage tfstates
context.insert(
"aws_access_key_tfstates_account",
@@ -165,13 +204,7 @@ impl<'a> DOKS<'a> {
);
context.insert("aws_terraform_backend_bucket", "qovery-terrafom-tfstates");
// kubernetes cluster vars
context.insert("oks_cluster_id", &self.id());
context.insert("oks_version", &self.version());
context.insert("oks_master_size", "s-2vcpu-4gb");
// kubernetes workers
context.insert("kubernetes_master_cluster_name", &self.name());
let worker_nodes = self
.nodes
@@ -188,45 +221,6 @@ impl<'a> DOKS<'a> {
.collect::<Vec<WorkerNodeDataTemplate>>();
context.insert("oks_worker_nodes", &worker_nodes);
// DNS configuration
let managed_dns_list = vec![self.dns_provider.name()];
let managed_dns_domains_helm_format = vec![format!("\"{}\"", self.dns_provider.domain())];
let managed_dns_domains_terraform_format =
terraform_list_format(vec![self.dns_provider.domain().to_string()]);
let managed_dns_resolvers: Vec<String> = self
.dns_provider
.resolvers()
.iter()
.map(|x| format!("{}", x.clone().to_string()))
.collect();
let managed_dns_resolvers_terraform_format = terraform_list_format(managed_dns_resolvers);
context.insert("managed_dns", &managed_dns_list);
context.insert(
"managed_dns_domains_helm_format",
&managed_dns_domains_helm_format,
);
context.insert(
"managed_dns_domains_terraform_format",
&managed_dns_domains_terraform_format,
);
context.insert(
"managed_dns_resolvers_terraform_format",
&managed_dns_resolvers_terraform_format,
);
match self.dns_provider.kind() {
dns_provider::Kind::CLOUDFLARE => {
context.insert("external_dns_provider", "cloudflare");
context.insert("cloudflare_api_token", self.dns_provider.token());
context.insert("cloudflare_email", self.dns_provider.account());
}
};
context.insert("dns_email_report", &self.options.tls_email_report); // Pierre suggested renaming to tls_email_report
let space_kubeconfig_bucket = get_space_bucket_kubeconfig_name(self.id.clone());
context.insert("space_bucket_kubeconfig", &space_kubeconfig_bucket);
context
}
}
@@ -377,7 +371,9 @@ impl<'a> Kubernetes for DOKS<'a> {
}
fn deploy_environment(&self, environment: &Environment) -> Result<(), EngineError> {
info!("DOKS.deploy_environment() called for {}", self.name());
info!("DOKS.deploy_environment() called for {}",
self.name()
);
let listeners_helper = ListenersHelper::new(&self.listeners);
let stateful_deployment_target = match environment.kind {
@@ -407,8 +403,7 @@ impl<'a> Kubernetes for DOKS<'a> {
match service.exec_action(&stateful_deployment_target) {
Err(err) => {
error!(
"error with stateful service {} , id: {} => {:?}",
error!("error with stateful service {} , id: {} => {:?}",
service.name(),
service.id(),
err
@@ -462,8 +457,7 @@ impl<'a> Kubernetes for DOKS<'a> {
match service.exec_action(&stateless_deployment_target) {
Err(err) => {
error!(
"error with stateless service {} , id: {} => {:?}",
error!("error with stateless service {} , id: {} => {:?}",
service.name(),
service.id(),
err

11
tests/assets/do-options.json
View File

@@ -1,6 +1,13 @@
{
"vpc_name": "qovery",
"vpc_cidr_block": "10.2.0.0/16",
"qovery_api_url": "api.qovery.com",
"tls_email_report": "CHANGE-ME",
"engine_version_controller_token": "fake_token"
"tls_email_report": "CHANGE-ME/LETS_ENCRYPT_EMAIL_REPORT",
"engine_version_controller_token": "CHANGE-ME/QOVERY_ENGINE_CONTROLLER_TOKEN",
"agent_version_controller_token": "CHANGE-ME/QOVERY_AGENT_CONTROLLER_TOKEN",
"grafana_admin_user": "ajdoiawjdiodjidfujij",
"grafana_admin_password": "ajdoiawjdiojAWDJawdj",
"discord_api_key": "CHANGE-ME/DISCORD_API_URL",
"qovery_nats_url": "CHANGE-ME/QOVERY_NATS_URL",
"qovery_ssh_key": "CHANGE-ME/QOVERY_SSH_USER"
}

0
tests/digitalocean/container_registry.rs → tests/digitalocean/do_container_registry.rs
View File

0
tests/digitalocean/databases.rs → tests/digitalocean/do_databases.rs
View File

0
tests/digitalocean/environment.rs → tests/digitalocean/do_environment.rs
View File

0
tests/digitalocean/kubernetes.rs → tests/digitalocean/do_kubernetes.rs
View File

8
tests/digitalocean/mod.rs
View File

@@ -2,10 +2,10 @@ use qovery_engine::models::{Context, EnvironmentAction};
use qovery_engine::transaction::{DeploymentOption, TransactionResult};
use test_utilities::cloudflare::dns_provider_cloudflare;
mod container_registry;
mod databases;
mod environment;
pub mod kubernetes;
mod do_container_registry;
mod do_databases;
mod do_environment;
pub mod do_kubernetes;
pub fn deploy_environment_on_do(
context: &Context,