/jx3-terraform-eks

Jenkins X 3.x Infrastructure Git Template for Terraform and EKS for managing cloud resources

Primary LanguageHCLApache License 2.0Apache-2.0

EKS Terraform Quickstart template

Use this template to easily create a new Git Repository for managing Jenkins X cloud infrastructure needs.

We recommend using Terraform to manage the infrastructure needed to run Jenkins X. There can be a number of cloud resources which need to be created such as:

  • Kubernetes cluster
  • Storage buckets for long term storage of logs
  • IAM Bindings to manage permissions for applications using cloud resources

Jenkins X likes to use GitOps to manage the lifecycle of both infrastructure and cluster resources.
This requires two git Repositories to achieve this:

  • the first, infrastructure resources will be managed by Terraform and will keep resourecs in sync.
  • the second, the Kubernetes specific cluster resources will be managed by Jenkins X and keep resources in sync.

Prerequisites

Git repositories

We use 2 git repositories:

  • Infrastructure git repository for the Terraform configuration to setup/upgrade/modify your cloud infrastructure (kubernetes cluster, IAM accounts, IAM roles, buckets etc)
  • Cluster git repository to contain the helmfile.yaml file to define the helm charts to deploy in your cluster

We use separate git repositories since the infrastructure tends to change rarely; whereas the cluster git repository changes alot (every time you add a new quickstart, import a project, release a project etc).

Often different teams look after infrastructure; or you may use tools like Terraform Cloud to process changes to infrastructure & review changes to infrastructure more closely than promotion of applications.

Getting started

Note: remember to create the Git repositories below in your Git Organisation rather than your personal Git account else this will lead to issues with ChatOps and automated registering of webhooks

  1. Create and clone your Infrastructure git repository from this GitHub Template https://github.com/jx3-gitops-repositories/jx3-terraform-eks/generate
  2. Create a Cluster git repository from this template https://github.com/jx3-gitops-repositories/jx3-eks-vault/generate
  3. Override the variable defaults in the Infrastructure repository. (E.g, edit variables.tf, set TF_VAR_ environment variables, or pass the values on the terraform command line.)
  • cluster_version: Kubernetes version for the EKS cluster.
  • region: AWS region code for the AWS region to create the cluster in.
  • jx_git_url: URL of the Cluster repository.
  • jx_bot_username: The username of the git bot user
  1. commit and push any changes to your Infrastructure git repository:
git commit -a -m "fix: configure cluster repository and project"
git push
  1. Define an environment variable to pass the bot token into Terraform:
export TF_VAR_jx_bot_token=my-bot-token
  1. Now, initialise, plan and apply Terraform:
terraform init
terraform plan
terraform apply

Tail the Jenkins X installation logs

$(terraform output follow_install_logs)

Once finished you can now move into the Jenkins X Developer namespace

jx ns jx

and create or import your applications

jx project

If your application is not yet in a git repository, you are asked for a github.com user and token to push the application to git. This user needs administrative permissions to create repository and hooks. It is likely not the same user as the bot user mentioned above.

Terraform Inputs

You can modify the following terraform inputs in main.tf.

For the full list of terraform inputs see the documentation for jenkins-x/terraform-aws-eks-jx

Name Description Type Default Required
cluster_name Name of the Kubernetes cluster to create string "" no
cluster_version Kubernetes version to use for the EKS cluster. string n/a yes
force_destroy Flag to determine whether storage buckets get forcefully destroyed. If set to false, empty the bucket first in the aws s3 console, else terraform destroy will fail with BucketNotEmpty error bool false no
install_kuberhealthy Flag to specify if kuberhealthy operator should be installed bool true no
is_jx2 Flag to specify if jx2 related resources need to be created bool false no
jx_bot_token Bot token used to interact with the Jenkins X cluster git repository string n/a yes
jx_bot_username Bot username used to interact with the Jenkins X cluster git repository string n/a yes
jx_git_url URL for the Jenins X cluster git repository string n/a yes
nginx_chart_version nginx chart version string "3.12.0" no
profile Profile stored in aws config or credentials file string n/a yes
region AWS region code for creating resources. string n/a yes
vault_user The AWS IAM Username whose credentials will be used to authenticate the Vault pods against AWS string "" no

Outputs

Name Description
backup_bucket_url The bucket where backups from velero will be stored
cert_manager_iam_role The IAM Role that the Cert Manager pod will assume to authenticate
cluster_autoscaler_iam_role The IAM Role that the Jenkins X UI pod will assume to authenticate
cluster_name The name of the created cluster
cluster_oidc_issuer_url The Cluster OIDC Issuer URL
cm_cainjector_iam_role The IAM Role that the CM CA Injector pod will assume to authenticate
controllerbuild_iam_role The IAM Role that the ControllerBuild pod will assume to authenticate
docs Follow Jenkins X 3.x alpha docs for more information
external_dns_iam_role The IAM Role that the External DNS pod will assume to authenticate
follow_install_logs Follow Jenkins X install logs
lts_logs_bucket The bucket where logs from builds will be stored
lts_reports_bucket The bucket where test reports will be stored
lts_repository_bucket The bucket that will serve as artifacts repository
tekton_bot_iam_role The IAM Role that the build pods will assume to authenticate
vault_dynamodb_table The Vault DynamoDB table
vault_kms_unseal The Vault KMS Key for encryption
vault_unseal_bucket The Vault storage bucket
vault_user_id The Vault IAM user id
vault_user_secret The Vault IAM user secret

Cleanup

To remove any cloud resources created here:

  • Manually remove the generated load balancer, for example, through the AWS EC2 console "Load Balancers" tab. The load balancer is currently not cleaned up automatically and may cause the following destroy step to hang and finally fail.
  • Run:
terraform destroy

Contributing

When adding new variables please regenerate the markdown table

terraform-docs markdown table .

and replace the Inputs section above

Formatting

When developing please remember to format codebase before raising a pull request

terraform fmt -check -diff -recursive