feat: Waypoint on new IaaS (#2)

* moved project an setup next IaaS : Contabo

* new packer

* started CD/CI for packer

* use terraform import to recover instance

* nginx ingress enabled (traefik still available)

* metallb

* ready and functionnal waypoint in prod

.editorconfig

@@ -0,0 +1,21 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false
+
+[*.{yml,yaml,yml.*,yaml.*}]
+indent_size = 2
+
+[*.sh]
+end_of_line = lf
+
+[Makefile]
+indent_style = tab

.github/workflows/release.yml → .github/workflows/release-helm.yml

@@ -6,7 +6,7 @@ on:
       - main
     paths:
       - 'charts/**'
-      - .github/workflows/release.yml
+      - .github/workflows/release-helm.yml
 
 permissions:
   contents: write

.github/workflows/release-packer.yml

@@ -0,0 +1,63 @@
+name: hcp-packer
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'playbook/**'
+      - 'packer/**'
+      - .github/workflows/release-packer.yml
+jobs:
+  gh-release-packer:
+    runs-on: ubuntu-latest
+    name: Run Packer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: "1.8.6"
+
+      - name: Set outputs
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ubuntu.pkr.hcl"
+        working-directory: packer
+        env:
+          PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }}
+          PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }}
+
+      - name: Run `packer validate`
+        id: validate
+        run: >- 
+          packer validate \
+            -var-file "$(uname -ms | tr ' ' '-')-host.hcl" \
+            -var-file=secrets.pkrvars.hcl ubuntu.pkr.hcl
+        working-directory: packer
+        env:
+          PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }}
+          PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }}
+
+      - name: Build Artifact
+        run: >- 
+          packer build \
+            -var-file "$(uname -ms | tr ' ' '-')-host.hcl" \
+            ubuntu.pkr.hcl
+        working-directory: packer
+        env:
+          PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }}
+          PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }}
+
+      - uses: "marvinpinto/action-automatic-releases@latest"
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          automatic_release_tag: ubuntu-jammy-${{ steps.vars.outputs.sha_short }}
+          prerelease: true
+          files: |
+            packer/.qemu-vm/ubuntu-jammy-22.04.2.qcow2
+            packer/.qemu-vm/SHA256SUMS

.github/workflows/test-packer.yml

@@ -0,0 +1,42 @@
+name: test-packer
+on:
+  pull_request:
+    paths:
+      - 'playbook/**'
+      - 'packer/**'
+      - .github/workflows/test-packer.yml
+jobs:
+  gh-release-packer:
+    runs-on: ubuntu-latest
+    name: Run Packer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: "1.8.6"
+
+      - name: Set outputs
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ubuntu.pkr.hcl"
+        working-directory: packer
+        env:
+          PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }}
+          PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }}
+
+      - name: Run `packer validate`
+        id: validate
+        run: >- 
+          packer validate \
+            -var-file "$(uname -ms | tr ' ' '-')-host.hcl" \
+            ubuntu.pkr.hcl
+        working-directory: packer
+        env:
+          PKR_VAR_ssh_password: ${{ secrets.PKR_VAR_SSH_PASSWORD }}
+          PKR_VAR_ssh_password_hash: ${{ secrets.PKR_VAR_SSH_PASSWORD_HASH }}

.vscode/extensions.json

@@ -7,6 +7,8 @@
         "szTheory.vscode-packer-powertools",
         "ms-azuretools.vscode-azureterraform",
         "HashiCorp.terraform",
-        "valentjn.vscode-ltex"
+        "valentjn.vscode-ltex",
+        "ms-python.python",
+        "4ops.packer"
     ]
 }

README.md

@@ -1,3 +1,5 @@
-# Paas Tutorial
+# K3s PaaS
 
-[Documentation](https://esgi-lyon.github.io/paas-tutorial)
+> Taken From [original tutorial](https://esgi-lyon.github.io/paas-tutorial/)
+
+[Documentation](docs/index.md)

charts/microservice/values.yaml

@@ -68,17 +68,17 @@ ingress:
   enabled: false
   className: ""
   annotations:
-    kubernetes.io/ingress.class: traefik
+    kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt-acme-issuer
   hosts:
-    - host: client.k3s.local
+    - host: client.k3s.test
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls: []
-  #  - secretName: client.k3s.local-tls
+  #  - secretName: client.k3s.test-tls
   #    hosts:
-  #      - client.k3s.local
+  #      - client.k3s.test
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

infra/.gitignore → contabo/.gitignore

@@ -31,4 +31,4 @@ override.tf.json
 
 # Ignore CLI configuration files
 .terraformrc
-terraform.rc
+terraform.rc

contabo/Makefile

@@ -0,0 +1,32 @@
+VAR_FILE?=prod.tfvars
+SHELL:=/bin/bash
+
+read_tfvar=$(shell grep $1 prod.tfvars | cut -d'=' -f2 | tr -d ' ' | tr -d \")
+
+CLIENT_ID:=$(call read_tfvar,oauth2_client_id)
+CLIENT_SECRET:=$(call read_tfvar,oauth2_client_secret)
+API_USER:=$(call read_tfvar,oauth2_user)
+API_PASSWORD:=$(call read_tfvar,oauth2_pass)
+INSTANCE_ID:=$(call read_tfvar,contabo_instance)
+
+.DEFAULT_GOAL := help
+
+help:
+	@echo "Contabo tf simple helpers"
+	@echo "Instance setup $(INSTANCE_ID)"
+
+setup_cntb:
+	cntb config set-credentials --oauth2-clientid="$(CLIENT_ID)" \
+		--oauth2-client-secret="$(CLIENT_SECRET)" --oauth2-user="$(API_USER)" \
+		--oauth2-password="$(API_PASSWORD)"
+
+destroy:
+	terraform destroy -var-file=$(VAR_FILE) -auto-approve
+
+# Run it if starting from empty infra
+apply:
+	terraform import -var-file=$(VAR_FILE) contabo_instance.paas_instance $(INSTANCE_ID)
+	terraform apply -var-file=$(VAR_FILE) -auto-approve
+
+read_tfvar:
+	$(call read_tfvar contabo_instance)

infra/data.tf → contabo/data.tf

@@ -1,15 +1,3 @@
-data "azurerm_resource_group" "paas" {
-  name = "kubeapps-group"
-}
-
-data "azurerm_image" "search" {
-  name                = "k3s-pre-paas-az-arm"
-  resource_group_name = data.azurerm_resource_group.paas.name
-}
-
-data "azurerm_client_config" "current" {}
-data "azurerm_subscription" "primary" {}
-
 data "github_organization" "org" {
   name = var.github_organization
 }
@@ -26,3 +14,7 @@ data "github_membership" "all_admin" {
   }
   username = each.value.username
 }
+
+data "contabo_instance" "paas_instance" {
+  id = var.contabo_instance
+}

infra/exemple.tfvars.dist → contabo/exemple.tfvars.dist

@@ -1,11 +1,16 @@
-tenant_id="00000000-0000-0000-0000-000000000000"
 github_organization = "github-team"
 github_team         = "ops-team"
 domain              = "paas-esgi-tutorial.live"
 namedotcom_username = "username"
 namedotcom_token = "aaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 github_token = "ghp_aaaaaaaaaaaaaaaaaaxxxxxxxxxxxx"
 
+contabo_instance     = "XXXXXXXXX"
+oauth2_client_id     = "INT-XXXXX"
+oauth2_client_secret = "XXXXXXX-xXXX-XXXX-XXX-XXXXXXXXX"
+oauth2_user          = "toto@example.com"
+oauth2_pass          = "password"
+
 secrets = {
   dex_github_client_id = "dex-github-oauth2-app-client-id"
   dex_github_client_secret = "dex-github-oauth2-app-client-secret"