feat: initial implementation of DO k8s based runtime

This is literally just a cluster for now, so it doesn't really cover any of the requirements.
digital-society-coop · Feb 8, 2024 · dd26da6 · dd26da6
1 parent b19c544
commit dd26da6
Show file tree

Hide file tree

Showing 9 changed files with 248 additions and 2 deletions.
diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
@@ -0,0 +1,21 @@
+name: checks
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: terraform fmt -check
+
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: terraform init -backend=false
+      - run: terraform validate
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
@@ -0,0 +1,19 @@
+name: deploy (dev)
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: ./deploy.sh dev
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+          AWS_ENDPOINT_URL_S3: ${{ vars.AWS_ENDPOINT_URL_S3 }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+*.tfstate
+/.terraform
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -1,5 +1,36 @@
 # runtime
 
-A multi-service runtime environment
+A multi-service runtime environment.
 
-- [Requirements](docs/requirements.md)
+This repository defines a `runtime` service, based on DigitalOcean Kubernetes.
+
+See [requirements](docs/requirements.md) for our ideal requirements and [options](docs/options) for options considered, though we have yet to undertake an options appraisal.
+
+## Deployment
+
+The service is continuously deployed by GitHub Actions.
+
+### Manual deployment
+
+#### Prerequisites
+
+- [Terraform CLI](https://developer.hashicorp.com/terraform/cli)
+
+##### Environment
+
+- The AWS SDK must be able to interact with the DigitalOcean Spaces API.
+  See [digital-society-coop/do-foundations] for more guidance on how to set this up.
+
+##### Service dependencies
+
+- [digital-society-coop/do-foundations]
+
+#### Steps
+
+1. Run the deployment script:
+
+   ```sh
+   ./deploy.sh '<env>'
+   ```
+
+[digital-society-coop/do-foundations]: https://github.com/digital-society-coop/do-foundations
diff --git a/deploy.sh b/deploy.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function usage {
+  echo "Usage: $0 <env>" >&2
+  exit 1
+}
+
+service=runtime
+
+[[ $# -ge 1 ]] || usage
+environment=$1
+shift
+
+echo "Deploying $service-$environment... " >&2
+echo >&2
+
+eval "$(./terraform-env.sh "$service" "$environment")"
+
+echo -n "- Initialising terraform... " >&2
+if ! result="$(terraform init)"; then
+	echo 'failed' >&2
+	echo >&2
+	echo "$result" >&2
+	exit 1
+fi
+echo 'done' >&2
+
+echo -n "- Running terraform apply... " >&2
+if ! result="$(terraform apply)"; then
+	echo 'failed' >&2
+	echo >&2
+	echo "$result" >&2
+	exit 1
+fi
+echo 'done' >&2
+
+echo >&2
+echo 'Deployment complete' >&2
diff --git a/dev.tfvars b/dev.tfvars
@@ -0,0 +1,4 @@
+region                                  = "lon1"
+kubernetes_version                      = "1.29.1-do.0"
+kubernetes_default_node_pool_size       = "s-2vcpu-4gb"
+kubernetes_default_node_pool_node_count = 1
diff --git a/main.tf b/main.tf
@@ -0,0 +1,55 @@
+terraform {
+  backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    skip_s3_checksum            = true
+  }
+
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {}
+
+variable "environment" {
+  type = string
+}
+
+variable "service" {
+  type    = string
+  default = "runtime"
+}
+
+variable "region" {
+  type = string
+}
+
+variable "kubernetes_version" {
+  type = string
+}
+
+variable "kubernetes_default_node_pool_size" {
+  type = string
+}
+
+variable "kubernetes_default_node_pool_node_count" {
+  type = number
+}
+
+resource "digitalocean_kubernetes_cluster" "this" {
+  name    = "${var.service}-${var.environment}"
+  region  = var.region
+  version = var.kubernetes_version
+
+  node_pool {
+    name       = "default"
+    size       = var.kubernetes_default_node_pool_size
+    node_count = var.kubernetes_default_node_pool_node_count
+  }
+}
diff --git a/terraform-env.sh b/terraform-env.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function usage {
+  echo "Usage: $0 <service> <env>" >&2
+  exit 1
+}
+
+[[ $# -ge 1 ]] || usage
+service="$1"
+shift
+
+[[ $# -ge 1 ]] || usage
+environment="$1"
+shift
+
+
+stateBucket="do-foundations-$environment-terraform"
+stateKey="$service/$environment.tfstate"
+
+tfCliArgs=(
+  '-input=false'
+)
+
+tfCliArgsInit=(
+  ${tfCliArgs[@]}
+  "-backend-config=region=${AWS_REGION:-"$(aws configure get region)"}"
+  "-backend-config=bucket=$stateBucket"
+  "-backend-config=key=$stateKey"
+  '-lockfile=readonly'
+  '-reconfigure'
+)
+
+tfCliArgsPlan=(
+  ${tfCliArgs[@]}
+  "-var=environment=$environment"
+  "-var-file=$environment.tfvars"
+)
+
+tfCliArgsApply=(
+  ${tfCliArgsPlan[@]}
+  '-auto-approve'
+)
+
+echo "export TF_CLI_ARGS_init='${tfCliArgsInit[@]}'"
+echo "export TF_CLI_ARGS_plan='${tfCliArgsPlan[@]}'"
+echo "export TF_CLI_ARGS_apply='${tfCliArgsApply[@]}'"