From dd26da6d19acf64d89a76a91ea1faba07d51e78a Mon Sep 17 00:00:00 2001
From: Chris Connelly <chris@connec.co.uk>
Date: Wed, 7 Feb 2024 21:39:23 +0000
Subject: [PATCH] feat: initial implementation of DO k8s based runtime

This is literally just a cluster for now, so it doesn't really cover any
of the requirements.
---
 .github/workflows/checks.yaml     | 21 ++++++++++++
 .github/workflows/deploy-dev.yaml | 19 +++++++++++
 .gitignore                        |  2 ++
 .terraform.lock.hcl               | 26 +++++++++++++++
 README.md                         | 35 ++++++++++++++++++--
 deploy.sh                         | 40 ++++++++++++++++++++++
 dev.tfvars                        |  4 +++
 main.tf                           | 55 +++++++++++++++++++++++++++++++
 terraform-env.sh                  | 48 +++++++++++++++++++++++++++
 9 files changed, 248 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/checks.yaml
 create mode 100644 .github/workflows/deploy-dev.yaml
 create mode 100644 .gitignore
 create mode 100644 .terraform.lock.hcl
 create mode 100755 deploy.sh
 create mode 100644 dev.tfvars
 create mode 100644 main.tf
 create mode 100755 terraform-env.sh

diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
new file mode 100644
index 0000000..0e97b81
--- /dev/null
+++ b/.github/workflows/checks.yaml
@@ -0,0 +1,21 @@
+name: checks
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: terraform fmt -check
+
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: terraform init -backend=false
+      - run: terraform validate
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
new file mode 100644
index 0000000..3ea97fe
--- /dev/null
+++ b/.github/workflows/deploy-dev.yaml
@@ -0,0 +1,19 @@
+name: deploy (dev)
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: ./deploy.sh dev
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+          AWS_ENDPOINT_URL_S3: ${{ vars.AWS_ENDPOINT_URL_S3 }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d1362f0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.tfstate
+/.terraform
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..0f4c897
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,26 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/digitalocean/digitalocean" {
+  version     = "2.34.1"
+  constraints = "~> 2.0"
+  hashes = [
+    "h1:5tfXRq80lhTUCYxAqcUGL8BjR3SSTk+ggiW20UvK+JA=",
+    "zh:022d4c97af3d022d4e3735a81c6a7297aa43c3b28a8cecaa0ff58273a5677e2e",
+    "zh:1922f86d5710707eb497fbebcb1a1c5584c843a7e95c3900d750d81bd2785204",
+    "zh:1b7ab7c67a26c399eb5aa8a7a695cb59279c6a1a562ead3064e4a6b17cdacabe",
+    "zh:1dc666faa2ec0efc32329b4c8ff79813b54741ef1741bc42d90513e5ba904048",
+    "zh:220dec61ffd9448a91cca92f2bc6642df10db57b25d3d27036c3a370e9870cb7",
+    "zh:262301545057e654bd6193dc04b01666531fccfcf722f730827695098d93afa7",
+    "zh:63677684a14e6b7790833982d203fb2f84b105ad6b9b490b3a4ecc7043cdba81",
+    "zh:67a2932227623073aa9431a12916b52ce1ccddb96f9a2d6cdae2aaf7558ccbf8",
+    "zh:70dfc6ac33ee140dcb29a971df7eeb15117741b5a75b9f8486c5468c9dd28f24",
+    "zh:7e3b3b62754e86442048b4b1284e10807e3e58f417e1d59a4575dd29ac6ba518",
+    "zh:7e6fe662b1e283ad498eb2549d0c2260b908ab5b848e05f84fa4acdca5b4d5ca",
+    "zh:9c554170f20e659222896533a3a91954fb1d210eea60de05aea803b36d5ccd5d",
+    "zh:ad2f64d758bd718eb39171f1c31219900fd2bfb552a14f6a90b18cfd178a74b4",
+    "zh:cfce070000e95dfe56a901340ac256f9d2f84a73bf62391cba8a8e9bf1f857e0",
+    "zh:d5ae30eccd53ca7314157e62d8ec53151697ed124e43b24b2d16c565054730c6",
+    "zh:fbe5edf5337adb7360f9ffef57d02b397555b6a89bba68d1b60edfec6e23f02c",
+  ]
+}
diff --git a/README.md b/README.md
index 85cf0cc..7a2ad5a 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,36 @@
 # runtime
 
-A multi-service runtime environment
+A multi-service runtime environment.
 
-- [Requirements](docs/requirements.md)
+This repository defines a `runtime` service, based on DigitalOcean Kubernetes.
+
+See [requirements](docs/requirements.md) for our ideal requirements and [options](docs/options) for options considered, though we have yet to undertake an options appraisal.
+
+## Deployment
+
+The service is continuously deployed by GitHub Actions.
+
+### Manual deployment
+
+#### Prerequisites
+
+- [Terraform CLI](https://developer.hashicorp.com/terraform/cli)
+
+##### Environment
+
+- The AWS SDK must be able to interact with the DigitalOcean Spaces API.
+  See [digital-society-coop/do-foundations] for more guidance on how to set this up.
+
+##### Service dependencies
+
+- [digital-society-coop/do-foundations]
+
+#### Steps
+
+1. Run the deployment script:
+
+   ```sh
+   ./deploy.sh '<env>'
+   ```
+
+[digital-society-coop/do-foundations]: https://github.com/digital-society-coop/do-foundations
diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..a6d7cdb
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function usage {
+  echo "Usage: $0 <env>" >&2
+  exit 1
+}
+
+service=runtime
+
+[[ $# -ge 1 ]] || usage
+environment=$1
+shift
+
+echo "Deploying $service-$environment... " >&2
+echo >&2
+
+eval "$(./terraform-env.sh "$service" "$environment")"
+
+echo -n "- Initialising terraform... " >&2
+if ! result="$(terraform init)"; then
+	echo 'failed' >&2
+	echo >&2
+	echo "$result" >&2
+	exit 1
+fi
+echo 'done' >&2
+
+echo -n "- Running terraform apply... " >&2
+if ! result="$(terraform apply)"; then
+	echo 'failed' >&2
+	echo >&2
+	echo "$result" >&2
+	exit 1
+fi
+echo 'done' >&2
+
+echo >&2
+echo 'Deployment complete' >&2
diff --git a/dev.tfvars b/dev.tfvars
new file mode 100644
index 0000000..b8dce55
--- /dev/null
+++ b/dev.tfvars
@@ -0,0 +1,4 @@
+region                                  = "lon1"
+kubernetes_version                      = "1.29.1-do.0"
+kubernetes_default_node_pool_size       = "s-2vcpu-4gb"
+kubernetes_default_node_pool_node_count = 1
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..9d95c43
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,55 @@
+terraform {
+  backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    skip_s3_checksum            = true
+  }
+
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {}
+
+variable "environment" {
+  type = string
+}
+
+variable "service" {
+  type    = string
+  default = "runtime"
+}
+
+variable "region" {
+  type = string
+}
+
+variable "kubernetes_version" {
+  type = string
+}
+
+variable "kubernetes_default_node_pool_size" {
+  type = string
+}
+
+variable "kubernetes_default_node_pool_node_count" {
+  type = number
+}
+
+resource "digitalocean_kubernetes_cluster" "this" {
+  name    = "${var.service}-${var.environment}"
+  region  = var.region
+  version = var.kubernetes_version
+
+  node_pool {
+    name       = "default"
+    size       = var.kubernetes_default_node_pool_size
+    node_count = var.kubernetes_default_node_pool_node_count
+  }
+}
diff --git a/terraform-env.sh b/terraform-env.sh
new file mode 100755
index 0000000..7999668
--- /dev/null
+++ b/terraform-env.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function usage {
+  echo "Usage: $0 <service> <env>" >&2
+  exit 1
+}
+
+[[ $# -ge 1 ]] || usage
+service="$1"
+shift
+
+[[ $# -ge 1 ]] || usage
+environment="$1"
+shift
+
+
+stateBucket="do-foundations-$environment-terraform"
+stateKey="$service/$environment.tfstate"
+
+tfCliArgs=(
+  '-input=false'
+)
+
+tfCliArgsInit=(
+  ${tfCliArgs[@]}
+  "-backend-config=region=${AWS_REGION:-"$(aws configure get region)"}"
+  "-backend-config=bucket=$stateBucket"
+  "-backend-config=key=$stateKey"
+  '-lockfile=readonly'
+  '-reconfigure'
+)
+
+tfCliArgsPlan=(
+  ${tfCliArgs[@]}
+  "-var=environment=$environment"
+  "-var-file=$environment.tfvars"
+)
+
+tfCliArgsApply=(
+  ${tfCliArgsPlan[@]}
+  '-auto-approve'
+)
+
+echo "export TF_CLI_ARGS_init='${tfCliArgsInit[@]}'"
+echo "export TF_CLI_ARGS_plan='${tfCliArgsPlan[@]}'"
+echo "export TF_CLI_ARGS_apply='${tfCliArgsApply[@]}'"