feat: IaC for Azure Cluter & Azure Private Cluster (#103)

Signed-off-by: Jared Weinfurtner <jared.weinfurtner@de.bosch.com>
carbynestack · May 21, 2024 · 476fff7 · 476fff7
1 parent dbd906b
commit 476fff7
Show file tree

Hide file tree

Showing 26 changed files with 1,723 additions and 882 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,28 +2,31 @@
 
 ## [0.5.1](https://github.com/carbynestack/carbynestack/compare/sdk-v0.5.0...sdk-v0.5.1) (2024-02-21)
 
-
 ### Bug Fixes
 
-* update klyshko dependencies ([#101](https://github.com/carbynestack/carbynestack/issues/101)) ([84afdbe](https://github.com/carbynestack/carbynestack/commit/84afdbef1da595e155ee16f51e25e654f1d6b9b9))
+- update klyshko dependencies
+  ([#101](https://github.com/carbynestack/carbynestack/issues/101))
+  ([84afdbe](https://github.com/carbynestack/carbynestack/commit/84afdbef1da595e155ee16f51e25e654f1d6b9b9))
 
 ## [0.5.0](https://github.com/carbynestack/carbynestack/compare/sdk-v0.4.0...sdk-v0.5.0) (2023-09-04)
 
-
 ### ⚠ BREAKING CHANGES
 
-* Update deployment to support latest Klyshko features ([#74](https://github.com/carbynestack/carbynestack/issues/74))
+- Update deployment to support latest Klyshko features
+  ([#74](https://github.com/carbynestack/carbynestack/issues/74))
 
 ### Features
 
-* Update deployment to support latest Klyshko features ([#74](https://github.com/carbynestack/carbynestack/issues/74)) ([23f0854](https://github.com/carbynestack/carbynestack/commit/23f0854486040d06880840ac915deb7db1c4bebd))
+- Update deployment to support latest Klyshko features
+  ([#74](https://github.com/carbynestack/carbynestack/issues/74))
+  ([23f0854](https://github.com/carbynestack/carbynestack/commit/23f0854486040d06880840ac915deb7db1c4bebd))
 
 ## [0.4.0](https://github.com/carbynestack/carbynestack/compare/sdk-v0.3.1...sdk-v0.4.0) (2023-08-31)
 
-
 ### Features
 
-* **sdk:** infrastructure as code (IaC) integration using CDKTF ([8b7bcbf](https://github.com/carbynestack/carbynestack/commit/8b7bcbfcd233d4713c485c4b3c49c74469c3d864))
+- **sdk:** infrastructure as code (IaC) integration using CDKTF
+  ([8b7bcbf](https://github.com/carbynestack/carbynestack/commit/8b7bcbfcd233d4713c485c4b3c49c74469c3d864))
 
 ## [0.3.1](https://github.com/carbynestack/carbynestack/compare/sdk-v0.3.0...sdk-v0.3.1) (2023-08-08)
 

diff --git a/deployments/constructs/backing-services/etcd.ts b/deployments/constructs/backing-services/etcd.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2023-2024 - for information on the respective copyright owner see
+ * the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Construct } from "constructs";
+import * as cdktf from "cdktf";
+import * as helm from "@cdktf/provider-helm";
+import * as kubernetes from "@cdktf/provider-kubernetes";
+
+export interface EtcdConfig {
+  helmProvider: cdktf.TerraformProvider;
+  kubernetesProvider: cdktf.TerraformProvider;
+}
+
+export class Etcd extends Construct {
+  public release: cdktf.TerraformResource;
+  public etcdIp: string;
+
+  constructor(scope: Construct, name: string, config: EtcdConfig) {
+    super(scope, name);
+
+    this.release = new helm.release.Release(this, `etcd`, {
+      wait: true,
+      waitForJobs: true,
+      provider: config.helmProvider,
+      timeout: 600,
+      name: "cs-etcd",
+      chart: "etcd",
+      repository: "https://charts.bitnami.com/bitnami/",
+      version: "8.3.1",
+      set: [
+        { name: "auth.rbac.create", value: "false" },
+        { name: "service.type", value: "LoadBalancer" },
+      ],
+    });
+
+    const etcdService =
+      new kubernetes.dataKubernetesService.DataKubernetesService(
+        this,
+        `etcd-service`,
+        {
+          provider: config.kubernetesProvider,
+          dependsOn: [this.release],
+          metadata: {
+            name: "cs-etcd",
+          },
+        },
+      );
+
+    this.etcdIp = new cdktf.TerraformOutput(this, `etcd-ingress-master-ip`, {
+      value: etcdService.status.get(0).loadBalancer.get(0).ingress.get(0).ip,
+    }).value;
+  }
+}
diff --git a/deployments/constructs/istio.ts → ...ents/constructs/backing-services/istio.ts b/deployments/constructs/istio.ts → ...ents/constructs/backing-services/istio.ts
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2023 - for information on the respective copyright owner
- * see the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
+ * Copyright (c) 2023-2024 - for information on the respective copyright owner see
+ * the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -11,10 +11,10 @@ import * as kubernetes from "@cdktf/provider-kubernetes";
 import * as helm from "@cdktf/provider-helm";
 
 export interface IstioConfig {
-  idPostfix?: string;
   dependsOn: cdktf.ITerraformDependable[];
   helmProvider?: cdktf.TerraformProvider;
   kubernetesProvider?: cdktf.TerraformProvider;
+  ingressGatewayValues?: string[];
 }
 
 export class Istio extends Construct {
@@ -26,7 +26,7 @@ export class Istio extends Construct {
 
     const istioNamespace = new kubernetes.namespace.Namespace(
       this,
-      `istio-system${config.idPostfix}`,
+      `istio-system-${name}`,
       {
         provider: config.kubernetesProvider,
         metadata: {
@@ -35,31 +35,25 @@ export class Istio extends Construct {
       },
     );
 
-    const istioBase = new helm.release.Release(
-      this,
-      `istio-base${config.idPostfix}`,
-      {
-        dependsOn: [...config.dependsOn],
-        wait: true,
-        waitForJobs: true,
-        provider: config.helmProvider,
-        name: "istio-base",
-        chart: "base",
-        namespace: istioNamespace.metadata.name,
-        repository: "https://istio-release.storage.googleapis.com/charts",
-      },
-    );
+    const istioBase = new helm.release.Release(this, `istio-base-${name}`, {
+      dependsOn: [...config.dependsOn],
+      provider: config.helmProvider,
+      name: "istio-base",
+      chart: "base",
+      version: "1.22.0",
+      namespace: istioNamespace.metadata.name,
+      repository: "https://istio-release.storage.googleapis.com/charts",
+    });
 
     // istio control plane - https://istio.io/latest/blog/2020/istiod/
-    const istioD = new helm.release.Release(this, `istiod${config.idPostfix}`, {
+    const istioD = new helm.release.Release(this, `istiod-${name}`, {
       dependsOn: [...config.dependsOn, istioBase],
       provider: config.helmProvider,
       name: "istiod",
       chart: "istiod",
+      version: "1.22.0",
       namespace: istioNamespace.metadata.name,
       repository: "https://istio-release.storage.googleapis.com/charts",
-      wait: true,
-      waitForJobs: true,
     });
 
     // istio ingress
@@ -79,16 +73,16 @@ export class Istio extends Construct {
 
     const istioIngressGateway = new helm.release.Release(
       this,
-      `istio-ingress-gateway${config.idPostfix}`,
+      `istio-ingress-gateway-${name}`,
       {
         provider: config.helmProvider,
         name: "istio-ingressgateway",
         chart: "gateway",
+        version: "1.22.0",
         namespace: istioNamespace.metadata.name,
         dependsOn: [...config.dependsOn, istioBase, istioD],
-        wait: true,
-        waitForJobs: true,
         repository: "https://istio-release.storage.googleapis.com/charts",
+        values: config.ingressGatewayValues,
         set: istioIngressGatewayPorts.flatMap((port, index) => [
           { name: `service.ports[${index}].name`, value: port.name },
           { name: `service.ports[${index}].port`, value: port.port },
@@ -107,7 +101,7 @@ export class Istio extends Construct {
     this.istioIngressGatewayService =
       new kubernetes.dataKubernetesService.DataKubernetesService(
         this,
-        `istio-ingressgateway-service${config.idPostfix}`,
+        `istio-ingressgateway-service-${name}`,
         {
           provider: config.kubernetesProvider,
           dependsOn: [...config.dependsOn, istioIngressGateway],
@@ -118,15 +112,11 @@ export class Istio extends Construct {
         },
       );
 
-    this.ingressIP = new cdktf.TerraformOutput(
-      this,
-      `ingress-ip${config.idPostfix}`,
-      {
-        value: this.istioIngressGatewayService.status
-          .get(0)
-          .loadBalancer.get(0)
-          .ingress.get(0).ip,
-      },
-    ).value;
+    this.ingressIP = new cdktf.TerraformOutput(this, `ingress-ip-${name}`, {
+      value: this.istioIngressGatewayService.status
+        .get(0)
+        .loadBalancer.get(0)
+        .ingress.get(0).ip,
+    }).value;
   }
 }
diff --git a/deployments/constructs/backing-services/knative.ts b/deployments/constructs/backing-services/knative.ts
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2023-2024 - for information on the respective copyright owner see
+ * the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Construct } from "constructs";
+import * as cdktf from "cdktf";
+import * as kubernetes from "@cdktf/provider-kubernetes";
+import * as kubectl from "../../.gen/providers/kubectl";
+import * as http from "@cdktf/provider-http";
+
+export interface KnativeConfig {
+  ingressIP: string;
+  kubernetesProvider: cdktf.TerraformProvider;
+  kubectlProvider: cdktf.TerraformProvider;
+}
+
+export class Knative extends Construct {
+  public knativeOperator: cdktf.TerraformResource;
+  public knativeServing: cdktf.TerraformResource;
+
+  constructor(scope: Construct, name: string, config: KnativeConfig) {
+    super(scope, name);
+
+    const httpProvider = new http.provider.HttpProvider(
+      this,
+      `provider-http-${name}`,
+      {
+        alias: `provider-http-${name}`,
+      },
+    );
+
+    const knativeNamespace = new kubernetes.namespace.Namespace(
+      this,
+      `knative-namespace-${name}`,
+      {
+        provider: config.kubernetesProvider,
+        metadata: {
+          name: "knative-serving",
+        },
+      },
+    );
+
+    const knativeOperatorYaml = new http.dataHttp.DataHttp(
+      this,
+      `knative-operator-yaml-${name}`,
+      {
+        provider: httpProvider,
+        url: "https://github.com/knative/operator/releases/download/knative-v1.10.2/operator.yaml",
+      },
+    );
+
+    const knativeOperatorManifests =
+      new kubectl.dataKubectlFileDocuments.DataKubectlFileDocuments(
+        this,
+        `knative-operators-${name}`,
+        {
+          provider: config.kubectlProvider,
+          content: knativeOperatorYaml.body,
+        },
+      );
+
+    const knativeOperatorManifestsIter = cdktf.TerraformIterator.fromList(
+      knativeOperatorManifests.documents,
+    );
+
+    this.knativeOperator = new kubectl.manifest.Manifest(
+      this,
+      `knative-operator-${name}`,
+      {
+        provider: config.kubectlProvider,
+        forEach: knativeOperatorManifestsIter,
+        yamlBody: knativeOperatorManifestsIter.value,
+      },
+    );
+
+    this.knativeServing = new kubectl.manifest.Manifest(
+      this,
+      `knative-serving-${name}`,
+      {
+        provider: config.kubectlProvider,
+        validateSchema: true,
+        dependsOn: [this.knativeOperator],
+        yamlBody: `
+            apiVersion: operator.knative.dev/v1beta1
+            kind: KnativeServing
+            metadata:
+              name: knative-serving
+              namespace: ${knativeNamespace.metadata.name}
+            spec:
+              version: 1.8.2
+              manifests:
+                - URL: https://github.com/carbynestack/serving/releases/download/v1.8.2-multiport-patch/serving-crds.yaml
+                - URL: https://github.com/carbynestack/serving/releases/download/v1.8.2-multiport-patch/serving-core.yaml
+                - URL: https://github.com/knative/net-istio/releases/download/v1.8.2/release.yaml
+                - URL: https://github.com/knative/net-certmanager/releases/download/v1.8.2/release.yaml
+              config:
+                 domain:
+                    ${config.ingressIP}.sslip.io: ""
+                 defaults:
+                    max-revision-timeout-seconds: "36000"
+        `,
+      },
+    );
+  }
+}
diff --git a/deployments/constructs/metal-lb.ts → ...s/constructs/backing-services/metal-lb.ts b/deployments/constructs/metal-lb.ts → ...s/constructs/backing-services/metal-lb.ts
@@ -1,14 +1,14 @@
 /*
- * Copyright (c) 2023 - for information on the respective copyright owner
- * see the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
+ * Copyright (c) 2023-2024 - for information on the respective copyright owner see
+ * the NOTICE file and/or the repository https://github.com/carbynestack/carbynestack.
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
 import { Construct } from "constructs";
 import * as cdktf from "cdktf";
 import * as kubernetes from "@cdktf/provider-kubernetes";
-import * as kubectl from "../.gen/providers/kubectl";
+import * as kubectl from "../../.gen/providers/kubectl";
 import * as helm from "@cdktf/provider-helm";
 
 export interface MetalLBConfig {
@@ -67,7 +67,6 @@ export class MetalLB extends Construct {
           },
           { name: "metadata.name", value: "metallb-system" },
         ],
-        wait: true,
       },
     );
 
@@ -87,7 +86,6 @@ export class MetalLB extends Construct {
             addresses:
               - ${config.subnet ?? "172.18.1.255/25"}
         `,
-        wait: true,
       },
     );