This repository has been archived by the owner on Dec 16, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0d84128
commit dcf0f0c
Showing
4 changed files
with
302 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Terraform files | ||
.terraform | ||
terraform.tfstate | ||
terraform.tfvars | ||
*.tfstate* | ||
|
||
# OS X files | ||
.history | ||
.DS_Store | ||
|
||
# lambda zip files | ||
lambda.zip | ||
|
||
# IntelliJ files | ||
.idea_modules | ||
*.iml | ||
*.iws | ||
*.ipr | ||
.idea/ | ||
build/ | ||
*/build/ | ||
out/ | ||
|
||
# Go best practices dictate that libraries should not include the vendor directory | ||
vendor | ||
|
||
# Python stuff | ||
dist | ||
aws_auth_configmap_generator.* | ||
.python-version | ||
.tox | ||
__pycache__ | ||
*.pyc | ||
|
||
# Folder used to store temporary test data by Terratest | ||
.test-data | ||
|
||
# Generic temporary files | ||
/tmp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
# Contribution Guidelines | ||
|
||
Contributions to this Package are very welcome! We follow a fairly standard [pull request process]( | ||
https://help.github.com/articles/about-pull-requests/) for contributions, subject to the following guidelines: | ||
|
||
1. [File a GitHub issue](#file-a-github-issue) | ||
1. [Update the documentation](#update-the-documentation) | ||
1. [Update the tests](#update-the-tests) | ||
1. [Update the code](#update-the-code) | ||
1. [Create a pull request](#create-a-pull-request) | ||
1. [Merge and release](#merge-and-release) | ||
|
||
## File a GitHub issue | ||
|
||
Before starting any work, we recommend filing a GitHub issue in this repo. This is your chance to ask questions and | ||
get feedback from the maintainers and the community before you sink a lot of time into writing (possibly the wrong) | ||
code. If there is anything you're unsure about, just ask! | ||
|
||
## Update the documentation | ||
|
||
We recommend updating the documentation *before* updating any code (see [Readme Driven | ||
Development](http://tom.preston-werner.com/2010/08/23/readme-driven-development.html)). This ensures the documentation | ||
stays up to date and allows you to think through the problem at a high level before you get lost in the weeds of | ||
coding. | ||
|
||
## Update the tests | ||
|
||
We also recommend updating the automated tests *before* updating any code (see [Test Driven | ||
Development](https://en.wikipedia.org/wiki/Test-driven_development)). That means you add or update a test case, | ||
verify that it's failing with a clear error message, and *then* make the code changes to get that test to pass. This | ||
ensures the tests stay up to date and verify all the functionality in this Module, including whatever new | ||
functionality you're adding in your contribution. Check out the [tests](https://github.com/gruntwork-io/terraform-kubernetes-helm/tree/master/test) folder for instructions on running the | ||
automated tests. | ||
|
||
## Update the code | ||
|
||
At this point, make your code changes and use your new test case to verify that everything is working. As you work, | ||
keep in mind two things: | ||
|
||
1. Backwards compatibility | ||
1. Downtime | ||
|
||
### Backwards compatibility | ||
|
||
Please make every effort to avoid unnecessary backwards incompatible changes. With Terraform code, this means: | ||
|
||
1. Do not delete, rename, or change the type of input variables. | ||
1. If you add an input variable, it should have a `default`. | ||
1. Do not delete, rename, or change the type of output variables. | ||
1. Do not delete or rename a module in the `modules` folder. | ||
|
||
If a backwards incompatible change cannot be avoided, please make sure to call that out when you submit a pull request, | ||
explaining why the change is absolutely necessary. | ||
|
||
### Downtime | ||
|
||
Bear in mind that the Terraform code in this Module is used by real companies to run real infrastructure in | ||
production, and certain types of changes could cause downtime. For example, consider the following: | ||
|
||
1. If you rename a resource (e.g. `aws_instance "foo"` -> `aws_instance "bar"`), Terraform will see that as deleting | ||
the old resource and creating a new one. | ||
1. If you change certain attributes of a resource (e.g. the `name` of an `aws_elb`), the cloud provider (e.g. AWS) may | ||
treat that as an instruction to delete the old resource and a create a new one. | ||
|
||
Deleting certain types of resources (e.g. virtual servers, load balancers) can cause downtime, so when making code | ||
changes, think carefully about how to avoid that. For example, can you avoid downtime by using | ||
[create_before_destroy](https://www.terraform.io/docs/configuration/resources.html#create_before_destroy)? Or via | ||
the `terraform state` command? If so, make sure to note this in our pull request. If downtime cannot be avoided, | ||
please make sure to call that out when you submit a pull request. | ||
|
||
|
||
### Formatting and pre-commit hooks | ||
|
||
You must run `terraform fmt` on the code before committing. You can configure your computer to do this automatically | ||
using pre-commit hooks managed using [pre-commit](http://pre-commit.com/): | ||
|
||
1. [Install pre-commit](http://pre-commit.com/#install). E.g.: `brew install pre-commit`. | ||
1. Install the hooks: `pre-commit install`. | ||
|
||
That's it! Now just write your code, and every time you commit, `terraform fmt` will be run on the files you're | ||
committing. | ||
|
||
|
||
## Create a pull request | ||
|
||
[Create a pull request](https://help.github.com/articles/creating-a-pull-request/) with your changes. Please make sure | ||
to include the following: | ||
|
||
1. A description of the change, including a link to your GitHub issue. | ||
1. The output of your automated test run, preferably in a [GitHub Gist](https://gist.github.com/). We cannot run | ||
automated tests for pull requests automatically due to [security | ||
concerns](https://circleci.com/docs/fork-pr-builds/#security-implications), so we need you to manually provide this | ||
test output so we can verify that everything is working. | ||
1. Any notes on backwards incompatibility or downtime. | ||
|
||
## Merge and release | ||
|
||
The maintainers for this repo will review your code and provide feedback. If everything looks good, they will merge the | ||
code and release a new version, which you'll be able to find in the [releases page](../../releases). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# Gruntwork Philosophy | ||
|
||
At Gruntwork, we strive to accelerate the deployment of production grade infrastructure by prodiving a library of | ||
stable, reusable, and battle tested infrastructure as code organized into a series of [modules](#what-is-a-module) with | ||
[submodules](#what-is-a-submodule). Each module represents a particular set of infrastructure that is componentized into | ||
smaller pieces represented by the submodules within the module. By doing so, we have built a composable library that can | ||
be combined into building out everything from simple single service deployments to complicated microservice setups so | ||
that your infrastructure can grow with your business needs. Every module we provide is built with the [production grade | ||
infrastruture checklist](#production-grade-infrastructure-checklist) in mind, ensuring that the services you deploy are | ||
resilient, fault tolerant, and scalable. | ||
|
||
|
||
## What is a Module? | ||
|
||
A Module is a reusable, tested, documented, configurable, best-practices definition of a single piece of Infrastructure | ||
(e.g., Docker cluster, VPC, Jenkins, Consul), written using a combination of [Terraform](https://www.terraform.io/), Go, | ||
and Bash. A module contains a set of automated tests, documentation, and examples that have been proven in production, | ||
providing the underlying infrastructure for [Gruntwork's customers](https://www.gruntwork.io/customers). | ||
|
||
Instead of figuring out the details of how to run a piece of infrastructure from scratch, you can reuse existing code | ||
that has been proven in production. And instead of maintaining all that infrastructure code yourself, you can leverage | ||
the work of the community to pick up infrastructure improvements through a version number bump. | ||
|
||
|
||
## What is a Submodule? | ||
|
||
Each Infrastructure Module consists of one or more orthogonal Submodules that handle some specific aspect of that | ||
Infrastructure Module's functionality. Breaking the code up into multiple submodules makes it easier to reuse and | ||
compose to handle many different use cases. Although Modules are designed to provide an end to end solution to manage | ||
the relevant infrastructure by combining the Submodules defined in the Module, Submodules can be used independently for | ||
specific functionality that you need in your infrastructure code. | ||
|
||
|
||
## Production Grade Infrastructure Checklist | ||
|
||
At Gruntwork, we have learned over the years that it is not enough to just get the services up and running in a publicly | ||
accessible space to call your application "production-ready." There are many more things to consider, and oftentimes | ||
many of these considerations are missing in the deployment plan of applications. These topics come up as afterthoughts, | ||
and are learned the hard way after the fact. That is why we codified all of them into a checklist that can be used as a | ||
reference to help ensure that they are considered before your application goes to production, and conscious decisions | ||
are made to neglect particular components if needed, as opposed to accidentally omitting them from consideration. | ||
|
||
<!-- | ||
Edit the following table using https://www.tablesgenerator.com/markdown_tables. Start by pasting the table below in the | ||
menu item File > Paste table data. | ||
--> | ||
|
||
| Task | Description | Example tools | | ||
|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| | ||
| Install | Install the software binaries and all dependencies. | Bash, Chef, Ansible, Puppet | | ||
| Configure | Configure the software at runtime. Includes port settings, TLS certs, service discovery, leaders, followers, replication, etc. | Bash, Chef, Ansible, Puppet | | ||
| Provision | Provision the infrastructure. Includes EC2 instances, load balancers, network topology, security gr oups, IAM permissions, etc. | Terraform, CloudFormation | | ||
| Deploy | Deploy the service on top of the infrastructure. Roll out updates with no downtime. Includes blue-green, rolling, and canary deployments. | Scripts, Orchestration tools (ECS, k8s, Nomad) | | ||
| High availability | Withstand outages of individual processes, EC2 instances, services, Availability Zones, and regions. | Multi AZ, multi-region, replication, ASGs, ELBs | | ||
| Scalability | Scale up and down in response to load. Scale horizontally (more servers) and/or vertically (bigger servers). | ASGs, replication, sharding, caching, divide and conquer | | ||
| Performance | Optimize CPU, memory, disk, network, GPU, and usage. Includes query tuning, benchmarking, load testing, and profiling. | Dynatrace, valgrind, VisualVM, ab, Jmeter | | ||
| Networking | Configure static and dynamic IPs, ports, service discovery, firewalls, DNS, SSH access, and VPN access. | EIPs, ENIs, VPCs, NACLs, SGs, Route 53, OpenVPN | | ||
| Security | Encryption in transit (TLS) and on disk, authentication, authorization, secrets management, server hardening. | ACM, EBS Volumes, Cognito, Vault, CIS | | ||
| Metrics | Availability metrics, business metrics, app metrics, server metrics, events, observability, tracing, and alerting. | CloudWatch, DataDog, New Relic, Honeycomb | | ||
| Logs | Rotate logs on disk. Aggregate log data to a central location. | CloudWatch logs, ELK, Sumo Logic, Papertrail | | ||
| Backup and Restore | Make backups of DBs, caches, and other data on a scheduled basis. Replicate to separate region/account. | RDS, ElastiCache, ec2-snapper, Lambda | | ||
| Cost optimization | Pick proper instance types, use spot and reserved instances, use auto scaling, and nuke unused resources. | ASGs, spot instances, reserved instances | | ||
| Documentation | Document your code, architecture, and practices. Create playbooks to respond to incidents. | READMEs, wikis, Slack | | ||
| Tests | Write automated tests for your infrastructure code. Run tests after every commit and nightly. | Terratest | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
[![Maintained by Gruntwork.io](https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg)](https://gruntwork.io/?ref=repo_aws_eks) | ||
|
||
# Helm Server Modules | ||
|
||
This repo contains a Module for deploying Helm Server on Kubernetes clusters with [Terraform](https://www.terraform.io). | ||
This repo is a part of [the Gruntwork Infrastructure as Code | ||
Library](https://gruntwork.io/infrastructure-as-code-library/), a collection of reusable, battle-tested, production | ||
ready infrastructure code. Read the [Gruntwork Philosophy](GRUNTWORK_PHILOSOPHY.md) document to learn more about how | ||
Gruntwork builds production grade infrastructure code. | ||
|
||
|
||
## What is in this repo | ||
|
||
This repo provides a Gruntwork IaC Package and has the following folder structure: | ||
|
||
* [modules](/modules): This folder contains the main implementation code for this Module, broken down into multiple | ||
standalone Submodules. | ||
* [examples](/examples): This folder contains examples of how to use the Submodules. The [example root | ||
README](/examples/README.md) provides a quickstart guide on how to use the Submodules in this Module. | ||
* [test](/test): Automated tests for the Modules and examples. | ||
|
||
The following submodules are available in this module: | ||
|
||
- [k8s-namespace](/modules/k8s-namespace): Provision a Kubernetes `Namespace` with a default set of RBAC roles. | ||
- [k8s-service-account](/modules/k8s-service-account): Provision a Kubernetes `ServiceAccount`. | ||
- [k8s-helm-server](/modules/k8s-helm-server): Provision a namespaced secure Helm Server on an existing Kubernetes | ||
cluster. | ||
|
||
## What is Kubernetes? | ||
|
||
[Kubernetes](https://kubernetes.io) is an open source container management system for deploying, scaling, and managing | ||
containerized applications. Kubernetes is built by Google based on their internal proprietary container management | ||
systems (Borg and Omega). Kubernetes provides a cloud agnostic platform to deploy your containerized applications with | ||
built in support for common operational tasks such as replication, autoscaling, self-healing, and rolling deployments. | ||
|
||
You can learn more about Kubernetes from [the official documentation](https://kubernetes.io/docs/tutorials/kubernetes-basics/). | ||
|
||
|
||
## What is Helm? | ||
|
||
[Helm](https://helm.sh/) is a package and module manager for Kubernetes that allows you to define, install, and manage | ||
Kubernetes applications as reusable packages called Charts. Helm provides support for official charts in their | ||
repository that contains various applications such as Jenkins, MySQL, and Consul to name a few. Gruntwork uses Helm | ||
under the hood for the Kubernetes modules in this package. | ||
|
||
Helm consists of two components: the Helm Client, and the Helm Server (Tiller) | ||
|
||
### What is the Helm Client? | ||
|
||
The Helm client is a command line utility that provides a way to interact with Tiller. It is the primary interface to | ||
installing and managing Charts as releases in the Helm ecosystem. In addition to providing operational interfaces (e.g | ||
install, upgrade, list, etc), the client also provides utilities to support local development of Charts in the form of a | ||
scaffolding command and repository management (e.g uploading a Chart). | ||
|
||
### What is the Helm Server? | ||
|
||
The Helm Server (Tiller) is a component of Helm that runs inside the Kubernetes cluster. Tiller is what | ||
provides the functionality to apply the Kubernetes resource descriptions to the Kubernetes cluster. When you install a | ||
release, the helm client essentially packages up the values and charts as a release, which is submitted to Tiller. | ||
Tiller will then generate Kubernetes YAML files from the packaged release, and then apply the generated Kubernetes YAML | ||
file from the charts on the cluster. | ||
|
||
<!-- TODO: ## What parts of the Production Grade Infrastructure Checklist are covered by this Module? --> | ||
|
||
|
||
## Who maintains this Module? | ||
|
||
This Module and its Submodules are maintained by [Gruntwork](http://www.gruntwork.io/). If you are looking for help or | ||
commercial support, send an email to | ||
[support@gruntwork.io](mailto:support@gruntwork.io?Subject=GKE%20Module). | ||
|
||
Gruntwork can help with: | ||
|
||
* Setup, customization, and support for this Module. | ||
* Modules and submodules for other types of infrastructure, such as VPCs, Docker clusters, databases, and continuous | ||
integration. | ||
* Modules and Submodules that meet compliance requirements, such as HIPAA. | ||
* Consulting & Training on AWS, Terraform, and DevOps. | ||
|
||
|
||
## How do I contribute to this Module? | ||
|
||
Contributions are very welcome! Check out the [Contribution Guidelines](/CONTRIBUTING.md) for instructions. | ||
|
||
|
||
## How is this Module versioned? | ||
|
||
This Module follows the principles of [Semantic Versioning](http://semver.org/). You can find each new release, along | ||
with the changelog, in the [Releases Page](../../releases). | ||
|
||
During initial development, the major version will be 0 (e.g., `0.x.y`), which indicates the code does not yet have a | ||
stable API. Once we hit `1.0.0`, we will make every effort to maintain a backwards compatible API and use the MAJOR, | ||
MINOR, and PATCH versions on each release to indicate any incompatibilities. | ||
|
||
|
||
## License | ||
|
||
Please see [LICENSE](/LICENSE) for how the code in this repo is licensed. | ||
|
||
Copyright © 2018 Gruntwork, Inc. |