diff --git a/README.md b/README.md index 8d53160..55073eb 100644 --- a/README.md +++ b/README.md @@ -253,6 +253,7 @@ Once you are finished with the reference architecture, you can remove all provis | Name | Version | |------|---------| +| terraform | >= 1.0.0 | | terraform | >= 1.3.0 | | aws | ~> 5.17 | | github | ~> 5.38 | @@ -281,6 +282,7 @@ Once you are finished with the reference architecture, you can remove all provis | humanitec\_k8s\_connection | ./modules/humanitec-k8s-connection | n/a | | portal\_backstage | ./modules/portal-backstage | n/a | | portal\_rhdh | ./modules/portal-rhdh | n/a | +| terraform\_state\_backend | cloudposse/tfstate-backend/aws | 1.1.1 | ### Resources diff --git a/backend.tf b/backend.tf new file mode 100644 index 0000000..93e1be5 --- /dev/null +++ b/backend.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0.0" + + backend "s3" { + region = "eu-central-1" + bucket = "htc-demo-41-ra-rhos-with-rhdh-state" + key = "terraform.tfstate" + dynamodb_table = "htc-demo-41-ra-rhos-with-rhdh-state-lock" + profile = "" + role_arn = "" + encrypt = "true" + } +} diff --git a/modules/base/humanitec-operator.tf b/modules/base/humanitec-operator.tf index 943d40b..136b7d6 100644 --- a/modules/base/humanitec-operator.tf +++ b/modules/base/humanitec-operator.tf @@ -62,7 +62,7 @@ resource "helm_release" "humanitec_operator" { repository = "oci://ghcr.io/humanitec/charts" chart = "humanitec-operator" - version = "0.2.6" + version = "0.4.0" wait = true timeout = 300 diff --git a/modules/base/humanitec.tf b/modules/base/humanitec.tf index 8d12d6d..c4de9c5 100644 --- a/modules/base/humanitec.tf +++ b/modules/base/humanitec.tf @@ -31,3 +31,19 @@ resource "humanitec_resource_definition_criteria" "default_mysql" { force_delete = true } + +resource "humanitec_resource_definition" "default_logging" { + driver_type = "humanitec/logging-k8s" + id = "default-logging" + name = "default-logging" + type = "logging" + + driver_inputs = {} +} + +resource "humanitec_resource_definition_criteria" "default_logging" { + resource_definition_id = humanitec_resource_definition.default_logging.id + class = "default" + + force_delete = true +} diff --git a/modules/cd-argocd/argocd-operator.tf b/modules/cd-argocd/argocd-operator.tf index fd9a07b..04aca12 100644 --- a/modules/cd-argocd/argocd-operator.tf +++ b/modules/cd-argocd/argocd-operator.tf @@ -55,7 +55,7 @@ resource "kubernetes_manifest" "argocd_operator_subscription" { name = "argocd-operator" source = "community-operators" sourceNamespace = "openshift-marketplace" - startingCSV = "argocd-operator.v0.10.0" + startingCSV = "argocd-operator.v0.13.0" } } } diff --git a/modules/portal-rhdh/devhub/rhdh-app-configmap.yaml b/modules/portal-rhdh/devhub/rhdh-app-configmap.yaml deleted file mode 100644 index 2ae3862..0000000 --- a/modules/portal-rhdh/devhub/rhdh-app-configmap.yaml +++ /dev/null @@ -1,76 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: app-config-rhdh - namespace: rhdh -data: - app-config-rhdh.yaml: | - app: - title: Red Hat Developer Hub - baseUrl: https://backstage-developer-hub-rhdh.${basedomain} - backend: - auth: - keys: - - secret: ${BACKEND_SECRET} - baseUrl: https://backstage-developer-hub-rhdh.${basedomain} - cors: - origin: https://backstage-developer-hub-rhdh.${basedomain} - catalog: - rules: - - allow: [Component, System, Group, Resource, Location, Template, API, User, Domain, Type] - providers: - # github discovery plugin isn't installed yet. - # github: - # githubOrg: - # organization: ${GITHUB_ORG_ID} - locations: - - type: url - target: https://github.com/humanitec-architecture/backstage/blob/main/templates/podinfo-example/template.yaml - - type: url - target: https://github.com/humanitec-architecture/backstage/blob/main/templates/node-service/template.yaml - - type: url - target: https://github.com/humanitec-architecture/reference-architecture-rhos/blob/main/backstage-templates/quarkus-todo/template.yaml - dynamicPlugins: - # See https://github.com/janus-idp/backstage-showcase/blob/main/showcase-docs/dynamic-plugins.md#frontend-layout-configuration - frontend: - humanitec.backstage-plugin: - mountPoints: - - mountPoint: entity.page.overview/cards - importName: HumanitecCardComponent - config: - layout: - gridColumn: - lg: '5 / -1' - md: '3 / -1' - xs: '1 / -1' - if: - allOf: - - isKind: component - scaffolderFieldExtensions: - - importName: ValidateHumanitecAppIDFieldExtension - - humanitec: - orgId: ${HUMANITEC_ORG_ID} - token: ${HUMANITEC_TOKEN} # without Bearer - cloudProvider: aws - githubOrgId: ${GITHUB_ORG_ID} - - auth: - # see https://backstage.io/docs/auth/ to learn about auth providers - environment: development - providers: - github: - development: - clientId: ${GITHUB_APP_CLIENT_ID} - clientSecret: ${GITHUB_APP_CLIENT_SECRET} - integrations: - github: - - host: github.com - apps: - - appId: ${GITHUB_APP_APP_ID} - clientId: ${GITHUB_APP_CLIENT_ID} - clientSecret: ${GITHUB_APP_CLIENT_SECRET} - webhookUrl: ${GITHUB_APP_WEBHOOK_URL} - webhookSecret: ${GITHUB_APP_WEBHOOK_SECRET} - privateKey: | - ${GITHUB_APP_PRIVATE_KEY} diff --git a/modules/portal-rhdh/devhub/rhdh-dynamic-plugins-configmap.yaml b/modules/portal-rhdh/devhub/rhdh-dynamic-plugins-configmap.yaml deleted file mode 100644 index 9bbb6a3..0000000 --- a/modules/portal-rhdh/devhub/rhdh-dynamic-plugins-configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: dynamic-plugin-config-rhdh - namespace: rhdh -data: - dynamic-plugins.yaml: | - includes: - - dynamic-plugins.default.yaml - plugins: - - # update using: npm view @humanitec/backstage-plugin-scaffolder-backend-module-dynamic - package: '@humanitec/backstage-plugin-scaffolder-backend-module-dynamic@0.3.0' - integrity: 'sha512-r0SCTrs7tUyyBmFpMcHw1MUzN+ad1iviztkBJ55ZCsnRhJNNVb41ucDqkXqjXTBTTvOEt4u0ZsMq0SxVplXfVw==' - pluginConfig: {} - - # update using: npm view @humanitec/backstage-plugin-dynamic - package: '@humanitec/backstage-plugin-dynamic@0.7.0' - integrity: 'sha512-bY0OCkZxQVWWn7dpeV/IBFd3trHlwDZzHyqkFPJp2NcALpxVg51ojQkKNry+WTdqGCQoqQNlhRGTAMJgTZ+q2Q==' - pluginConfig: {} - - # update using: npm view @humanitec/backstage-plugin-backend-dynamic - package: '@humanitec/backstage-plugin-backend-dynamic@0.6.3' - integrity: 'sha512-T8GdT0dAmkgtZPXJRWMQmTvecU52FVrB1mcR14OgDhhkxdPkP5rsOLwHzsM8bUHdQjPYPoRSv4ozW+jfB4pn7w==' - pluginConfig: {} diff --git a/modules/portal-rhdh/main.tf b/modules/portal-rhdh/main.tf index b865943..53790b5 100644 --- a/modules/portal-rhdh/main.tf +++ b/modules/portal-rhdh/main.tf @@ -1,6 +1,5 @@ locals { devhub_manifests = "${path.module}/devhub" - } resource "kubernetes_namespace_v1" "rhdh" { @@ -52,11 +51,81 @@ resource "kubernetes_secret_v1" "rhdh_secrets" { } } -resource "kubernetes_manifest" "rhdh_app_configmap" { - manifest = yamldecode(file("${local.devhub_manifests}/rhdh-app-configmap.yaml")) +resource "kubernetes_config_map" "rhdh_app_configmap" { + metadata { + name = "app-config-rhdh" + namespace = kubernetes_namespace_v1.rhdh.id + } - field_manager { - force_conflicts = true + data = { + "app-config.yaml" = <<-EOT + app: + title: Red Hat Developer Hub + baseUrl: https://backstage-developer-hub-rhdh.${var.basedomain} + backend: + auth: + keys: + - secret: ${resource.kubernetes_secret_v1.rhdh_secrets.metadata[0].name} + baseUrl: https://backstage-developer-hub-rhdh.${var.basedomain} + cors: + origin: https://backstage-developer-hub-rhdh.${var.basedomain} + catalog: + rules: + - allow: [Component, System, Group, Resource, Location, Template, API, User, Domain, Type] + locations: + - type: url + target: https://github.com/humanitec-architecture/backstage-catalog-templates/blob/main/podinfo/template.yaml + - type: url + target: https://github.com/humanitec-architecture/backstage-catalog-templates/blob/main/node-service/template.yaml + - type: url + target: https://github.com/humanitec-architecture/reference-architecture-rhos/blob/main/backstage-templates/quarkus-todo/template.yaml + dynamicPlugins: + # See https://github.com/janus-idp/backstage-showcase/blob/main/showcase-docs/dynamic-plugins.md#frontend-layout-configuration + frontend: + humanitec.backstage-plugin: + mountPoints: + - mountPoint: entity.page.overview/cards + importName: HumanitecCardComponent + config: + layout: + gridColumn: + lg: '5 / -1' + md: '3 / -1' + xs: '1 / -1' + if: + allOf: + - isKind: component + scaffolderFieldExtensions: + - importName: ValidateHumanitecAppIDFieldExtension + humanitec: + orgId: ${var.humanitec_org_id} + token: ${var.humanitec_ci_service_user_token} # without Bearer + cloudProvider: aws + githubOrgId: ${var.github_org_id} + auth: + environment: production + providers: + github: + production: + clientId: ${var.github_app_client_id} + clientSecret: ${var.github_app_client_secret} + signIn: + resolvers: + - resolver: usernameMatchingUserEntityName + dangerouslyAllowSignInWithoutUserInCatalog: true + integrations: + github: + - host: github.com + apps: + - appId: ${var.github_app_id} + clientId: ${var.github_app_client_id} + clientSecret: ${var.github_app_client_secret} + webhookUrl: ${var.github_webhook_url} + webhookSecret: ${var.github_webhook_secret} + privateKey: | + ${replace(var.github_app_private_key, "\n", "\n ")} + signInPage: github + EOT } depends_on = [ @@ -64,11 +133,58 @@ resource "kubernetes_manifest" "rhdh_app_configmap" { ] } -resource "kubernetes_manifest" "rhdh_dynamic_plugins_configmap" { - manifest = yamldecode(file("${local.devhub_manifests}/rhdh-dynamic-plugins-configmap.yaml")) +resource "kubernetes_config_map" "dynamic_plugin_config_rhdh" { + metadata { + name = "dynamic-plugin-config-rhdh" + namespace = kubernetes_namespace_v1.rhdh.id + } - field_manager { - force_conflicts = true + data = { + "dynamic-plugins.yaml" = <<-EOT + includes: + - dynamic-plugins.default.yaml + plugins: + - # update using: npm view @humanitec/backstage-plugin-scaffolder-backend-module-dynamic + package: '@humanitec/backstage-plugin-scaffolder-backend-module-dynamic@0.4.0' + integrity: 'sha512-sn6PgR0oCix/Nd0MXLoQ5SW00rF+SNmXArNuH/4dns5zLBN8iXXIhwLh8mIEKu7kI1P9pe/WYhGcA1GNSHCO2A==' + pluginConfig: {} + - # update using: npm view @humanitec/backstage-plugin-dynamic + package: '@humanitec/backstage-plugin-dynamic@0.8.0' + integrity: 'sha512-y3Cfy/+EkjW9hYqg6KOgRJ1mEobjppE1nkSj3cIBHFH1t5JXhqSE2OOxDzxdqvRdApk3e/JufEgTRn1MpcAxhg==' + pluginConfig: {} + - # update using: npm view @humanitec/backstage-plugin-backend-dynamic + package: '@humanitec/backstage-plugin-backend-dynamic@0.7.0' + integrity: 'sha512-zzrNbXvB1BVa/z1jWZQwFH90bXvNM5by1MSj7dZZ5MlcftB6D/G10RYvHar4QjsNx+o6klio5I32yLX6vwOYHA==' + pluginConfig: {} + - # update using: npm view @backstage/plugin-scaffolder-backend-module-github + package: '@backstage/plugin-scaffolder-backend-module-github@0.6.1' + integrity: 'sha512-B1lKoeEZlEz0uFs2LB5p+W2pinDUuLbbtDAV7m8KvAkim6bw7KJ/LB4ibXZHyCRa/nH4Gsgjnb/cTwemSpEveg==' + pluginConfig: {} + - package: './dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-dynamic' + disabled: false + pluginConfig: + catalog: + providers: + github: + organization: "${var.github_org_id}" + schedule: + frequency: { minutes: 1 } + timeout: { seconds: 45 } + initialDelay: { seconds: 10 } + - package: './dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-org-dynamic' + disabled: false + pluginConfig: + catalog: + providers: + githubOrg: + id: "${var.github_org_id}" + githubUrl: "https://github.com" + orgs: [ "${var.github_org_id}" ] + schedule: + frequency: { minutes: 1 } + timeout: { seconds: 45 } + initialDelay: { seconds: 10 } + EOT } depends_on = [ @@ -82,8 +198,8 @@ resource "kubernetes_manifest" "rhdh_instance" { depends_on = [ kubernetes_manifest.rhdh_operator_group, kubernetes_manifest.rhdh_operator_subscription, - kubernetes_manifest.rhdh_app_configmap, - kubernetes_manifest.rhdh_dynamic_plugins_configmap, + kubernetes_config_map.rhdh_app_configmap, + kubernetes_config_map.dynamic_plugin_config_rhdh, kubernetes_secret_v1.rhdh_github_secrets, kubernetes_secret_v1.rhdh_secrets ] diff --git a/state.tf b/state.tf new file mode 100644 index 0000000..ab27dd0 --- /dev/null +++ b/state.tf @@ -0,0 +1,13 @@ +# TODO Remove before merge + +module "terraform_state_backend" { + source = "cloudposse/tfstate-backend/aws" + version = "1.1.1" + namespace = var.humanitec_org_id + name = "ra-rhos-with-rhdh" + attributes = ["state"] + + terraform_backend_config_file_path = "." + terraform_backend_config_file_name = "backend.tf" + force_destroy = false +}