ops: Create Examples and modules for deploying medcat to AWS, Azure and Openstack

Author: alhendrickson

.devcontainer/devcontainer.json

@@ -5,8 +5,13 @@
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
 	"image": "mcr.microsoft.com/devcontainers/base:jammy",
 	"features": {
-		"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
-		"ghcr.io/devcontainers/features/python:1": {}
+		"ghcr.io/devcontainers/features/python:1": {},
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
+		"ghcr.io/devcontainers/features/terraform:1": {},
+		"ghcr.io/devcontainers-extra/features/ansible:2": {},
+		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
+		"ghcr.io/devcontainers/features/aws-cli:1": {},
+		"ghcr.io/devcontainers/features/azure-cli:1": {}
 	},
 
 	// Features to add to the dev container. More info: https://containers.dev/features.

.gitignore

@@ -2,6 +2,46 @@
 observability/examples/simple/observability-simple
 observability/examples/full/cogstack-observability
 _build
+**/.build/
+
+
+### Terraform Git Ignore
+# https://github.com/github/gitignore/blob/main/Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/
+
+# .tfstate files
+**/*.tfstate
+**/*.tfstate.*
+
+# Crash log files
+**/crash.log
+**/crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data
+**/*.tfvars
+**/*.tfvars.json
+
+# Ignore override files
+**/override.tf
+**/override.tf.json
+**/*_override.tf
+**/*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+**/.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+**/.terraformrc
+**/terraform.rc
+
 
 # Python ignores
 # Byte-compiled / optimized / DLL files

deployment/terraform/examples/aws-kubernetes/.env.example

@@ -0,0 +1,3 @@
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export AWS_REGION=eu-west-1

deployment/terraform/examples/aws-kubernetes/.gitignore

@@ -0,0 +1,2 @@
+
+.env

deployment/terraform/examples/aws-kubernetes/README.md

@@ -0,0 +1,101 @@
+# AWS Deployment
+
+This is an example deployment of CogStack in AWS. It will create publically accessible services, so is not suitable for production deployment.
+
+The recommended deployment in AWS is based on using Kubernetes through AWS EKS.
+
+This example will create a AWS EKS cluster, setup any necessary config, deploy CogStack to the cluster, and test that it is available.
+
+## Usage
+Deployment through terraform is carried out through two terraform commands, to handle the sequencing issues between making a k8s cluster and using it in AWS.
+
+### Requirements
+- Terraform - [Install Terraform](https://developer.hashicorp.com/terraform/install)
+- AWS Credentials for an account that can create and destroy resources. 
+
+
+### Steps
+
+### 1. Add Required Secrets for your env
+This readme uses environment variables for access:
+
+1. See the `.env.example` file for the required details.
+2. Create a file `.env` with those fields set for your account. 
+3. Execute `source .env` to set those environment variables
+
+If desired, see the official documentation for other ways to provide AWS credentials https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
+
+### 2. Run Terraform
+Terraform is run on two modules for AWS, so we will run one terraform apply in one folder, then another terraform apply in a second folder. 
+
+Initial provisioning takes around 15 minutes.
+
+```bash
+# Set AWS credentials 
+source .env
+
+# Create AWS EKS infra
+cd eks-cluster
+terraform init
+terraform apply --auto-approve
+
+AWS_KUBECONFIG=$(terraform output -raw kubeconfig_file)
+
+# Deploy services to kubernetes
+cd ../kubernetes-deployment
+export TF_VAR_kubeconfig_file=$AWS_KUBECONFIG
+terraform init
+terraform apply --auto-approve
+```
+
+### 3. Accessing the CogStack Platform
+
+Once the deployment is complete and all services are running, you can access the CogStack platform and its components using the following URLs:
+
+```bash
+terraform output service_urls
+```
+
+
+### Optional - Destroy
+
+You can destroy the infra to save costs when it wont be used for a long time.
+
+Do note that there is an initial cost every time the EKS infrastructure is created, looks to be around $0.50 at time of writing.
+
+```bash
+cd ../kubernetes-deployment
+terraform destroy
+
+cd ../eks-cluster
+terraform destroy
+```
+
+
+## Optionally use the K8s cluster as normal with the CLI
+After setting up the cluster, it is possible to interact directly with it using the kubectl CLI
+
+The requirement is to get the KUBECONFIG file created by the terraform apply.
+
+```bash
+# Get KUBECONFIG
+cd eks-cluster
+AWS_KUBECONFIG=$(terraform output -raw kubeconfig_file)
+
+# SET KUBECONFIG
+export KUBECONFIG=${AWS_KUBECONFIG}
+```
+
+Note - alternatively you could use the AWS CLI to set your kubeconfig using `aws eks update-kubeconfig --name $(terraform output -raw cluster_name)`. 
+
+You can then interact with kubernetes via the CLI 
+
+```bash
+# Run Medcat service
+helm install my-medcat oci://registry-1.docker.io/cogstacksystems/medcat-service-helm --wait --timeout 10m0s
+
+# Create the ingress
+kubectl apply -f resources/ingress-medcat-service.yaml
+# Find public url
+kubectl get ingress
+```

deployment/terraform/examples/aws-kubernetes/eks-cluster/.terraform.lock.hcl

@@ -0,0 +1,78 @@
+# https://github.com/terraform-aws-modules/terraform-aws-eks/blob/v21.0.4/examples/eks-auto-mode/README.md#module_eks
+
+data "aws_availability_zones" "available" {
+  # Exclude local zones
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
+
+locals {
+  name               = "ex-${basename(path.cwd)}"
+  kubernetes_version = "1.33"
+  region             = "eu-west-1"
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    Test       = local.name
+    GithubRepo = "cogstack-devops"
+    GithubOrg  = "CogStack"
+  }
+}
+
+################################################################################
+# EKS Module
+################################################################################
+
+module "eks" {
+  source                 = "terraform-aws-modules/eks/aws"
+  version                = "21.0.4"
+  name                   = local.name
+  kubernetes_version     = local.kubernetes_version
+  endpoint_public_access = true
+
+  enable_cluster_creator_admin_permissions = true
+
+  compute_config = {
+    enabled    = true
+    node_pools = ["general-purpose"]
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  tags = local.tags
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 6.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+  intra_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  public_subnet_tags = {
+    "kubernetes.io/role/elb" = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/role/internal-elb" = 1
+  }
+
+  tags = local.tags
+}

deployment/terraform/examples/aws-kubernetes/eks-cluster/eks.tf

@@ -0,0 +1,11 @@
+
+resource "null_resource" "copy_kubeconfig" {
+  depends_on = [module.eks, module.vpc]
+
+  provisioner "local-exec" {
+    # Extract the kubeconfig file using the AWS CLI. Save it as a local file 
+    command = <<EOT
+aws eks update-kubeconfig --name ${module.eks.cluster_name} --kubeconfig ${local.kubeconfig_file}
+EOT
+  }
+}