Create test mks with TF

Author: everesio

scripts/mks/.gitignore

@@ -0,0 +1,55 @@
+/*.tar
+/*.tgz
+
+# Intellij
+.idea/
+out/
+/*.iml
+
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+
+### Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/*
+**/.terraform*/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*

scripts/mks/Makefile

@@ -0,0 +1,34 @@
+.DEFAULT_GOAL := info
+.PHONY: info
+
+SSO_PROFILE=default
+
+info:
+	@echo "################################################################################"
+	@echo "### Usage:"
+	@echo "###    make <target>"
+	@echo "################################################################################"
+
+
+.PHONY: tf-init
+tf-init:
+	terraform init -input=false
+
+.PHONY: tf-plan
+tf-plan: tf-init
+	terraform plan -input=false
+
+.PHONY: tf-apply
+tf-apply: tf-init
+	terraform apply -input=false -auto-approve
+
+.PHONY: tf-destroy
+tf-destroy:
+	terraform destroy -input=false -auto-approve
+
+.PHONY: sso-login
+sso-login:
+	aws sso login --profile $(SSO_PROFILE)
+	# install tool from https://github.com/grepplabs/aws-sso/releases
+	@echo "Store temporary credentials in the ~/.aws/credentials"
+	aws-sso credentials refresh --profile $(SSO_PROFILE)

scripts/mks/all.auto.tfvars

@@ -0,0 +1,11 @@
+# ec2 with mqtt proxy
+kafka_proxy_version = "v0.2.2"
+mqtt_proxy_enable = true
+mqtt_proxy_version = "v0.0.1"
+mqtt_proxy_ec2_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgqvfLvcrNypxNXDV4wmKnrzWbYlHLPvCK8gVrd3+9Ji093yxVJYn7PgJzbbiBHt6dmtglFfqMaOMowUf++T21n6JWj2nfrXSaO+VhM823D/9i787ZQkHpoiPqbyXvIxaqEAiMmwCRdnz5nr+jAjlWU0rg81JbNz1Tj56TD80a7L7CKWxLzBhELaqpflNLkJy3+uNRQHs70u/7uAA7pQxAJGHWtHr+PWgPBajz4u8YYm9yTmXsNaLDWeuRkpaNs01BgblER7tycN2DykFJbi80LguxtdNcScjPcISPEgWJeRLgtI4CgnaB9cwfFNVMb2qUFjcp5an/mtZhyPcgcosJ mqtt-proxy@ubuntu"
+mqtt_proxy_ec2_instance_type = "t3.small"
+
+kafka_version = "2.4.1"
+# kafka.t3.small, kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, ...
+kafka_broker_instance_type = "kafka.t3.small"
+kafka_broker_ebs_volume_size = 20

scripts/mks/all.vars.tf

@@ -0,0 +1,43 @@
+variable "region" {
+  type = string
+  default = "eu-central-1"
+}
+
+variable "mqtt_proxy_version" {
+  type = string
+}
+
+variable "mqtt_proxy_ec2_public_key" {
+  type = string
+}
+
+variable "mqtt_proxy_ec2_instance_type" {
+  type = string
+}
+
+variable "mqtt_proxy_enable" {
+  type = bool
+  default = true
+}
+
+variable "kafka_proxy_version" {
+  type = string
+}
+
+variable "kafka_version" {
+  type = string
+  default = "2.4.1"
+}
+
+variable "kafka_number_of_broker_nodes" {
+  type = number
+  default = 3
+}
+
+variable "kafka_broker_instance_type" {
+  type = string
+}
+
+variable "kafka_broker_ebs_volume_size" {
+  type = number
+}

scripts/mks/aws.tf

@@ -0,0 +1,33 @@
+terraform {
+  required_version = ">= 0.12.18"
+}
+
+provider "aws" {
+  region = var.region
+  version = ">= 2.45.0"
+}
+
+data "aws_caller_identity" "current" {}
+
+data "aws_region" "current" {}
+
+data "aws_availability_zones" "available" {}
+
+data "aws_vpc" "vpc" {
+  filter {
+    name = "tag:Name"
+    values = [
+      "default"
+    ]
+  }
+}
+
+data "aws_subnet_ids" "subnets" {
+  vpc_id = data.aws_vpc.vpc.id
+}
+
+
+data "aws_subnet" "subnets" {
+  count = length(data.aws_subnet_ids.subnets.ids)
+  id    = tolist(data.aws_subnet_ids.subnets.ids)[count.index]
+}

scripts/mks/mks.tf

@@ -0,0 +1,58 @@
+resource "aws_security_group" "mqtt-proxy-cluster-security-group" {
+  vpc_id = data.aws_vpc.vpc.id
+
+  ingress {
+    from_port = 9092
+    to_port = 9092
+    protocol = "tcp"
+    security_groups = [
+      aws_security_group.mqtt-proxy-security-group.id]
+  }
+  ingress {
+    from_port = 9094
+    to_port = 9094
+    protocol = "tcp"
+    security_groups = [
+      aws_security_group.mqtt-proxy-security-group.id]
+  }
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+}
+
+resource "aws_msk_cluster" "mqtt-proxy-cluster" {
+  cluster_name = "mqtt-proxy-cluster"
+  kafka_version = var.kafka_version
+  number_of_broker_nodes = var.kafka_number_of_broker_nodes
+
+  broker_node_group_info {
+    instance_type   =  var.kafka_broker_instance_type
+    client_subnets  = data.aws_subnet.subnets.*.id
+    security_groups = [ aws_security_group.mqtt-proxy-cluster-security-group.id]
+    ebs_volume_size = var.kafka_broker_ebs_volume_size
+  }
+  # https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html
+  client_authentication {
+    tls {
+      certificate_authority_arns = [
+
+      ]
+    }
+  }
+}
+
+output "zookeeper_connect_string" {
+  value = aws_msk_cluster.mqtt-proxy-cluster.zookeeper_connect_string
+}
+
+output "bootstrap_brokers" {
+  value = aws_msk_cluster.mqtt-proxy-cluster.bootstrap_brokers
+}
+
+output "bootstrap_brokers_tls" {
+  value = aws_msk_cluster.mqtt-proxy-cluster.bootstrap_brokers_tls
+}

scripts/mks/proxy.tf

@@ -0,0 +1,117 @@
+resource "aws_instance" "mqtt-proxy" {
+  count                  = var.mqtt_proxy_enable ? 1 : 0
+  ami                    = data.aws_ami.ubuntu-focal.id
+  instance_type          = var.mqtt_proxy_ec2_instance_type
+  subnet_id              = data.aws_subnet.subnets.0.id
+  iam_instance_profile   = aws_iam_instance_profile.mqtt-proxy-profile.id
+  vpc_security_group_ids = [aws_security_group.mqtt-proxy-security-group.id]
+  key_name               = aws_key_pair.mqtt-proxy-key-pair.key_name
+  user_data              = <<EOF
+#!/usr/bin/env bash
+curl -Ls https://github.com/grepplabs/mqtt-proxy/releases/download/${var.mqtt_proxy_version}/mqtt-proxy-${var.mqtt_proxy_version}-linux-amd64.tar.gz | tar xz
+mv ./mqtt-proxy /usr/local/bin/mqtt-proxy
+
+# kafka-proxy is not required by mqtt-proxy
+curl -Ls https://github.com/grepplabs/kafka-proxy/releases/download/${var.kafka_proxy_version}/kafka-proxy-${var.kafka_proxy_version}-linux-amd64.tar.gz | tar xz
+mv ./kafka-proxy /usr/local/bin/kafka-proxy
+
+EOF
+}
+
+data "aws_ami" "ubuntu-focal" {
+  most_recent = true
+
+  filter {
+    name = "name"
+    values = [
+      "*ubuntu-focal-*"]
+  }
+
+  filter {
+    name = "virtualization-type"
+    values = [
+      "hvm"]
+  }
+  filter {
+    name = "root-device-type"
+    values = [
+      "ebs"]
+  }
+  owners = [
+    "099720109477"]
+}
+
+resource "aws_key_pair" "mqtt-proxy-key-pair" {
+  key_name   = "mqtt-proxy-key"
+  public_key = var.mqtt_proxy_ec2_public_key
+}
+
+resource "aws_iam_instance_profile" "mqtt-proxy-profile" {
+  name = "mqtt-proxy-instance-profile"
+  role = aws_iam_role.mqtt-proxy-role.name
+}
+
+resource "aws_iam_role" "mqtt-proxy-role" {
+  name = "mqtt-proxy-role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_security_group" "mqtt-proxy-security-group" {
+  name   = "mqtt-proxy-security-group"
+  vpc_id = data.aws_vpc.vpc.id
+
+  ingress {
+    from_port = 1883
+    to_port = 1883
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+  ingress {
+    from_port = 8883
+    to_port = 8883
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+  ingress {
+    from_port = 9090
+    to_port = 9090
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+  ingress {
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+}
+
+output "mqtt_proxy_ip" {
+  value = var.mqtt_proxy_enable ? aws_instance.mqtt-proxy.0.public_ip : ""
+}