Adds implementation to provision OCP cluster (#1)

* Adds missing cluster_versions data
* Renames cluster_type to ocp_version
* Adds trigger to force login / kube config setup with each run
* Adds resource to print vpc_name to force sequencing of module steps
* Adds ibm provider config with region, generation, and ibmcloud_api_key
* Updates default flavor to bx2.4x16
* Adds configuration for helm provider
* Updates module metadata
* Sets admin flag for cluster_config
* Get cluster config twice, once with and once without admin
* Adds sleep during kube-setup to allow RBAC to be configured
* Cleans up COS instance provisioning
    - Removes logic and variables required to provision COS instance
    - Adds dependency on external module to provision cos and provide id

Signed-off-by: Sean Sundberg <[email protected]>

Author: Sean Sundberg

.github/scripts/validate-deploy.sh

@@ -0,0 +1 @@
+#!/usr/bin/env bash

.github/workflows/verify.yaml

@@ -13,11 +13,11 @@ jobs:
   verify:
     if: ${{ !contains( github.event.pull_request.labels.*.name, 'skip ci' ) }}
     runs-on: ubuntu-latest
-    container: quay.io/ibmgaragecloud/cli-tools:v0.10.0-lite
+    container: quay.io/ibmgaragecloud/cli-tools:v0.12.0-lite
 
     strategy:
       matrix:
-        platform: [ocp4_latest]
+        platform: [ocp4vpc_latest]
       #      max-parallel: 1
       fail-fast: false
 
@@ -47,7 +47,6 @@ jobs:
           TF_VAR_ibmcloud_api_key: ${{ secrets.IBMCLOUD_API_KEY }}
           IBMCLOUD_API_KEY: ${{ secrets.IBMCLOUD_API_KEY }}
 
-
   release:
     #    if: ${{ github.event_name == 'push' }}
     needs: verify

chart/cloud-setup/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/cloud-setup/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: cloud-setup
+  repository: https://ibm-garage-cloud.github.io/toolkit-charts/
+  version: 0.3.1
+digest: sha256:2e9a33ceb66a2133f0745fafad8e6e83af8fb77e435130534253da6affc970b4
+generated: "2020-11-02T09:17:34.451862-06:00"

chart/cloud-setup/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: cloud-setup
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0
+
+dependencies:
+  - name: cloud-setup
+    version: 0.3.1
+    repository: https://ibm-garage-cloud.github.io/toolkit-charts/

chart/cloud-setup/charts/cloud-setup-0.3.1.tgz

@@ -0,0 +1,14 @@
+# Default values for cloud-setup.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  clusterType: ""
+  ingressSubdomain: ""
+  tlsSecretName: ""
+
+cloud-setup:
+  ibmcloud: {}
+
+  cntk-dev-guide: {}
+
+  first-app: {}

chart/cloud-setup/templates/.gitkeep

@@ -0,0 +1,202 @@
+provider "helm" {
+  version = ">= 1.1.1"
+
+  kubernetes {
+    config_path = local.cluster_config
+  }
+}
+
+locals {
+  gitops_dir   = var.gitops_dir != "" ? var.gitops_dir : "${path.cwd}/gitops"
+  chart_name   = "cloud-setup"
+  chart_dir    = "${local.gitops_dir}/${local.chart_name}"
+  global_config = {
+    clusterType = local.cluster_type_code
+    ingressSubdomain = local.ingress_hostname
+    tlsSecretName = local.tls_secret
+  }
+  ibmcloud_config = {
+    apikey = var.ibmcloud_api_key
+    resource_group = var.resource_group_name
+    server_url = local.server_url
+    cluster_type = local.cluster_type
+    cluster_name = local.cluster_name
+    tls_secret_name = local.tls_secret
+    ingress_subdomain = local.ingress_hostname
+    region = var.region
+    cluster_version = local.cluster_version
+  }
+  cntk_dev_guide_config = {
+    name = "cntk-dev-guide"
+    displayName = "Cloud-Native Toolkit"
+    url = "https://cloudnativetoolkit.dev"
+  }
+  first_app_config = {
+    name = "first-app"
+    displayName = "Deploy first app"
+    url = "https://cloudnativetoolkit.dev/getting-started-day-1/deploy-app/"
+  }
+}
+
+resource "null_resource" "list_tmp" {
+  depends_on = [null_resource.create_dirs]
+
+  triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "local-exec" {
+    command = "ls ${local.tmp_dir}"
+  }
+}
+
+data ibm_container_cluster_config cluster_admin {
+  depends_on        = [ibm_container_vpc_cluster.cluster, null_resource.list_tmp]
+
+  cluster_name_id   = local.cluster_name
+  admin             = true
+  resource_group_id = data.ibm_resource_group.resource_group.id
+  config_dir        = local.cluster_config_dir
+}
+
+data ibm_container_cluster_config cluster {
+  depends_on        = [
+    ibm_container_vpc_cluster.cluster,
+    null_resource.list_tmp,
+    data.ibm_container_cluster_config.cluster_admin
+  ]
+
+  cluster_name_id   = local.cluster_name
+  resource_group_id = data.ibm_resource_group.resource_group.id
+  config_dir        = local.cluster_config_dir
+}
+
+resource null_resource setup_kube_config {
+  depends_on = [null_resource.create_dirs]
+
+  provisioner "local-exec" {
+    command = "rm -f ${local.cluster_config} && ln -s ${data.ibm_container_cluster_config.cluster.config_file_path} ${local.cluster_config}"
+  }
+
+  provisioner "local-exec" {
+    command = "cp ${regex("(.*)/config.yml", data.ibm_container_cluster_config.cluster.config_file_path)[0]}/* ${local.cluster_config_dir}"
+  }
+
+  provisioner "local-exec" {
+    command = "echo 'Waiting for 5 minutes for permissions to be established...' && sleep 300"
+  }
+}
+
+resource null_resource setup-chart {
+  provisioner "local-exec" {
+    command = "mkdir -p ${local.chart_dir} && cp -R ${path.module}/chart/${local.chart_name}/* ${local.chart_dir}"
+  }
+}
+
+resource null_resource delete-helm-cloud-config {
+  depends_on = [null_resource.setup_kube_config]
+
+  provisioner "local-exec" {
+    command = "kubectl delete secret -n ${local.config_namespace} -l name=${local.ibmcloud_release_name} --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete secret -n ${local.config_namespace} -l name=cloud-setup --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete secret -n ${local.config_namespace} ibmcloud-apikey --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete configmap -n ${local.config_namespace} ibmcloud-config --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete secret -n ${local.config_namespace} cloud-access --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete configmap -n ${local.config_namespace} cloud-config --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+}
+
+resource "null_resource" "delete-consolelink" {
+  depends_on = [null_resource.setup_kube_config]
+  count      = local.cluster_type_code == "ocp4" ? 1 : 0
+
+  provisioner "local-exec" {
+    command = "kubectl delete consolelink toolkit-github --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "kubectl delete consolelink toolkit-registry --ignore-not-found"
+
+    environment = {
+      KUBECONFIG = local.cluster_config
+    }
+  }
+}
+
+resource "local_file" "cloud-values" {
+  depends_on = [null_resource.setup-chart]
+
+  content  = yamlencode({
+    global = local.global_config
+    cloud-setup = {
+      ibmcloud = local.ibmcloud_config
+      cntk-dev-guide = local.cntk_dev_guide_config
+      first-app = local.first_app_config
+    }
+  })
+  filename = "${local.chart_dir}/values.yaml"
+}
+
+resource "null_resource" "print-values" {
+  provisioner "local-exec" {
+    command = "cat ${local_file.cloud-values.filename}"
+  }
+}
+
+resource "helm_release" "cloud_setup" {
+  depends_on = [null_resource.setup_kube_config, null_resource.delete-helm-cloud-config, null_resource.delete-consolelink, local_file.cloud-values]
+
+  name              = "cloud-setup"
+  chart             = local.chart_dir
+  version           = "0.1.0"
+  namespace         = local.config_namespace
+  timeout           = 1200
+  dependency_update = true
+  force_update      = true
+  replace           = true
+
+  disable_openapi_validation = true
+}