Add harbor terraform configuration

bc5bc88f · Rafael László · 3a0dc5f7 · bc5bc88f · bc5bc88f · bc5bc88f
Verified Commit bc5bc88f authored 3 years ago by Rafael László
--- a/terraform/config/.gitignore
+++ b/terraform/config/.gitignore
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.idea
--- a/terraform/config/.terraform.lock.hcl
+++ b/terraform/config/.terraform.lock.hcl
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/bestseller/harbor" {
+  version     = "3.4.4"
+  constraints = "3.4.4"
+  hashes = [
+    "h1:GHT6ZUsBJyIzXcLXZiop5s/m3C6cQ09xMw4de2a6PqQ=",
+    "zh:1ad0aa6844128ddaaa0635c643a583a3b9144b9cc7eadd4b2e5ace00d243a481",
+    "zh:3012cf556adc7cfa789436bcf028e1da84ed50cd68d69bab45ecf248a8941f4d",
+    "zh:42755ddff941ff52100f43f64fc79dd855cc01cb22038ad61ff8a524b9e51582",
+    "zh:4b2ea9b3e27e6b8482da5149b6c33e161351ca1fa07a9c995b58909e87ec409c",
+    "zh:8c44c19fc37a81f8f8f57ce01c0f1a8a307c81714a5e5b9c200d5117719b5e74",
+    "zh:8cc33cec5417bb2964bce5811d8b8773668a83511801d106ca68f14566c16881",
+    "zh:9b6d585ebd60c410989111051c1620b91dce058404913803fe31680589b45dcc",
+    "zh:a5b75747cc9a41091639ab179c9a4b8b5d1ad6d7ff85d3df8d495ef660d886ea",
+    "zh:ad1aaae5bad791bdebdee9b73f027826f5c0b1df30955c15a186f2a2c1926bda",
+    "zh:b5d99c6eef2fd7f54693e25c8549ee2a0ed5c216b98fcdc68a1f8e64579afdb8",
+    "zh:eb98dc39b4c96bae4143a3f5396d0d09d77b3159c4baaeaaef4f17f0177d6474",
+    "zh:ee9169e99484c7b0d04ed0b47e0ce63e1ad786b0477c652a2b1dff00166ec3e9",
+    "zh:f5184d6f8312bc8f5f1618531b6bcef8009db28f357794e4c6f9e4867bc0e864",
+    "zh:f90ad7341b0f542d5234206dc5d99f6095ebe168233da0db23c2e53092ae0e4a",
+  ]
+}
--- a/terraform/config/README.md
+++ b/terraform/config/README.md
+# My projects Terraform repo
+
+It focuses on VMWare but you can find
+other examples in the `./examples` folder.
+
+[Example documentation](https://docs.k8s-01.sch.bme.hu/tutorials/terraform#learn-by-doing-it)
+
+Each file contains on top what it should be used for.
+
+## Initialize
+
+We should store our terraform state in some remote 
+location, because this way others can work with
+our project.
+For that you should create your `login.sh` in the
+`secret` folder by copying the `login.sh.example` file.
+You will need an Acces token with `api` scope for your
+repository which can be created under 
+`Settings` > `Access tokens`.
+If you don't want to create a token for each project
+just create one for your user and use that.
+
+After you created the `login.sh` file, just run the `bootstrap.sh`
+file which configures the repository and your environment.
+
+`Infrastructure` should be enabled for the Repository!
+
+## Usage
+
+This will load the environment variables for the Vsphere provider.
+
+### Example
+
+First time:
+
+```bash
+cp secret/login.sh.example secret/login.sh
+nano secret/login.sh
+# ...
+./bootstrap.sh
+terraform plan
+```
+
+After it was initialized:
+
+```bash
+./bootstrap.sh
+terraform plan
+```
+
+## Cloud-init
+
+We can pass initialization script to our vms using
+cloud-init. 
+In this repo you can find an example to it
+under the `cloud-init` folder. 
+We can then base64 the file content and pass it as a 
+`vApp` property. 
+
+https://cloudinit.readthedocs.io/en/latest/
+
--- a/terraform/config/bootstrap.sh
+++ b/terraform/config/bootstrap.sh
+#!/bin/bash
+
+BASEDIR=$(dirname "$0")
+
+if ! [ -f "$BASEDIR/secret/login.sh" ]; then
+    echo "Please create the login.sh file!"
+    exit 0
+fi
+source $BASEDIR/secret/login.sh
+
+if [ -d "$BASEDIR/.terraform" ]; then
+    echo ".terraform folder exists."
+else
+    terraform init \
+        -backend-config="address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}" \
+        -backend-config="lock_address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}/lock" \
+        -backend-config="unlock_address=https://git.sch.bme.hu/api/v4/projects/${GITLAB_PROJECT_ID}/terraform/state/${GITLAB_STATE_NAME}/lock" \
+        -backend-config="username=${GITLAB_USER}" \
+        -backend-config="password=${GITLAB_REPO_TOKEN}" \
+        -backend-config="lock_method=POST" \
+        -backend-config="unlock_method=DELETE" \
+        -backend-config="retry_wait_min=5" \
+        -reconfigure
+fi
+echo "Environment has been set up."
+# to stay in our comfy virtualenv
+exec "${SHELL:bash}"
\ No newline at end of file
--- a/terraform/config/config.tf
+++ b/terraform/config/config.tf
+# Everything that is used for configuration
+
+terraform {
+  required_providers {
+    harbor = {
+      source  = "BESTSELLER/harbor"
+      version = "3.4.4"
+    }
+  }
+  backend "http" {
+  }
+}
+
+# Credentials are set by sourcing the secret/login.sh file
+variable "harbor_user" {
+  description = "Administrator user"
+  type        = string
+  sensitive   = false
+  default     = "required"
+}
+
+variable "harbor_password" {
+  description = "Administrator password"
+  type        = string
+  sensitive   = true
+  default     = "required"
+}
+
+
+provider "harbor" {
+  url      = "https://harbor.sch.bme.hu"
+  username = var.harbor_user
+  password = var.harbor_password
+}
--- a/terraform/config/data.tf
+++ b/terraform/config/data.tf
+# Everythings that is a data source. 
--- a/terraform/config/main.tf
+++ b/terraform/config/main.tf
+# Main configuration for our project.
+
+# Example
+resource "harbor_project" "private-arcter" {
+  name          = "private-arcter"
+  storage_quota = 1
+}
+
+resource "harbor_project_member_group" "private-arcter" {
+  project_id    = harbor_project.private-arcter.id
+  group_name    = "K8S_NAMESPACE_private-arcter"
+  role          = "projectadmin"
+  type          = "oidc"
+  ldap_group_dn = "cn=k8s_namespace_private-arcter,ou=permissions,ou=kubernetes,ou=sysadmin,ou=körök,ou=kollégiumi számítástechnikai kör,ou=reszortok,ou=reszortvezetők tanácsa,dc=sch,dc=bme,dc=hu"
+}
--- a/terraform/config/secret/.gitignore
+++ b/terraform/config/secret/.gitignore
+login.sh
\ No newline at end of file
--- a/terraform/config/secret/login.sh.example
+++ b/terraform/config/secret/login.sh.example
+#!/bin/bash
+
+# Gitlab Project ID, this will be used as state store
+export GITLAB_PROJECT_ID="0"
+# If you want to rename the terraform state name, feel free.
+export GITLAB_STATE_NAME="state"
+# GitLab username
+export GITLAB_USER="user"
+# Access token with API Acces to the repo
+export GITLAB_REPO_TOKEN="acces token"
+# vSphere Username
+export TF_VAR_vsphere_user="username"
+# vSphere Password
+export TF_VAR_vsphere_password="pw"