Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy docproxy and fix CSB #935

Merged
merged 5 commits into from
Dec 16, 2024
Merged

Deploy docproxy and fix CSB #935

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5178e38
Rename CSB file to make room for docproxy
jameshochadel Dec 10, 2024
87c3deb
Rename CSB buildpack var, which changed in https://github.com/cloud-g…
jameshochadel Dec 12, 2024
edea059
Add terraform for deploying documentation proxy
jameshochadel Dec 12, 2024
11a8972
Wire up new module variables to pipeline jobs
jameshochadel Dec 12, 2024
c4fac8c
Expose docproxy via external domain service instance
jameshochadel Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 59 additions & 6 deletions ci/pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,8 +247,16 @@ jobs:
- get: general-task
- get: csb-image
trigger: true
- get: csb-docproxy-image
trigger: true
- load_var: csb-image-repository
file: csb-image/repository
- load_var: csb-image-digest
file: csb-image/digest
- load_var: csb-docproxy-image-repository
file: csb-docproxy-image/repository
- load_var: csb-docproxy-image-digest
file: csb-docproxy-image/digest
- task: terraform-plan
image: general-task
file: terraform-templates/terraform/terraform-apply.yml
Expand All @@ -263,10 +271,13 @@ jobs:
CF_CLIENT_SECRET: ((cf-client-secret-development))
TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial))
TF_VAR_csb_aws_region_govcloud: ((aws-region))
TF_VAR_csb_aws_ses_default_zone: appmail.dev.us-gov-west-1.aws-us-gov.cloud.gov
TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-development))
TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.dev.us-gov-west-1.aws-us-gov.cloud.gov
TF_VAR_csb_docker_image_name: ((csb-docker-image-name))
TF_VAR_csb_docker_image_name: "((.:csb-image-repository))"
TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))"
TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))"
TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))"
TF_VAR_csb_docproxy_domain: dev.us-gov-west-1.aws-us-gov.cloud.gov
TF_VAR_csb_org_name: ((csb-org-name))
TF_VAR_csb_space_name: ((csb-space-name))
TF_VAR_external_remote_state_reader_access_key_id: ((development-tf-state-access-key-id))
Expand Down Expand Up @@ -1004,6 +1015,18 @@ jobs:
trigger: true
- get: pipeline-tasks
- get: general-task
- get: csb-image
trigger: true
- get: csb-docproxy-image
trigger: true
- load_var: csb-image-repository
file: csb-image/repository
- load_var: csb-image-digest
file: csb-image/digest
- load_var: csb-docproxy-image-repository
file: csb-docproxy-image/repository
- load_var: csb-docproxy-image-digest
file: csb-docproxy-image/digest
- task: terraform-plan
image: general-task
file: terraform-templates/terraform/terraform-apply.yml
Expand All @@ -1018,9 +1041,13 @@ jobs:
CF_CLIENT_SECRET: ((cf-client-secret-staging))
TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial))
TF_VAR_csb_aws_region_govcloud: ((aws-region))
TF_VAR_csb_aws_ses_default_zone: appmail.fr-stage.cloud.gov
TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-staging))
TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.fr-stage.cloud.gov
TF_VAR_csb_docker_image_name: ((csb-docker-image-name))
TF_VAR_csb_docker_image_name: "((.:csb-image-repository))"
TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))"
TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))"
TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))"
TF_VAR_csb_docproxy_domain: fr-stage.cloud.gov
TF_VAR_csb_org_name: ((csb-org-name))
TF_VAR_csb_space_name: ((csb-space-name))
TF_VAR_external_remote_state_reader_access_key_id: ((staging-tf-state-access-key-id))
Expand Down Expand Up @@ -1651,6 +1678,18 @@ jobs:
trigger: true
- get: pipeline-tasks
- get: general-task
- get: csb-image
trigger: true
- get: csb-docproxy-image
trigger: true
- load_var: csb-image-repository
file: csb-image/repository
- load_var: csb-image-digest
file: csb-image/digest
- load_var: csb-docproxy-image-repository
file: csb-docproxy-image/repository
- load_var: csb-docproxy-image-digest
file: csb-docproxy-image/digest
- task: terraform-plan
image: general-task
file: terraform-templates/terraform/terraform-apply.yml
Expand All @@ -1665,9 +1704,14 @@ jobs:
CF_CLIENT_SECRET: ((cf-client-secret-production))
TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial))
TF_VAR_csb_aws_region_govcloud: ((aws-region))
TF_VAR_csb_aws_ses_default_zone: appmail.cloud.gov
TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-production))
TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.cloud.gov
TF_VAR_csb_docker_image_name: ((csb-docker-image-name))
TF_VAR_csb_docker_image_name: "((.:csb-image-repository))"
TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))"
TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))"
TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))"
TF_VAR_csb_docproxy_domain: fr.cloud.gov
TF_VAR_csb_docproxy_instances: 2
TF_VAR_csb_org_name: ((csb-org-name))
TF_VAR_csb_space_name: ((csb-space-name))
TF_VAR_external_remote_state_reader_access_key_id: ((production-tf-state-access-key-id))
Expand Down Expand Up @@ -1962,6 +2006,15 @@ resources:
aws_region: us-gov-west-1
tag: latest

- name: csb-docproxy-image
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: csb-docproxy
aws_region: us-gov-west-1
tag: latest

resource_types:
- name: registry-image
type: registry-image
Expand Down
22 changes: 12 additions & 10 deletions terraform/modules/csb/main.tf → terraform/modules/csb/csb.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
data "cloudfoundry_org" "platform" {
name = var.org_name
}

data "cloudfoundry_space" "brokers" {
name = var.space_name
org = data.cloudfoundry_org.platform.id
}

resource "random_password" "csb_app_password" {
length = 32
special = false
Expand Down Expand Up @@ -58,7 +49,7 @@ resource "cloudfoundry_app" "csb" {
CLOUD_GOV_ENVIRONMENT = var.stack_name

# Brokerpak-specific variables
CG_SMTP_AWS_ZONE = var.cg_smtp_aws_ses_zone
BP_AWS_SES_DEFAULT_ZONE = var.aws_ses_default_zone
}

readiness_health_check_type = "http"
Expand All @@ -79,6 +70,17 @@ resource "cloudfoundry_route" "csb" {
}]
}

resource "cloudfoundry_route" "csb_docs" {
space = data.cloudfoundry_space.brokers.id
domain = data.cloudfoundry_domain.brokers_domain.id
host = "csb"
path = "docs"

destinations = [{
app_id = cloudfoundry_app.csb.id
}]
}

resource "cloudfoundry_service_broker" "csb" {
name = "csb"
password = random_password.csb_app_password.result
Expand Down
52 changes: 52 additions & 0 deletions terraform/modules/csb/docproxy.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
resource "cloudfoundry_app" "docproxy" {
name = "docproxy"
org_name = var.org_name
space_name = var.space_name

docker_image = "${var.docproxy_docker_image_name}${var.docproxy_docker_image_version}"
docker_credentials = {
"username" = var.ecr_access_key_id
"password" = var.ecr_secret_access_key
}

command = "/app/docproxy"
instances = var.docproxy_instances
memory = "128M"

environment = {
"BROKER_URL" = cloudfoundry_route.csb.url
"PORT" = 8080
}
}

data "cloudfoundry_domain" "cloudgov_platform_domain" {
name = var.docproxy_domain
}

resource "cloudfoundry_route" "docproxy" {
domain = data.cloudfoundry_domain.cloudgov_platform_domain.id
space = data.cloudfoundry_space.brokers.id
host = "services"

destinations = [{
app_id = cloudfoundry_app.docproxy.id
}]
}

data "cloudfoundry_service_plans" "external_domain" {
service_offering_name = "external-domain"
name = "domain"
service_broker_name = "external-domain-broker"
}

resource "cloudfoundry_service_instance" "docproxy_external_domain" {
name = "docproxy-domain"
space = data.cloudfoundry_space.brokers.id
type = "managed"

service_plan = data.cloudfoundry_service_plans.external_domain.service_plans[0].id

parameters = jsonencode({
domains = ["services.${var.docproxy_domain}"]
})
}
8 changes: 8 additions & 0 deletions terraform/modules/csb/shared.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
data "cloudfoundry_org" "platform" {
name = var.org_name
}

data "cloudfoundry_space" "brokers" {
name = var.space_name
org = data.cloudfoundry_org.platform.id
}
26 changes: 25 additions & 1 deletion terraform/modules/csb/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ variable "rds_password" {

# CSB Configuration

variable "cg_smtp_aws_ses_zone" {
variable "aws_ses_default_zone" {
type = string
description = "When the user does not provide a domain, a subdomain will be created for them under this DNS zone."
}
Expand Down Expand Up @@ -107,3 +107,27 @@ variable "aws_secret_access_key_commercial" {
variable "aws_region_commercial" {
type = string
}

# Docproxy configuration

variable "docproxy_domain" {
type = string
description = "The parent domain in CF under which the docproxy will be routed. For example, to serve it on services.fr.cloud.gov, set this to fr.cloud.gov. The subdomain is always 'services'."
}

variable "docproxy_docker_image_name" {
type = string
description = "Full name (but not tag or SHA) of the Docker image the broker will use."
}

variable "docproxy_docker_image_version" {
type = string
description = "Tag or SHA of the Docker image the broker will use. For example, ':latest' or '@sha256:abc123...'."
default = ":latest"

}

variable "docproxy_instances" {
type = number
description = "Number of instances of the docproxy app to run."
}
7 changes: 6 additions & 1 deletion terraform/stacks/apps/apps.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ module "csb" {
ecr_access_key_id = data.terraform_remote_state.iaas.outputs.csb.ecr_user.access_key_id_curr
ecr_secret_access_key = data.terraform_remote_state.iaas.outputs.csb.ecr_user.secret_access_key_curr
instances = 1
cg_smtp_aws_ses_zone = var.csb_cg_smtp_aws_ses_zone
aws_ses_default_zone = var.csb_aws_ses_default_zone
aws_access_key_id_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.access_key_id_curr
aws_secret_access_key_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.secret_access_key_curr
aws_region_govcloud = var.csb_aws_region_govcloud
Expand All @@ -27,4 +27,9 @@ module "csb" {
docker_image_name = var.csb_docker_image_name
docker_image_version = var.csb_docker_image_version
broker_route_domain = var.csb_broker_route_domain

docproxy_domain = var.csb_docproxy_domain
docproxy_instances = var.csb_docproxy_instances
docproxy_docker_image_name = var.csb_docproxy_docker_image_name
docproxy_docker_image_version = var.csb_docproxy_docker_image_version
}
19 changes: 18 additions & 1 deletion terraform/stacks/apps/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ variable "csb_aws_region_commercial" {
type = string
}

variable "csb_cg_smtp_aws_ses_zone" {
variable "csb_aws_ses_default_zone" {
type = string
}

Expand All @@ -64,3 +64,20 @@ variable "csb_space_name" {
variable "csb_broker_route_domain" {
type = string
}

variable "csb_docproxy_domain" {
type = string
}

variable "csb_docproxy_docker_image_name" {
type = string
}

variable "csb_docproxy_docker_image_version" {
type = string
}

variable "csb_docproxy_instances" {
type = number
default = 1
}
Loading