feat(example): devops-stack on scaleway

chore(scaleway): first example

Author: Xaving

.gitignore

@@ -1,12 +1,19 @@
 ### Unwanted Terraform files when using the examples ###
-
 examples/*/.terraform
 examples/*/terraform.tfstate
 examples/*/terraform.tfstate.*
 examples/*/.terraform.tfstate.lock.info
 examples/*/*-config
 examples/*/.terraform.lock.hcl
-
+examples/*/secrets.yml
+examples/*/terraform.tfstate*
+examples/*/.terraform.lock.hcl
+examples/*/kubeconfig.yml
+examples/*/issue.txt
+examples/*/log.txt
+examples/*/*.png
+examples/*/*.html
+examples/*/issuers.yml
 
 ### Files and folders when building the website and documentation locally ###
 
@@ -55,3 +62,5 @@ ehthumbs_vista.db
 
 # Folder config file
 [Dd]esktop.ini
+.DS_STORE
+**/*.swp

examples/scaleway/README.md

@@ -0,0 +1,36 @@
+## Introduction
+The terraform project will instanciated a devops-stack on Scaleway.
+
+## Installation
+
+Add your credentials to launch the project. At least the following environement variables are required: `SCW_ACCESS_KEY,SCW_ACCESS_KEY,SCW_DEFAULT_ORGANIZATION_ID,SCW_DEFAULT_PROJECT_ID,SCW_DEFAULT_PROJECT_ID`.
+
+We also use an environement variable for the variable PROJECT\_ID called `TF_VAR_PROJECT_ID`
+
+Configure the stack by modifying `inputs.tfvars` (e.g: cluster\_name) and launch the terraform apply with:
+
+If you want to create a Kapsule cluster, you will have to use the scaleway provider in version 2.33.0.
+
+If you modify the base\_domain, be sure to add a new star record that points to the load balancer ip address created by the stack in your domain.
+
+```bash
+terraform init
+terraform apply -var-file inputs.tfvars 
+```
+
+## Usage
+Get the kubeconfig file and the domain name with the following commands:
+
+```bash
+terraform output -raw kubeconfig_file > kubeconfig.json
+terraform output base_domain 
+```
+ 
+Your application are available at the following address: $APP\_NAME.apps.$CLUSTER\_NAME.$BASE\_DOMAIN.
+e.g: prometheus.apps.devops-stack.51-51-52-52.np.io
+
+For authentication on oidc, users and password are available in the output:
+```bash
+terraform output passwords
+```
+

examples/scaleway/inputs.tfvars

@@ -0,0 +1,38 @@
+# ###################################################
+# Input for module which creates the scaleway cluster 
+# ###################################################
+cluster_name        = "devops-stack"
+cluster_description = "Devops-stack on cloud provider scaleway"
+cluster_tags        = ["demo", "dev", "devops-stack", "test", ]
+cluster_type        = "multicloud"
+kubernetes_version  = "1.29.1"
+admission_plugins   = ["PodNodeSelector", ]
+node_pools = {
+  config1 = {
+    node_type           = "DEV1-L"
+    size                = 2
+    min_size            = 2
+    max_size            = 2
+    autoscaling         = true
+    autohealing         = true
+    container_runtime   = "containerd"
+    wait_for_pool_ready = true
+  }
+}
+
+# #########################
+# Additional cluster config
+# #########################
+base_domain = "gs-fr-dev.camptocamp.com"
+lb_name     = "devops-stack"
+zone        = "fr-par-1"
+lb_type     = "LB-S"
+
+# Ingress
+ingress_enable_service_monitor = false
+
+# Keycloak
+cluster_issuer = "ca-issuer"
+
+# Cert-manager
+cert_manager_enable_service_monitor = false

examples/scaleway/loki.tf

@@ -0,0 +1,159 @@
+data "scaleway_account_project" "devops_stack" {
+  project_id = var.project_id
+}
+
+resource "scaleway_object_bucket" "loki" {
+  name = "devops-stack-loki-logs"
+  tags = {
+    line     = "devops-stack"
+    platform = "scw-devops-stack-example"
+  }
+}
+
+resource "scaleway_iam_application" "loki" {
+  name        = "devops-stack-example-loki"
+  description = "Loki access to S3 buckets from Devops Stack example"
+}
+
+resource "scaleway_iam_policy" "loki" {
+  name           = "devops-stack-example-loki"
+  description    = "Loki access to S3 buckets from Devops Stack example"
+  application_id = scaleway_iam_application.loki.id
+
+  rule {
+    project_ids = [data.scaleway_account_project.devops_stack.id]
+    permission_set_names = [
+      "ObjectStorageObjectsDelete",
+      "ObjectStorageObjectsRead",
+      "ObjectStorageObjectsWrite",
+      "ObjectStorageBucketsRead",
+    ]
+  }
+}
+
+resource "scaleway_iam_api_key" "loki" {
+  application_id     = scaleway_iam_application.loki.id
+  description        = "Loki credentials for Devops Stack example"
+  default_project_id = data.scaleway_account_project.devops_stack.id
+}
+
+locals {
+  loki_common_settings = {
+    extraEnv = [
+      {
+        name = "AWS_ACCESS_KEY_ID"
+        valueFrom = {
+          secretKeyRef = {
+            name = kubernetes_secret.credentials_loki_s3.metadata.0.name
+            key  = "AWS_ACCESS_KEY_ID"
+          }
+        }
+      },
+      {
+        name = "AWS_SECRET_ACCESS_KEY"
+        valueFrom = {
+          secretKeyRef = {
+            name = kubernetes_secret.credentials_loki_s3.metadata.0.name
+            key  = "AWS_SECRET_ACCESS_KEY"
+          }
+        }
+      },
+    ]
+  }
+}
+
+module "loki" {
+  source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git?ref=v8.1.0"
+
+  app_autosync = {}
+
+  retention = "9000h"
+  ingress = {
+    hosts          = ["loki.apps.${var.cluster_name}.${var.base_domain}"]
+    cluster_issuer = var.cluster_issuer
+  }
+
+  helm_values = [{
+    loki-distributed = {
+      loki = merge({
+        structuredConfig = {
+          auth_enabled = false
+          compactor = {
+            retention_delete_delay = "1h"
+            retention_enabled      = false
+          }
+          ingester = {
+            lifecycler = {
+              ring = {
+                replication_factor = 1
+              }
+            }
+          }
+        }
+        schemaConfig = {
+          configs = [
+            {
+              from         = "2023-04-28",
+              store        = "boltdb-shipper"
+              object_store = "s3"
+              schema       = "v11"
+              index = {
+                prefix = "index_"
+                period = "24h"
+              }
+            }
+          ]
+        }
+        storageConfig = {
+          aws = {
+            bucketnames      = scaleway_object_bucket.loki.id
+            endpoint         = scaleway_object_bucket.loki.endpoint
+            s3forcepathstyle = true
+            #region            = "fr-par"
+            sse_encryption    = false
+            signature_version = "v2"
+          }
+          boltdb_shipper = {
+            shared_store = "s3"
+            cache_ttl    = "24h"
+          }
+        }
+      }, local.loki_common_settings)
+      indexGateway  = local.loki_common_settings
+      ingester      = merge({ replicas = 1 }, local.loki_common_settings)
+      compactor     = local.loki_common_settings
+      queryFrontend = local.loki_common_settings
+      querier       = local.loki_common_settings
+      distributor   = local.loki_common_settings
+    }
+    promtail = {
+      updateStrategy = {
+        type = "RollingUpdate"
+        rollingUpdate = {
+          maxUnavailable = 3
+        }
+      }
+      config = {
+        clients = [
+          {
+            url = "http://loki-distributor:3100/loki/api/v1/push"
+            #tenant_id = 1
+          }
+        ]
+      }
+    }
+  }]
+}
+
+resource "kubernetes_secret" "credentials_loki_s3" {
+  metadata {
+    namespace = "loki-stack"
+    name      = "credentials-loki-s3"
+  }
+
+  data = {
+    AWS_ACCESS_KEY_ID     = scaleway_iam_api_key.loki.access_key
+    AWS_SECRET_ACCESS_KEY = scaleway_iam_api_key.loki.secret_key
+  }
+
+}