Terraform EKS onboarding
This Terraform configuration deploys a Kubernetes DigitalEx appliance using Helm, with configuration fetched from a remote DigitalEx API.
CODE
## Prerequisites
- Terraform (>= 1.0.0)
- kubectl configured with access to your target Kubernetes cluster
- Valid kubeconfig file at `~/.kube/config`
- Helm (>= 3.0.0)Required Terraform providers
- Helm (~> 2.17.0)
- Kubernetes (~> 2.35.1)
- HTTP (~> 3.4.0)
The following steps are happening in the terraform template
Making An HTTPS call DigitalEx to get the required input to set parameters to deploy helm using terraform, which inputs such as DX API URL, DX tenant ID, provider, and Cloud resource ID for the Kubernetes resource.
CODEGET API URL : "${var.api_url}/${var.tenant_id}/k8s/init/${var.dx_provider}?cloudResourceId=${local.encoded_resource_id}" Request Headers : `Authorization = "Bearer ${var.api_token}"` Output: { "id": "dx cluster id", "url": "dx api url", "secret": "dx appliance secret" }use the output from API to set the helm parameters with other required input parameters such as
Prometheus URL, provider
Sample terraform files
terraform.tfvars
CODE
api_token = "--API_TOKEN-"
tenant_id = "TENANT_ID"
prometheus_endpoint = "http://prometheus-server.prometheus:80"
dx_provider = "gcp"
cloud_resource_id = "//container.googleapis.com/projects/gke-gpu-poc-424311/locations/us-central1-c/clusters/k8s-with-cpu-qa"variables.tf
CODE
variable "tenant_id" {
description = "tenant ID"
type = string
}
variable "cloud_resource_id" {
description = " cloud resource ID"
type = string
}
variable "prometheus_endpoint" {
description = "Prometheus endpoint to fetch configuration"
type = string
}
variable "dx_provider" {
description = "provider we want to onboard in DigitalEx eg: aws/azure/gcp"
type = string
}
variable "api_url" {
description = "API endpoint to fetch configuration"
type = string
default = "https://api.digitalex.io/"
}
variable "api_token" {
description = "API token for authentication to be fetched from DigitalEx Console"
type = string
sensitive = true
}
CODE
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "~> 2.17.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.35.1"
}
http = {
source = "hashicorp/http"
version = "~> 3.4.0"
}
}
}
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
provider "http" {}main.tf
CODE
locals {
encoded_resource_id = replace(var.cloud_resource_id, "/", "%2F")
}
# GET call to fetch configuration
data "http" "get_config" {
url = "${var.api_url}/${var.tenant_id}/k8s/init/${var.dx_provider}?cloudResourceId=${local.encoded_resource_id}"
request_headers = {
Authorization = "Bearer ${var.api_token}"
Accept = "*/*"
}
}
output "api_debug" {
value = {
status_code = data.http.get_config.status_code
response_body = data.http.get_config.response_body
response_headers = data.http.get_config.response_headers
}
}
# Add
# Parse the JSON response
locals {
config = jsondecode(data.http.get_config.response_body)
}
# Debug output to verify parsed values
output "parsed_config" {
value = local.config
}
# Deploy using Helm
resource "helm_release" "dx_k8s_appliance" {
name = "dx-k8s-appliance"
repository = "oci://us-central1-docker.pkg.dev/cloudwiz-io/public-charts"
chart = "dx-k8s-appliance"
namespace = "digitalex"
create_namespace = true
set {
name = "config.tenantId"
value = var.tenant_id
}
set {
name = "config.clusterId"
value = local.config.id # From API response
}
set {
name = "config.apiUrl"
value = var.api_url
}
set {
name = "config.apiKey"
value = local.config.secret # From API response
}
set {
name = "config.prometheusEndpoint"
value = var.prometheus_endpoint
}
set {
name = "config.provider"
value = var.dx_provider
}
}
# Debug outputs
output "helm_values" {
sensitive = true # Since it contains apiKey
value = {
repository = "oci://us-central1-docker.pkg.dev/cloudwiz-io/public-charts/"
tenant_id = var.tenant_id
cluster_id = local.config.id
api_key = local.config.secret
api_url = var.api_url
provider = var.dx_provider
}
}