Merge pull request #128 from pluralsh/byok

Add support to BYOK

Author: zreigz

charts/runtime/values.yaml.tpl

@@ -45,6 +45,28 @@ ingress-nginx-private:
   enabled: false
 {{ end }}
 
+{{ if eq .Provider "byok" }}
+external-dns:
+  enabled: false
+
+plural-certmanager-webhook:
+  enabled: true
+
+operator:
+  enabled: true
+
+application:
+  enabled: false
+
+plural:
+  enabled: false
+
+ingress-nginx:
+  enabled: false
+ingress-nginx-private:
+  enabled: false
+{{ end }}
+
 {{ if and (eq .Provider "aws") (not .Cloud) }}
 ingress-nginx:
   controller:

templates/providers/apps/byok.tf

@@ -0,0 +1,32 @@
+terraform {
+  required_version = ">= 1.0"
+
+  backend "local" {}
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.10"
+    }
+    plural = {
+      source  = "pluralsh/plural"
+      version = ">= 0.2.16"
+    }
+  }
+}
+
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
+data "kubernetes_secret_v1" "console-auth" {
+  metadata {
+    name      = "console-auth-token"
+    namespace = "plrl-console"
+  }
+}
+
+provider "plural" {
+  console_url  = "https://console.{{ .Subdomain }}"
+  access_token = data.kubernetes_secret_v1.console-auth.data["access-token"]
+}

templates/providers/bootstrap/byok.tf

@@ -0,0 +1,35 @@
+terraform {
+  required_version = ">= 1.0"
+
+  backend "local" {}
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.10"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.14.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "2.5.2"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
+  }
+}
+
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+

templates/setup/providers/byok.tf

@@ -0,0 +1,7 @@
+// BYOK – the cluster already exists externally, so the mgmt module is just a
+// stub that provides the outputs expected by console.tf without provisioning anything.
+module "mgmt" {
+  source = "./cluster"
+  db_url = "{{ .Context.DbUrl }}"
+}
+

templates/setup/stacks/byok.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: stacks
+  namespace: plrl-deploy-operator
+

terraform/clouds/byok/main.tf

@@ -0,0 +1,35 @@
+# BYOK stub cluster module.
+# The cluster already exists externally; this module only supplies the output
+# attributes that console.tf depends on so that file can be used unchanged
+# across all providers.
+
+# Optional external database URL. Leave empty to run the console without a
+# managed database (SQLite / in-cluster DB depending on the console chart).
+variable "db_url" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+resource "null_resource" "cluster" {}
+
+# Represents the cluster being "ready" – satisfied immediately for BYOK since
+# the cluster is pre-existing.
+output "cluster" {
+  value = null_resource.cluster.id
+}
+
+output "ready" {
+  value = null_resource.cluster.id
+}
+
+output "db_url" {
+  value     = var.db_url
+  sensitive = true
+}
+
+# No cloud IAM identity needed for BYOK.
+output "identity" {
+  value = ""
+}
+