Merge branch '4-agent-helm-chart' into 'master'

Use Helm to install the GitLab Agent Closes #4 See merge request gitlab-org/configure/examples/gitlab-terraform-gke!8

Merge branch '4-agent-helm-chart' into 'master'
38c85633 · João Alexandre Cunha · 096d051b · 64f1ecff · 38c85633 · 38c85633
Commit 38c85633 authored 2 years ago by João Alexandre Cunha
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,37 +2,58 @@
 # Manual edits may be lost in future updates.

 provider "registry.terraform.io/hashicorp/google" {
-  version = "4.12.0"
+  version = "4.31.0"
  hashes = [
-    "h1:twLiEKzbHAKTrPDoSN600wZm0CWM4oYZfiI4g1Evptk=",
-    "zh:104c9b1a14a0631ced8072f4cce00ea8e9d063f13c5f8cce0f0d9a1ad64230a1",
-    "zh:14bc7b8ba2f522e512b6a1405db443e89a0d7cb3e27edea3630fe5c6c71e9f71",
-    "zh:1d53032ccaac3b6452a8a91e6f68a022ad0a26affa70702a2cfa0346f4c3f2d3",
-    "zh:39184ecf86c42610e88a35edc5031535445e0224e2a11356ca0afa6bf9eba2e5",
-    "zh:46653430022ad1a154faac1b7c36308f421c5c7209e04dcda4fdf5c2019b5a90",
-    "zh:4c3c74d909b1d1ace7d57ec99e4c347c30b025588570d5382ca4140acb97df0e",
-    "zh:844e9d0e1f33c7b0ce08e34df9a3123f11169c8d02299d3a6d9bbae73482ebbc",
-    "zh:953758276c990efba630f3769616b9bb3d73e7fc7d2c385b2996d975f26b05ea",
-    "zh:afacd04e2ff3ac17cf998e9cfe28eed7cb2bc3ec2577e1e8d0053965aaddb8ac",
-    "zh:c7d18591d9c1b3ce812587e320509d3318cfcfb00758482a96b4699f947794b1",
-    "zh:c94bf6e4c746874da9bf69915966933ad29908be9eb1b0e0e5ea80c7a9202a6c",
+    "h1:p6GUUYG9PQ4XODXBgsHpWTygziRtY61z07slBKYbiCQ=",
+    "zh:02a19ed46c2007f6aadfb6ff90aa6063be063194d1f0dd02dc839adc212f7cae",
+    "zh:1046de7e13e81a8f86461f99e9d5ff25d5dabe8465f51efe72084ded426ba771",
+    "zh:209b054685f7364f3f5e8b570ceb62701e5b466d37cce8b7108385fc1feb3683",
+    "zh:717773619a1102748204699974c30aba39dc727baf389b874afcab6e17b63ffa",
+    "zh:7d5f4885cda2ca0ec8cb8bac36ea156aeca7787c01c17e65f7226742b60369d8",
+    "zh:82df57f2df5708441c57045b3e1a9a91ed55abe67d0d2f00705c7a1f512ec6ec",
+    "zh:a0191b194e68dd3c0ac5a26712f95d435839ff20d2b2ad53670374c64946042d",
+    "zh:a95b8358469d6347a5bcf4462ad18efaf80014f07f36bd26019ca039c523ff48",
+    "zh:b62c968f50d3afa8300c9267388d273a90a5be1a4e9a218205a358e6954e7844",
+    "zh:bc11cc9b8defec24831bbd6a73a2fa940659c7c610ea7aa0d8b38c2b1af6689b",
+    "zh:e6ac4c46c3e5a32635fcd27784c189b6cbc6aa9cbf7a3b09e999ec3aa3e2004a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.6.0"
+  hashes = [
+    "h1:i+fbwv8Vk8n5kQc+spEtzvCNF4yo2exzSAZhL0ipFuo=",
+    "zh:0ac248c28acc1a4fd11bd26a85e48ab78dd6abf0f7ac842bf1cd7edd05ac6cf8",
+    "zh:3d32c8deae3740d8c5310136cc11c8afeffc350fbf88afaca0c34a223a5246f5",
+    "zh:4055a27489733d19ca7fa2dfce14d323fe99ae9dede7d0fea21ee6db0b9ca74b",
+    "zh:58a8ed39653fd4c874a2ecb128eccfa24c94266a00e349fd7fb13e22ad81f381",
+    "zh:6c81508044913f25083de132d0ff81d083732aba07c506cc2db05aa0cefcde2c",
+    "zh:7db5d18093047bfc4fe597f79610c0a281b21db0d61b0bacb3800585e976f814",
+    "zh:8269207b7422db99e7be80a5352d111966c3dfc7eb98511f11c8ff7b2e813456",
+    "zh:b1d7ababfb2374e72532308ff442cc906b79256b66b3fe7a98d42c68c4ddf9c5",
+    "zh:ca63e226cbdc964a5d63ef21189f059ce45c3fa4a5e972204d6916a9177d2b44",
+    "zh:d205a72d60e8cc362943d66f5bcdd6b6aaaa9aab2b89fd83bf6f1978ac0b1e4c",
+    "zh:db47dc579a0e68e5bfe3a61f2e950e6e2af82b1f388d1069de014a937962b56a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
  ]
 }

 provider "registry.terraform.io/hashicorp/kubernetes" {
-  version = "2.8.0"
+  version = "2.12.1"
  hashes = [
-    "h1:tfU8BStZIt2d6KIGTRNjWb09zeVzh3UFGNRGVgFce+A=",
-    "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be",
-    "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927",
-    "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5",
-    "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405",
-    "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d",
-    "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f",
-    "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b",
-    "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9",
-    "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb",
-    "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4",
-    "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8",
+    "h1:YdDA370JByM9HT5GdLpt34z3BvcVW4BnVXqdgB/vZ6I=",
+    "zh:1ecb2adff52754fb4680c7cfe6143d1d8c264b00bb0c44f07f5583b1c7f978b8",
+    "zh:1fbd155088cd5818ad5874e4d59ccf1801e4e1961ac0711442b963315f1967ab",
+    "zh:29e927c7c8f112ee0e8ab70e71b498f2f2ae6f47df1a14e6fd0fdb6f14b57c00",
+    "zh:42c2f421da6b5b7c997e42aa04ca1457fceb13dd66099a057057a0812b680836",
+    "zh:522a7bccd5cd7acbb4ec3ef077d47f4888df7e59ff9f3d598b717ad3ee4fe9c9",
+    "zh:b45d8dc5dcbc5e30ae570d0c2e198505f47d09098dfd5f004871be8262e6ec1e",
+    "zh:c3ea0943f2050001c7d6a7115b9b990f148b082ebfc4ff3c2ff3463a8affcc4a",
+    "zh:f111833a64e06659d2e21864de39b7b7dec462615294d02f04c777956742a930",
+    "zh:f182dba5707b90b0952d5984c23f7a2da3baa62b4d71e78df7759f16cc88d957",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f76655a68680887daceabd947b2f68e2103f5bbec49a2bc29530f82ab8e3bca3",
+    "zh:fadb77352caa570bd3259dfb59c31db614d55bc96df0ff15a3c0cd2e685678b9",
  ]
 }
--- a/agent.tf
+++ b/agent.tf
-resource "kubernetes_namespace" "gitlab_agent" {
-  metadata {
-    name = var.agent_namespace
-  }
-}
-
-resource "kubernetes_service_account" "gitlab_agent" {
-  metadata {
+resource "helm_release" "gitlab_agent" {
  name = "gitlab-agent"
-    namespace = var.agent_namespace
-  }
-}
-
-resource "kubernetes_cluster_role_binding" "gitlab_agent" {
-  metadata {
-    name = "gitlab-agent-cluster-admin"
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = "cluster-admin"
-  }
-
-  subject {
-    kind      = "ServiceAccount"
-    name      = kubernetes_service_account.gitlab_agent.metadata[0].name
-    namespace = var.agent_namespace
-  }
-}
-
-resource "kubernetes_secret" "gitlab_agent" {
-  metadata {
-    name      = "gitlab-agent-token"
-    namespace = var.agent_namespace
-  }

-  data = {
-    token = var.agent_token
-  }
-}
+  repository = "https://charts.gitlab.io"
+  chart      = "gitlab-agent"

-resource "kubernetes_deployment" "gitlab_agent" {
-  metadata {
-    name      = "gitlab-agent"
+  create_namespace = true
  namespace        = var.agent_namespace
-  }

-  spec {
-    replicas = 1
-
-    selector {
-      match_labels = {
-        app = "gitlab-agent"
-      }
+  set {
+    name  = "config.kasAddress"
+    value = var.kas_address
  }

-    strategy {
-      type = "RollingUpdate"
-      rolling_update {
-        max_surge       = 0
-        max_unavailable = 1
-      }
-    }
-
-    template {
-      metadata {
-        annotations = {
-          "prometheus.io/path"   = "/metrics"
-          "prometheus.io/port"   = "8080"
-          "prometheus.io/scrape" = true
-        }
-
-        labels = {
-          app = "gitlab-agent"
-        }
-      }
-
-      spec {
-        service_account_name = kubernetes_service_account.gitlab_agent.metadata[0].name
-
-        container {
-          image = "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:${var.agent_version}"
-          name  = "agent"
-
-          args = [
-            "--token-file=/config/token",
-            "--kas-address",
-            var.kas_address
-          ]
-
-          env {
-            name = "POD_NAMESPACE"
-
-            value_from {
-              field_ref {
-                field_path = "metadata.namespace"
-              }
-            }
-          }
-
-          env {
-            name = "POD_NAME"
-
-            value_from {
-              field_ref {
-                field_path = "metadata.name"
-              }
-            }
-          }
-
-          liveness_probe {
-            http_get {
-              path = "/liveness"
-              port = 8080
-            }
-
-            initial_delay_seconds = 15
-            period_seconds        = 20
-          }
-
-          readiness_probe {
-            http_get {
-              path = "/readiness"
-              port = 8080
-            }
-
-            initial_delay_seconds = 5
-            period_seconds        = 10
-          }
-
-          volume_mount {
-            name       = "token-volume"
-            mount_path = "/config"
-          }
-        }
-
-        volume {
-          name = "token-volume"
-          secret {
-            secret_name = kubernetes_secret.gitlab_agent.metadata[0].name
-          }
-        }
-      }
-    }
+  set {
+    name  = "config.token"
+    value = var.agent_token
  }
 }
--- a/providers.tf
+++ b/providers.tf
@@ -2,8 +2,10 @@ provider "google" {
  project = var.gcp_project
 }

-provider "kubernetes" {
+provider "helm" {
+  kubernetes {
    host                   = "https://${google_container_cluster.primary.endpoint}"
    cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
    token                  = data.google_client_config.current.access_token
  }
+}
--- a/variables.tf
+++ b/variables.tf
@@ -32,11 +32,6 @@ variable "node_count" {
  description = "The number of cluster nodes"
 }

-variable "agent_version" {
-  default     = "v14.8.1"
-  description = "Agent version"
-}
-
 variable "agent_namespace" {
  default     = "gitlab-agent"
  description = "Kubernetes namespace to install the Agent"