Skip to content

Commit

Permalink
feat: upgrade module for kong v3 compatibility (#108)
Browse files Browse the repository at this point in the history
Signed-off-by: Orla Dunlop <orla.dunlop@engineering.digital.dwp.gov.uk>
  • Loading branch information
odunlop authored May 23, 2024
1 parent b0285f3 commit fba89f2
Show file tree
Hide file tree
Showing 10 changed files with 161 additions and 82 deletions.
11 changes: 8 additions & 3 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ module "kong_ec2" {
instance_type = var.instance_type
key_name = var.key_name
user_data = var.user_data
kong_major_version = var.kong_major_version
kong_clear_database = var.kong_clear_database
kong_config = var.kong_config
kong_database_config = var.kong_database_config
Expand Down Expand Up @@ -97,13 +98,16 @@ module "kong_ec2" {
kong_vitals_enabled = var.kong_vitals_enabled
vitals_endpoint = var.vitals_endpoint
vitals_tsdb_address = var.vitals_tsdb_address
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn
}


module "kong_ecs" {
count = var.deployment_type == "ecs" ? 1 : 0
source = "./modules/ecs"

kong_major_version = var.kong_major_version

environment = var.environment
role = var.role
ecs_cluster_arn = var.ecs_cluster_arn
Expand Down Expand Up @@ -150,9 +154,10 @@ module "kong_ecs" {
postgres_host = var.postgres_host
db_password_arn = var.db_password_arn

kong_vitals_enabled = var.kong_vitals_enabled
kong_portal_enabled = var.kong_portal_enabled
kong_portal_api_enabled = var.kong_portal_api_enabled
kong_vitals_enabled = var.kong_vitals_enabled
kong_portal_enabled = var.kong_portal_enabled
kong_portal_api_enabled = var.kong_portal_api_enabled
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn

kong_admin_gui_session_conf = var.kong_admin_gui_session_conf

Expand Down
92 changes: 48 additions & 44 deletions modules/ec2/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,57 +38,61 @@ locals {
}
user_data_script = {
amazon-linux = templatefile("${path.module}/../../templates/amazon-linux/cloud-init.sh", {
proxy_config = var.proxy_config
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
ce_pkg = var.ce_pkg
ee_pkg = var.ee_pkg
ee_creds_ssm_param = var.ee_creds_ssm_param
parameter_path = local.ssm_parameter_path
region = var.region
vpc_cidr_block = var.vpc_cidr_block
deck_version = var.deck_version
manager_host = var.manager_host
portal_host = var.portal_host
session_secret = random_string.session_secret.result
kong_config = var.kong_config
kong_ports = var.kong_ports
kong_ssl_uris = var.kong_ssl_uris
kong_hybrid_conf = var.kong_hybrid_conf
clear_database = var.kong_clear_database
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
kong_vitals_enabled = var.kong_vitals_enabled
vitals_tsdb_address = var.vitals_tsdb_address
proxy_config = var.proxy_config
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
ce_pkg = var.ce_pkg
ee_pkg = var.ee_pkg
ee_creds_ssm_param = var.ee_creds_ssm_param
parameter_path = local.ssm_parameter_path
region = var.region
vpc_cidr_block = var.vpc_cidr_block
deck_version = var.deck_version
manager_host = var.manager_host
portal_host = var.portal_host
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn
session_secret = random_string.session_secret.result
kong_config = var.kong_config
kong_ports = var.kong_ports
kong_ssl_uris = var.kong_ssl_uris
kong_hybrid_conf = var.kong_hybrid_conf
clear_database = var.kong_clear_database
api_uri_env_name = var.kong_major_version > 2 ? "KONG_ADMIN_GUI_API_URL" : "KONG_ADMIN_API_URI"
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
kong_vitals_enabled = var.kong_vitals_enabled
vitals_tsdb_address = var.vitals_tsdb_address
vitals_endpoint = var.vitals_endpoint != null ? format("%s:%g %s",
var.vitals_endpoint.fqdn,
var.vitals_endpoint.port,
lower(var.vitals_endpoint.protocol)
) : ""
})
ubuntu = templatefile("${path.module}/../../templates/ubuntu/cloud-init.sh", {
proxy_config = var.proxy_config
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
ce_pkg = var.ce_pkg
ee_pkg = var.ee_pkg
ee_creds_ssm_param = var.ee_creds_ssm_param
parameter_path = local.ssm_parameter_path
region = var.region
vpc_cidr_block = var.vpc_cidr_block
deck_version = var.deck_version
manager_host = var.manager_host
portal_host = var.portal_host
session_secret = random_string.session_secret.result
kong_config = var.kong_config
kong_ports = var.kong_ports
kong_ssl_uris = var.kong_ssl_uris
kong_hybrid_conf = var.kong_hybrid_conf
clear_database = var.kong_clear_database
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
kong_vitals_enabled = var.kong_vitals_enabled
vitals_tsdb_address = var.vitals_tsdb_address
proxy_config = var.proxy_config
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
ce_pkg = var.ce_pkg
ee_pkg = var.ee_pkg
ee_creds_ssm_param = var.ee_creds_ssm_param
parameter_path = local.ssm_parameter_path
region = var.region
vpc_cidr_block = var.vpc_cidr_block
deck_version = var.deck_version
manager_host = var.manager_host
portal_host = var.portal_host
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn
session_secret = random_string.session_secret.result
kong_config = var.kong_config
kong_ports = var.kong_ports
kong_ssl_uris = var.kong_ssl_uris
kong_hybrid_conf = var.kong_hybrid_conf
clear_database = var.kong_clear_database
api_uri_env_name = var.kong_major_version > 2 ? "KONG_ADMIN_GUI_API_URL" : "KONG_ADMIN_API_URI"
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
kong_vitals_enabled = var.kong_vitals_enabled
vitals_tsdb_address = var.vitals_tsdb_address
vitals_endpoint = var.vitals_endpoint != null ? format("%s:%g %s",
var.vitals_endpoint.fqdn,
var.vitals_endpoint.port,
Expand Down
13 changes: 13 additions & 0 deletions modules/ec2/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,13 @@ variable "kong_clear_database" {
default = false
}

# V3 WIP
variable "kong_major_version" {
description = "(Optional) Used to define which Kong major version to use"
type = number
default = 2 # Eventually moved to 3
}

variable "kong_config" {
description = "(Optional) A map of key value pairs that describe the Kong GW config, used when constructing the userdata script"
type = map(string)
Expand Down Expand Up @@ -599,3 +606,9 @@ variable "vitals_tsdb_address" {
description = "Time series database address for Vitals e.g. my-prometheus.net:9090"
type = string
}

variable "portal_and_vitals_key_arn" {
description = "ARN of the secret which contains the token used to unlock portal and vitals in Kong V3"
type = string
default = ""
}
67 changes: 35 additions & 32 deletions modules/ecs/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,13 @@ resource "aws_ecs_task_definition" "kong" {
error_log_format = var.error_log_format
ssl_cert = var.ssl_cert
ssl_key = var.ssl_key
api_uri_env_name = var.kong_major_version > 2 ? "KONG_ADMIN_GUI_API_URL" : "KONG_ADMIN_API_URI"
kong_admin_api_uri = var.kong_admin_api_uri
kong_admin_gui_url = var.kong_admin_gui_url
admin_token = var.admin_token
kong_vitals_enabled = var.kong_vitals_enabled
kong_portal_enabled = var.kong_portal_enabled
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn
lua_ssl_cert = var.lua_ssl_cert
kong_cluster_mtls = var.kong_cluster_mtls
cluster_ca_cert = var.cluster_ca_cert
Expand Down Expand Up @@ -107,38 +109,39 @@ resource "aws_ecs_task_definition" "kong" {
) : ""
}) : var.role == "portal" ? templatefile("${path.module}/../../templates/ecs/kong_portal.tpl",
{
name = local.name
group_name = local.name
cpu = var.fargate_cpu
image_url = var.image_url
memory = var.fargate_memory
user = "kong"
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
db_password_arn = var.db_password_arn
log_group = var.log_group
portal_gui_port = var.kong_ports.portal_gui
portal_api_port = var.kong_portal_api_enabled == "on" ? var.kong_ports.portal_api : ""
status_port = var.kong_ports.status
kong_portal_gui_host = var.kong_portal_gui_host
kong_portal_gui_protocol = var.kong_portal_gui_protocol
kong_portal_api_url = var.kong_portal_api_url
kong_portal_api_enabled = var.kong_portal_api_enabled
ports = jsonencode([for k, v in var.kong_ports : v])
ulimits = jsonencode([4096])
region = var.region
access_log_format = var.access_log_format
error_log_format = var.error_log_format
ssl_cert = var.ssl_cert
ssl_key = var.ssl_key
cluster_cert = var.cluster_cert
cluster_key = var.cluster_key
kong_log_level = var.kong_log_level
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
entrypoint = var.entrypoint
nginx_custom_config = base64encode(var.nginx_custom_config)
environment = var.environment
name = local.name
group_name = local.name
cpu = var.fargate_cpu
image_url = var.image_url
memory = var.fargate_memory
user = "kong"
db_user = var.kong_database_config.user
db_host = local.db_info.endpoint
db_name = local.db_info.database_name
db_password_arn = var.db_password_arn
log_group = var.log_group
portal_gui_port = var.kong_ports.portal_gui
portal_api_port = var.kong_portal_api_enabled == "on" ? var.kong_ports.portal_api : ""
status_port = var.kong_ports.status
kong_portal_gui_host = var.kong_portal_gui_host
kong_portal_gui_protocol = var.kong_portal_gui_protocol
kong_portal_api_url = var.kong_portal_api_url
kong_portal_api_enabled = var.kong_portal_api_enabled
portal_and_vitals_key_arn = var.portal_and_vitals_key_arn
ports = jsonencode([for k, v in var.kong_ports : v])
ulimits = jsonencode([4096])
region = var.region
access_log_format = var.access_log_format
error_log_format = var.error_log_format
ssl_cert = var.ssl_cert
ssl_key = var.ssl_key
cluster_cert = var.cluster_cert
cluster_key = var.cluster_key
kong_log_level = var.kong_log_level
kong_plugins = join(",", concat(["bundled"], var.kong_plugins))
entrypoint = var.entrypoint
nginx_custom_config = base64encode(var.nginx_custom_config)
environment = var.environment
}) : null

tags = {
Expand Down
12 changes: 12 additions & 0 deletions modules/ecs/variables.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
variable "kong_major_version" {
description = "(Optional) Used to define which Kong major version to use"
type = number
default = 2 # Eventually changed to three
}

variable "private_subnets" {
description = "(Optional) List of private subnet IDs, if not specified then the subnets listed in the private_subnets_to_create variable will be created and used"
type = list(string)
Expand Down Expand Up @@ -348,6 +354,12 @@ variable "kong_plugins" {
default = []
}

variable "portal_and_vitals_key_arn" {
description = "ARN of the secret which contains the token used to unlock portal and vitals in Kong V3"
type = string
default = ""
}

variable "vitals_endpoint" {
description = "(Optional) The DNS name for the Vitals endpoint that Gateways should send their metrics to"
type = object({
Expand Down
6 changes: 5 additions & 1 deletion templates/amazon-linux/cloud-init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ KONG_ADMIN_GUI_LISTEN="0.0.0.0:${kong_ports.admin_gui}%{ if kong_ssl_uris.protoc
KONG_PORTAL_GUI_LISTEN="0.0.0.0:${kong_ports.portal_gui}%{ if kong_ssl_uris.protocol == "https"} ssl%{endif}"
KONG_PORTAL_API_LISTEN="0.0.0.0:${kong_ports.portal_api}%{ if kong_ssl_uris.protocol == "https"} ssl%{endif}"
KONG_ADMIN_API_URI="${replace(kong_ssl_uris.admin_api_uri, "${kong_ssl_uris.protocol}://", "")}"
${api_uri_env_name}="${replace(kong_ssl_uris.admin_api_uri, "${kong_ssl_uris.protocol}://", "")}"
KONG_ADMIN_GUI_URL="${kong_ssl_uris.admin_gui_url}"
KONG_PORTAL_GUI_PROTOCOL="${kong_ssl_uris.protocol}"
Expand Down Expand Up @@ -380,6 +380,10 @@ KONG_PORTAL_GUI_SSL_CERT="/etc/kong_clustering/cluster.crt"
KONG_PORTAL_GUI_SSL_CERT_KEY="/etc/kong_clustering/cluster.key"
%{ endif ~}
%{ if portal_and_vitals_key_arn != "" }
KONG_PORTAL_AND_VITALS_KEY="${portal_and_vitals_key_arn}"
%{ endif }
%{ if lookup(kong_config, "KONG_ROLE", null) == "data_plane" ~}
KONG_CLUSTER_MTLS="${kong_hybrid_conf.mtls}"
%{ if kong_hybrid_conf.ca_cert != "" ~}
Expand Down
8 changes: 7 additions & 1 deletion templates/ecs/kong_control_plane.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
"value": "0.0.0.0:${admin_gui_port} ssl"
},
{
"name": "KONG_ADMIN_API_URI",
"name": "${api_uri_env_name}",
"value": "${kong_admin_api_uri}"
},
{
Expand Down Expand Up @@ -221,6 +221,12 @@
"name": "CLUSTER_KEY",
"valueFrom": "${cluster_key}"
}
%{ if portal_and_vitals_key_arn != "" }
,{
"name": "KONG_PORTAL_AND_VITALS_KEY",
"valueFrom": "${portal_and_vitals_key_arn}"
}
%{ endif }
],
"entryPoint": ["${entrypoint}"],
"healthCheck": {
Expand Down
6 changes: 6 additions & 0 deletions templates/ecs/kong_portal.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,12 @@
"name": "CLUSTER_KEY",
"valueFrom": "${cluster_key}"
}
%{ if portal_and_vitals_key_arn != "" }
,{
"name": "KONG_PORTAL_AND_VITALS_KEY",
"valueFrom": "${portal_and_vitals_key_arn}"
}
%{ endif }
],
"entryPoint": ["${entrypoint}"],
"healthCheck": {
Expand Down
6 changes: 5 additions & 1 deletion templates/ubuntu/cloud-init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -235,9 +235,13 @@ KONG_ADMIN_GUI_LISTEN="0.0.0.0:${kong_ports.admin_gui}%{ if kong_ssl_uris.protoc
KONG_PORTAL_GUI_LISTEN="0.0.0.0:${kong_ports.portal_gui}%{ if kong_ssl_uris.protocol == "https"} ssl%{endif}"
KONG_PORTAL_API_LISTEN="0.0.0.0:${kong_ports.portal_api}%{ if kong_ssl_uris.protocol == "https"} ssl%{endif}"
KONG_ADMIN_API_URI="${replace(kong_ssl_uris.admin_api_uri, "${kong_ssl_uris.protocol}://", "")}"
${api_uri_env_name}="${replace(kong_ssl_uris.admin_api_uri, "${kong_ssl_uris.protocol}://", "")}"
KONG_ADMIN_GUI_URL="${kong_ssl_uris.admin_gui_url}"
%{ if portal_and_vitals_key_arn != "" }
KONG_PORTAL_AND_VITALS_KEY="${portal_and_vitals_key_arn}"
%{ endif }
KONG_PORTAL_GUI_PROTOCOL="${kong_ssl_uris.protocol}"
KONG_PORTAL_GUI_HOST="${replace(kong_ssl_uris.portal_gui_host, "${kong_ssl_uris.protocol}://", "")}"
KONG_PORTAL_API_URL="${kong_ssl_uris.portal_api_url}"
Expand Down
22 changes: 22 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,17 @@ variable "kong_hybrid_conf" {
}
}

variable "kong_major_version" {
description = "(Optional) Used to define which Kong major version to use"
type = number
default = 2 # Eventually moved to 3

validation {
condition = contains([2, 3], var.kong_major_version)
error_message = "Must be one of the following values: 2, 3."
}
}

variable "kong_ports" {
description = "(Optional) An object defining the kong http ports"
type = map(number)
Expand Down Expand Up @@ -304,6 +315,17 @@ variable "postgres_host" {
default = ""
}

variable "portal_and_vitals_key_arn" {
description = "(Optional) ARN of the secret which contains the token used to unlock portal and vitals in Kong V3"
type = string
default = ""

validation {
condition = var.portal_and_vitals_key_arn != "" ? can(startswith("arn:aws:", var.portal_and_vitals_key_arn)) : true
error_message = "Invalid format. Please provide a valid ARN."
}
}

variable "private_subnets" {
description = "(Optional) List of private subnet IDs, if not specified then the subnets listed in the private_subnets_to_create variable will be created and used"
type = list(string)
Expand Down

0 comments on commit fba89f2

Please sign in to comment.