Terraform Module

Terraform module installation instructions

The Terraform module option provides maximum simplicity. It provisions all the required infrastructure and permissions in your cloud provider of choice before deploying the DBNL platform Helm chart, removing the need to provision any infrastructure or permission separately.

Terraform modules are available for AWS and GCP. For access to the Terraform module for your cloud provider of choice and to get registry credentials, please reach out to our team.

Prerequisites

The following prerequisite steps are required before starting the Terraform module installation.

Configuration

To configure the Terraform module, you will need:

A domain name to host the DBNL platform (e.g. dbnl.example.com).
A set of DBNL registry credentials to pull the DBNL artifacts (e.g. Docker images, Helm charts).
An RSA key pair to sign the personal access tokens.

An RSA key pair can be generated with:

openssl genrsa -out dbnl_dev_token_key.pem 2048

Requirements

On the environment from which you are planning to install the module, you will need to:

Install kubectl
Install helm
Install terraform

Infrastructure

At a minimum, the user performing the installation needs to be able to provision the following infrastructure:

Installation

The Terraform module can be installed using terraform apply.

We recommend using a remote backend to manage the Terraform state.

Steps

The steps to install the Terraform module using the Terraform CLI are as follows:

Create a DBNL folder and change to it.

mkdir dbnl
cd dbnl

Create a modules folder and copy the terraform module to it.

mkdir modules
cp -R /path/to/dbnl/module modules/terraform-aws-dbnl

Create a variables.tf file.

variable "oidc_audience" {
  type        = string
  description = "OIDC audience."
}

variable "oidc_client_id" {
  type        = string
  description = "OIDC client id."
}

variable "oidc_issuer" {
  type        = string
  description = "OIDC issuer."
}

variable "oidc_scopes" {
  type        = string
  description = "OIDC scopes."
  default     = "openid profile email"
}

variable "domain" {
  description = "Domain to deploy to."
  type        = string
}

variable "dev_token_private_key_pem" {
  type        = string
  description = "Dev token private key PEM."
  sensitive   = true
}

variable "registry_username" {
  type        = string
  description = "Artifact registry username."
  sensitive   = true
}

variable "registry_password" {
  type        = string
  description = "Artifact registry password."
  sensitive   = true
}

Create a main.tf file.

provider "aws" {
  # Configure AWS provider with target AWS account.
}

provider "kubernetes" {
  host                   = module.dbnl.cluster_endpoint
  cluster_ca_certificate = base64decode(module.dbnl.cluster_ca_cert)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    args        = ["eks", "get-token", "--cluster-name", module.dbnl.cluster_name]
    command     = "aws"
  }
}

provider "helm" {
  kubernetes {
    host                   = module.dbnl.cluster_endpoint
    cluster_ca_certificate = base64decode(module.dbnl.cluster_ca_cert)
    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      args        = ["eks", "get-token", "--cluster-name", module.dbnl.cluster_name]
      command     = "aws"
    }
  }
}

module "dbnl" {
  source = "./modules/terraform-aws-dbnl"

  instance_size = "medium"
  
  oidc_audience  = var.oidc_audience
  oidc_client_id = var.oidc_client_id
  oidc_issuer    = var.oidc_issuer
  oidc_scopes    = var.oidc_scopes

  domain = var.domain
  
  dev_token_private_key = var.dev_token_private_key_pem
    
  registry_username = var.registry_username
  registry_password = var.registry_password
}

Create a dbnl.tfvars file.

# For more details on OIDC options, see OIDC Authentication section.
oidc_audience  = "oidc.example.com"
oidc_client_id = "xxxxxxxx"
oidc_issuer    = "yyyyyyyy"
oidc_scopes    = "openid email profile"

domain = "dbnl.example.com"

Initialize the Terraform module.

terraform init

Apply the Terraform module.

terraform apply \
    -var-file="dbnl.tfvars" \
    -var="dev_token_private_key=${DBNL_DEV_TOKEN_PRIVATE_KEY}" \
    -var="registry_username=${DBNL_REGISTRY_USERNAME}" \
    -var="registry_password=${DBNL_REGISTRY_PASSWORD}"

Options

For more details on all the installation options, see the Terraform module README file and examples folder.

PreviousHelm Chart NextNetworking

Was this helpful?

hashtagPrerequisites

hashtagConfiguration

hashtagRequirements

hashtagInfrastructure

hashtagInstallation

hashtagSteps

hashtagOptions