Terraform Module
Terraform module installation instructions
The Terraform module option provides maximum simplicity. It provisions all the required infrastructure and permissions in your cloud provider of choice before deploying the DBNL platform Helm chart, removing the need to provision any infrastructure or permission separately.
Terraform modules are available for AWS and GCP. For access to the Terraform module for your cloud provider of choice and to get registry credentials, please reach out to our team.
Prerequisites
The following prerequisite steps are required before starting the Terraform module installation.
Configuration
To configure the Terraform module, you will need:
A domain name to host the DBNL platform (e.g. dbnl.example.com).
A set of DBNL registry credentials to pull the DBNL artifacts (e.g. Docker images, Helm charts).
An RSA key pair to sign the personal access tokens.
An RSA key pair can be generated with:
openssl genrsa -out dbnl_dev_token_key.pem 2048Requirements
On the environment from which you are planning to install the module, you will need to:
Infrastructure
At a minimum, the user performing the installation needs to be able to provision the following infrastructure:
Installation
The Terraform module can be installed using terraform apply.
Steps
The steps to install the Terraform module using the Terraform CLI are as follows:
Create a DBNL folder and change to it.
mkdir dbnl
cd dbnlCreate a modules folder and copy the terraform module to it.
mkdir modules
cp -R /path/to/dbnl/module modules/terraform-aws-dbnlCreate a
variables.tffile.
variable "oidc_audience" {
type = string
description = "OIDC audience."
}
variable "oidc_client_id" {
type = string
description = "OIDC client id."
}
variable "oidc_issuer" {
type = string
description = "OIDC issuer."
}
variable "oidc_scopes" {
type = string
description = "OIDC scopes."
default = "openid profile email"
}
variable "domain" {
description = "Domain to deploy to."
type = string
}
variable "dev_token_private_key_pem" {
type = string
description = "Dev token private key PEM."
sensitive = true
}
variable "registry_username" {
type = string
description = "Artifact registry username."
sensitive = true
}
variable "registry_password" {
type = string
description = "Artifact registry password."
sensitive = true
}Create a
main.tffile.
provider "aws" {
# Configure AWS provider with target AWS account.
}
provider "kubernetes" {
host = module.dbnl.cluster_endpoint
cluster_ca_certificate = base64decode(module.dbnl.cluster_ca_cert)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", module.dbnl.cluster_name]
command = "aws"
}
}
provider "helm" {
kubernetes {
host = module.dbnl.cluster_endpoint
cluster_ca_certificate = base64decode(module.dbnl.cluster_ca_cert)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", module.dbnl.cluster_name]
command = "aws"
}
}
}
module "dbnl" {
source = "./modules/terraform-aws-dbnl"
instance_size = "medium"
oidc_audience = var.oidc_audience
oidc_client_id = var.oidc_client_id
oidc_issuer = var.oidc_issuer
oidc_scopes = var.oidc_scopes
domain = var.domain
dev_token_private_key = var.dev_token_private_key_pem
registry_username = var.registry_username
registry_password = var.registry_password
}Create a
dbnl.tfvarsfile.
# For more details on OIDC options, see OIDC Authentication section.
oidc_audience = "oidc.example.com"
oidc_client_id = "xxxxxxxx"
oidc_issuer = "yyyyyyyy"
oidc_scopes = "openid email profile"
domain = "dbnl.example.com"Initialize the Terraform module.
terraform initApply the Terraform module.
terraform apply \
-var-file="dbnl.tfvars" \
-var="dev_token_private_key=${DBNL_DEV_TOKEN_PRIVATE_KEY}" \
-var="registry_username=${DBNL_REGISTRY_USERNAME}" \
-var="registry_password=${DBNL_REGISTRY_PASSWORD}"Options
For more details on all the installation options, see the Terraform module README file and examples folder.
Was this helpful?