Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-25 16:25:21 -04:00
Code Issues Projects Releases Packages Wiki Activity

hack: move terraform readmes into cli

Browse source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-01-09 10:54:24 +01:00
parent ecdc465a42
commit fa85150f3e
4 changed files with 26 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

24
cli/internal/terraform/terraform/iam/aws/README.md Normal file
View file

@ -0,0 +1,24 @@
# IAM instance profiles for AWS
This terraform script creates the necessary profiles that need to be attached to Constellation nodes.
You can create the profiles with the following commands:
```sh
mkdir constellation_aws_iam
cd constellation_aws_iam
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/aws/iam/{main,output,variables}.tf
terraform init
terraform apply -auto-approve -var name_prefix=my_constellation
```
You can either get the profile names from the Terraform output values `control_plane_instance_profile` and `worker_nodes_instance_profile` and manually add them to your Constellation configuration file.
Or you can do this with a `yq` command:
```sh
yq -i "
.provider.aws.iamProfileControlPlane = $(terraform output control_plane_instance_profile) |
.provider.aws.iamProfileWorkerNodes = $(terraform output worker_nodes_instance_profile)
" path/to/constellation-conf.yaml
```

37
cli/internal/terraform/terraform/iam/azure/README.md Normal file
View file

@ -0,0 +1,37 @@
# Terraform Azure IAM creation
This terraform configuration creates the necessary Azure resources that need to be available to host a Constellation cluster.
You can create the resources with the following commands:
```sh
mkdir constellation_azure_iam
cd constellation_azure_iam
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/azure/iam/{main.tf,output.tf,variables.tf,.terraform.lock.hcl}
terraform init
terraform apply
```
The following terraform output values are available (with their corresponding keys in the Constellation configuration file):
- `subscription_id` (subscription)
- `tenant_id` (tenant)
- `region` (location)
- `base_resource_group_name` (resourceGroup)
- `application_id` (appClientID)
- `uami_id` (userAssignedIdentity)
- `application_client_secret_value` (clientSecretValue) - **Sensitive Value**
You can either get the profile names from the Terraform output and manually add them to your Constellation configuration file according to our [Documentation](https://docs.edgeless.systems/constellation/getting-started/first-steps).
Or you can do this with a `yq` command:
```sh
yq -i "
.provider.azure.subscription = $(terraform output subscription_id) |
.provider.azure.tenant = $(terraform output tenant_id) |
.provider.azure.location = $(terraform output region) |
.provider.azure.resourceGroup = $(terraform output base_resource_group_name) |
.provider.azure.appClientID = $(terraform output application_id) |
.provider.azure.userAssignedIdentity = $(terraform output uami_id) |
.provider.azure.clientSecretValue = $(terraform output application_client_secret_value)
" path/to/constellation-conf.yaml
```
Where `path/to/constellation-conf.yaml` is the path to your Constellation configuration file.

34
cli/internal/terraform/terraform/iam/gcp/README.md Normal file
View file

@ -0,0 +1,34 @@
# IAM configuration for GCP
This terraform script creates the necessary GCP IAM configuration to be attached to Constellation nodes.
You can create the configuration with the following commands:
```sh
mkdir constellation_gcp_iam
cd constellation_gcp_iam
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/gcp/iam/{main.tf,output.tf,variables.tf,.terraform.lock.hcl}
terraform init
terraform apply
```
The following terraform output values are available (with their corresponding keys in the Constellation configuration file):
- `sa_key` - **Sensitive Value**
- `region` (region)
- `zone` (zone)
- `project_id` (project)
You can either get the values from the Terraform output and manually add them to your Constellation configuration file according to our [Documentation](https://docs.edgeless.systems/constellation/getting-started/first-steps). (If you add the values manually, you need to base64-decode the `sa_key` value and place it in a JSON file, then specify the path to this file in the Constellation configuration file for the `serviceAccountKeyPath` key.)
Or you can setup the constellation configuration file automaticcaly with the following commands:
```sh
terraform output sa_key | sed "s/\"//g" | base64 --decode | tee gcpServiceAccountKey.json
yq -i "
.provider.gcp.serviceAccountKeyPath = \"$(realpath gcpServiceAccountKey.json)\" |
.provider.gcp.project = $(terraform output project_id) |
.provider.gcp.region = $(terraform output region) |
.provider.gcp.zone = $(terraform output zone)
" path/to/constellation-conf.yaml
```
Where `path/to/constellation-conf.yaml` is the path to your Constellation configuration file.