Add Kubestack integration test

Author: pst

.github/workflows/main.yml

@@ -218,9 +218,76 @@ jobs:
     - name: 'Terraform Apply'
       run: terraform apply --auto-approve
 
+  int_test_kubestack_kind:
+    runs-on: ubuntu-latest
+    needs: [compile_provider]
+
+    steps:
+    - name: 'Checkout'
+      uses: actions/checkout@v1
+
+    - name: 'Download terraform-plugins'
+      uses: actions/download-artifact@v2
+      with:
+        name: terraform-plugins
+        path: tests/kubestack-starter-kind/terraform.d/plugins
+
+    - name: 'Ensure provider is executable'
+      run: chmod +x tests/kubestack-starter-kind/terraform.d/plugins/registry.terraform.io/kbst/kustomization/1.0.0/linux_amd64/terraform-provider-kustomization_v1.0.0
+
+    - name: 'Build Kubestack Image'
+      run: |
+        docker build \
+          -t test-image:${{ github.sha }} \
+          tests/kubestack-starter-kind/
+
+    - name: 'Terraform Init'
+      run: |
+        docker run \
+          --rm \
+          --privileged \
+          --net host \
+          -v `pwd`/tests/kubestack-starter-kind:/infra \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          test-image:${{ github.sha }} \
+          terraform init
+    
+    - name: 'Terraform Workspace'
+      run: |
+        docker run \
+          --rm \
+          --privileged \
+          --net host \
+          -v `pwd`/tests/kubestack-starter-kind:/infra \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          test-image:${{ github.sha }} \
+          terraform workspace new apps
+
+    - name: 'Terraform Apply'
+      run: |
+        docker run \
+          --rm \
+          --privileged \
+          --net host \
+          -v `pwd`/tests/kubestack-starter-kind:/infra \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          test-image:${{ github.sha }} \
+          terraform apply --auto-approve
+
+    - name: 'Terraform Destroy'
+      run: |
+        docker run \
+          --rm \
+          --privileged \
+          --net host \
+          -v `pwd`/tests/kubestack-starter-kind:/infra \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          test-image:${{ github.sha }} \
+          terraform apply --auto-approve
+
   goreleaser:
     runs-on: ubuntu-latest
-    needs: [tf_tests, int_test_kubeconfig_path, int_test_kubeconfig_raw, int_test_state_import]
+    needs: [tf_tests, int_test_kubeconfig_path, int_test_kubeconfig_raw, int_test_state_import, int_test_kubestack_kind]
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
       - name: Checkout

tests/kubestack-starter-kind/.gitignore

@@ -0,0 +1,12 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .user home directory
+.user/
+
+# terraform generated clusters directory
+clusters/

tests/kubestack-starter-kind/Dockerfile

@@ -0,0 +1 @@
+FROM kubestack/framework:v0.13.0-beta.0-kind

tests/kubestack-starter-kind/README.md

@@ -0,0 +1,142 @@
+# Welcome to Kubestack
+
+This repository uses [Kubestack][1]. Kubestack is the open source GitOps framework for teams that want to automate infrastructure, not reinvent automation.
+
+ * Infrastructure is defined using Terraform configuration
+ * Cluster manifests are defined using Kustomize bases and overlays
+ * Bases and overlays can be bespoke, or consumed from the [catalog][2].
+ * Both infrastructure and manifests follow the Kubestack [inheritance model][3] to prevent configuration drift between the *ops* and *apps* environments
+ * All changes follow the same four step process.
+
+Full [framework documentation][4] is available online.
+
+## Making changes
+
+All changes to the Kubernetes cluster, supporting infrastructure and the services defined as part of the manifests in this repository follow the Kubestack [GitOps process][5]. The GitOps process ensures that changes are safely applied by first reviewing the proposed changes, then validating the changes against the *ops* environment and only then promoting the changes to be applied against the *apps* environment by setting a tag.
+
+To accelerate the developer workflow, a [development environment][6], can be run on localhost.
+
+ 1. Change
+
+    Make changes to the configuration in a new branch. Commit the changed configuration. Validate your changes by pushing the new branch. The pipeline runs `terraform plan` against the *ops* workspace.
+
+    ```shell
+    # checkout a new branch from master
+    git checkout -b examplechange master
+
+    # make your changes
+
+    # commit your changes
+    git commit  # write a meaningful commit message
+
+    # push your changes
+    git push origin examplechange
+    ```
+
+ 1. Review
+
+    Request a peer review of your changes. Team members review the changes and the Terraform plan. If reviewers require changes, make additional commits in the branch.
+
+    ```shell
+    # make sure you're in the correct branch
+    git checkout examplechange
+
+    # make changes required by the review
+
+    # commit and push the required changes
+    git commit  # write a meaningful commit message
+    git push origin examplechange
+    ```
+
+ 1. Merge
+
+    If approved, merge your changes to master, to apply them against the *ops* environment. After applying to *ops* was successful, the pipeline runs Terraform plan against the *apps* environment.
+
+    ```shell
+    # you can merge on the commandline
+    # or by merging a pull request
+    git checkout master
+    git merge examplechange
+    git push origin master
+    ```
+
+ 1. Promote
+
+    Review the previous *apps* environment plan and tag the merge commit to promote the same changes to the *apps* environment.
+
+    ```shell
+    # make sure you're on the correct commit
+    git checkout master
+    git pull
+    git log -1
+
+    # if correct, tag the current commit
+    # any tag prefixed with `apps-deploy-`
+    # will trigger the pipeline
+    git tag apps-deploy-$(date -I)-0
+
+    # in case of multiple deploys on the same day,
+    # increase the counter
+    # e.g. git tag apps-deploy-2020-05-14-1
+    ```
+
+## Manual operations
+
+In case of the automation being unavailable, upgrades requiring manual steps or in disaster recovery scenarios run Terraform and the cloud CLI locally. Kubestack provides container images bundling all dependencies to use for both automated and manual operations.
+
+ 1. Exec into container
+
+    ```shell
+    # Build the bootstrap container
+    docker build -t kubestack .
+
+    # Exec into the bootstrap container
+    # add docker socket mount for local dev
+    # -v /var/run/docker.sock:/var/run/docker.sock
+    docker run --rm -ti \
+       -v `pwd`:/infra \
+       kubestack
+    ```
+
+ 1. Authenticate providers
+
+    Credentials are cached inside the `.user` directory. The directory is excluded from Git by the default `.gitignore`.
+
+    ```shell
+    # for AWS
+    aws configure
+
+    # for Azure
+    az login
+
+    # for GCP
+    gcloud init
+    gcloud auth application-default login
+    ```
+
+ 1. Select desired environment
+
+    ```shell
+    # for ops
+    terraform workspace select ops
+
+    # or for apps
+    terraform workspace select apps
+    ```
+
+ 1. Run Terraform commands
+
+    ```shell
+    # run terraform init
+    terraform init
+
+    # run, e.g. terraform plan
+    terraform plan
+    ```
+
+[1]: https://www.kubestack.com
+[2]: https://www.kubestack.com/catalog
+[3]: https://www.kubestack.com/framework/documentation/inheritance-model
+[4]: https://www.kubestack.com/framework/documentation
+[5]: https://www.kubestack.com/framework/documentation/gitops-process
+[6]: https://www.kubestack.com/framework/documentation/tutorial-build-local-lab

tests/kubestack-starter-kind/clusters.tf

@@ -0,0 +1,5 @@
+module "kind_zero" {
+  source = "github.com/kbst/terraform-kubestack//kind/cluster?ref=v0.13.0-beta.0"
+
+  configuration = var.clusters["kind_zero"]
+}

tests/kubestack-starter-kind/config.auto.tfvars

@@ -0,0 +1,20 @@
+clusters = {
+  kind_zero = {
+    # Settings for Apps-cluster
+    apps = {
+      name_prefix = "kind"
+      base_domain = "infra.127.0.0.1.xip.io"
+
+      # clusters always have at least one control-plane node
+      # uncommenting extra_nodes below will give you a cluster
+      # with 3 control-plane nodes and 3 worker nodes
+      # extra_nodes = "control-plane,control-plane,worker,worker,worker"
+    }
+
+    # Settings for Ops-cluster
+    ops = {
+      # optionally reduce number of ops nodes
+      # extra_nodes = "worker"
+    }
+  }
+}

tests/kubestack-starter-kind/manifests/bases/nginx/base/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ingress-nginx
+commonAnnotations:
+  app.kubernetes.io/version: v0.40.2
+  catalog.kubestack.com/heritage: kubestack.com/catalog/nginx
+  catalog.kubestack.com/variant: base
+commonLabels:
+  app.kubernetes.io/component: ingress-controller
+  app.kubernetes.io/managed-by: kubestack
+  app.kubernetes.io/name: nginx
+resources:
+- mandatory.yaml
+replicas:
+- name: ingress-nginx-controller
+  count: 2