camptocamp
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 0 deletions b/‎.gitignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎docs/modules/ROOT/examples/deploy_examples‎
Lines changed: 1 addition & 0 deletions b/‎docs/modules/ROOT/examples/deploy_examples‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/modules/ROOT/examples/github_workflows‎
Lines changed: 1 addition & 0 deletions b/‎docs/modules/ROOT/examples/github_workflows‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/modules/ROOT/pages/contributing/project_board.adoc‎
Lines changed: 2 additions & 43 deletions b/‎docs/modules/ROOT/pages/contributing/project_board.adoc‎
Lines changed: 2 additions & 43 deletions
diff --git a/‎docs/modules/ROOT/pages/contributing/release.adoc‎
Lines changed: 2 additions & 24 deletions b/‎docs/modules/ROOT/pages/contributing/release.adoc‎
Lines changed: 2 additions & 24 deletions
diff --git a/‎docs/modules/ROOT/pages/tutorials/deploy_kind.adoc‎
Lines changed: 178 additions & 1 deletion b/‎docs/modules/ROOT/pages/tutorials/deploy_kind.adoc‎
Lines changed: 178 additions & 1 deletion
diff --git a/‎examples/eks-aws/efs.tf‎ ‎examples/eks/efs.tf‎examples/eks-aws/efs.tf renamed to examples/eks/efs.tf b/‎examples/eks-aws/efs.tf‎ ‎examples/eks/efs.tf‎examples/eks-aws/efs.tf renamed to examples/eks/efs.tf
diff --git a/‎examples/eks-aws/locals.tf‎ ‎examples/eks/locals.tf‎examples/eks-aws/locals.tf renamed to examples/eks/locals.tf b/‎examples/eks-aws/locals.tf‎ ‎examples/eks/locals.tf‎examples/eks-aws/locals.tf renamed to examples/eks/locals.tf
diff --git a/‎examples/eks-aws/main.tf‎ ‎examples/eks/main.tf‎examples/eks-aws/main.tf renamed to examples/eks/main.tf b/‎examples/eks-aws/main.tf‎ ‎examples/eks/main.tf‎examples/eks-aws/main.tf renamed to examples/eks/main.tf
diff --git a/‎examples/eks-aws/outputs.tf‎ ‎examples/eks/outputs.tf‎examples/eks-aws/outputs.tf renamed to examples/eks/outputs.tf b/‎examples/eks-aws/outputs.tf‎ ‎examples/eks/outputs.tf‎examples/eks-aws/outputs.tf renamed to examples/eks/outputs.tf
@@ -14,3 +14,10 @@ tests/*/.terraform.lock.hcl
 tests/*/kubeconfig.yaml
 tests/*/terraform.tfstate
 tests/*/terraform.tfstate.backup
+examples/*/.terraform
+examples/*/terraform.tfstate
+examples/*/terraform.tfstate.*
+examples/*/.terraform.tfstate.lock.info
+examples/*/*-config
+examples/*/.terraform.lock.hcl
+docs_test
@@ -0,0 +1 @@
+../../../../examples
@@ -0,0 +1 @@
+../../../../.github/workflows
@@ -25,7 +25,7 @@ The app is called `DevOps Stack Project` and is available https://github.com/app
 
 This app was created on our organization by an administrator and is configured with a limited scope of permissions: it can only access the projects of the organization where it is installed as well as the PRs and Issues of repositories on which it is installed (https://docs.github.com/en/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app[official documentation] on how to create a GitHub app).
 
-After the app creation, an administrator was needed to install it on the organization and all the repositories of the DevOps Stack. This was done by going to the app page and clicking on the `Install` button then configuring the proper settings after installation (all this is done on the organization settings, check the https://docs.github.com/en/apps/maintaining-github-apps/installing-github-apps#installing-your-private-github-app-on-your-repository[official documentation]). 
+After the app creation, an administrator was needed to install it on the organization and all the repositories of the DevOps Stack. This was done by going to the app page and clicking on the `Install` button then configuring the proper settings after installation (all this is done on the organization settings, check the https://docs.github.com/en/apps/maintaining-github-apps/installing-github-apps#installing-your-private-github-app-on-your-repository[official documentation]).
 
 IMPORTANT: The reason to not install the app on all the repositories by default was to further limit the scope of the app, although *this adds the burden of installing it on each repository manually every time a new repository of the DevOps Stack is created*.
 
@@ -35,48 +35,7 @@ The workflow definition is available in the {url-main-repo}/blob/main/.github/wo
 
 [source,yaml]
 ----
----
-# GitHub Actions workflow to automatically push PRs and issues to the DevOps Stack project board.
-#
-# IMPORTANT: This workflow is called by other workflows in our DevOps Stack repositories and it is centralized here in 
-# order to be easily maintained across modules. Because of this, please make sure you're not introducing any breaking 
-# changes when modifying this workflow.
-  
-name: "pr-issues-project"
-
-on:
-  workflow_call:
-    secrets:
-      PROJECT_APP_PRIVATE_KEY:
-        description: "GitHub App private key for the DevOps Stack Project app"
-        required: true
-
-  issues:
-    types: 
-    - opened
-    - reopened
-  
-  pull_request:
-    types:
-    - opened
-    - reopened
-
-jobs:
-  add-to-project:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Generate authentication token from GitHub App
-      id: generate_token
-      uses: tibdex/github-app-token@v1
-      with:
-        app_id: 322306
-        private_key: ${{ secrets.PROJECT_APP_PRIVATE_KEY }}
-
-    - name: Add PR or issue to DevOps Stack project board
-      uses: actions/add-to-project@v0.5.0
-      with:
-        project-url: https://github.com/orgs/camptocamp/projects/3/
-        github-token: ${{ steps.generate_token.outputs.token }}
+include::example$github_workflows/pr-issues-project.yaml[]
 ----
 
 NOTE: It is the step _Generate authentication token from GitHub App_ that uses the GitHub app created above in order to generate a token with the proper permissions that is then passed to the _Add PR or issue to DevOps Stack project board_ step.
@@ -20,29 +20,7 @@ The workflow definition available in the {url-main-repo}/blob/main/.github/workf
 
 [source,yaml]
 ----
----
-# GitHub Actions workflow to automatically create releases and changelogs in our DevOps Stack repositories.
-#
-# IMPORTANT: This workflow is called by other workflows in our DevOps Stack repositories and it is centralized here in 
-# order to be easily maintained across modules. Because of this, please make sure you're not introducing any breaking 
-# changes when modifying this workflow.
-
-name: "modules-release-please"
-
-on:
-  workflow_call:
-
-jobs:
-  release-please:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: google-github-actions/release-please-action@v3
-      with:
-        release-type: simple
-        pull-request-title-pattern: "chore: release ${version}"
-        bump-minor-pre-major: true
-        extra-files: |
-          variables.tf
+include::example$github_workflows/modules-release-please.yaml[]
 ----
 
 Note following lines:
@@ -76,7 +54,7 @@ NOTE: Our {url-template-repo}/blob/main/.github/workflows/release-please.yaml[mo
 
 == Automatic Versioning
 
-The commit messages are used to determine the type of release that needs to be created. 
+The commit messages are used to determine the type of release that needs to be created.
 
 Only the `feat` and `fix` commit types will trigger the release CI. The `feat` commit type will trigger a minor version bump while the `fix` commit type will trigger a patch version bump. If you add a `!` after the commit type, the release will be a major version bump. For example, `feat!: this is a breaking change` will trigger a major version bump.
 
 
@@ -1,3 +1,180 @@
 = Deployment With KinD
 
-_Work In Progress_
+An example of a local deployment in KinD is provided https://github.com/camptocamp/devops-stack/tree/main/examples/kind[here]. Clone this repository and modify it at your convenance.
+In the folder, as in a standard https://developer.hashicorp.com/terraform/tutorials/modules/module#what-is-a-terraform-module[Terraform module], you will find the following files:
+
+* `terraform.tf`: declaration of the Terraform providers used in this project.
+* `locals.tf`: local variables used in the DevOps Stacks.
+* `main.tf`: definition of all deployed modules.
+* `s3_bucket.tf`: configuration of the MinIO bucket, used as backend for Loki and Thanos.
+* `outputs.tf`: the output variables of the DevOps Stack, e.g. credentials and the `.kubeconfig` file to use with `kubectl`.
+
+== Specificities of the KinD deployment
+
+==== Local Load Balancer
+
+https://metallb.universe.tf/[MetalLB] is used as a load balancer for the cluster. This allows us to have a multi-node KinD cluster without the need to use Traefik in a single replica with a NodePort configuration.
+
+==== Self-signed SSL certificates
+
+Since KinD is locally deployed, there is no easy way of creating valid SSL certificates for the ingresses using Let's Encrypt. As such, `cert-manager` is configured to use a self-signed Certificate Authority and the remaining modules are configured to ignore the SSL warnings/errors that are a consequence of that.
+
+NOTE: When accessing the ingresses on your browser, you'll obviously see warnings saying that the certificate is not valid. You can safely ignore them.
+
+== Requirements
+
+For this setup, you will need to have installed on your machine:
+
+* https://docs.docker.com/get-docker[Docker] to deploy the KinD containers
+* https://www.terraform.io/[Terraform] to provision the whole stack
+* https://kubernetes.io/docs/reference/kubectl/[`kubectl`] to interact with your cluster
+
+== Deployment
+
+1. From the source of the example deployment, initialize Terraform, which downloads all required providers and modules locally (they will be stored in the hidden folder `.terraform`).
++
+[source,bash]
+----
+terraform init
+----
+
+2. Check out the modules you want to deploy in the `main.tf` file, and comment out the others.
++
+TIP: You can also add your owns Terraform modules in this file or any other file on the root folder. A good place to start to write your own module is to clone the https://github.com/camptocamp/devops-stack-helloworld[devops-stack-helloworld] repository and adapt it to your needs.
+
+3. Configure the variables in `locals.tf` to your preference:
++
+[source,hcl]
+----
+include::example$deploy_examples/kind/locals.tf[]
+----
+
+4. Finally, run `terraform apply` and accept the proposed changes to create the Kubernetes nodes as Docker containers, and populate them with our services.
++
+[source,bash]
+----
+terraform apply
+----
+
+=== Troubleshooting
+
+==== ArgoCD: connection refused
+
+Because at the end of the deployment we use the Argo CD to deploy and manage itself, there could be an error like this one:
+
+This error happens when ArgoCD bootstraps itself.
+[source,shell]
+----
+╷
+│ Error: Error while waiting for application argocd to be created
+│
+│   with module.argocd.argocd_application.this,
+│   on .terraform/modules/argocd/main.tf line 55, in resource "argocd_application" "this":
+│   55: resource "argocd_application" "this" {
+│
+│ error while waiting for application argocd to be synced and healthy: rpc error: code = Unavailable desc = connection error: desc = "transport: error while dialing: dial tcp 127.0.0.1:45729: connect: connection refused"
+╵
+----
+
+This happens because the Argo CD server pod is redeployed and the Argo CD Terraform provider loses connection. You can simply re-run the command `terraform apply` to finalize the bootstrap of the cluster.
+
+==== `loki-stack-promtail` pods stuck with status `CrashLoopBackOff`
+
+When the pods of `loki-stack-promtail` are stuck in a creation loop with the following logs:
+
+[source]
+----
+level=error ts=2023-05-09T06:32:38.495673778Z caller=main.go:117 msg="error creating promtail" error="failed to make file target manager: too many open files"
+Stream closed EOF for loki-stack/loki-stack-promtail-bxcmw (promtail)
+----
+
+You will have to increase the upper limit on the number of INotify instances that can be created per real user ID:
+
+[source,bash]
+----
+# Increase the limit until next reboot:
+sudo sysctl fs.inotify.max_user_instances=512
+# Increase the limit permanently (run this command as root):
+echo 'fs.inotify.max_user_instances=512' >> /etc/sysctl.conf
+----
+
+== Access the applications
+
+The URLs of the applications are visible in the ingresses of the cluster. You can get them by running the following command:
+
+[source,bash]
+----
+kubectl get ingress --all-namespaces
+----
+
+For example, if the base domain name is `172-19-0-1.nip.io`, the applications are accessible at the following adresses:
+
+----
+https://grafana.apps.172-19-0-1.nip.io
+https://alertmanager.apps.172-19-0-1.nip.io
+https://prometheus.apps.172-19-0-1.nip.io
+https://keycloak.apps.172-19-0-1.nip.io
+https://minio.apps.172-19-0-1.nip.io
+https://argocd.apps.172-19-0-1.nip.io
+https://thanos-bucketweb.apps.172-19-0-1.nip.io
+https://thanos-query.apps.172-19-0-1.nip.io
+----
+
+You can access the applications using the credentials created by the Keycloak module. They are written to the Terraform output:
+
+[source,bash]
+----
+# List all outputs:
+$ terraform output
+keycloak_admin_credentials = <sensitive>
+keycloak_users = <sensitive>
+kubernetes_kubeconfig = <sensitive>
+minio_root_user_credentials = <sensitive>
+
+# To get the credentials for Grafana, Prometheus, etc.
+$ terraform output keycloak_users
+{
+  "devopsadmin" = "aqhEbd3L0Msryjjp547ej7nyN6E2FllV"
+}
+----
+
+== Pause the cluster
+
+The `docker pause` command can be used to halt the cluster for a while in order to save energy (replace `kind-cluster` by the cluster name you defined in `locals.tf`):
+
+[source,bash]
+----
+# Pause the cluster:
+docker pause kind-cluster-control-plane kind-cluster-worker{,2,3}
+
+# Resume the cluster:
+docker unpause kind-cluster-control-plane kind-cluster-worker{,2,3}
+----
+
+NOTE: When the host computer is restarted, the Docker container will start
+again, but the cluster will not resume correctly. It has to be destroyed and
+recreated.
+
+== Stop the cluster
+
+To definitively stop the cluster on a single command (that is the reason we delete some resources from the state file), we can use the following command:
+
+[source,bash]
+----
+terraform state rm $(terraform state list | grep "argocd_application\|argocd_project\|kubernetes_\|helm_\|keycloak_") && terraform destroy
+----
+
+A dirtier alternative is to directly destroy the Docker containers and volumes (replace `kind-cluster` by the cluster name you defined in `locals.tf`):
+
+[source,bash]
+----
+# Stop and remove Docker containers:
+docker container stop kind-cluster-control-plane kind-cluster-worker{,2,3} && \
+  docker container rm -v kind-cluster-control-plane kind-cluster-worker{,2,3}
+# Remove the Terraform state:
+rm terraform.state
+----
+
+== Conclusion
+
+That's it, you have deployed the DevOps Stack locally! For more informations, keep on reading the https://devops-stack.io/docs/latest/[documentation]. **You can explore the possibilities of each module and get the link to the source code on their respective documentation pages.**