From 3fd5b56352fd0882d9a1b4ccade5e29fcc2d30ad Mon Sep 17 00:00:00 2001 From: Ryan VanGundy Date: Sat, 19 Jul 2025 10:10:49 -0400 Subject: [PATCH 1/2] feat(template): Implement cross-CSP core template --- contexts/_template/blueprint.jsonnet | 450 ++++++++++++++++++ .../terraform/cluster/aws-eks.jsonnet | 17 + .../terraform/cluster/azure-aks.jsonnet | 13 + .../_template/terraform/cluster/talos.jsonnet | 167 +++++++ .../terraform/network/aws-vpc.jsonnet | 7 + .../terraform/network/azure-vnet.jsonnet | 6 + contexts/aws-example/blueprint.yaml | 99 ---- .../terraform/cluster/aws-eks.tfvars | 51 -- .../cluster/aws-eks/additions.tfvars | 10 - .../aws-example/terraform/gitops/flux.tfvars | 32 -- .../terraform/network/aws-vpc.tfvars | 41 -- contexts/azure-example/blueprint.yaml | 93 ---- .../terraform/backend/azurerm.tfvars | 29 -- .../terraform/cluster/azure-aks.tfvars | 103 ---- .../terraform/gitops/flux.tfvars | 32 -- .../terraform/network/azure-vnet.tfvars | 24 - contexts/local/terraform/cluster/talos.tfvars | 7 +- contexts/local/terraform/gitops/flux.tfvars | 32 +- 18 files changed, 689 insertions(+), 524 deletions(-) create mode 100644 contexts/_template/blueprint.jsonnet create mode 100644 contexts/_template/terraform/cluster/aws-eks.jsonnet create mode 100644 contexts/_template/terraform/cluster/azure-aks.jsonnet create mode 100644 contexts/_template/terraform/cluster/talos.jsonnet create mode 100644 contexts/_template/terraform/network/aws-vpc.jsonnet create mode 100644 contexts/_template/terraform/network/azure-vnet.jsonnet delete mode 100644 contexts/aws-example/blueprint.yaml delete mode 100644 contexts/aws-example/terraform/cluster/aws-eks.tfvars delete mode 100644 contexts/aws-example/terraform/cluster/aws-eks/additions.tfvars delete mode 100644 contexts/aws-example/terraform/gitops/flux.tfvars delete mode 100644 contexts/aws-example/terraform/network/aws-vpc.tfvars delete mode 100644 contexts/azure-example/blueprint.yaml delete mode 100644 contexts/azure-example/terraform/backend/azurerm.tfvars delete mode 100644 contexts/azure-example/terraform/cluster/azure-aks.tfvars delete mode 100644 contexts/azure-example/terraform/gitops/flux.tfvars delete mode 100644 contexts/azure-example/terraform/network/azure-vnet.tfvars diff --git a/contexts/_template/blueprint.jsonnet b/contexts/_template/blueprint.jsonnet new file mode 100644 index 00000000..b2eaae0d --- /dev/null +++ b/contexts/_template/blueprint.jsonnet @@ -0,0 +1,450 @@ +local context = std.extVar("context"); +local hlp = std.extVar("helpers"); + +// Map "metal" provider to "local" for template purposes +local rawProvider = hlp.getString(context, "provider", "local"); +local provider = if rawProvider == "metal" then "local" else rawProvider; + +// Repository configuration +local repositoryConfig = { + url: if rawProvider == "local" then "http://git.test/git/" + hlp.getString(context, "projectName", "core") else "", + ref: { + branch: "main", + }, + secretName: "flux-system", +}; + +// Platform-specific terraform configurations +local terraformConfigs = { + "aws": [ + { + path: "backend/s3", + }, + { + path: "network/aws-vpc", + }, + { + path: "cluster/aws-eks", + }, + { + path: "cluster/aws-eks/additions", + destroy: false + }, + { + path: "gitops/flux", + destroy: false, + } + ], + "azure": [ + { + path: "backend/azurerm", + }, + { + path: "network/azure-vnet", + }, + { + path: "cluster/azure-aks", + }, + { + path: "gitops/flux", + destroy: false, + } + ], + "local": [ + { + path: "cluster/talos", + }, + { + path: "gitops/flux", + destroy: false, + values: { + git_username: "local", + git_password: "local", + webhook_token: "abcdef123456", + }, + } + ] +}; + +// Determine the vmDriver for conditional logic in local configs +local vmDriver = hlp.getString(context, "vm.driver", ""); + +// Platform-specific kustomize configurations +local kustomizeConfigs = { + "aws": [ + { + name: "telemetry-base", + path: "telemetry/base", + components: [ + "prometheus", + "prometheus/flux" + ], + }, + { + name: "telemetry-resources", + path: "telemetry/resources", + dependsOn: [ + "telemetry-base" + ], + components: [ + "metrics-server", + "prometheus", + "prometheus/flux" + ], + }, + { + name: "policy-base", + path: "policy/base", + components: [ + "kyverno" + ], + }, + { + name: "policy-resources", + path: "policy/resources", + dependsOn: [ + "policy-base" + ], + }, + { + name: "csi", + path: "csi", + cleanup: [ + "pvcs" + ], + }, + { + name: "ingress", + path: "ingress", + dependsOn: [ + "pki-resources" + ], + components: [ + "nginx", + "nginx/flux-webhook", + "nginx/web" + ], + cleanup: [ + "loadbalancers", + "ingresses" + ], + }, + { + name: "pki-base", + path: "pki/base", + dependsOn: [ + "policy-resources" + ], + components: [ + "cert-manager", + "trust-manager" + ], + }, + { + name: "pki-resources", + path: "pki/resources", + dependsOn: [ + "pki-base" + ], + components: [ + "private-issuer/ca", + "public-issuer/selfsigned" + ], + }, + { + name: "dns", + path: "dns", + components: [ + "external-dns", + "external-dns/route53" + ], + }, + { + name: "observability", + path: "observability", + dependsOn: [ + "ingress" + ], + components: [ + "grafana", + "grafana/ingress", + "grafana/prometheus", + "grafana/node", + "grafana/kubernetes", + "grafana/flux" + ], + } + ], + "azure": [ + { + name: "telemetry-base", + path: "telemetry/base", + components: [ + "prometheus", + "prometheus/flux" + ], + }, + { + name: "telemetry-resources", + path: "telemetry/resources", + dependsOn: [ + "telemetry-base" + ], + components: [ + "prometheus", + "prometheus/flux" + ], + }, + { + name: "policy-base", + path: "policy/base", + components: [ + "kyverno" + ], + }, + { + name: "policy-resources", + path: "policy/resources", + dependsOn: [ + "policy-base" + ], + }, + { + name: "pki-base", + path: "pki/base", + dependsOn: [ + "policy-resources" + ], + components: [ + "cert-manager", + "trust-manager" + ], + }, + { + name: "pki-resources", + path: "pki/resources", + dependsOn: [ + "pki-base" + ], + components: [ + "private-issuer/ca", + "public-issuer/selfsigned" + ], + }, + { + name: "ingress", + path: "ingress", + dependsOn: [ + "pki-resources" + ], + components: [ + "nginx", + "nginx/flux-webhook", + "nginx/web" + ], + }, + { + name: "gitops", + path: "gitops/flux", + dependsOn: [ + "ingress" + ], + components: [ + "webhook" + ], + }, + { + name: "observability", + path: "observability", + dependsOn: [ + "ingress" + ], + components: [ + "grafana", + "grafana/ingress", + "grafana/prometheus", + "grafana/node", + "grafana/kubernetes", + "grafana/flux" + ], + } + ], + "local": [ + { + name: "telemetry-base", + path: "telemetry/base", + components: [ + "prometheus", + "prometheus/flux", + "fluentbit", + "fluentbit/prometheus" + ], + }, + { + name: "telemetry-resources", + path: "telemetry/resources", + dependsOn: [ + "telemetry-base" + ], + components: [ + "metrics-server", + "prometheus", + "prometheus/flux", + "fluentbit", + "fluentbit/containerd", + "fluentbit/fluentd", + "fluentbit/kubernetes", + "fluentbit/systemd" + ], + }, + { + name: "policy-base", + path: "policy/base", + components: [ + "kyverno" + ], + }, + { + name: "policy-resources", + path: "policy/resources", + dependsOn: [ + "policy-base" + ], + }, + { + name: "csi", + path: "csi", + dependsOn: [ + "policy-resources" + ], + components: [ + "openebs", + "openebs/dynamic-localpv" + ], + }, + ] + (if vmDriver != "docker-desktop" then [ + { + name: "lb-base", + path: "lb/base", + dependsOn: [ + "policy-resources" + ], + components: [ + "metallb" + ], + }, + { + name: "lb-resources", + path: "lb/resources", + dependsOn: [ + "lb-base" + ], + components: [ + "metallb/layer2" + ], + } + ] else []) + [ + { + name: "ingress", + path: "ingress", + dependsOn: [ + "pki-resources" + ], + components: if vmDriver == "docker-desktop" then [ + "nginx", + "nginx/nodeport", + "nginx/coredns", + "nginx/flux-webhook", + "nginx/web" + ] else [ + "nginx", + "nginx/loadbalancer", + "nginx/coredns", + "nginx/flux-webhook", + "nginx/web" + ], + }, + { + name: "pki-base", + path: "pki/base", + dependsOn: [ + "policy-resources" + ], + components: [ + "cert-manager", + "trust-manager" + ], + }, + { + name: "pki-resources", + path: "pki/resources", + dependsOn: [ + "pki-base" + ], + components: [ + "private-issuer/ca", + "public-issuer/selfsigned" + ], + }, + { + name: "dns", + path: "dns", + dependsOn: [ + "pki-base" + ], + components: if vmDriver == "docker-desktop" then [ + "coredns", + "coredns/etcd", + "external-dns", + "external-dns/localhost", + "external-dns/coredns", + "external-dns/ingress" + ] else [ + "coredns", + "coredns/etcd", + "external-dns", + "external-dns/coredns", + "external-dns/ingress" + ], + }, + { + name: "gitops", + path: "gitops/flux", + dependsOn: [ + "ingress" + ], + components: [ + "webhook" + ], + } + ] +}; + +// Blueprint metadata +local blueprintMetadata = { + kind: "Blueprint", + apiVersion: "blueprints.windsorcli.dev/v1alpha1", + metadata: { + name: hlp.getString(context, "name", "template"), + description: "This blueprint outlines resources in the " + hlp.getString(context, "name", "template") + " context", + }, +}; + +// Source configuration +local sourceConfig = [ + { + name: "core", + url: "github.com/windsorcli/core", + ref: { + branch: "main", + }, + }, +]; + +// Start of Blueprint +blueprintMetadata + { + repository: repositoryConfig, + sources: sourceConfig, + terraform: terraformConfigs[provider], + kustomize: kustomizeConfigs[provider], +} diff --git a/contexts/_template/terraform/cluster/aws-eks.jsonnet b/contexts/_template/terraform/cluster/aws-eks.jsonnet new file mode 100644 index 00000000..46193e20 --- /dev/null +++ b/contexts/_template/terraform/cluster/aws-eks.jsonnet @@ -0,0 +1,17 @@ +local context = std.extVar("context"); +local hlp = std.extVar("helpers"); + +// Extract worker count safely +local workerCount = hlp.getInt(context, "cluster.workers.count", null); + +// Only output node_groups if worker count is populated +if workerCount != null then { + node_groups: { + default: { + instance_types: ["t3.xlarge"], + min_size: workerCount, + max_size: workerCount + 2, + desired_size: workerCount, + } + } +} else {} diff --git a/contexts/_template/terraform/cluster/azure-aks.jsonnet b/contexts/_template/terraform/cluster/azure-aks.jsonnet new file mode 100644 index 00000000..c1a85c02 --- /dev/null +++ b/contexts/_template/terraform/cluster/azure-aks.jsonnet @@ -0,0 +1,13 @@ +local context = std.extVar("context"); +local hlp = std.extVar("helpers"); + +// Extract worker count safely +local workerCount = hlp.getInt(context, "cluster.workers.count", null); + +// Only output autoscaled_node_pool if worker count is populated +if workerCount != null then { + autoscaled_node_pool: { + min_count: workerCount, + max_count: workerCount + 2, + } +} else {} diff --git a/contexts/_template/terraform/cluster/talos.jsonnet b/contexts/_template/terraform/cluster/talos.jsonnet new file mode 100644 index 00000000..b5ddf249 --- /dev/null +++ b/contexts/_template/terraform/cluster/talos.jsonnet @@ -0,0 +1,167 @@ +// Import the helper library and context +local hlp = std.extVar("helpers"); +local context = std.extVar("context"); + +// Get basic configuration using helper functions +local vmDriver = hlp.getString(context, "vm.driver", ""); +local provider = hlp.getString(context, "provider", ""); + +// Get cluster configuration safely +local cluster = hlp.getObject(context, "cluster", {}); +local controlplaneNodes = hlp.getObject(context, "cluster.controlplanes.nodes", {}); +local workerNodes = hlp.getObject(context, "cluster.workers.nodes", {}); + +// Get first controlplane node safely +local nodeList = std.objectValues(controlplaneNodes); +local firstNode = if std.length(nodeList) > 0 then nodeList[0] else null; + +// Get endpoint using helpers +local clusterEndpoint = hlp.getString(context, "cluster.endpoint", ""); +local nodeEndpoint = if firstNode != null then hlp.getString(firstNode, "endpoint", "") else ""; +local endpoint = if clusterEndpoint != "" then clusterEndpoint else nodeEndpoint; +local baseUrl = hlp.baseUrl(endpoint); + +// Build certSANs using helpers +local hostname = if firstNode != null then hlp.getString(firstNode, "hostname", "") else ""; +local domain = hlp.getString(context, "dns.domain", ""); +local domainSAN = if hostname != "" && domain != "" then hostname + "." + domain else ""; + +local baseCertSANs = ["localhost"]; +local urlSAN = if baseUrl != "" then [baseUrl] else []; +local hostSAN = if hostname != "" then [hostname] else []; +local domainSANList = if domainSAN != "" then [domainSAN] else []; +local certSANs = baseCertSANs + urlSAN + hostSAN + domainSANList; + +// Build registry mirrors +local registries = hlp.getObject(context, "docker.registries", {}); +local registryKeys = std.objectFields(registries); + +local buildMirror(key) = + local registryInfo = registries[key]; + if std.objectHas(registryInfo, "hostname") && registryInfo.hostname != "" then + local localOverride = if std.objectHas(registryInfo, "local") then + local parts = std.split(registryInfo["local"], "//"); + if std.length(parts) > 1 then parts[1] else registryInfo["local"] + else ""; + local targetRegistry = if localOverride != "" then localOverride else key; + { + key: targetRegistry, + endpoints: ["http://" + registryInfo.hostname + ":5000"] + } + else + null; + +local validMirrors = std.filter(function(x) x != null, std.map(buildMirror, registryKeys)); +local registryMirrors = std.foldl( + function(acc, mirror) acc { [mirror.key]: { endpoints: mirror.endpoints } }, + validMirrors, + {} +); + +// Build network config +local needsNetworkConfig = provider == "local" && vmDriver == "docker-desktop"; +local networkConfig = if needsNetworkConfig then + { + interfaces: [ + { + ignore: true, + interface: "eth0" + } + ] + } +else + {}; + +// Build base machine config +local baseMachineConfig = { + certSANs: certSANs, + kubelet: { + extraArgs: { + "rotate-server-certificates": "true" + } + } +} + (if needsNetworkConfig then { network: networkConfig } else {}); + +// Add registries if they exist +local machineConfig = baseMachineConfig + ( + if std.length(std.objectFields(registryMirrors)) > 0 then { + registries: { + mirrors: registryMirrors + } + } else {} +); + +// Build common config patches +local commonConfig = { + cluster: { + apiServer: { + certSANs: certSANs + }, + extraManifests: [ + "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml" + ] + }, + machine: machineConfig +}; + +// Helper for volume mounts +local createMount(volume) = + local parts = std.split(volume, ":"); + { + destination: parts[1], + type: "bind", + source: parts[1], + options: ["rbind", "rw"] + }; + +// Worker config patches using helpers +local workerVolumes = hlp.getArray(context, "cluster.workers.volumes", []); +local workerMounts = if std.length(workerVolumes) > 0 then std.map(createMount, workerVolumes) else []; +local workerConfig = if std.length(workerMounts) > 0 then + { + machine: { + kubelet: { + extraMounts: workerMounts + } + } + } +else + {}; + +// Controlplane config patches using helpers +local controlplaneVolumes = hlp.getArray(context, "cluster.controlplanes.volumes", []); +local controlplaneMounts = if std.length(controlplaneVolumes) > 0 then std.map(createMount, controlplaneVolumes) else []; +local controlplaneConfig = if std.length(controlplaneMounts) > 0 then + { + machine: { + kubelet: { + extraMounts: controlplaneMounts + } + } + } +else + {}; + +// Build node lists +local controlplaneList = std.map( + function(v) { endpoint: v.endpoint, node: v.node }, + std.objectValues(controlplaneNodes) +); + +local workerList = std.map( + function(v) { endpoint: v.endpoint, node: v.node }, + std.objectValues(workerNodes) +); + +// Final output +{ + cluster_endpoint: if endpoint != "" then "https://" + baseUrl + ":6443" else "", + cluster_name: "talos", + controlplanes: controlplaneList, + workers: workerList, + common_config_patches: std.manifestYamlDoc(commonConfig) +} + (if std.length(std.objectFields(workerConfig)) > 0 then { + worker_config_patches: std.manifestYamlDoc(workerConfig) +} else {}) + (if std.length(std.objectFields(controlplaneConfig)) > 0 then { + controlplane_config_patches: std.manifestYamlDoc(controlplaneConfig) +} else {}) diff --git a/contexts/_template/terraform/network/aws-vpc.jsonnet b/contexts/_template/terraform/network/aws-vpc.jsonnet new file mode 100644 index 00000000..da2c571e --- /dev/null +++ b/contexts/_template/terraform/network/aws-vpc.jsonnet @@ -0,0 +1,7 @@ +local context = std.extVar("context"); +local hlp = std.extVar("helpers"); + +{ + cidr_block: hlp.getString(context, "network.cidr_block", "10.0.0.0/16"), + domain_name: hlp.getString(context, "dns.domain", null), +} diff --git a/contexts/_template/terraform/network/azure-vnet.jsonnet b/contexts/_template/terraform/network/azure-vnet.jsonnet new file mode 100644 index 00000000..9fdee67a --- /dev/null +++ b/contexts/_template/terraform/network/azure-vnet.jsonnet @@ -0,0 +1,6 @@ +local context = std.extVar("context"); +local hlp = std.extVar("helpers"); + +{ + vnet_cidr: hlp.getString(context, "network.cidr_block", "10.0.0.0/16"), +} diff --git a/contexts/aws-example/blueprint.yaml b/contexts/aws-example/blueprint.yaml deleted file mode 100644 index 8573d4c0..00000000 --- a/contexts/aws-example/blueprint.yaml +++ /dev/null @@ -1,99 +0,0 @@ -kind: Blueprint -apiVersion: blueprints.windsorcli.dev/v1alpha1 -metadata: - name: aws-example - description: This blueprint outlines resources in the aws-example context -repository: - url: "" - ref: - branch: main - secretName: flux-system -sources: -- name: core - url: github.com/windsorcli/core - ref: - branch: aws-lifecycle -terraform: -- path: network/aws-vpc -- path: cluster/aws-eks -- path: cluster/aws-eks/additions - destroy: false -- path: gitops/flux - destroy: false -kustomize: -- name: telemetry-base - path: telemetry/base - source: core - components: - - prometheus - - prometheus/flux -- name: telemetry-resources - path: telemetry/resources - source: core - dependsOn: - - telemetry-base - components: - - metrics-server - - prometheus - - prometheus/flux -- name: policy-base - path: policy/base - source: core - components: - - kyverno -- name: policy-resources - path: policy/resources - source: core - dependsOn: - - policy-base -- name: csi - path: csi - source: core - cleanup: - - pvcs -- name: ingress - path: ingress - source: core - dependsOn: - - pki-resources - components: - - nginx - - nginx/flux-webhook - - nginx/web - cleanup: - - loadbalancers - - ingresses -- name: pki-base - path: pki/base - source: core - dependsOn: - - policy-resources - components: - - cert-manager - - trust-manager -- name: pki-resources - path: pki/resources - source: core - dependsOn: - - pki-base - components: - - private-issuer/ca - - public-issuer/selfsigned -- name: dns - path: dns - source: core - components: - - external-dns - - external-dns/route53 -- name: observability - path: observability - source: core - dependsOn: - - ingress - components: - - grafana - - grafana/ingress - - grafana/prometheus - - grafana/node - - grafana/kubernetes - - grafana/flux diff --git a/contexts/aws-example/terraform/cluster/aws-eks.tfvars b/contexts/aws-example/terraform/cluster/aws-eks.tfvars deleted file mode 100644 index 3be96640..00000000 --- a/contexts/aws-example/terraform/cluster/aws-eks.tfvars +++ /dev/null @@ -1,51 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -# Module source: github.com/windsorcli/core//terraform/cluster/aws-eks?ref=main - -# The name of the EKS cluster. -# cluster_name = "" - -# The kubernetes version to deploy. -# kubernetes_version = "1.32" - -# Whether to enable public access to the EKS cluster. -# endpoint_public_access = true - -# The CIDR block for the cluster API access. -# cluster_api_access_cidr_block = "0.0.0.0/0" - -# The ID of the VPC where the EKS cluster will be created. -# vpc_id = null - -# Map of EKS managed node group definitions to create. -# node_groups = { -# default = { -# desired_size = null -# instance_types = ["t3.medium"] -# max_size = null -# min_size = null -# } -# } - -# Maximum number of pods that can run on a single node -# max_pods_per_node = null - -# Configuration for the VPC CNI addon -# vpc_cni_config = { -# enable_prefix_delegation = true -# minimum_ip_target = null -# warm_ip_target = null -# warm_prefix_target = null -# } - -# Map of EKS Fargate profile definitions to create. -# fargate_profiles = {} - -# Map of EKS add-ons -# addons = { -# aws-ebs-csi-driver = {} -# aws-efs-csi-driver = {} -# coredns = {} -# eks-pod-identity-agent = {} -# external-dns = {} -# vpc-cni = {} -# } diff --git a/contexts/aws-example/terraform/cluster/aws-eks/additions.tfvars b/contexts/aws-example/terraform/cluster/aws-eks/additions.tfvars deleted file mode 100644 index 443c73b4..00000000 --- a/contexts/aws-example/terraform/cluster/aws-eks/additions.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. - -# ARN of the IAM role for external-dns. If not provided, will be looked up from the cluster. -# external_dns_role_arn = null - -# AWS region where the Route53 hosted zone is located. If not provided, will use the cluster's region. -# route53_region = null - -# Name of the EKS cluster. -# cluster_name = "" diff --git a/contexts/aws-example/terraform/gitops/flux.tfvars b/contexts/aws-example/terraform/gitops/flux.tfvars deleted file mode 100644 index d5b3edd9..00000000 --- a/contexts/aws-example/terraform/gitops/flux.tfvars +++ /dev/null @@ -1,32 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -# Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=main - -# The namespace in which Flux will be installed -# flux_namespace = "system-gitops" - -# The version of Flux Helm chart to install -# flux_helm_version = "2.15.0" - -# The version of Flux to install -# flux_version = "2.5.1" - -# The private key to use for SSH authentication -# ssh_private_key = "(sensitive)" - -# The public key to use for SSH authentication -# ssh_public_key = "(sensitive)" - -# The known hosts to use for SSH authentication -# ssh_known_hosts = "(sensitive)" - -# The name of the secret to store the git authentication details -# git_auth_secret = "flux-system" - -# The git user to use to authenticte with the git provider -# git_username = "git" - -# The git password or PAT used to authenticte with the git provider -# git_password = "(sensitive)" - -# The token to use for the webhook -# webhook_token = "(sensitive)" diff --git a/contexts/aws-example/terraform/network/aws-vpc.tfvars b/contexts/aws-example/terraform/network/aws-vpc.tfvars deleted file mode 100644 index c02584e2..00000000 --- a/contexts/aws-example/terraform/network/aws-vpc.tfvars +++ /dev/null @@ -1,41 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -# Module source: github.com/windsorcli/core//terraform/network/aws-vpc?ref=main - -# Name prefix for all resources in the VPC -# name = "" - -# CIDR block for the VPC -# cidr_block = "10.0.0.0/16" - -# Number of availability zones to use for the subnets -# availability_zones = null - -# Number of new bits for the subnet -# subnet_newbits = null - -# Enable DNS hostnames in the VPC -# enable_dns_hostnames = true - -# Enable DNS support in the VPC -# enable_dns_support = true - -# Enable NAT Gateway for private subnets -# enable_nat_gateway = true - -# Use a single NAT Gateway for all private subnets -# single_nat_gateway = false - -# Enable flow logs for the VPC -# enable_flow_logs = true - -# Create a KMS key for flow logs -# create_flow_logs_kms_key = true - -# The KMS key ID for flow logs -# flow_logs_kms_key_id = null - -# Additional tags for all resources -# tags = {} - -# The domain name for the Route53 hosted zone -# domain_name = null diff --git a/contexts/azure-example/blueprint.yaml b/contexts/azure-example/blueprint.yaml deleted file mode 100644 index 92524096..00000000 --- a/contexts/azure-example/blueprint.yaml +++ /dev/null @@ -1,93 +0,0 @@ -kind: Blueprint -apiVersion: blueprints.windsorcli.dev/v1alpha1 -metadata: - name: cloud - description: This blueprint outlines resources in the cloud context -repository: - url: "" - ref: - branch: main - secretName: flux-system -sources: -- name: core - url: github.com/windsorcli/core - ref: - branch: main -terraform: -- path: network/azure-vnet -- path: cluster/azure-aks -- path: gitops/flux - destroy: false -kustomize: -- name: telemetry-base - path: telemetry/base - source: core - components: - - prometheus - - prometheus/flux -- name: telemetry-resources - path: telemetry/resources - source: core - dependsOn: - - telemetry-base - components: - - prometheus - - prometheus/flux -- name: policy-base - path: policy/base - source: core - components: - - kyverno -- name: policy-resources - path: policy/resources - source: core - dependsOn: - - policy-base -- name: pki-base - path: pki/base - source: core - dependsOn: - - policy-resources - force: true - components: - - cert-manager - - trust-manager -- name: pki-resources - path: pki/resources - source: core - dependsOn: - - pki-base - force: true - components: - - private-issuer/ca - - public-issuer/selfsigned -- name: ingress - path: ingress - source: core - dependsOn: - - pki-resources - force: true - components: - - nginx - - nginx/flux-webhook - - nginx/web -- name: gitops - path: gitops/flux - source: core - dependsOn: - - ingress - force: true - components: - - webhook -- name: observability - path: observability - source: core - dependsOn: - - ingress - components: - - grafana - - grafana/ingress - - grafana/prometheus - - grafana/node - - grafana/kubernetes - - grafana/flux diff --git a/contexts/azure-example/terraform/backend/azurerm.tfvars b/contexts/azure-example/terraform/backend/azurerm.tfvars deleted file mode 100644 index ef8b9ae2..00000000 --- a/contexts/azure-example/terraform/backend/azurerm.tfvars +++ /dev/null @@ -1,29 +0,0 @@ -// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. - -// Azure region where resources will be created -// location = "eastus2" - -// Name of the resource group where the storage account will be created -// resource_group_name = "" - -// Name of the storage account. If not provided, a default name will be generated -// storage_account_name = "" - -// Name of the blob container for Terraform state -// container_name = "" - -// Additional tags to apply to resources -// tags = { -// } - -// Enable customer managed key encryption -// enable_cmk = false - -// The ID of the Key Vault Key to use for CMK encryption -// key_vault_key_id = "" - -// Allow public access to the storage account -// allow_public_access = true - -// List of IP ranges to allow access to the storage account -// allowed_ip_ranges = [] diff --git a/contexts/azure-example/terraform/cluster/azure-aks.tfvars b/contexts/azure-example/terraform/cluster/azure-aks.tfvars deleted file mode 100644 index c4dd44b8..00000000 --- a/contexts/azure-example/terraform/cluster/azure-aks.tfvars +++ /dev/null @@ -1,103 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. - -# Name of the resource -# name = "cluster" - -# Name of the resource group -# resource_group_name = null - -# Name of the AKS cluster -# cluster_name = null - -# Name on the VNET module -# vnet_module_name = "network" - -# ID of the subnet -# vnet_subnet_id = null - -# Region for the resources -# region = "eastus" - -# Version of Kubernetes to use -# kubernetes_version = "1.32" - -# Configuration for the default node pool -# default_node_pool = { -# host_encryption_enabled = true -# max_count = null -# max_pods = null -# min_count = null -# name = "system" -# node_count = null -# only_critical_addons_enabled = true -# os_disk_type = "Managed" -# vm_size = "Standard_D2s_v3" -# } - -# Configuration for the autoscaled node pool -# autoscaled_node_pool = { -# enabled = true -# host_encryption_enabled = true -# max_count = null -# max_pods = null -# min_count = null -# mode = "User" -# name = "autoscaled" -# os_disk_type = "Managed" -# vm_size = "Standard_D2s_v3" -# } - -# Whether to enable role-based access control for the AKS cluster -# role_based_access_control_enabled = true - -# Configuration for the AKS cluster's auto-scaler -# auto_scaler_profile = { -# balance_similar_node_groups = true -# max_graceful_termination_sec = null -# scale_down_delay_after_add = "10m" -# scale_down_delay_after_delete = "10s" -# scale_down_delay_after_failure = "3m" -# scale_down_unneeded = "10m" -# scale_down_unready = "20m" -# scale_down_utilization_threshold = "0.5" -# scan_interval = "10s" -# } - -# Configuration for the AKS cluster's workload autoscaler -# workload_autoscaler_profile = { -# keda_enabled = false -# vertical_pod_autoscaler_enabled = false -# } - -# The automatic upgrade channel for the AKS cluster -# automatic_upgrade_channel = "stable" - -# The SKU tier for the AKS cluster -# sku_tier = "Standard" - -# Whether to enable private cluster for the AKS cluster -# private_cluster_enabled = false - -# Whether to enable Azure Policy for the AKS cluster -# azure_policy_enabled = true - -# Whether to disable local accounts for the AKS cluster -# local_account_disabled = false - -# Whether to enable public network access for the AKS cluster -# public_network_access_enabled = true - -# The default action for the AKS cluster's network ACLs -# network_acls_default_action = "Allow" - -# The expiration date for the AKS cluster's key vault -# expiration_date = null - -# Additional user assigned identity IDs for the AKS cluster -# additional_cluster_identity_ids = [] - -# The number of days to retain the AKS cluster's key vault -# soft_delete_retention_days = null - -# Tags to apply to the resources -# tags = {} diff --git a/contexts/azure-example/terraform/gitops/flux.tfvars b/contexts/azure-example/terraform/gitops/flux.tfvars deleted file mode 100644 index 5d257471..00000000 --- a/contexts/azure-example/terraform/gitops/flux.tfvars +++ /dev/null @@ -1,32 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -# Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=aws-eks - -# The namespace in which Flux will be installed -# flux_namespace = "system-gitops" - -# The version of Flux Helm chart to install -# flux_helm_version = "2.15.0" - -# The version of Flux to install -# flux_version = "2.5.1" - -# The private key to use for SSH authentication -# ssh_private_key = "(sensitive)" - -# The public key to use for SSH authentication -# ssh_public_key = "(sensitive)" - -# The known hosts to use for SSH authentication -# ssh_known_hosts = "(sensitive)" - -# The name of the secret to store the git authentication details -# git_auth_secret = "flux-system" - -# The git user to use to authenticte with the git provider -# git_username = "git" - -# The git password or PAT used to authenticte with the git provider -# git_password = "(sensitive)" - -# The token to use for the webhook -# webhook_token = "(sensitive)" diff --git a/contexts/azure-example/terraform/network/azure-vnet.tfvars b/contexts/azure-example/terraform/network/azure-vnet.tfvars deleted file mode 100644 index dd618088..00000000 --- a/contexts/azure-example/terraform/network/azure-vnet.tfvars +++ /dev/null @@ -1,24 +0,0 @@ -// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -// Module source: github.com/windsorcli/core//terraform/network/azure-vnet?ref=main - -// Region for the resources -// region = "eastus" - -// Name of the resource group -// resource_group_name = null - -// Name of the VNET -// vnet_name = null - -// Number of availability zones to create -// vnet_zones = null - -// CIDR block for VNET -// vnet_cidr = "10.20.0.0/16" - -// Subnets to create in the VNET -// vnet_subnets = { -// data = [] -// private = [] -// public = [] -// } diff --git a/contexts/local/terraform/cluster/talos.tfvars b/contexts/local/terraform/cluster/talos.tfvars index 79937124..d3df2ad7 100644 --- a/contexts/local/terraform/cluster/talos.tfvars +++ b/contexts/local/terraform/cluster/talos.tfvars @@ -1,11 +1,10 @@ # Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. -# Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main # The kubernetes version to deploy. -# kubernetes_version = "1.33.1" +# kubernetes_version = "1.33.2" # The talos version to deploy. -# talos_version = "1.10.2" +# talos_version = "1.10.5" # The name of the cluster. cluster_name = "talos" @@ -73,7 +72,7 @@ EOF # A YAML string of controlplane config patches to apply. Can be an empty string or valid YAML. -controlplane_config_patches = "" +# controlplane_config_patches = "" # A YAML string of worker config patches to apply. Can be an empty string or valid YAML. worker_config_patches = < Date: Sat, 19 Jul 2025 10:33:40 -0400 Subject: [PATCH 2/2] Remove local context --- contexts/.gitignore | 2 +- contexts/local/blueprint.yaml | 96 ------------------- contexts/local/terraform/cluster/talos.tfvars | 88 ----------------- contexts/local/terraform/gitops/flux.tfvars | 31 ------ windsor.yaml | 23 +---- 5 files changed, 5 insertions(+), 235 deletions(-) delete mode 100644 contexts/local/blueprint.yaml delete mode 100644 contexts/local/terraform/cluster/talos.tfvars delete mode 100644 contexts/local/terraform/gitops/flux.tfvars diff --git a/contexts/.gitignore b/contexts/.gitignore index a703ae48..ca8d105b 100644 --- a/contexts/.gitignore +++ b/contexts/.gitignore @@ -1 +1 @@ -cloud/ \ No newline at end of file +/_template/ diff --git a/contexts/local/blueprint.yaml b/contexts/local/blueprint.yaml deleted file mode 100644 index 2e83c074..00000000 --- a/contexts/local/blueprint.yaml +++ /dev/null @@ -1,96 +0,0 @@ -kind: Blueprint -apiVersion: blueprints.windsorcli.dev/v1alpha1 -metadata: - name: local - description: This blueprint outlines resources in the local context -repository: - url: http://git.test/git/core - ref: - branch: main - secretName: flux-system -sources: -- name: core - url: github.com/windsorcli/core - ref: - branch: main -terraform: -- path: cluster/talos -- path: gitops/flux - destroy: false -kustomize: -- name: telemetry-base - path: telemetry/base - components: - - prometheus - - prometheus/flux - - fluentbit - - fluentbit/prometheus -- name: telemetry-resources - path: telemetry/resources - dependsOn: - - telemetry-base - components: - - metrics-server - - prometheus - - prometheus/flux - - fluentbit - - fluentbit/containerd - - fluentbit/fluentd - - fluentbit/kubernetes - - fluentbit/systemd -- name: policy-base - path: policy/base - components: - - kyverno -- name: policy-resources - path: policy/resources - dependsOn: - - policy-base -- name: csi - path: csi - dependsOn: - - policy-resources - components: - - openebs - - openebs/dynamic-localpv -- name: ingress - path: ingress - dependsOn: - - pki-resources - components: - - nginx - - nginx/nodeport - - nginx/coredns - - nginx/flux-webhook - - nginx/web -- name: pki-base - path: pki/base - dependsOn: - - policy-resources - components: - - cert-manager - - trust-manager -- name: pki-resources - path: pki/resources - dependsOn: - - pki-base - components: - - private-issuer/ca - - public-issuer/selfsigned -- name: dns - path: dns - dependsOn: - - pki-base - components: - - coredns - - coredns/etcd - - external-dns - - external-dns/localhost - - external-dns/coredns - - external-dns/ingress -- name: gitops - path: gitops/flux - dependsOn: - - ingress - components: - - webhook diff --git a/contexts/local/terraform/cluster/talos.tfvars b/contexts/local/terraform/cluster/talos.tfvars deleted file mode 100644 index d3df2ad7..00000000 --- a/contexts/local/terraform/cluster/talos.tfvars +++ /dev/null @@ -1,88 +0,0 @@ -# Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten. - -# The kubernetes version to deploy. -# kubernetes_version = "1.33.2" - -# The talos version to deploy. -# talos_version = "1.10.5" - -# The name of the cluster. -cluster_name = "talos" - -# The external controlplane API endpoint of the kubernetes API. -cluster_endpoint = "https://127.0.0.1:6443" - -# A list of machine configuration details for control planes. -controlplanes = [{ - endpoint = "127.0.0.1:50000" - node = "controlplane-1" -}] - -# A list of machine configuration details -workers = [{ - endpoint = "127.0.0.1:50001" - node = "worker-1" -}] - -# A YAML string of common config patches to apply. Can be an empty string or valid YAML. -common_config_patches = <