Reworking helm values

Author: andrejatcastai

examples/onboarding-with-existing-gke-cluster/main.tf

@@ -40,6 +40,8 @@ module "castai_omni_cluster" {
   pod_cidr              = data.google_container_cluster.gke.cluster_ipv4_cidr
   service_cidr          = data.google_container_cluster.gke.services_ipv4_cidr
   reserved_subnet_cidrs = [data.google_compute_subnetwork.gke_subnet.ip_cidr_range]
+
+  skip_helm = var.skip_helm
 }
 
 module "castai_omni_edge_location_gcp" {

examples/onboarding-with-existing-gke-cluster/providers.tf

@@ -14,6 +14,10 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.0"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.35.0"
+    }
   }
 }
 
@@ -29,6 +33,12 @@ provider "helm" {
   }
 }
 
+provider "kubernetes" {
+  host                   = "https://${data.google_container_cluster.gke.endpoint}"
+  token                  = data.google_client_config.default.access_token
+  cluster_ca_certificate = base64decode(data.google_container_cluster.gke.master_auth.0.cluster_ca_certificate)
+}
+
 provider "castai" {
   api_token = var.castai_api_token
   api_url   = var.castai_api_url

examples/onboarding-with-existing-gke-cluster/variables.tf

@@ -34,3 +34,9 @@ variable "cluster_id" {
   description = "Cast AI Cluster ID"
   type        = string
 }
+
+variable "skip_helm" {
+  description = "Skip installing any helm release; allows managing helm releases using GitOps"
+  type        = bool
+  default     = false
+}

main.tf

@@ -6,37 +6,12 @@ check "reserved_cidrs_required_for_gke" {
 }
 
 locals {
-  liqo_chart_repo   = "https://castai.github.io/liqo"
-  liqo_chart_name   = "liqo"
-  liqo_release_name = "omni"
-  liqo_image_tag    = var.liqo_chart_version
-
-  omni_namespace     = "castai-omni"
-  omni_agent_release = "omni-agent"
-  omni_agent_chart   = "omni-agent"
-  castai_helm_repository = "https://castai.github.io/helm-charts"
-
-  # Common Liqo configurations as YAML
-  common_liqo_yaml_values = <<-EOT
-    networking:
-      fabric:
-        config:
-          healthProbeBindAddressPort: '7071'
-          metricsAddressPort: '7072'
-  EOT
-
-  # Select the appropriate set_values based on k8s_provider
-  provider_helm_values = merge(
-    {for v in module.liqo_helm_values_gke : "gke" => v.set_values},
-    {for v in module.liqo_helm_values_eks : "eks" => v.set_values},
-    {for v in module.liqo_helm_values_aks : "aks" => v.set_values},
-  )
-  provider_specific_liqo_values = local.provider_helm_values[var.k8s_provider]
+  liqo_image_tag = var.liqo_chart_version
 }
 
 # GKE-specific Liqo Helm chart configuration
 module "liqo_helm_values_gke" {
-  count  = !var.skip_helm && var.k8s_provider == "gke" ? 1 : 0
+  count  = var.k8s_provider == "gke" ? 1 : 0
   source = "./modules/gke"
 
   image_tag             = local.liqo_image_tag
@@ -51,7 +26,7 @@ module "liqo_helm_values_gke" {
 
 # EKS-specific Liqo Helm chart configuration
 module "liqo_helm_values_eks" {
-  count  = !var.skip_helm && var.k8s_provider == "eks" ? 1 : 0
+  count  = var.k8s_provider == "eks" ? 1 : 0
   source = "./modules/eks"
 
   image_tag          = local.liqo_image_tag
@@ -76,79 +51,51 @@ module "liqo_helm_values_aks" {
   service_cidr       = var.service_cidr
 }
 
-resource "helm_release" "liqo" {
-  count = var.skip_helm ? 0 : 1
-
-  name             = local.liqo_release_name
-  repository       = local.liqo_chart_repo
-  chart            = local.liqo_chart_name
-  version          = var.liqo_chart_version
-  namespace        = local.omni_namespace
-  create_namespace = true
-  cleanup_on_fail  = true
-  wait             = true
-
-  values = [local.common_liqo_yaml_values]
-  set    = local.provider_specific_liqo_values
-}
-
-# Wait for Liqo network resources to be ready before proceeding
-resource "null_resource" "wait_for_liqo_network" {
-  count = var.skip_helm ? 0 : 1
-
-  provisioner "local-exec" {
-    command = <<-EOT
-      set -e
-
-      echo "Waiting for Liqo networks.ipam.liqo.io CRD to be established..."
-      kubectl wait --for condition=established --timeout=300s crd/networks.ipam.liqo.io
-
-      echo "Waiting for external CIDR network resource to be created..."
-      timeout=300
-      elapsed=0
-      interval=5
-
-      while [ $elapsed -lt $timeout ]; do
-        CIDR=$(kubectl get networks.ipam.liqo.io -n ${local.omni_namespace} \
-          -l ipam.liqo.io/network-type=external-cidr \
-          -o jsonpath='{.items[0].status.cidr}' 2>/dev/null || echo "")
-
-        if [ -n "$CIDR" ]; then
-          echo "External CIDR network resource is ready: $CIDR"
-          exit 0
-        fi
-
-        echo "Waiting for external CIDR to be populated... ($elapsed/$timeout seconds)"
-        sleep $interval
-        elapsed=$((elapsed + interval))
-      done
-
-      echo "Timeout waiting for external CIDR network resource"
-      exit 1
-    EOT
-  }
-
-  depends_on = [helm_release.liqo]
-}
+locals {
+  liqo_chart_repo   = "https://castai.github.io/liqo"
+  liqo_chart_name   = "liqo"
+  liqo_release_name = "omni"
 
-# Extract the external CIDR value from Liqo network resource
-data "external" "liqo_external_cidr" {
-  count = var.skip_helm ? 0 : 1
+  omni_namespace         = "castai-omni"
+  omni_agent_release     = "castai-omni-agent"
+  omni_agent_chart       = "omni-agent"
+  castai_helm_repository = "https://castai.github.io/helm-charts"
 
-  program = ["bash", "-c", <<-EOT
-    CIDR=$(kubectl get networks.ipam.liqo.io -n ${local.omni_namespace} \
-      -l ipam.liqo.io/network-type=external-cidr \
-      -o jsonpath='{.items[0].status.cidr}' 2>/dev/null)
+  # Omni agent configuration as YAML
+  omni_agent_yaml_values = <<-EOT
+    castai:
+      apiUrl: ${var.api_url}
+      organizationID: ${var.organization_id}
+      clusterID: ${var.cluster_id}
+      clusterName: ${var.cluster_name}
+  EOT
 
-    if [ -z "$CIDR" ]; then
-      echo '{"cidr":""}'
-    else
-      echo "{\"cidr\":\"$CIDR\"}"
-    fi
+  # Common Liqo configuration as YAML
+  common_liqo_yaml_values = <<-EOT
+    networking:
+      fabric:
+        config:
+          healthProbeBindAddressPort: '7071'
+          metricsAddressPort: '7072'
   EOT
-  ]
 
-  depends_on = [null_resource.wait_for_liqo_network]
+  # Select the appropriate yaml_values based on k8s_provider
+  provider_yaml_values = merge(
+    { for v in module.liqo_helm_values_gke : "gke" => v.liqo_yaml_values },
+    { for v in module.liqo_helm_values_eks : "eks" => v.liqo_yaml_values },
+    { for v in module.liqo_helm_values_aks : "aks" => v.liqo_yaml_values },
+  )
+  provider_specific_yaml_values = local.provider_yaml_values[var.k8s_provider]
+
+  helm_yaml_values = {
+    castai = {
+      apiUrl         = var.api_url
+      organizationID = var.organization_id
+      clusterID      = var.cluster_id
+      clusterName    = var.cluster_name
+    }
+    liqo = local.provider_specific_yaml_values.liqo
+  }
 }
 
 # CAST AI Omni Agent Helm Release
@@ -159,45 +106,11 @@ resource "helm_release" "omni_agent" {
   repository       = local.castai_helm_repository
   chart            = local.omni_agent_chart
   namespace        = local.omni_namespace
-  create_namespace = true
+  create_namespace = false
   cleanup_on_fail  = true
   wait             = true
 
-  set = [
-    {
-      name  = "network.externalCIDR"
-      value = data.external.liqo_external_cidr[0].result.cidr
-    },
-    {
-      name  = "network.podCIDR"
-      value = var.pod_cidr
-    },
-    {
-      name  = "castai.apiUrl"
-      value = var.api_url
-    },
-    {
-      name  = "castai.organizationID"
-      value = var.organization_id
-    },
-    {
-      name  = "castai.clusterID"
-      value = var.cluster_id
-    },
-    {
-      name  = "castai.clusterName"
-      value = var.cluster_name
-    }
-  ]
-
-  set_sensitive = [
-    {
-      name  = "castai.apiKey"
-      value = var.api_token
-    }
-  ]
-
-  depends_on = [null_resource.wait_for_liqo_network]
+  values = [yamlencode(local.helm_yaml_values)]
 }
 
 # Enabling CAST AI Omni functionality for a given cluster
@@ -207,3 +120,48 @@ resource "castai_omni_cluster" "this" {
 
   depends_on = [helm_release.omni_agent]
 }
+
+resource "kubernetes_namespace_v1" "omni" {
+  count = var.skip_helm ? 1 : 0
+
+  metadata {
+    name = local.omni_namespace
+  }
+}
+
+# Secret with API token for GitOps (when skip_helm = true)
+resource "kubernetes_secret_v1" "api_token" {
+  count = var.skip_helm ? 1 : 0
+
+  metadata {
+    name      = "castai-omni-agent-token"
+    namespace = local.omni_namespace
+  }
+
+  data = {
+    "CASTAI_AGENT_TOKEN" = var.api_token
+  }
+
+  depends_on = [kubernetes_namespace_v1.omni]
+}
+
+# ConfigMap with helm values for GitOps (when skip_helm = true)
+resource "kubernetes_config_map_v1" "helm_values" {
+  count = var.skip_helm ? 1 : 0
+
+  metadata {
+    name      = "castai-omni-helm-values"
+    namespace = local.omni_namespace
+  }
+
+  data = {
+    "liqo.repository"       = local.liqo_chart_repo
+    "liqo.chart"            = local.liqo_chart_name
+    "liqo.version"          = var.liqo_chart_version
+    "omni-agent.repository" = local.castai_helm_repository
+    "omni-agent.chart"      = local.omni_agent_chart
+    "values.yaml"           = yamlencode(local.helm_yaml_values)
+  }
+
+  depends_on = [kubernetes_namespace_v1.omni]
+}

modules/aks/main.tf

@@ -1,54 +1,36 @@
 locals {
   pools_cidrs = ["10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12", var.service_cidr]
+  provider    = "aks"
 
-  basic_set_values = [
-    {
-      name  = "tag"
-      value = var.image_tag
-    },
-    {
-      name  = "apiServer.address"
-      value = var.api_server_address
-    },
-    {
-      name  = "discovery.config.clusterID"
-      value = var.cluster_name
-    },
-    {
-      name  = "discovery.config.clusterLabels.liqo\\.io/provider"
-      value = "aks"
-    },
-    {
-      name  = "discovery.config.clusterLabels.topology\\.kubernetes\\.io/region"
-      value = var.cluster_region
-    },
-    {
-      name  = "ipam.podCIDR"
-      value = var.pod_cidr
-    },
-    {
-      name  = "ipam.serviceCIDR"
-      value = var.service_cidr
-    },
-    {
-      name  = "ipam.serviceCIDR"
-      value = var.service_cidr
-    },
-    {
-      name  = "telemetry.enabled"
-      value = "false"
+  liqo_yaml_values = {
+    liqo = {
+      enabled = true
+      tag     = var.image_tag
+      apiServer = {
+        address = var.api_server_address
+      }
+      discovery = {
+        config = {
+          clusterID = var.cluster_name
+          clusterLabels = merge(
+            {
+              "liqo.io/provider"              = local.provider
+              "topology.kubernetes.io/region" = var.cluster_region
+            },
+            var.cluster_zone != "" ? {
+              "topology.kubernetes.io/zone" = var.cluster_zone
+            } : {}
+          )
+        }
+      }
+      ipam = {
+        podCIDR     = var.pod_cidr
+        serviceCIDR = var.service_cidr
+        pools       = local.pools_cidrs
+      }
+      telemetry = {
+        enabled = false
+      }
     }
-  ]
-
-  pools_set_values = [
-    for idx, cidr in local.pools_cidrs : {
-      name  = "ipam.pools[${idx}]"
-      value = cidr
-    }
-  ]
-
-  all_set_values = concat(
-    local.basic_set_values,
-    local.pools_set_values,
-  )
+  }
 }