chore: Terraform charts (#316)

* Jules was unable to complete the task in time. Please review the work done so far and provide feedback for Jules to continue.

* Here's a summary of the initial creation of Helm charts for multiple Kubernetes flavors:

I've set up the initial structure for Helm charts that will help you provision various Kubernetes distributions (GKE, AKS, RKE-Rancher, OpenShift, Tanzu, K3s) using FluxCD's Terraform controller.

Here are the key changes I made:
- I created new chart directories by copying the existing 'eks-auto-mode' chart.
- I performed initial updates to 'Chart.yaml' for each new flavor with distinct names and descriptions (e.g., 'terraform-gke-auto-cluster').
- I developed placeholder 'values.yaml' and 'values.schema.json' files for each chart, outlining common configurable parameters specific to each Kubernetes platform. These serve as a starting point and assume corresponding Terraform modules.
- I modified 'templates/terraform.yaml' in each chart to:
    - Point 'spec.path' to an assumed Terraform module location (e.g., './terraform/gke-auto-mode').
    - Update 'spec.vars' to align with the new 'values.yaml' parameters for each flavor.
    - Adjusted 'secretRef.name' for Terraform runner pod credentials to be more platform-specific (e.g., 'tf-gcp-creds').

The Terraform integration relies on the assumption that the actual Terraform modules for each Kubernetes flavor either exist or will be made available in the 'devtron-labs/utilities' Git repository under the specified paths.

Based on your feedback, here's what I'll work on next:
- I will rename chart directories and internal chart names to remove the "-auto-mode" suffix (e.g., 'charts/gke', 'terraform-gke-cluster').
- I will conduct a thorough review and update of all descriptions within 'Chart.yaml', 'values.yaml', and 'values.schema.json' for each chart to ensure accuracy and platform-specificity.
- I will refine 'values.yaml' files to clearly denote all required inputs from you with comments or more descriptive placeholders.
- I will create 'NOTES.txt' and 'README.md' files for each new chart.

* Jules was unable to complete the task in time. Please review the work done so far and provide feedback for Jules to continue.

* charts to provision clusters

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

Author: rupinSec

charts/aks/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 0.0.1
+description: Helm chart to provision an AKS cluster using Terraform with Flux.
+name: terraform-aks-cluster
+type: application
+version: 0.0.1

charts/aks/templates/NOTES.txt

@@ -0,0 +1,33 @@
+Your {{ .Chart.Name }} Helm chart for provisioning a {{ .Values.name | default .Release.Name }} AKS cluster has been deployed.
+
+The actual cluster provisioning is managed by the FluxCD Terraform controller using the configuration from the 'devtron-labs/utilities' Git repository.
+
+1. Check the status of the GitRepository source:
+   kubectl get gitrepositories -n flux-system {{ .Release.Name }} -o wide
+
+2. Check the status of the Terraform custom resource:
+   kubectl get terraforms -n flux-system {{ .Release.Name }} -o wide
+   kubectl describe terraforms -n flux-system {{ .Release.Name }}
+
+   (Look for conditions and events. Provisioning an AKS cluster can take several minutes.)
+
+3. Important Reminders from your values.yaml:
+   Please ensure you have correctly filled out all mandatory 'TODO' items in your values.yaml, such as:
+   - Azure 'resource_group_name', 'dns_prefix', and 'service_principal_client_id'.
+   - Ensure the 'service_principal_client_secret' is correctly provided via the '{{ .Release.Name }}-spn-secret' Kubernetes secret (or as configured).
+   - Appropriate 'resource_tags' (e.g., cost_center).
+   - Ensure Azure credentials are correctly configured in the 'tf-azure-creds' secret in the flux-system namespace.
+
+   If these are not correctly set, the Terraform provisioning will likely fail.
+
+4. Cluster Outputs:
+   Once the Terraform execution is complete and successful, any defined outputs will be written to a Kubernetes Secret:
+   Name:      {{ .Release.Name }}-outputs
+   Namespace: flux-system
+
+   You can inspect the secret using:
+   kubectl get secret -n flux-system {{ .Release.Name }}-outputs -o yaml
+
+   The specific content of the secret depends on the outputs defined in the Terraform module at {{ .Values.path }}.
+
+Thank you for using the {{ .Chart.Name }} chart!

charts/aks/templates/_helpers.tpl

@@ -0,0 +1,105 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "terraform.name" -}}
+{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "terraform.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "terraform.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "terraform.labels" -}}
+helm.sh/chart: {{ include "terraform.chart" . }}
+{{ include "terraform.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "terraform.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "terraform.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "terraform.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "terraform.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define ".Chart.Name .name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define ".Chart.Name .fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define ".Chart.Name .chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define ".Chart.Name .color" -}}
+{{- $active0 := (index .Values.server.deployment 0).enabled -}}
+{{/*
+{{- $active1 := (index .Values.server.deployment 1).enabled -}}
+*/}}
+{{- $active1 := include "safeenabledcheck" . -}}
+{{- $active := and $active0 $active1 -}}
+{{- $active -}}
+{{- end -}}

charts/aks/templates/gitrepo.yaml

@@ -0,0 +1,11 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: {{ $.Release.Name }}
+  namespace: flux-system
+spec:
+  interval: 30s
+  ref:
+    branch: main
+  timeout: 61s
+  url: https://github.com/devtron-labs/utilities.git

charts/aks/templates/terraform.yaml

@@ -0,0 +1,72 @@
+apiVersion: infra.contrib.fluxcd.io/v1alpha2
+kind: Terraform
+metadata:
+  name: {{ $.Release.Name }}
+  namespace: flux-system
+spec:
+  path: {{ default "./terraform/aks" .Values.path }} # Updated path for AKS
+  approvePlan: {{ default "auto" .Values.approvePlan }}
+  interval: 1m
+  storeReadablePlan: human
+  enableInventory: true
+  destroyResourcesOnDeletion: {{ default false .Values.destroyResourcesOnDeletion }}
+  alwaysCleanupRunnerPod: {{ default false .Values.alwaysCleanupRunnerPod }}
+  force: {{ default false .Values.force }}
+  sourceRef:
+    kind: GitRepository
+    name: {{ $.Release.Name }}
+    namespace: flux-system
+  writeOutputsToSecret:
+    name: {{ $.Release.Name }}-outputs
+  vars:
+    - name: name
+      value: {{ .Values.name | quote }}
+    - name: resource_group_name
+      value: {{ .Values.resource_group_name | quote }}
+    - name: region
+      value: {{ .Values.region | quote }}
+    - name: cluster_version # Or kubernetes_version depending on TF module for AKS
+      value: {{ .Values.cluster_version | quote }}
+    - name: dns_prefix
+      value: {{ .Values.dns_prefix | quote }}
+    - name: agent_pool_name
+      value: {{ .Values.agent_pool_name | quote }}
+    - name: agent_vm_size
+      value: {{ .Values.agent_vm_size | quote }}
+    - name: agent_count
+      value: {{ .Values.agent_count }} # Typically a number
+
+    {{- if .Values.service_principal_client_id }}
+    - name: service_principal_client_id
+      value: {{ .Values.service_principal_client_id | quote }}
+    {{- end }}
+
+    {{- if .Values.service_principal_client_secret }}
+    - name: service_principal_client_secret
+      valueFrom: # Assuming this might be sensitive and stored in a K8s secret
+        secretKeyRef:
+          name: {{ $.Release.Name }}-spn-secret # Example, or directly use .Values if not sensitive
+          key: client_secret
+          # Alternatively, if provided directly in values.yaml and not sensitive:
+          # value: {{ .Values.service_principal_client_secret | quote }}
+    {{- end }}
+
+    {{- if .Values.resource_tags }}
+    - name: resource_tags
+      value:
+{{ toYaml .Values.resource_tags | nindent 8 }}
+    {{- end }}
+
+  runnerPodTemplate:
+    spec:
+{{- if $.Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity.values | indent 8 }}
+{{- end }}
+{{- if .Values.tolerations }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      envFrom:
+        - secretRef:
+            name: tf-azure-creds # Updated for Azure credentials

charts/aks/values.schema.json

@@ -0,0 +1,60 @@
+{
+  "schema": "http://json-schema.org/draft-07/schema#",
+  "title": "AKS Cluster Configuration Values",
+  "description": "Values for configuring an Azure Kubernetes Service (AKS) cluster provisioned via Terraform and Flux.",
+  "type": "object",
+  "required": [
+    "name",
+    "resource_group_name",
+    "region",
+    "cluster_version",
+    "dns_prefix"
+  ],
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Name of the AKS cluster."
+    },
+    "resource_group_name": {
+      "type": "string",
+      "description": "Azure Resource Group name for the AKS cluster. TODO: You must update this."
+    },
+    "region": {
+      "type": "string",
+      "description": "Azure region for the AKS cluster (e.g., 'East US')."
+    },
+    "cluster_version": {
+      "type": "string",
+      "description": "Desired AKS Kubernetes version (e.g., '1.28'). Check Azure documentation for available versions."
+    },
+    "dns_prefix": {
+      "type": "string",
+      "description": "Unique DNS prefix for the AKS cluster, part of its FQDN. TODO: You must provide a globally unique value."
+    },
+    "agent_pool_name": {
+      "type": "string",
+      "description": "Name for the default agent (node) pool.",
+      "default": "agentpool"
+    },
+    "agent_vm_size": {
+      "type": "string",
+      "description": "VM size for the AKS agent nodes (e.g., 'Standard_DS2_v2').",
+      "default": "Standard_DS2_v2"
+    },
+    "agent_count": {
+      "type": "integer",
+      "description": "Number of nodes in the default agent pool.",
+      "default": 1,
+      "minimum": 1
+    },
+    "resource_tags": {
+      "type": "object",
+      "description": "Custom tags to apply to Azure resources. It's recommended to define a 'cost_center' tag.",
+      "properties": {
+        "team": { "type": "string", "default": "Devops_Team" },
+        "environment": { "type": "string", "default": "non-production" }
+      },
+      "additionalProperties": { "type": "string" }
+    }
+  }
+}

charts/aks/values.yaml

@@ -0,0 +1,25 @@
+# values.yaml for AKS cluster provisioning
+
+# -- Name of the AKS cluster
+name: "example-aks-cluster"
+# -- Azure Resource Group name for the AKS cluster.
+# TODO: Replace with your desired Resource Group name. Ensure it exists or will be created by Terraform if configured.
+resource_group_name: "rg-myaks-cluster"
+# -- Azure region for the AKS cluster (e.g., 'East US', 'West Europe').
+region: "East US"
+# -- Desired AKS version (e.g., '1.28'). Check Azure documentation for available versions.
+cluster_version: "1.28"
+# -- Unique DNS prefix for the AKS cluster. This will be part of the FQDN.
+# TODO: Replace with a globally unique DNS prefix.
+dns_prefix: "myuniqueakscluster"
+# -- Name for the default agent (node) pool.
+agent_pool_name: "agentpool"
+# -- VM size for the AKS agent nodes (e.g., 'Standard_DS2_v2').
+agent_vm_size: "Standard_DS2_v2"
+# -- Number of nodes in the default agent pool.
+agent_count: 1
+
+# -- Tags to apply to Azure resources created for the cluster.
+resource_tags:
+  team: "Devops_Team"
+  environment: "non-production"

charts/gke/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 0.0.1
+description: Helm chart to provision a GKE cluster using Terraform with Flux.
+name: terraform-gke-cluster
+type: application
+version: 0.0.1

charts/gke/templates/NOTES.txt

@@ -0,0 +1,32 @@
+Your {{ .Chart.Name }} Helm chart for provisioning a {{ .Values.name | default .Release.Name }} GKE cluster has been deployed.
+
+The actual cluster provisioning is managed by the FluxCD Terraform controller using the configuration from the 'devtron-labs/utilities' Git repository.
+
+1. Check the status of the GitRepository source:
+   kubectl get gitrepositories -n flux-system {{ .Release.Name }} -o wide
+
+2. Check the status of the Terraform custom resource:
+   kubectl get terraforms -n flux-system {{ .Release.Name }} -o wide
+   kubectl describe terraforms -n flux-system {{ .Release.Name }}
+
+   (Look for conditions and events. Provisioning a GKE cluster can take several minutes.)
+
+3. Important Reminders from your values.yaml:
+   Please ensure you have correctly filled out all mandatory 'TODO' items in your values.yaml, such as:
+   - GCP 'project_id'.
+   - Appropriate 'resource_tags' (e.g., cost_center).
+   - Ensure GCP credentials are correctly configured in the 'tf-gcp-creds' secret in the flux-system namespace for the Terraform runner pod.
+
+   If these are not correctly set, the Terraform provisioning will likely fail.
+
+4. Cluster Outputs:
+   Once the Terraform execution is complete and successful, any defined outputs (like Kubeconfig, cluster endpoint, etc., depending on the underlying Terraform module at {{ .Values.path }}) will be written to a Kubernetes Secret:
+   Name:      {{ .Release.Name }}-outputs
+   Namespace: flux-system
+
+   You can inspect the secret using:
+   kubectl get secret -n flux-system {{ .Release.Name }}-outputs -o yaml
+
+   The specific content of the secret depends on the outputs defined in the Terraform module.
+
+Thank you for using the {{ .Chart.Name }} chart!