feat: scope resource definitions

Author: johanneswuerbach

.dockerignore

@@ -1 +1,2 @@
 .github
+setup/terraform/.terraform*

1_demo.sh

@@ -1,21 +1,18 @@
 #!/usr/bin/env bash
 set -eo pipefail
 
-if ! humctl get application 5min-idp; then
-  humctl create application 5min-idp
-  echo "App created"
-fi
-
 echo "Deploying workload"
 
-humctl score deploy --app 5min-idp --env development -f ./score.yaml
+humanitec_app=$(terraform -chdir=setup/terraform output -raw humanitec_app)
+
+humctl score deploy --app "$humanitec_app" --env development -f ./score.yaml
 
 echo "Waiting for deployment"
 
 sleep 1
 
 DEPLOYMENT_ID=$(humctl get deployment . -o json \
-    --app 5min-idp \
+    --app "$humanitec_app" \
     --env development \
     | jq -r .metadata.id)
 
@@ -24,7 +21,7 @@ CURRENT_STATUS=""
 
 while [ "$IS_DONE" = false ]; do
   CURRENT_STATUS=$(humctl get deployment "${DEPLOYMENT_ID}" -o json \
-    --app 5min-idp \
+    --app "$humanitec_app" \
     --env development \
     | jq -r .status.status)
 
@@ -40,17 +37,22 @@ while [ "$IS_DONE" = false ]; do
   fi
 done
 if [ "$CURRENT_STATUS" = "failed" ]; then
-  humctl get deployment-error --app 5min-idp --env development
+  humctl get deployment-error --app "$humanitec_app" --env development
   exit 1
 fi
 
-workload_host=$(humctl get active-resources --app 5min-idp --env development -o yaml | yq '.[] | select(.metadata.type == "route") | .status.resource.host')
+workload_host=$(humctl get active-resources --app "$humanitec_app" --env development -o yaml | yq '.[] | select(.metadata.type == "route") | .status.resource.host')
 
 echo "Waiting for workload to be available"
 
 # manually change the host here as the workload host resolves to localhost, which is not reachable from the container
-curl -I --retry 20 --retry-delay 3 --retry-all-errors --fail \
+if curl -I --retry 20 --retry-delay 3 --retry-all-errors --fail \
   --connect-to "$workload_host:30080:5min-idp-control-plane:30080" \
-  "http://$workload_host:30080"
-
-echo "Workload available at: http://$workload_host:30080"
+  "http://$workload_host:30080"; then
+  echo "Workload available at: http://$workload_host:30080"
+else
+  echo "Workload not available"
+  kubectl get pods --all-namespaces
+  kubectl -n "$humanitec_app-development" logs deployment/hello-world
+  exit 1
+fi

2_cleanup.sh

@@ -14,11 +14,7 @@ export HUMANITEC_TOKEN=$humctl_token
 export TF_VAR_humanitec_org=$HUMANITEC_ORG
 export TF_VAR_kubeconfig=$kubeconfig_docker
 
-
-if humctl get application 5min-idp; then
-  humctl delete application 5min-idp
-fi
-
+terraform -chdir=setup/terraform init -upgrade
 terraform -chdir=setup/terraform destroy -auto-approve
 
 kind delete cluster -n 5min-idp

Makefile

@@ -34,3 +34,13 @@ test: build check-image
     -v /var/run/docker.sock:/var/run/docker.sock \
     --network bridge \
     $(IMG) ./image/test.sh
+
+# Run the locally built image
+run-local: build
+	docker run --rm -it -h 5min-idp --name 5min-idp \
+    -e HUMANITEC_ORG \
+    -v hum-5min-idp:/state \
+    -v $(HOME)/.humctl:/root/.humctl \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    --network bridge \
+    $(IMG)

setup/terraform/idp-base.tf

@@ -1,9 +1,28 @@
+# Ensure we don't have name conflicts
+
+resource "random_string" "install_id" {
+  length  = 4
+  special = false
+  upper   = false
+  numeric = false
+}
+
+locals {
+  app    = "5min-idp-${random_string.install_id.result}"
+  prefix = "${local.app}-"
+}
+
+resource "humanitec_application" "demo" {
+  id   = local.app
+  name = local.app
+}
+
 # Configure k8s namespace naming
 
 resource "humanitec_resource_definition" "k8s_namespace" {
   driver_type = "humanitec/echo"
-  id          = "default-namespace"
-  name        = "default-namespace"
+  id          = "${local.prefix}k8s-namespace"
+  name        = "${local.prefix}k8s-namespace"
   type        = "k8s-namespace"
 
   driver_inputs = {
@@ -15,13 +34,16 @@ resource "humanitec_resource_definition" "k8s_namespace" {
 
 resource "humanitec_resource_definition_criteria" "k8s_namespace" {
   resource_definition_id = humanitec_resource_definition.k8s_namespace.id
+  app_id                 = humanitec_application.demo.id
+
+  force_delete = true
 }
 
 # Configure DNS for localhost
 
-resource "humanitec_resource_definition" "localhost_dns" {
-  id          = "localhost-dns"
-  name        = "localhost-dns"
+resource "humanitec_resource_definition" "dns_localhost" {
+  id          = "${local.prefix}dns-localhost"
+  name        = "${local.prefix}dns-localhost"
   type        = "dns"
   driver_type = "humanitec/dns-wildcard"
 
@@ -40,8 +62,11 @@ resource "humanitec_resource_definition" "localhost_dns" {
   }
 }
 
-resource "humanitec_resource_definition_criteria" "localhost_dns" {
-  resource_definition_id = humanitec_resource_definition.localhost_dns.id
+resource "humanitec_resource_definition_criteria" "dns_localhost" {
+  resource_definition_id = humanitec_resource_definition.dns_localhost.id
+  app_id                 = humanitec_application.demo.id
+
+  force_delete = true
 }
 
 # Provide postgres resource
@@ -50,11 +75,13 @@ module "postgres_basic" {
   # Not pinned as we don't have a release yet
   # tflint-ignore: terraform_module_pinned_source
   source = "github.com/humanitec-architecture/resource-packs-in-cluster//humanitec-resource-defs/postgres/basic"
-  prefix = "5min-idp-"
+  prefix = local.prefix
 }
 
 resource "humanitec_resource_definition_criteria" "postgres_basic" {
   resource_definition_id = module.postgres_basic.id
   class                  = "default"
-  force_delete           = true
+  app_id                 = humanitec_application.demo.id
+
+  force_delete = true
 }

setup/terraform/idp-cluster.tf

@@ -1,8 +1,17 @@
 # Configure k8s cluster by exposing the locally running Kubernetes Cluster to the Humanitec Orchestrator
 # using the Humanitec Agent
 
+resource "tls_private_key" "agent_private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+locals {
+  agent_id = "${local.prefix}agent"
+}
+
 resource "humanitec_agent" "agent" {
-  id          = var.agent_id
+  id          = local.agent_id
   description = "5min-idp"
   public_keys = [{
     key = tls_private_key.agent_private_key.public_key_pem
@@ -33,14 +42,14 @@ resource "helm_release" "humanitec_agent" {
 }
 
 resource "humanitec_resource_definition" "agent" {
-  id   = var.agent_id
-  name = var.agent_id
+  id   = local.agent_id
+  name = local.agent_id
   type = "agent"
 
   driver_type = "humanitec/agent"
   driver_inputs = {
     values_string = jsonencode({
-      id = var.agent_id
+      id = local.agent_id
     })
   }
 
@@ -52,15 +61,18 @@ resource "humanitec_resource_definition" "agent" {
 resource "humanitec_resource_definition_criteria" "agent" {
   resource_definition_id = humanitec_resource_definition.agent.id
   res_id                 = "agent"
+  app_id                 = humanitec_application.demo.id
+
+  force_delete = true
 }
 
 locals {
   parsed_kubeconfig = yamldecode(file(var.kubeconfig))
 }
 
-resource "humanitec_resource_definition" "local_cluster" {
-  id          = "${var.agent_id}-cluster"
-  name        = "${var.agent_id}-cluster"
+resource "humanitec_resource_definition" "cluster_local" {
+  id          = "${local.prefix}k8s-cluster"
+  name        = "${local.prefix}k8s-cluster"
   type        = "k8s-cluster"
   driver_type = "humanitec/k8s-cluster"
 
@@ -74,13 +86,15 @@ resource "humanitec_resource_definition" "local_cluster" {
       credentials = local.parsed_kubeconfig["users"][0]["user"]
     })
   }
+}
+
+resource "humanitec_resource_definition_criteria" "cluster_local" {
+  resource_definition_id = humanitec_resource_definition.cluster_local.id
+  app_id                 = humanitec_application.demo.id
+
+  force_delete = true
 
   depends_on = [
     humanitec_resource_definition_criteria.agent
   ]
 }
-
-
-resource "humanitec_resource_definition_criteria" "local_cluster" {
-  resource_definition_id = humanitec_resource_definition.local_cluster.id
-}

setup/terraform/outputs.tf

@@ -0,0 +1,4 @@
+output "humanitec_app" {
+  description = "The ID of the Humanitec application"
+  value       = humanitec_application.demo.id
+}

setup/terraform/variables.tf

@@ -4,19 +4,8 @@ variable "humanitec_org" {
   type        = string
 }
 
-variable "agent_id" {
-  description = "The ID of the agent"
-  default     = "5min-idp"
-  type        = string
-}
-
 variable "kubeconfig" {
   description = "Kubeconfig used by the Humanitec Agent / terraform"
   type        = string
   default     = "/state/kube/config-internal.yaml"
 }
-
-resource "tls_private_key" "agent_private_key" {
-  algorithm = "RSA"
-  rsa_bits  = 4096
-}