jfrog · shahiinn · Jan 27, 2025 · Jan 30, 2025 · Jan 31, 2025 · Jan 31, 2025
diff --git a/examples/terraform-examples/README.md b/examples/terraform-examples/README.md
@@ -0,0 +1,14 @@
+# Terraform Playground
+This repository contains a collection of Terraform configurations that we used to learn and experiment with Terraform.
+
+## Install Terraform
+Follow the [Install Terraform](https://developer.hashicorp.com/terraform/install) page to install Terraform on your machine.
+
+## Setting up Terraform with Artifactory
+The recommended way to manage Terraform state is to use a remote backend.
+Some of the repository examples use JFrog Artifactory as the remote backend (commented out).
+
+To set up Terraform with Artifactory, follow the instructions in the [Terraform Artifactory Backend](https://jfrog.com/integration/terraform-artifactory-backend/) documentation.
+
+## Examples
+1. Create the needed [AWS infrastructure for running JFrog Artifactory and Xray in AWS](jfrog-platform-aws-install) using RDS, S3, and EKS. This uses the [JFrog Platform Helm Chart](https://github.com/jfrog/charts/tree/master/stable/jfrog-platform) to install Artifactory and Xray
diff --git a/examples/terraform-examples/jfrog-platform-aws-install/README.md b/examples/terraform-examples/jfrog-platform-aws-install/README.md
@@ -0,0 +1,73 @@
+# JFrog Platform Installation in AWS with Terraform
+This example will prepare the AWS infrastructure and services required to run Artifactory and Xray (installed with the [jfrog-platform Helm Chart](https://github.com/jfrog/charts/tree/master/stable/jfrog-platform)) using Terraform:
+1. The AWS VPC
+2. RDS (PostgreSQL) as the database for each application
+2. S3 as the Artifactory object storage
+3. EKS as the Kubernetes cluster for running Artifactory and Xray with pre-defined node groups for the different services
+
+The resources are split between individual files for easy and clear separation.
+
+
+## Prepare the JFrog Platform Configurations
+Ensure that the AWS CLI is set up and properly configured before starting with Terraform. 
+A configured AWS account with the necessary permissions is required to provision and manage resources successfully. 
+
+The [jfrog-values.yaml](jfrog-values.yaml) file has the values that Helm will use to configure the JFrog Platform installation.
+
+The [artifactory-license-template.yaml](artifactory-license-template.yaml) file has the license key(s) template that you will need to copy to a `artifactory-license.yaml` file.
+```shell
+cp artifactory-license-template.yaml artifactory-license.yaml
+```
+
+If you plan on skipping the license key(s) for now, you can leave the `artifactory-license.yaml` file empty. Terraform will create an empty one for you if you don't create it.
+
+## JFrog Platform Sizing
+Artifactory and Xray have pre-defined sizing templates that you can use to deploy them. The supported sizing templates in this project are `small`, `medium`, `large`, `xlarge`, and `2xlarge`.
+
+The sizing templates will be pulled from the [official Helm Charts](https://github.com/jfrog/charts) during the execution of the Terraform configuration.
+
+## Terraform
+
+
+1. Initialize the Terraform configuration by running the following command
+```shell
+terraform init
+```
+
+2. Plan the Terraform configuration by running the following command
+```shell
+terraform plan -var 'sizing=small'
+```
+
+3. Apply the Terraform configuration by running the following command
+```shell
+terraform apply -var 'sizing=small'
+```
+
+4. When you are done, you can destroy the resources by running the following command
+```shell
+terraform destroy
+```
+
+## Accessing the EKS Cluster and Artifactory Installation
+To get the `kubectl` configuration for the EKS cluster, run the following command
+```shell
+aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)
+```
+
+### Install JFrog Platform
+Once done, install the JFrog Platform (Artifactory and Xray) using the Helm Chart with the following command.
+
+Terraform will create the needed configuration files to be used for the `helm install` command.
+This command will auto generate and be writen to the console when you run the `Terraform apply` command.
+```shell
+helm upgrade --install jfrog jfrog/jfrog-platform \
+  --version <version> \
+  --namespace <namesapce>> --create-namespace \
+  -f ./jfrog-values.yaml \
+  -f ./artifactory-license.yaml \
+  -f ./jfrog-artifactory-<sizing>-adjusted.yaml \
+  -f ./jfrog-xray--<sizing>-adjusted.yaml \
+  -f ./jfrog-custom.yaml \
+  --timeout 600s
+```
diff --git a/examples/terraform-examples/jfrog-platform-aws-install/artifactory-license-template.yaml b/examples/terraform-examples/jfrog-platform-aws-install/artifactory-license-template.yaml
@@ -0,0 +1,11 @@
+## A template for the Artifactory license as a helm value.
+## Copy this file to artifactory-license.yaml and fill in the full license key(s).
+artifactory:
+  artifactory:
+    license:
+      licenseKey: |
+        cHJvZHVjdHM6CiAgYXJ1aWZhY3Rvcnk6CiAgICBwcm9kdWN0OiBaWGh3YVhKbGN6b2dNakF5TlMx
+        TFRGaFpXTmlNRGs1T0dRMVpncHZkMjVsY2p...
+
+        cHJvZHVjdHM6CiAgYXJ0aWZhY3Rvcnk6CiAgIBBwcm9kdWN0OiBaWGh3YVhKbGN6b2dNakF5TlMv
+        d05DMHdObFF5TURvMU9UbzFPVm9LYVdRNkl...
diff --git a/examples/terraform-examples/jfrog-platform-aws-install/eks.tf b/examples/terraform-examples/jfrog-platform-aws-install/eks.tf
@@ -0,0 +1,237 @@
+# This file is used to create an AWS EKS cluster and the managed node group(s)
+
+locals {
+    cluster_name = "${var.cluster_name}-${random_pet.unique_name.id}"
+}
+
+resource "aws_security_group_rule" "allow_management_from_my_ip" {
+    type              = "ingress"
+    from_port         = 0
+    to_port           = 65535
+    protocol          = "-1"
+    cidr_blocks       = var.cluster_public_access_cidrs
+    security_group_id = module.eks.cluster_security_group_id
+    description       = "Allow all traffic from my public IP for management"
+}
+
+module "eks" {
+    source  = "terraform-aws-modules/eks/aws"
+
+    cluster_name    = local.cluster_name
+    cluster_version = "1.31"
+
+    enable_cluster_creator_admin_permissions = true
+    cluster_endpoint_public_access           = true
+    cluster_endpoint_public_access_cidrs     = var.cluster_public_access_cidrs
+
+    cluster_addons = {
+        aws-ebs-csi-driver = {
+            most_recent = true
+            service_account_role_arn = module.ebs_csi_irsa_role.iam_role_arn
+        }
+    }
+
+    vpc_id     = module.vpc.vpc_id
+    subnet_ids = module.vpc.private_subnets
+
+    eks_managed_node_group_defaults = {
+        ami_type = "AL2_ARM_64"
+        iam_role_additional_policies = {
+            AmazonS3FullAccess = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
+            AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
+        }
+        pre_bootstrap_user_data = <<-EOF
+        # This script will run on all nodes before the kubelet starts
+        echo "It works!" > /tmp/pre_bootstrap_user_data.txt
+        EOF
+        block_device_mappings = {
+            xvda = {
+                device_name = "/dev/xvda"
+                ebs = {
+                    volume_type = "gp3"
+                    volume_size = 50
+                    throughput  = 125
+                    delete_on_termination = true
+                }
+            }
+        }
+        tags = {
+            Group = var.common_tag
+        }
+    }
+
+    eks_managed_node_groups = {
+        artifactory = {
+            name = "artifactory-node-group"
+
+            instance_types = [(
+                var.sizing == "large"   ? var.artifactory_node_size_large :
+                var.sizing == "xlarge"  ? var.artifactory_node_size_large :
+                var.sizing == "2xlarge" ? var.artifactory_node_size_large :
+                var.artifactory_node_size_default
+            )]
+            min_size     = 1
+            max_size     = 10
+            desired_size = (
+                var.sizing == "medium"  ? 2 :
+                var.sizing == "large"   ? 3 :
+                var.sizing == "xlarge"  ? 4 :
+                var.sizing == "2xlarge" ? 6 :
+                1
+            )
+            block_device_mappings = {
+                xvda = {
+                    device_name = "/dev/xvda"
+                    ebs = {
+                        volume_type = "gp3"
+                        volume_size = (
+                            var.sizing == "large"   ? var.artifactory_disk_size_large :
+                            var.sizing == "xlarge"  ? var.artifactory_disk_size_large :
+                            var.sizing == "2xlarge" ? var.artifactory_disk_size_large :
+                            var.artifactory_disk_size_default
+                        )
+                        iops = (
+                            var.sizing == "large"   ? var.artifactory_disk_iops_large :
+                            var.sizing == "xlarge"  ? var.artifactory_disk_iops_large :
+                            var.sizing == "2xlarge" ? var.artifactory_disk_iops_large :
+                            var.artifactory_disk_iops_default
+                        )
+                        throughput = (
+                            var.sizing == "large"   ? var.artifactory_disk_throughput_large :
+                            var.sizing == "xlarge"  ? var.artifactory_disk_throughput_large :
+                            var.sizing == "2xlarge" ? var.artifactory_disk_throughput_large :
+                            var.artifactory_disk_throughput_default
+                        )
+                        delete_on_termination = true
+                    }
+                }
+            }
+            labels = {
+                "group" = "artifactory"
+            }
+        }
+
+        nginx = {
+            name = "nginx-node-group"
+
+            instance_types = [(
+                var.sizing == "xlarge"  ? var.nginx_node_size_large :
+                var.sizing == "2xlarge" ? var.nginx_node_size_large :
+                var.nginx_node_size_default
+            )]
+
+            min_size     = 1
+            max_size     = 10
+            desired_size = (
+                var.sizing == "medium"  ? 2 :
+                var.sizing == "large"   ? 2 :
+                var.sizing == "xlarge"  ? 2 :
+                var.sizing == "2xlarge" ? 3 :
+                1
+            )
+
+            labels = {
+                "group" = "nginx"
+            }
+        }
+
+        xray = {
+            name = "xray-node-group"
+
+            instance_types = [(
+                var.sizing == "xlarge"  ? var.xray_node_size_xlarge :
+                var.sizing == "2xlarge" ? var.xray_node_size_xlarge :
+                var.xray_node_size_default
+            )]
+            min_size     = 1
+            max_size     = 10
+            desired_size = (
+                var.sizing == "medium"  ? 2 :
+                var.sizing == "large"   ? 3 :
+                var.sizing == "xlarge"  ? 4 :
+                var.sizing == "2xlarge" ? 6 :
+                1
+            )
+            block_device_mappings = {
+                xvda = {
+                    device_name = "/dev/xvda"
+                    ebs = {
+                        volume_type = "gp3"
+                        volume_size = (
+                            var.sizing == "large"   ? var.xray_disk_size_large :
+                            var.sizing == "xlarge"  ? var.xray_disk_size_large :
+                            var.sizing == "2xlarge" ? var.xray_disk_size_large :
+                            var.xray_disk_size_default
+                        )
+                        iops = (
+                            var.sizing == "large"   ? var.xray_disk_iops_large :
+                            var.sizing == "xlarge"  ? var.xray_disk_iops_large :
+                            var.sizing == "2xlarge" ? var.xray_disk_iops_large :
+                            var.xray_disk_iops_default
+                        )
+                        throughput = (
+                            var.sizing == "large"   ? var.xray_disk_throughput_large :
+                            var.sizing == "xlarge"  ? var.xray_disk_throughput_large :
+                            var.sizing == "2xlarge" ? var.xray_disk_throughput_large :
+                            var.xray_disk_throughput_default
+                        )
+                        delete_on_termination = true
+                    }
+                }
+            }
+            labels = {
+                "group" = "xray"
+            }
+        }
+
+        ## Create an extra node group for testing
+        extra = {
+            name = "extra-node-group"
+
+            instance_types = [var.extra_node_size]
+
+            min_size     = 1
+            max_size     = 3
+            desired_size = var.extra_node_count
+
+            labels = {
+                "group" = "extra"
+            }
+        }
+    }
+
+    tags = {
+        Group = var.common_tag
+    }
+}
+
+# Create the gp3 storage class and make it the default
+resource "kubernetes_storage_class" "gp3_storage_class" {
+    metadata {
+        name = "gp3"
+        annotations = {
+            "storageclass.kubernetes.io/is-default-class" = "true"
+        }
+    }
+    storage_provisioner = "ebs.csi.aws.com"
+    volume_binding_mode = "WaitForFirstConsumer"
+    allow_volume_expansion = true
+    parameters = {
+        "fsType" = "ext4"
+        "type" = "gp3"
+    }
+}
+
+module "ebs_csi_irsa_role" {
+    source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+
+    role_name             = "ebs-csi-${module.eks.cluster_name}-${var.region}"
+    attach_ebs_csi_policy = true
+
+    oidc_providers = {
+        ex = {
+            provider_arn               = module.eks.oidc_provider_arn
+            namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"]
+        }
+    }
+}