From 1968b8fcea09dc17013986965c96573edc8e5d57 Mon Sep 17 00:00:00 2001 From: Srini Nangunuri Date: Mon, 24 Jun 2024 12:08:04 -0400 Subject: [PATCH] pushing cert-manager repo code --- .../vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf | 72 ++++++++++++++++++ .../cluster/eks-cert-mgr-ns/copy_images.tf | 74 +++++++++++++++++++ .../cluster/eks-cert-mgr-ns/terragrunt.hcl | 22 ++++++ .../vpc/cluster/eks-cert-mgr-ns/variables.tf | 53 +++++++++++++ 4 files changed, 221 insertions(+) create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf new file mode 100644 index 0000000..cccd99d --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/cert-mgr.tf @@ -0,0 +1,72 @@ +locals { + charts = { + "cert-manager" = { + name = "cert-manager" + repository = "https://charts.jetstack.io" + version = var.cert_manager_helm_chart + use_remote = true + } + } +} + +resource "kubernetes_namespace" "cert-manager" { + metadata { + name = "cert-manager" + } +} + +resource "helm_release" "cert-manager" { + chart = "cert-manager" + name = "cert-manager" + namespace = kubernetes_namespace.cert-manager.metadata[0].name + repository = local.charts["cert-manager"].use_remote ? local.charts["cert-manager"].repository : "${path.module}/charts" + version = local.charts["cert-manager"].use_remote ? local.charts["cert-manager"].version : null + + + set { + name = "installCRDs" + value = "true" + } + set { + name = "extraArgs" + value = "{--enable-certificate-owner-ref=true}" + } + + set { + name = "image.repository" + value = module.images.images[local.cert_manager_control_key].dest_full_path + } + set { + name = "image.tag" + value = var.cert_manager_controller_tag + } + + set { + name = "cainjector.image.repository" + value = module.images.images[local.cert-manager-cainjector_key].dest_full_path + } + set { + name = "cainjector.image.tag" + value = var.cert_manager_cainjector_tag + } + + set { + name = "webhook.image.repository" + value = module.images.images[local.cert-manager-webhook_key].dest_full_path + } + set { + name = "webhook.image.tag" + value = var.cert_manager_webhook_tag + } + + set { + name = "startupapicheck.image.repository" + value = module.images.images[local.cert-manager-ctl_key].dest_full_path + } + set { + name = "startupapicheck.image.tag" + value = var.cert_manager_ctl_tag + } + + timeout = 180 +} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf new file mode 100644 index 0000000..6e1919d --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/copy_images.tf @@ -0,0 +1,74 @@ +data "aws_ecr_authorization_token" "token" {} + + + +locals { + cert_manager_control_key = format("%v#%v", "cert-manager-controller", var.cert_manager_controller_tag) + cert-manager-cainjector_key = format("%v#%v", "cert-manager-cainjector", var.cert_manager_cainjector_tag) + cert-manager-webhook_key = format("%v#%v", "cert-manager-webhook", var.cert_manager_webhook_tag) + cert-manager-ctl_key = format("%v#%v", "cert-manager-ctl", var.cert_manager_ctl_tag) + + #account_id = data.aws_caller_identity.current.account_id + repo_parent_name = format("eks/%v", var.cluster_name) + +# account_ecr_registry = format("%v.dkr.ecr.%v.amazonaws.com", local.account_id, var.region) +# account_ecr = format("%v/%v", local.account_ecr_registry, local.repo_parent_name) + +image_config = [ + { + enabled = true + dest_path = null + name = "jetstack/cert-manager-controller" + source_image = "jetstack/cert-manager-controller" + source_registry = "quay.io" + source_tag = var.cert_manager_controller_tag + tag = var.cert_manager_controller_tag + }, + { + enabled = true + dest_path = null + name = "jetstack/cert-manager-cainjector" + source_image = "jetstack/cert-manager-cainjector" + source_registry = "quay.io" + source_tag = var.cert_manager_cainjector_tag + tag = var.cert_manager_cainjector_tag + }, + { + enabled = true + dest_path = null + name = "jetstack/cert-manager-webhook" + source_image = "jetstack/cert-manager-webhook" + source_registry = "quay.io" + source_tag = var.cert_manager_webhook_tag + tag = var.cert_manager_webhook_tag + }, + { + enabled = true + dest_path = null + name = "jetstack/cert-manager-ctl" + source_image = "jetstack/cert-manager-ctl" + source_registry = "quay.io" + source_tag = var.cert_manager_ctl_tag + tag = var.cert_manager_ctl_tag + }, + ] +} + +module "images" { + source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2" + + profile = var.profile + application_name = var.cluster_name + image_config = local.image_config + tags = {} + + ### optional + ## account_alias = "" + ## account_id = "" + ## destination_password = "" + ## destination_username = "" + ## override_prefixes = {} + region = var.region + ## source_password = "" + ## source_username = "" +} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl new file mode 100644 index 0000000..0b38e7b --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/terragrunt.hcl @@ -0,0 +1,22 @@ +terraform { +# source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager" + source = "./cert-mgr.tf" + +# cluster_name = var.cluster_name +# contact_email = var.cluster_mailing_list + +# tags = merge( +# local.base_tags, +# local.common_tags, +# var.application_tags, +# ) +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + cluster_name = dependency.eks.inputs.cluster_name + contact_email = "srinivasa.nangunuri@census.gov" +} diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf new file mode 100644 index 0000000..c765cb4 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-cert-mgr-ns/variables.tf @@ -0,0 +1,53 @@ +variable "cluster_name" { + description = "Name of the cluster" + type = string + default = "platform-eng-eks-test" +} + +variable "cluster_mailing_list" { + description = "cluster mailing list" + type = string + default = "srinivasa.nangunuri@census.gov" +} + +variable "cert_manager_helm_chart" { + description = "cert_manager_helm_chart" + type = string + default = "1.13.1" +} + +variable "cert_manager_cainjector_tag" { + description = "cert_manager_cainjector_tag" + type = string + default = "v1.13.1" +} + +variable "cert_manager_controller_tag" { + description = "cert_manager_controller_tag" + type = string + default = "v1.13.1" +} + +variable "cert_manager_webhook_tag" { + description = "cert_manager_webhook_tag" + type = string + default = "v1.13.1" +} + +variable "cert_manager_ctl_tag" { + description = "cert-manager-ctl_tag" + type = string + default = "v1.13.1" +} + +variable "region" { + description = "region name" + type = string + default = "us-gov-east-1" +} + +variable "profile" { + description = "AWS_PROFILE to use to apply the terraform script." + type = string + default = "" +} \ No newline at end of file