From 29893ab163832769a86a1c8707cfba7f2460e5b1 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 18 Dec 2024 19:09:22 -0500 Subject: [PATCH] remove kubectl --- README.md | 21 +------------ aws_data.tf | 5 +++ copy_images.tf => copy_images.tf.off | 24 ++------------ eks_console_access.tf | 28 ++++++----------- main.tf | 6 ---- outputs.tf | 46 +++++++++++++-------------- requirements.tf | 4 --- variables.tf | 47 ++++++++-------------------- 8 files changed, 54 insertions(+), 127 deletions(-) create mode 100644 aws_data.tf rename copy_images.tf => copy_images.tf.off (51%) diff --git a/README.md b/README.md index 519c385..bbac286 100644 --- a/README.md +++ b/README.md @@ -8,13 +8,6 @@ The module configures an eks cluster with additional components after the cluste - A gp2-encrypted storage class is created - An efs storage class is created - This storage class is returned as the `rwx_storage_class` -- cluster-autoscaler - - Monitors cpu/memory usage by components being deployed to the clsuter. - - When the cluster is out of capacity, the autoscaler will add nodes to the cluster up to the maximum size of the node group. - - When the autoscaler detects excess capacity, the autoscaler will cause EKS to migrate pods running on the node to a different node and then remove the node from the cluster. - -When selecting which version of the cluster-autoscaler to install, use the one that is closest to the same version as the `cluster_version` or slightly higher. -The cluster-autoscaler uses the kuberentes scheduling algorithm to appropriate scale the cluster, and if the autoscaler version sufficiently divirges from the kubernetes version, the autoscaler will scale the node groups incorrectly. A successful apply will yield: Apply complete! Resources: 14 added, 0 changed, 0 destroyed. @@ -45,7 +38,6 @@ sys 0m2.015s | [terraform](#requirement\_terraform) | >= 0.13 | | [aws](#requirement\_aws) | >= 5.14.0 | | [http](#requirement\_http) | >= 2.1.0 | -| [kubectl](#requirement\_kubectl) | >= 1.14.0 | | [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | ## Providers @@ -54,7 +46,6 @@ sys 0m2.015s |------|---------| | [aws](#provider\_aws) | 5.73.0 | | [http](#provider\_http) | 3.4.5 | -| [kubectl](#provider\_kubectl) | 1.14.0 | | [kubernetes](#provider\_kubernetes) | 2.33.0 | ## Modules @@ -62,13 +53,12 @@ sys 0m2.015s | Name | Source | Version | |------|--------|---------| | [efs](#module\_efs) | git@github.e.it.census.gov:terraform-modules/aws-efs.git | master | -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | ## Resources | Name | Type | |------|------| -| [kubectl_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource | | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource | @@ -76,18 +66,13 @@ sys 0m2.015s | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source | | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [kubectl_file_documents.access_documents](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | -| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#input\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | `list(string)` | n/a | yes | -| [kubectl\_image\_tag](#input\_kubectl\_image\_tag) | The version of bitnami/kubectl image to use. | `string` | `"1.30.4"` | no | -| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | `string` | n/a | yes | | [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no | -| [profile](#input\_profile) | AWS config profile | `string` | `""` | no | | [region](#input\_region) | AWS region | `string` | n/a | yes | | [security\_group\_all\_worker\_mgmt\_id](#input\_security\_group\_all\_worker\_mgmt\_id) | The security group representing all of the worker nodes in the cluster. | `string` | n/a | yes | | [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes | @@ -99,10 +84,6 @@ sys 0m2.015s | Name | Description | |------|-------------| -| [kubectl\_image\_full\_path](#output\_kubectl\_image\_full\_path) | The full URI to access the kubectl image including the registry/repository:tag | -| [kubectl\_image\_registry](#output\_kubectl\_image\_registry) | The registry portion of the URI to access the kubectl image | -| [kubectl\_image\_repository](#output\_kubectl\_image\_repository) | The repository portion of the URI to access the kubectl image | -| [kubectl\_image\_tag](#output\_kubectl\_image\_tag) | The tag portion of the URI to access the kubectl image | | [module\_name](#output\_module\_name) | The name of this module. | | [module\_version](#output\_module\_version) | The version of this module. | | [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. | diff --git a/aws_data.tf b/aws_data.tf new file mode 100644 index 0000000..96cd77c --- /dev/null +++ b/aws_data.tf @@ -0,0 +1,5 @@ +data "aws_ebs_default_kms_key" "current" {} + +data "aws_kms_key" "ebs_key" { + key_id = data.aws_ebs_default_kms_key.current.key_arn +} diff --git a/copy_images.tf b/copy_images.tf.off similarity index 51% rename from copy_images.tf rename to copy_images.tf.off index b3c0dcd..dccba9e 100644 --- a/copy_images.tf +++ b/copy_images.tf.off @@ -1,17 +1,7 @@ locals { - # autoscaler_key = format("%v#%v", "cluster-autoscaler", var.cluster_autoscaler_tag) kubectl_key = format("%v#%v", "kubectl", var.kubectl_image_tag) image_config = [ - # { - # enabled = true - # dest_path = null - # name = "cluster-autoscaler" - # source_image = "autoscaling/cluster-autoscaler" - # source_registry = "registry.k8s.io" - # source_tag = null - # tag = var.cluster_autoscaler_tag - # }, { enabled = true dest_path = null @@ -20,7 +10,7 @@ locals { source_registry = "docker.io" source_tag = var.kubectl_image_tag tag = var.kubectl_image_tag - }, + } ] } @@ -32,18 +22,8 @@ module "images" { image_config = local.image_config tags = {} - ### optional - ## account_alias = "" - ## account_id = "" - ## destination_password = "" - ## destination_username = "" - ## override_prefixes = {} - ## region = "" - ## source_password = "" - ## source_username = "" - enable_lifecycle_policy = true lifecycle_policy_all = true force_delete = true - + lifecycle_policy_keep_count = 3 } diff --git a/eks_console_access.tf b/eks_console_access.tf index a8a0637..744b81c 100644 --- a/eks_console_access.tf +++ b/eks_console_access.tf @@ -25,30 +25,22 @@ locals { }, ] cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr } + all_access_documents = flatten([ + for cr_name, cr_data in local.cluster_roles_map : [ + yamldecode(data.http.cluster_roles[cr_name].body) + ] if cr_data.enabled + ]) } - +# Fetch the YAML files from the specified URLs data "http" "cluster_roles" { for_each = local.cluster_roles_map url = each.value.url } -data "kubectl_file_documents" "access_documents" { - for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled } - - content = data.http.cluster_roles[each.key].body -} - -locals { - all_access_documents = flatten([ - for cr_name, cr_data in local.cluster_roles_map : [ - for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc - ] if cr_data.enabled - ]) -} - -resource "kubectl_manifest" "deploy_cluster_roles" { - count = length(local.all_access_documents) +# Apply the Kubernetes manifests to the cluster +resource "kubernetes_manifest" "deploy_cluster_roles" { + for_each = { for idx, doc in local.all_access_documents : idx => doc } - yaml_body = local.all_access_documents[count.index] + manifest = each.value } diff --git a/main.tf b/main.tf index 09b0604..dfa9dc5 100644 --- a/main.tf +++ b/main.tf @@ -1,9 +1,3 @@ -data "aws_ebs_default_kms_key" "current" {} - -data "aws_kms_key" "ebs_key" { - key_id = data.aws_ebs_default_kms_key.current.key_arn -} - locals { base_tags = { "eks-cluster-name" = var.cluster_name diff --git a/outputs.tf b/outputs.tf index ab60443..e221d4e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -26,26 +26,26 @@ output "rwx_storage_class" { value = kubernetes_storage_class.efs_sc.metadata[0].name } -################################################################################ -# Details about kubectl image -################################################################################ - -output "kubectl_image_full_path" { - description = "The full URI to access the kubectl image including the registry/repository:tag" - value = module.images.images[local.kubectl_key].dest_full_path -} - -output "kubectl_image_registry" { - description = "The registry portion of the URI to access the kubectl image" - value = module.images.images[local.kubectl_key].dest_registry -} - -output "kubectl_image_repository" { - description = "The repository portion of the URI to access the kubectl image" - value = module.images.images[local.kubectl_key].dest_repository -} - -output "kubectl_image_tag" { - description = "The tag portion of the URI to access the kubectl image" - value = module.images.images[local.kubectl_key].tag -} +# ################################################################################ +# # Details about kubectl image +# ################################################################################ + +# output "kubectl_image_full_path" { +# description = "The full URI to access the kubectl image including the registry/repository:tag" +# value = module.images.images[local.kubectl_key].dest_full_path +# } + +# output "kubectl_image_registry" { +# description = "The registry portion of the URI to access the kubectl image" +# value = module.images.images[local.kubectl_key].dest_registry +# } + +# output "kubectl_image_repository" { +# description = "The repository portion of the URI to access the kubectl image" +# value = module.images.images[local.kubectl_key].dest_repository +# } + +# output "kubectl_image_tag" { +# description = "The tag portion of the URI to access the kubectl image" +# value = module.images.images[local.kubectl_key].tag +# } diff --git a/requirements.tf b/requirements.tf index 48cbf58..871794c 100644 --- a/requirements.tf +++ b/requirements.tf @@ -10,10 +10,6 @@ terraform { source = "hashicorp/http" version = ">= 2.1.0" } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" - } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.23.0" diff --git a/variables.tf b/variables.tf index 5c4c702..c2d1be1 100644 --- a/variables.tf +++ b/variables.tf @@ -9,12 +9,6 @@ variable "region" { type = string } -variable "profile" { - description = "AWS config profile" - type = string - default = "" -} - variable "vpc_id" { description = "Specify the VPC id that is used by this cluster" type = string @@ -30,17 +24,17 @@ variable "security_group_all_worker_mgmt_id" { type = string } -# tflint-ignore: terraform_unused_declarations -variable "eks_managed_node_groups_autoscaling_group_names" { - description = "List of the autoscaling group names created by EKS managed node groups" - type = list(string) -} +# # tflint-ignore: terraform_unused_declarations +# variable "eks_managed_node_groups_autoscaling_group_names" { +# description = "List of the autoscaling group names created by EKS managed node groups" +# type = list(string) +# } -# tflint-ignore: terraform_unused_declarations -variable "oidc_provider_arn" { - description = "The ARN of the OIDC Provider if `enable_irsa = true`" - type = string -} +# # tflint-ignore: terraform_unused_declarations +# variable "oidc_provider_arn" { +# description = "The ARN of the OIDC Provider if `enable_irsa = true`" +# type = string +# } variable "operators_ns" { description = "Namespace to create where operators will be installed." @@ -60,23 +54,8 @@ variable "tags" { default = {} } -variable "kubectl_image_tag" { - description = "The version of bitnami/kubectl image to use." - type = string - default = "1.30.4" -} - -# # helm add repo autoscaler "https://kubernetes.github.io/autoscaler" -# # helm search repo -l autoscaler/cluster-autoscaler -# variable "cluster_autoscaler_chart_version" { -# description = "The helm chart of the cluster-autoscaler most closely matching the Kuberentes version. Review output of `helm add repo autoscaler 'https://kubernetes.github.io/autoscaler'` (if the repo hasn't been added previously) and `helm search repo -l autoscaler/cluster-autoscaler`" -# type = string -# default = "9.37.0" -# } - -# # helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag: -# variable "cluster_autoscaler_tag" { -# description = "Image tag of cluster-autoscaler associated with the cluster_autoscaler_chart_version helm chart. `helm show values --version [cluster_autoscaler_chart_version] autoscaler/cluster-autoscaler | grep tag:`" +# variable "kubectl_image_tag" { +# description = "The version of bitnami/kubectl image to use." # type = string -# default = "v1.30.0" +# default = "1.30.4" # }