add efs filesystem and update copy images for lifecycle policy

copy_images.tf

@@ -25,7 +25,7 @@ locals {
 }
 
 module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
 
   profile          = var.profile
   application_name = var.cluster_name
@@ -41,5 +41,22 @@ module "images" {
   ##  region               = ""
   ##  source_password      = ""
   ##  source_username      = ""
-}
 
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+
+  data "aws_ecr_lifecycle_policy_document" "pushed" {
+    rule {
+      priority    = 1
+      description = "keep images tagged test, last push 28 days ago"
+
+      selection {
+        tag_status       = "tagged"
+        # tag_pattern_list = ["*test*"]
+        count_type       = "sinceImagePushed"
+        count_number     = 28
+        count_unit       = days
+      }
+    }
+  }
+}

efs-filesystem.tf.off

@@ -0,0 +1,149 @@
+# -------------------------------------------------------------------------------------
+# EKS-EFS - Creates an EFS volume and Kubernetes resources to use it
+# -------------------------------------------------------------------------------------
+locals {
+  efs_access_points = [
+    {
+      label           = "data-logs"
+      name            = "data-logs"
+      path            = "/data_logs"
+      owner_uid       = 51000
+      owner_gid       = 51000
+      permissions     = "755"
+      claim_name      = "logs"
+      claim_namespace = "logs"
+    },
+    {
+      label           = "data-apps"
+      name            = "data-apps"
+      path            = "/data_apps"
+      owner_uid       = 51000
+      owner_gid       = 51000
+      permissions     = "755"
+      claim_name      = "apps"
+      claim_namespace = "apps"
+    },
+  ]
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Namespace
+# -------------------------------------------------------------------------------------
+resource "kubernetes_namespace" "efs_namespace" {
+  for_each = { for ap in local.efs_access_points : ap.label => ap }
+  metadata {
+    name = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+  }
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Access Point
+# -------------------------------------------------------------------------------------
+resource "aws_efs_access_point" "efs_ap" {
+  for_each       = { for ap in local.efs_access_points : ap.name => ap }
+  file_system_id = module.efs.id
+  root_directory {
+    path = each.value.path
+    creation_info {
+      owner_uid   = each.value.owner_uid
+      owner_gid   = each.value.owner_gid
+      permissions = each.value.permissions
+    }
+  }
+
+  tags = merge(
+    local.base_tags,
+    # local.common_tags,
+    # var.application_tags,
+    tomap({ "Name" = format("%v-efs-access-point_%v", var.cluster_name, each.key) }),
+  )
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume" "efs_ap" {
+  for_each = { for ap in local.efs_access_points : ap.name => ap }
+  metadata {
+    name = format("efs-%v-pv", each.key)
+  }
+  spec {
+    capacity = {
+      storage = "1Gi"
+    }
+    claim_ref {
+      name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+      namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+    }
+    access_modes                     = ["ReadWriteMany"]
+    persistent_volume_reclaim_policy = "Retain"
+    volume_mode                      = "Filesystem"
+    storage_class_name               = "efs"
+    persistent_volume_source {
+      csi {
+        driver        = "efs.csi.aws.com"
+        volume_handle = format("%v:%v:%v", module.efs.id, "", aws_efs_access_point.efs_ap[each.key].id)
+      }
+    }
+  }
+}
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume Claim Per AP
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume_claim" "efs_ap" {
+  for_each = { for ap in local.efs_access_points : ap.name => ap }
+  metadata {
+    name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+    namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+  }
+  wait_until_bound = false
+  spec {
+    access_modes       = ["ReadWriteMany"]
+    storage_class_name = "efs"
+    resources {
+      requests = {
+        storage = "1Gi"
+      }
+    }
+  }
+  depends_on = [kubernetes_persistent_volume.efs_ap]
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume Base Claim
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume_claim" "pvc_efs-cluster-base" {
+  depends_on = [kubernetes_storage_class.efs-sc]
+  metadata {
+    name = format("%v%v-%v", "eks-", var.cluster_name, "base-claim")
+  }
+  wait_until_bound = false
+  spec {
+    access_modes = ["ReadWriteMany"]
+    resources {
+      requests = {
+        storage = "25Gi"
+      }
+    }
+    storage_class_name = "efs"
+  }
+}
+
+output "efs_ap_ids" {
+  description = "EFS AccessPoint IDs"
+  value       = { for k, v in aws_efs_access_point.efs_ap : k => v.id }
+}
+
+## # apiVersion: v1
+## # kind: PersistentVolumeClaim
+## # metadata:
+## #   name: ditd-gups-dev1-data1-geoserver-claim
+## # spec:
+## #   accessModes:
+## #     - ReadWriteMany
+## #   storageClassName: efs-sc
+## #   resources:
+## #     requests:
+## #       storage: 5Gi
+## # 
+##