diff --git a/.tflint.hcl b/.tflint.hcl
index 30b0d2c..4ac5035 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -12,18 +12,18 @@ config {
# variables = ["foo=bar", "bar=[\"baz\"]"]
}
-rule "aws_instance_invalid_type" {
- enabled = true
-}
+# rule "aws_instance_invalid_type" {
+# enabled = true
+# }
-plugin "aws" {
- enabled = true
- version = "0.32.0"
- source = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+# enabled = true
+# version = "0.32.0"
+# source = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
-plugin "terraform" {
- enabled = true
- version = "0.9.0"
- source = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+# enabled = true
+# version = "0.9.0"
+# source = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
diff --git a/README.md b/README.md
index 33fa384..496ad4c 100644
--- a/README.md
+++ b/README.md
@@ -40,15 +40,15 @@ sys 0m2.015s
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.84.0 |
+| [aws](#provider\_aws) | 5.88.0 |
| [helm](#provider\_helm) | 2.17.0 |
-| [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| [kubernetes](#provider\_kubernetes) | 2.36.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [efs](#module\_efs) | git@github.e.it.census.gov:terraform-modules/aws-efs.git | master |
+| [efs](#module\_efs) | git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/ | master |
## Resources
@@ -56,6 +56,7 @@ sys 0m2.015s
|------|------|
| [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.telemetry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -74,6 +75,7 @@ sys 0m2.015s
| [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes |
| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| [telemetry\_ns](#input\_telemetry\_ns) | Namespace to create where telemetry will be installed. | `string` | `"telemetry"` | no |
| [vpc\_id](#input\_vpc\_id) | Specify the VPC id that is used by this cluster | `string` | n/a | yes |
## Outputs
diff --git a/cluster_autoscaler.tf.off b/cluster_autoscaler.tf.off
deleted file mode 100644
index ef30dc9..0000000
--- a/cluster_autoscaler.tf.off
+++ /dev/null
@@ -1,102 +0,0 @@
-locals {
- # https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html
- autoscale_tags = {
- format("k8s.io/cluster-autoscaler/%v", var.cluster_name) = "owned"
- "k8s.io/cluster-autoscaler/enabled" = "TRUE"
- }
-
- ng_asg_name = var.eks_managed_node_groups_autoscaling_group_names[0]
-}
-
-# module "cluster_autoscaler_irsa_role" {
-# source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-
-# role_name = "${var.cluster_name}-cluster-autoscaler"
-
-# attach_cluster_autoscaler_policy = true
-
-# cluster_autoscaler_cluster_names = [var.cluster_name]
-
-# oidc_providers = {
-# main = {
-# provider_arn = var.oidc_provider_arn
-# namespace_service_accounts = ["kube-system:cluster-autoscaler"]
-# }
-# }
-# tags = local.tags
-# }
-
-# ALTERNATELY WE PASS THIS VIA OUTPUT DEPENDENCY W/ TERRAGRUNT
-data "aws_iam_role" "cluster_autoscaler_irsa_role" {
- name = "${var.cluster_name}-cluster-autoscaler"
-}
-
-#### NEED TO MOVE THIS TO A PROPER PLACE
-resource "kubernetes_namespace" "operators" {
- metadata {
- name = var.operators_ns
- }
-}
-
-resource "aws_autoscaling_group_tag" "on-demand" {
- autoscaling_group_name = local.ng_asg_name
- tag {
- key = "k8s.io/cluster-autoscaler/node-template/label/eks.amazonaws.com/capacityType"
- value = "ON_DEMAND"
- propagate_at_launch = true
- }
-}
-
-data "kubernetes_namespace" "kube-system" {
- metadata {
- name = "kube-system"
- }
-}
-
-resource "helm_release" "cluster-autoscaler" {
- depends_on = [
- module.images,
- ]
-
- chart = "cluster-autoscaler"
- name = "cluster-autoscaler"
- version = var.cluster_autoscaler_chart_version
- namespace = data.kubernetes_namespace.kube-system.metadata[0].name
- repository = "https://kubernetes.github.io/autoscaler"
-
- set {
- name = "image.repository"
- value = format("%v/%v",
- module.images.images[local.autoscaler_key].dest_registry,
- module.images.images[local.autoscaler_key].dest_repository
- )
- }
- set {
- name = "image.tag"
- value = module.images.images[local.autoscaler_key].tag
- }
- set {
- name = "autoDiscovery.clusterName"
- value = var.cluster_name
- }
- set {
- name = "awsRegion"
- value = var.region
- }
-
- set {
- name = "rbac.serviceAccount.name"
- value = "cluster-autoscaler"
- }
-
- set {
- name = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
- value = data.aws_iam_role.cluster_autoscaler_irsa_role.arn
- # value = module.cluster_autoscaler_irsa_role.iam_role_arn
- }
-
- set {
- name = "rbac.serviceAccount.create"
- value = "true"
- }
-}
diff --git a/copy_images.tf.off b/copy_images.tf.off
deleted file mode 100644
index dccba9e..0000000
--- a/copy_images.tf.off
+++ /dev/null
@@ -1,29 +0,0 @@
-locals {
- kubectl_key = format("%v#%v", "kubectl", var.kubectl_image_tag)
-
- image_config = [
- {
- enabled = true
- dest_path = null
- name = "kubectl"
- source_image = "bitnami/kubectl"
- source_registry = "docker.io"
- source_tag = var.kubectl_image_tag
- tag = var.kubectl_image_tag
- }
- ]
-}
-
-module "images" {
- source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
-
- profile = var.profile
- application_name = var.cluster_name
- image_config = local.image_config
- tags = {}
-
- enable_lifecycle_policy = true
- lifecycle_policy_all = true
- force_delete = true
- lifecycle_policy_keep_count = 3
-}
diff --git a/efs-filesystem.tf.off b/efs-filesystem.tf.off
deleted file mode 100644
index 667f8cd..0000000
--- a/efs-filesystem.tf.off
+++ /dev/null
@@ -1,149 +0,0 @@
-# -------------------------------------------------------------------------------------
-# EKS-EFS - Creates an EFS volume and Kubernetes resources to use it
-# -------------------------------------------------------------------------------------
-locals {
- efs_access_points = [
- {
- label = "data-logs"
- name = "data-logs"
- path = "/data_logs"
- owner_uid = 51000
- owner_gid = 51000
- permissions = "755"
- claim_name = "logs"
- claim_namespace = "logs"
- },
- {
- label = "data-apps"
- name = "data-apps"
- path = "/data_apps"
- owner_uid = 51000
- owner_gid = 51000
- permissions = "755"
- claim_name = "apps"
- claim_namespace = "apps"
- },
- ]
-}
-
-# -------------------------------------------------------------------------------------
-# EFS Namespace
-# -------------------------------------------------------------------------------------
-resource "kubernetes_namespace" "efs_namespace" {
- for_each = { for ap in local.efs_access_points : ap.label => ap }
- metadata {
- name = format("%v-%v", var.cluster_name, each.value.claim_namespace)
- }
-}
-
-# -------------------------------------------------------------------------------------
-# EFS Access Point
-# -------------------------------------------------------------------------------------
-resource "aws_efs_access_point" "efs_ap" {
- for_each = { for ap in local.efs_access_points : ap.name => ap }
- file_system_id = module.efs.id
- root_directory {
- path = each.value.path
- creation_info {
- owner_uid = each.value.owner_uid
- owner_gid = each.value.owner_gid
- permissions = each.value.permissions
- }
- }
-
- tags = merge(
- local.base_tags,
- # local.common_tags,
- # var.application_tags,
- tomap({ "Name" = format("%v-efs-access-point_%v", var.cluster_name, each.key) }),
- )
-}
-
-# -------------------------------------------------------------------------------------
-# EFS Persistent Volume
-# -------------------------------------------------------------------------------------
-resource "kubernetes_persistent_volume" "efs_ap" {
- for_each = { for ap in local.efs_access_points : ap.name => ap }
- metadata {
- name = format("efs-%v-pv", each.key)
- }
- spec {
- capacity = {
- storage = "1Gi"
- }
- claim_ref {
- name = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
- namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
- }
- access_modes = ["ReadWriteMany"]
- persistent_volume_reclaim_policy = "Retain"
- volume_mode = "Filesystem"
- storage_class_name = "efs"
- persistent_volume_source {
- csi {
- driver = "efs.csi.aws.com"
- volume_handle = format("%v:%v:%v", module.efs.id, "", aws_efs_access_point.efs_ap[each.key].id)
- }
- }
- }
-}
-# -------------------------------------------------------------------------------------
-# EFS Persistent Volume Claim Per AP
-# -------------------------------------------------------------------------------------
-resource "kubernetes_persistent_volume_claim" "efs_ap" {
- for_each = { for ap in local.efs_access_points : ap.name => ap }
- metadata {
- name = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
- namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
- }
- wait_until_bound = false
- spec {
- access_modes = ["ReadWriteMany"]
- storage_class_name = "efs"
- resources {
- requests = {
- storage = "1Gi"
- }
- }
- }
- depends_on = [kubernetes_persistent_volume.efs_ap]
-}
-
-# -------------------------------------------------------------------------------------
-# EFS Persistent Volume Base Claim
-# -------------------------------------------------------------------------------------
-resource "kubernetes_persistent_volume_claim" "pvc_efs-cluster-base" {
- depends_on = [kubernetes_storage_class.efs-sc]
- metadata {
- name = format("%v%v-%v", "eks-", var.cluster_name, "base-claim")
- }
- wait_until_bound = false
- spec {
- access_modes = ["ReadWriteMany"]
- resources {
- requests = {
- storage = "25Gi"
- }
- }
- storage_class_name = "efs"
- }
-}
-
-output "efs_ap_ids" {
- description = "EFS AccessPoint IDs"
- value = { for k, v in aws_efs_access_point.efs_ap : k => v.id }
-}
-
-## # apiVersion: v1
-## # kind: PersistentVolumeClaim
-## # metadata:
-## # name: ditd-gups-dev1-data1-geoserver-claim
-## # spec:
-## # accessModes:
-## # - ReadWriteMany
-## # storageClassName: efs-sc
-## # resources:
-## # requests:
-## # storage: 5Gi
-## #
-##
diff --git a/main.tf b/main.tf
index 00e1daa..2dc98d4 100644
--- a/main.tf
+++ b/main.tf
@@ -50,7 +50,7 @@ resource "kubernetes_storage_class" "ebs_encrypted" {
module "efs" {
# tflint-ignore: terraform_module_version
# tflint-ignore: terraform_module_pinned_source
- source = "git@github.e.it.census.gov:terraform-modules/aws-efs.git?ref=master"
+ source = "git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/?ref=master"
name = var.cluster_name
vpc_id = var.vpc_id