From dc7d1ec13a8f83e66b197466d1ba011d413a034e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 18:23:17 -0400 Subject: [PATCH] remove cruft, update module source --- .tflint.hcl | 26 +++---- README.md | 8 +- cluster_autoscaler.tf.off | 102 -------------------------- copy_images.tf.off | 29 -------- efs-filesystem.tf.off | 149 -------------------------------------- main.tf | 2 +- 6 files changed, 19 insertions(+), 297 deletions(-) delete mode 100644 cluster_autoscaler.tf.off delete mode 100644 copy_images.tf.off delete mode 100644 efs-filesystem.tf.off diff --git a/.tflint.hcl b/.tflint.hcl index 30b0d2c..4ac5035 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -12,18 +12,18 @@ config { # variables = ["foo=bar", "bar=[\"baz\"]"] } -rule "aws_instance_invalid_type" { - enabled = true -} +# rule "aws_instance_invalid_type" { +# enabled = true +# } -plugin "aws" { - enabled = true - version = "0.32.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} +# plugin "aws" { +# enabled = true +# version = "0.32.0" +# source = "github.com/terraform-linters/tflint-ruleset-aws" +# } -plugin "terraform" { - enabled = true - version = "0.9.0" - source = "github.com/terraform-linters/tflint-ruleset-terraform" -} +# plugin "terraform" { +# enabled = true +# version = "0.9.0" +# source = "github.com/terraform-linters/tflint-ruleset-terraform" +# } diff --git a/README.md b/README.md index 33fa384..496ad4c 100644 --- a/README.md +++ b/README.md @@ -40,15 +40,15 @@ sys 0m2.015s | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.84.0 | +| [aws](#provider\_aws) | 5.88.0 | | [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.35.1 | +| [kubernetes](#provider\_kubernetes) | 2.36.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [efs](#module\_efs) | git@github.e.it.census.gov:terraform-modules/aws-efs.git | master | +| [efs](#module\_efs) | git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/ | master | ## Resources @@ -56,6 +56,7 @@ sys 0m2.015s |------|------| | [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.telemetry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource | | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource | | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource | @@ -74,6 +75,7 @@ sys 0m2.015s | [subnets](#input\_subnets) | Specify the subnets used by this cluster | `list(string)` | n/a | yes | | [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no | | [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | +| [telemetry\_ns](#input\_telemetry\_ns) | Namespace to create where telemetry will be installed. | `string` | `"telemetry"` | no | | [vpc\_id](#input\_vpc\_id) | Specify the VPC id that is used by this cluster | `string` | n/a | yes | ## Outputs diff --git a/cluster_autoscaler.tf.off b/cluster_autoscaler.tf.off deleted file mode 100644 index ef30dc9..0000000 --- a/cluster_autoscaler.tf.off +++ /dev/null @@ -1,102 +0,0 @@ -locals { - # https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html - autoscale_tags = { - format("k8s.io/cluster-autoscaler/%v", var.cluster_name) = "owned" - "k8s.io/cluster-autoscaler/enabled" = "TRUE" - } - - ng_asg_name = var.eks_managed_node_groups_autoscaling_group_names[0] -} - -# module "cluster_autoscaler_irsa_role" { -# source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - -# role_name = "${var.cluster_name}-cluster-autoscaler" - -# attach_cluster_autoscaler_policy = true - -# cluster_autoscaler_cluster_names = [var.cluster_name] - -# oidc_providers = { -# main = { -# provider_arn = var.oidc_provider_arn -# namespace_service_accounts = ["kube-system:cluster-autoscaler"] -# } -# } -# tags = local.tags -# } - -# ALTERNATELY WE PASS THIS VIA OUTPUT DEPENDENCY W/ TERRAGRUNT -data "aws_iam_role" "cluster_autoscaler_irsa_role" { - name = "${var.cluster_name}-cluster-autoscaler" -} - -#### NEED TO MOVE THIS TO A PROPER PLACE -resource "kubernetes_namespace" "operators" { - metadata { - name = var.operators_ns - } -} - -resource "aws_autoscaling_group_tag" "on-demand" { - autoscaling_group_name = local.ng_asg_name - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/eks.amazonaws.com/capacityType" - value = "ON_DEMAND" - propagate_at_launch = true - } -} - -data "kubernetes_namespace" "kube-system" { - metadata { - name = "kube-system" - } -} - -resource "helm_release" "cluster-autoscaler" { - depends_on = [ - module.images, - ] - - chart = "cluster-autoscaler" - name = "cluster-autoscaler" - version = var.cluster_autoscaler_chart_version - namespace = data.kubernetes_namespace.kube-system.metadata[0].name - repository = "https://kubernetes.github.io/autoscaler" - - set { - name = "image.repository" - value = format("%v/%v", - module.images.images[local.autoscaler_key].dest_registry, - module.images.images[local.autoscaler_key].dest_repository - ) - } - set { - name = "image.tag" - value = module.images.images[local.autoscaler_key].tag - } - set { - name = "autoDiscovery.clusterName" - value = var.cluster_name - } - set { - name = "awsRegion" - value = var.region - } - - set { - name = "rbac.serviceAccount.name" - value = "cluster-autoscaler" - } - - set { - name = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = data.aws_iam_role.cluster_autoscaler_irsa_role.arn - # value = module.cluster_autoscaler_irsa_role.iam_role_arn - } - - set { - name = "rbac.serviceAccount.create" - value = "true" - } -} diff --git a/copy_images.tf.off b/copy_images.tf.off deleted file mode 100644 index dccba9e..0000000 --- a/copy_images.tf.off +++ /dev/null @@ -1,29 +0,0 @@ -locals { - kubectl_key = format("%v#%v", "kubectl", var.kubectl_image_tag) - - image_config = [ - { - enabled = true - dest_path = null - name = "kubectl" - source_image = "bitnami/kubectl" - source_registry = "docker.io" - source_tag = var.kubectl_image_tag - tag = var.kubectl_image_tag - } - ] -} - -module "images" { - source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" - - profile = var.profile - application_name = var.cluster_name - image_config = local.image_config - tags = {} - - enable_lifecycle_policy = true - lifecycle_policy_all = true - force_delete = true - lifecycle_policy_keep_count = 3 -} diff --git a/efs-filesystem.tf.off b/efs-filesystem.tf.off deleted file mode 100644 index 667f8cd..0000000 --- a/efs-filesystem.tf.off +++ /dev/null @@ -1,149 +0,0 @@ -# ------------------------------------------------------------------------------------- -# EKS-EFS - Creates an EFS volume and Kubernetes resources to use it -# ------------------------------------------------------------------------------------- -locals { - efs_access_points = [ - { - label = "data-logs" - name = "data-logs" - path = "/data_logs" - owner_uid = 51000 - owner_gid = 51000 - permissions = "755" - claim_name = "logs" - claim_namespace = "logs" - }, - { - label = "data-apps" - name = "data-apps" - path = "/data_apps" - owner_uid = 51000 - owner_gid = 51000 - permissions = "755" - claim_name = "apps" - claim_namespace = "apps" - }, - ] -} - -# ------------------------------------------------------------------------------------- -# EFS Namespace -# ------------------------------------------------------------------------------------- -resource "kubernetes_namespace" "efs_namespace" { - for_each = { for ap in local.efs_access_points : ap.label => ap } - metadata { - name = format("%v-%v", var.cluster_name, each.value.claim_namespace) - } -} - -# ------------------------------------------------------------------------------------- -# EFS Access Point -# ------------------------------------------------------------------------------------- -resource "aws_efs_access_point" "efs_ap" { - for_each = { for ap in local.efs_access_points : ap.name => ap } - file_system_id = module.efs.id - root_directory { - path = each.value.path - creation_info { - owner_uid = each.value.owner_uid - owner_gid = each.value.owner_gid - permissions = each.value.permissions - } - } - - tags = merge( - local.base_tags, - # local.common_tags, - # var.application_tags, - tomap({ "Name" = format("%v-efs-access-point_%v", var.cluster_name, each.key) }), - ) -} - -# ------------------------------------------------------------------------------------- -# EFS Persistent Volume -# ------------------------------------------------------------------------------------- -resource "kubernetes_persistent_volume" "efs_ap" { - for_each = { for ap in local.efs_access_points : ap.name => ap } - metadata { - name = format("efs-%v-pv", each.key) - } - spec { - capacity = { - storage = "1Gi" - } - claim_ref { - name = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key) - namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace) - } - access_modes = ["ReadWriteMany"] - persistent_volume_reclaim_policy = "Retain" - volume_mode = "Filesystem" - storage_class_name = "efs" - persistent_volume_source { - csi { - driver = "efs.csi.aws.com" - volume_handle = format("%v:%v:%v", module.efs.id, "", aws_efs_access_point.efs_ap[each.key].id) - } - } - } -} -# ------------------------------------------------------------------------------------- -# EFS Persistent Volume Claim Per AP -# ------------------------------------------------------------------------------------- -resource "kubernetes_persistent_volume_claim" "efs_ap" { - for_each = { for ap in local.efs_access_points : ap.name => ap } - metadata { - name = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key) - namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace) - } - wait_until_bound = false - spec { - access_modes = ["ReadWriteMany"] - storage_class_name = "efs" - resources { - requests = { - storage = "1Gi" - } - } - } - depends_on = [kubernetes_persistent_volume.efs_ap] -} - -# ------------------------------------------------------------------------------------- -# EFS Persistent Volume Base Claim -# ------------------------------------------------------------------------------------- -resource "kubernetes_persistent_volume_claim" "pvc_efs-cluster-base" { - depends_on = [kubernetes_storage_class.efs-sc] - metadata { - name = format("%v%v-%v", "eks-", var.cluster_name, "base-claim") - } - wait_until_bound = false - spec { - access_modes = ["ReadWriteMany"] - resources { - requests = { - storage = "25Gi" - } - } - storage_class_name = "efs" - } -} - -output "efs_ap_ids" { - description = "EFS AccessPoint IDs" - value = { for k, v in aws_efs_access_point.efs_ap : k => v.id } -} - -## # apiVersion: v1 -## # kind: PersistentVolumeClaim -## # metadata: -## # name: ditd-gups-dev1-data1-geoserver-claim -## # spec: -## # accessModes: -## # - ReadWriteMany -## # storageClassName: efs-sc -## # resources: -## # requests: -## # storage: 5Gi -## # -## diff --git a/main.tf b/main.tf index 00e1daa..2dc98d4 100644 --- a/main.tf +++ b/main.tf @@ -50,7 +50,7 @@ resource "kubernetes_storage_class" "ebs_encrypted" { module "efs" { # tflint-ignore: terraform_module_version # tflint-ignore: terraform_module_pinned_source - source = "git@github.e.it.census.gov:terraform-modules/aws-efs.git?ref=master" + source = "git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/?ref=master" name = var.cluster_name vpc_id = var.vpc_id