diff --git a/README.md b/README.md
index a4de242..6941171 100644
--- a/README.md
+++ b/README.md
@@ -50,67 +50,27 @@ sys 0m2.015s
| Name | Source | Version |
|------|--------|---------|
-| [awsauth\_cluster-roles](#module\_awsauth\_cluster-roles) | git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth | tf-upgrade |
| [efs](#module\_efs) | git::https://github.e.it.census.gov/terraform-modules/aws-efs.git/ | master |
-| [group\_cicd\_deployer](#module\_group\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-group.git | n/a |
-| [group\_dba\_administrator](#module\_group\_dba\_administrator) | git@github.e.it.census.gov:terraform-modules/aws-iam-group.git | n/a |
-| [role\_cicd\_deployer](#module\_role\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | tf-upgrade |
-| [role\_dba\_administrator](#module\_role\_dba\_administrator) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | tf-upgrade |
-| [service\_cicd\_deployer](#module\_service\_cicd\_deployer) | git@github.e.it.census.gov:terraform-modules/aws-iam-user.git | tf-upgrade |
## Resources
| Name | Type |
|------|------|
-| [aws_iam_policy.cicd_deployer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.dba_administrator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_cluster_role.cicd_deployer_application_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.cicd_deployer_istio_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.cicd_deployer_istiosystem_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_cluster_role.dba_administrator_cluster_role](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) | resource |
-| [kubernetes_namespace.cicd_managed_namespaces](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.dba_managed_namespaces](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.telemetry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_role_binding.dba_admin_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_application_istio_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_application_rolebinding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
-| [kubernetes_role_binding.deployer_istio_role_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
| [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
-| [aws_iam_policy.cicd_deployer_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy_document.cicd_deployer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.cicd_deployer_allow_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.dba_administrator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.dba_administrator_allow_sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [cicd\_k8s\_group\_name](#input\_cicd\_k8s\_group\_name) | The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster) | `string` | `"cicd-deployer"` | no |
-| [cicd\_k8s\_user\_name](#input\_cicd\_k8s\_user\_name) | The user name of CICD Deployer | `string` | `"cicd-deployer"` | no |
-| [cicd\_managed\_namespaces](#input\_cicd\_managed\_namespaces) | Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix) | `list(any)` | `[]` | no |
| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| [dba\_admin\_rolebinding\_name](#input\_dba\_admin\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"dba-admin-rolebinding"` | no |
-| [dba\_administrator\_role\_name](#input\_dba\_administrator\_role\_name) | The kubernetes cluster role name of DBA Administrator | `string` | `"dba-admin-role"` | no |
-| [dba\_k8s\_group\_name](#input\_dba\_k8s\_group\_name) | The Group name of dba-admin belongs to (excluding prefix for service account and cluster) | `string` | `"dba-admin"` | no |
-| [dba\_k8s\_user\_name](#input\_dba\_k8s\_user\_name) | the user name of DBA Administrator | `string` | `"dba-admin"` | no |
-| [dba\_managed\_namespaces](#input\_dba\_managed\_namespaces) | DBA admin managed namespaces (excluding cluster name prefix) | `list(any)` | `[]` | no |
-| [deployer\_application\_istio\_role\_name](#input\_deployer\_application\_istio\_role\_name) | The kubernetes cluster role name of CICD Deployer | `string` | `"deployer-application-istio-role"` | no |
-| [deployer\_application\_istio\_rolebinding\_name](#input\_deployer\_application\_istio\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"deployer-application-istio-rolebinding"` | no |
-| [deployer\_application\_role\_name](#input\_deployer\_application\_role\_name) | The kubernetes cluster role name of CICD Deployer | `string` | `"deployer-application-role"` | no |
-| [deployer\_application\_rolebinding\_name](#input\_deployer\_application\_rolebinding\_name) | Role binding name of deployer that binding to role deployer\_application\_cluster\_role | `string` | `"deployer-application-rolebinding"` | no |
-| [deployer\_istiosystem\_role\_name](#input\_deployer\_istiosystem\_role\_name) | The kubernetes cluster role name of CIDR Deployer | `string` | `"deployer-istiosystem-role"` | no |
-| [istio\_installed\_namespace](#input\_istio\_installed\_namespace) | Namespace that Istio installed | `string` | `"istio-system"` | no |
| [operators\_ns](#input\_operators\_ns) | Namespace to create where operators will be installed. | `string` | `"operators"` | no |
| [profile](#input\_profile) | AWS config profile | `string` | n/a | yes |
| [region](#input\_region) | AWS region | `string` | n/a | yes |
@@ -125,13 +85,8 @@ sys 0m2.015s
| Name | Description |
|------|-------------|
-| [info\_cicd\_deployer](#output\_info\_cicd\_deployer) | CID Deployer IAM details |
-| [info\_dba\_administrator](#output\_info\_dba\_administrator) | DBA Adminstrator IAM details |
| [module\_name](#output\_module\_name) | The name of this module. |
| [module\_version](#output\_module\_version) | The version of this module. |
-| [role\_dba\_administrator\_arn](#output\_role\_dba\_administrator\_arn) | DBA Adminstrator role ARN |
| [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
| [rwx\_storage\_class](#output\_rwx\_storage\_class) | Kubernetes storage class that supports read/write many. |
-| [service\_cicd\_deployer\_arn](#output\_service\_cicd\_deployer\_arn) | CICD Deployer user ARN |
-| [service\_cicd\_deployer\_username](#output\_service\_cicd\_deployer\_username) | CICD Deployer username |
diff --git a/aws_data.tf b/aws_data.tf
index eb70e88..bb1ee27 100644
--- a/aws_data.tf
+++ b/aws_data.tf
@@ -3,10 +3,10 @@ data "aws_ebs_default_kms_key" "current" {}
data "aws_kms_key" "ebs_key" {
key_id = data.aws_ebs_default_kms_key.current.key_arn
}
-data "aws_caller_identity" "current" {}
+# data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
+# data "aws_region" "current" {}
-data "aws_arn" "current" {
- arn = data.aws_caller_identity.current.arn
-}
+# data "aws_arn" "current" {
+# arn = data.aws_caller_identity.current.arn
+# }
diff --git a/dba-clusterrole.tf b/dba-clusterrole.tf.off
similarity index 100%
rename from dba-clusterrole.tf
rename to dba-clusterrole.tf.off
diff --git a/dba-rolebinding.tf b/dba-rolebinding.tf.off
similarity index 100%
rename from dba-rolebinding.tf
rename to dba-rolebinding.tf.off
diff --git a/dba.iam.tf b/dba.iam.tf.off
similarity index 100%
rename from dba.iam.tf
rename to dba.iam.tf.off
diff --git a/deployer-clusterrole.tf b/deployer-clusterrole.tf.off
similarity index 100%
rename from deployer-clusterrole.tf
rename to deployer-clusterrole.tf.off
diff --git a/deployer-rolebinding.tf b/deployer-rolebinding.tf.off
similarity index 100%
rename from deployer-rolebinding.tf
rename to deployer-rolebinding.tf.off
diff --git a/deployer.iam.tf b/deployer.iam.tf.off
similarity index 100%
rename from deployer.iam.tf
rename to deployer.iam.tf.off
diff --git a/main.tf b/main.tf
index 0732776..5bd657a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,6 @@
locals {
- iam_arn = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
- common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.id, data.aws_caller_identity.current.account_id)
+ # iam_arn = format("arn:%v:iam::%v:%%v", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
+ # common_arn = format("arn:%v:%%v:%v:%v:%%v", data.aws_arn.current.partition, data.aws_region.current.id, data.aws_caller_identity.current.account_id)
base_tags = {
"eks-cluster-name" = var.cluster_name
"boc:tf_module_version" = local.module_version
@@ -95,33 +95,33 @@ resource "kubernetes_namespace" "telemetry" {
}
}
-locals {
- aws_auth_users = [
- {
- userarn = module.service_cicd_deployer.user_arn
- aws_username = ""
- username = var.cicd_k8s_user_name
- groups = [local.cicd_k8s_group_name]
- },
- ]
- aws_auth_roles = [
- {
- rolearn : module.role_dba_administrator.role_arn
- aws_rolename : ""
- username : var.dba_k8s_user_name
- groups = [local.dba_k8s_group_name]
- },
- ]
-}
+# locals {
+# aws_auth_users = [
+# {
+# userarn = module.service_cicd_deployer.user_arn
+# aws_username = ""
+# username = var.cicd_k8s_user_name
+# groups = [local.cicd_k8s_group_name]
+# },
+# ]
+# aws_auth_roles = [
+# {
+# rolearn : module.role_dba_administrator.role_arn
+# aws_rolename : ""
+# username : var.dba_k8s_user_name
+# groups = [local.dba_k8s_group_name]
+# },
+# ]
+# }
-module "awsauth_cluster-roles" {
- source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=tf-upgrade"
+# module "awsauth_cluster-roles" {
+# source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=tf-upgrade"
- region = var.region
- profile = var.profile
- cluster_name = var.cluster_name
- aws_auth_users = local.aws_auth_users
- aws_auth_roles = local.aws_auth_roles
+# region = var.region
+# profile = var.profile
+# cluster_name = var.cluster_name
+# aws_auth_users = local.aws_auth_users
+# aws_auth_roles = local.aws_auth_roles
- keep_temporary_files = false
-}
+# keep_temporary_files = false
+# }
diff --git a/prefixes.tf b/prefixes.tf.off
similarity index 100%
rename from prefixes.tf
rename to prefixes.tf.off
diff --git a/variables.tf b/variables.tf
index 0d430bf..3fb6c32 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,6 +9,7 @@ variable "region" {
type = string
}
+# tflint-ignore: terraform_unused_declarations
variable "profile" {
description = "AWS config profile"
type = string
@@ -53,84 +54,84 @@ variable "tags" {
default = {}
}
-variable "deployer_istiosystem_role_name" {
- description = "The kubernetes cluster role name of CIDR Deployer"
- type = string
- default = "deployer-istiosystem-role"
-}
-
-variable "deployer_application_role_name" {
- description = "The kubernetes cluster role name of CICD Deployer"
- type = string
- default = "deployer-application-role"
-}
-
-variable "deployer_application_istio_role_name" {
- description = "The kubernetes cluster role name of CICD Deployer"
- type = string
- default = "deployer-application-istio-role"
-}
-
-variable "dba_administrator_role_name" {
- description = "The kubernetes cluster role name of DBA Administrator"
- type = string
- default = "dba-admin-role"
-}
-
-variable "istio_installed_namespace" {
- description = "Namespace that Istio installed"
- type = string
- default = "istio-system"
-}
-
-variable "cicd_k8s_user_name" {
- description = "The user name of CICD Deployer"
- type = string
- default = "cicd-deployer"
-}
-variable "cicd_k8s_group_name" {
- description = "The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster)"
- type = string
- default = "cicd-deployer"
-}
-
-variable "dba_k8s_user_name" {
- description = "the user name of DBA Administrator"
- type = string
- default = "dba-admin"
-}
-variable "dba_k8s_group_name" {
- description = "The Group name of dba-admin belongs to (excluding prefix for service account and cluster)"
- type = string
- default = "dba-admin"
-}
-
-variable "deployer_application_rolebinding_name" {
- description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
- type = string
- default = "deployer-application-rolebinding"
-}
-
-variable "deployer_application_istio_rolebinding_name" {
- description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
- type = string
- default = "deployer-application-istio-rolebinding"
-}
-
-variable "dba_admin_rolebinding_name" {
- description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
- type = string
- default = "dba-admin-rolebinding"
-}
-
-variable "cicd_managed_namespaces" {
- description = "Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix)"
- type = list(any)
- default = []
-}
-
-variable "dba_managed_namespaces" {
- description = "DBA admin managed namespaces (excluding cluster name prefix)"
- type = list(any)
- default = []
-}
+# variable "deployer_istiosystem_role_name" {
+# description = "The kubernetes cluster role name of CIDR Deployer"
+# type = string
+# default = "deployer-istiosystem-role"
+# }
+
+# variable "deployer_application_role_name" {
+# description = "The kubernetes cluster role name of CICD Deployer"
+# type = string
+# default = "deployer-application-role"
+# }
+
+# variable "deployer_application_istio_role_name" {
+# description = "The kubernetes cluster role name of CICD Deployer"
+# type = string
+# default = "deployer-application-istio-role"
+# }
+
+# variable "dba_administrator_role_name" {
+# description = "The kubernetes cluster role name of DBA Administrator"
+# type = string
+# default = "dba-admin-role"
+# }
+
+# variable "istio_installed_namespace" {
+# description = "Namespace that Istio installed"
+# type = string
+# default = "istio-system"
+# }
+
+# variable "cicd_k8s_user_name" {
+# description = "The user name of CICD Deployer"
+# type = string
+# default = "cicd-deployer"
+# }
+# variable "cicd_k8s_group_name" {
+# description = "The Group name of CICD Deployer belongs to (excluding prefix for service account and cluster)"
+# type = string
+# default = "cicd-deployer"
+# }
+
+# variable "dba_k8s_user_name" {
+# description = "the user name of DBA Administrator"
+# type = string
+# default = "dba-admin"
+# }
+# variable "dba_k8s_group_name" {
+# description = "The Group name of dba-admin belongs to (excluding prefix for service account and cluster)"
+# type = string
+# default = "dba-admin"
+# }
+
+# variable "deployer_application_rolebinding_name" {
+# description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+# type = string
+# default = "deployer-application-rolebinding"
+# }
+
+# variable "deployer_application_istio_rolebinding_name" {
+# description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+# type = string
+# default = "deployer-application-istio-rolebinding"
+# }
+
+# variable "dba_admin_rolebinding_name" {
+# description = "Role binding name of deployer that binding to role deployer_application_cluster_role"
+# type = string
+# default = "dba-admin-rolebinding"
+# }
+
+# variable "cicd_managed_namespaces" {
+# description = "Deployer managed namespaces that deploy can create resources in (excluding cluster name prefix)"
+# type = list(any)
+# default = []
+# }
+
+# variable "dba_managed_namespaces" {
+# description = "DBA admin managed namespaces (excluding cluster name prefix)"
+# type = list(any)
+# default = []
+# }