-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit f01a728
Showing
7 changed files
with
228 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # Local .terraform directories | ||
| **/.terraform/* | ||
|
|
||
| # terraform lock file. | ||
| **/.terraform.lock.hcl | ||
|
|
||
| # .tfstate files | ||
| *.tfstate | ||
| *.tfstate.* | ||
|
|
||
| # Crash log files | ||
| crash.log | ||
| crash.*.log | ||
|
|
||
| # Exclude all .tfvars files, which are likely to contain sensitive data, | ||
| # such as password, private keys, and other secrets. These should not be | ||
| # part of version control as they are data points which are potentially | ||
| # sensitive and subject to change depending on the environment. | ||
| *.tfvars | ||
| *.tfvars.json | ||
|
|
||
| # Ignore override files as they are usually used to override resources | ||
| # locally and so are not checked in | ||
| override.tf | ||
| override.tf.json | ||
| *_override.tf | ||
| *_override.tf.json | ||
|
|
||
| # Include override files you do wish to add to version control using negated pattern | ||
| # !example_override.tf | ||
|
|
||
| # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
| # example: *tfplan* | ||
|
|
||
| # Ignore CLI configuration files | ||
| .terraformrc | ||
| terraform.rc | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # tfmod-eks-storage-classes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| data "aws_vpc" "eks_vpc" { | ||
| filter { | ||
| name = "tag:Name" | ||
| values = [var.vpc_name] | ||
| } | ||
| } | ||
|
|
||
| data "aws_subnets" "subnets" { | ||
| filter { | ||
| name = "tag:Name" | ||
| values = [var.subnets_name] | ||
| } | ||
| filter { | ||
| name = "vpc-id" | ||
| values = [data.aws_vpc.eks_vpc.id] | ||
| } | ||
| } | ||
|
|
||
| data "aws_subnet" "subnets" { | ||
| for_each = toset(data.aws_subnets.subnets.ids) | ||
| id = each.key | ||
| } | ||
|
|
||
| data "aws_ebs_default_kms_key" "current" {} | ||
|
|
||
| data "aws_kms_key" "ebs_key" { | ||
| key_id = data.aws_ebs_default_kms_key.current.key_arn | ||
| } | ||
|
|
||
| locals { | ||
| vpc_id = data.aws_vpc.eks_vpc.id | ||
| vpc_cidr_block = data.aws_vpc.eks_vpc.cidr_block | ||
| subnets = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0] | ||
|
|
||
| base_tags = { | ||
| "eks-cluster-name" = var.cluster_name | ||
| "boc:tf_module_version" = local._module_version | ||
| "boc:created_by" = "terraform" | ||
| CostAllocation = var.tag_costallocation | ||
| } | ||
| } | ||
|
|
||
| resource "kubernetes_storage_class" "gp3_encrypted" { | ||
| metadata { | ||
| name = "gp3-encrypted" | ||
| annotations = { | ||
| "storageclass.kubernetes.io/is-default-class" = "true" | ||
| } | ||
| } | ||
| parameters = { | ||
| fsType = "ext4" | ||
| type = "gp3" | ||
| encrypted = "true" | ||
| # kms_key_id = data.aws_kms_key.ebs_key.arn | ||
| kmsKeyId = data.aws_kms_key.ebs_key.arn | ||
| } | ||
| storage_provisioner = "ebs.csi.aws.com" | ||
| reclaim_policy = "Delete" | ||
| volume_binding_mode = "Immediate" | ||
| allow_volume_expansion = "true" | ||
| } | ||
|
|
||
| resource "kubernetes_storage_class" "ebs_encrypted" { | ||
| metadata { | ||
| name = "gp2-encrypted" | ||
| annotations = { | ||
| "storageclass.kubernetes.io/is-default-class" = "false" | ||
| } | ||
| } | ||
| parameters = { | ||
| fsType = "ext4" | ||
| type = "gp2" | ||
| encrypted = "true" | ||
| # kms_key_id = data.aws_kms_key.ebs_key.arn | ||
| kmsKeyId = data.aws_kms_key.ebs_key.arn | ||
| } | ||
| storage_provisioner = "kubernetes.io/aws-ebs" | ||
| reclaim_policy = "Delete" | ||
| volume_binding_mode = "Immediate" | ||
| allow_volume_expansion = "true" | ||
| } | ||
|
|
||
| module "efs" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-efs.git" | ||
|
|
||
| name = var.cluster_name | ||
| vpc_id = local.vpc_id | ||
| subnet_ids = local.subnets | ||
| security_groups = [var.security_group_all_worker_mgmt_id] | ||
|
|
||
| tags = merge( | ||
| local.base_tags, | ||
| var.tags, | ||
| tomap({ "efs.csi.aws.com/cluster" = "true" }), | ||
| ) | ||
| } | ||
|
|
||
| resource "kubernetes_storage_class" "efs-sc" { | ||
| depends_on = [module.efs] | ||
|
|
||
| metadata { | ||
| name = "efs" | ||
| } | ||
| storage_provisioner = "efs.csi.aws.com" | ||
| parameters = { | ||
| provisioningMode = "efs-ap" | ||
| fileSystemId = module.efs.id | ||
| directoryPerms = "700" | ||
| } | ||
| mount_options = ["tls"] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| ################################################################################ | ||
| # Module information | ||
| ################################################################################ | ||
|
|
||
| output "module_name" { | ||
| description = "The name of this module." | ||
| value = local._module_name | ||
| } | ||
|
|
||
| output "module_version" { | ||
| description = "The version of this module." | ||
| value = local._module_version | ||
| } | ||
|
|
||
| ################################################################################ | ||
| # Storage classes | ||
| ################################################################################ | ||
|
|
||
| output "rwo_storage_class" { | ||
| description = "Kubernetes storage class that supports read/write once." | ||
| value = kubernetes_storage_class.gp3_encrypted.metadata[0].name | ||
| } | ||
|
|
||
| output "rwx_storage_class" { | ||
| description = "Kubernetes storage class that supports read/write many." | ||
| value = kubernetes_storage_class.efs-sc.metadata[0].name | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| terraform { | ||
| required_version = ">= 0.13" | ||
|
|
||
| required_providers { | ||
| aws = { | ||
| source = "hashicorp/aws" | ||
| version = ">= 5.14.0" | ||
| } | ||
| kubernetes = { | ||
| source = "hashicorp/kubernetes" | ||
| version = ">= 2.23.0" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| variable "cluster_name" { | ||
| description = "EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev)" | ||
| type = string | ||
| } | ||
|
|
||
| variable "vpc_name" { | ||
| description = "Define the VPC name that will be used by this cluster" | ||
| type = string | ||
| } | ||
|
|
||
| variable "subnets_name" { | ||
| description = "Define the name of the subnets to be used by this cluster" | ||
| type = string | ||
| default = "*-container-*" | ||
| } | ||
|
|
||
| variable "security_group_all_worker_mgmt_id" { | ||
| description = "The security group representing all of the worker nodes in the cluster." | ||
| type = string | ||
| } | ||
|
|
||
| variable "tag_costallocation" { | ||
| description = "Tag CostAllocation (default)" | ||
| type = string | ||
| default = "csvd:infrastructure" | ||
| } | ||
|
|
||
| variable "tags" { | ||
| description = "AWS Tags to apply to appropriate resources" | ||
| type = map(string) | ||
| default = {} | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| locals { | ||
| _module_name = "tfmod-eks-storage-classes" | ||
| _module_version = "unknown" | ||
| } |