remove cruft and update readme

SCT-Engineering · Feb 18, 2025 · f27304f · f27304f
1 parent b0a72ed
commit f27304f
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 305 deletions.
diff --git a/README.md b/README.md
@@ -1,30 +1,113 @@
 # tfmod-eks-configuration
 
-The module configures an eks cluster with additional components after the cluster is created.
-
-- Storage classes
-  - A gp3-encrypted storage class is created and made the default storage class
-    - This storage class is returned as the `rwo_storage_class`
-  - A gp2-encrypted storage class is created
-  - An efs storage class is created
-    - This storage class is returned as the `rwx_storage_class`
-
-A successful apply will yield:
-Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
-Outputs:
-module_name = "tfmod-eks-configuration"
-module_version = "0.1.1"
-rwo_storage_class = "gp3-encrypted"
-rwx_storage_class = "efs"
-real    2m4.048s
-user    0m23.112s
-sys     0m3.855s
-
-A successful destroy will yield:
-Destroy complete! Resources: 14 destroyed.
-real    0m43.539s
-user    0m17.060s
-sys     0m2.015s
+This module configures an EKS cluster with essential components and best practices after cluster creation.
+
+## Features
+
+### Storage Classes
+- **GP3 Encrypted (Default)**
+  - Support for ReadWriteOnce (RWO)
+  - Volume binding mode: WaitForFirstConsumer
+  - Automatic encryption using AWS KMS
+  - Configured as cluster default
+
+- **GP2 Encrypted (Legacy)**
+  - Support for ReadWriteOnce (RWO)
+  - Volume binding mode: Immediate
+  - Maintained for backwards compatibility
+
+- **EFS (Shared Storage)**
+  - Support for ReadWriteMany (RWX)
+  - Automatic encryption
+  - Lifecycle policy: transition to IA after 30 days
+  - Perfect for shared storage needs
+
+### Namespace Management
+- Dedicated `operators` namespace for cluster operators
+- Secure default network policies
+- Standardized labels for resource tracking
+
+### Security
+- Default network policies for operator namespace
+- Encrypted storage by default
+- TLS-enabled EFS mounts
+- Restricted egress policies
+
+### AWS Console Access
+- Full and restricted access roles
+- Helm-managed deployments
+- Standard RBAC configurations
+
+## Usage
+
+Basic usage to configure cluster storage and operators:
+
+```hcl
+module "eks_configuration" {
+  source = "git@github.e.it.census.gov:SOA/tfmod-eks-configuration.git//"
+
+  cluster_name = "my-cluster"
+  vpc_id       = "vpc-1234567890abcdef0"
+  subnets      = ["subnet-1234567890abcdef0", "subnet-0fedcba0987654321"]
+
+  security_group_all_worker_mgmt_id = "sg-1234567890abcdef0"
+  release_version                   = "1.0.0"
+
+  tags = {
+    Environment = "production"
+    Project     = "platform"
+  }
+}
+```
+
+### Verifying the Installation
+
+1. Check storage classes:
+```bash
+$ kubectl get storageclasses
+NAME                            PROVISIONER             AGE
+gp3-encrypted (default)        ebs.csi.aws.com        10m
+gp2-encrypted                  kubernetes.io/aws-ebs   10m
+efs                           efs.csi.aws.com         10m
+```
+
+2. Verify operator namespace:
+```bash
+$ kubectl get namespace operators --show-labels
+NAME        STATUS   AGE   LABELS
+operators   Active   10m   app.kubernetes.io/managed-by=terraform,app.kubernetes.io/part-of=my-cluster
+```
+
+3. Test EFS storage:
+```bash
+$ kubectl -n operators create -f - <<EOF
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: test-efs
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: efs
+  resources:
+    requests:
+      storage: 5Gi
+EOF
+```
+
+## Metrics
+
+### Deployment Times
+- Apply: ~2-3 minutes
+- Destroy: ~1 minute
+
+### Resource Count
+- Total resources: 14
+  - 3 Storage Classes
+  - 1 EFS Filesystem
+  - 1 Namespace
+  - Multiple RBAC resources
+  - Network policies
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements

diff --git a/cluster_autoscaler.tf.off b/cluster_autoscaler.tf.off
diff --git a/copy_images.tf.off b/copy_images.tf.off