From 3a96b41deb0dafd91a176ffc606388b7a31bf5aa Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Wed, 3 Jul 2024 20:52:35 -0400
Subject: [PATCH 1/2] add efs filesystem and update copy images for lifecycle
 policy

---
 copy_images.tf        |  21 +++++-
 efs-filesystem.tf.off | 149 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 168 insertions(+), 2 deletions(-)
 create mode 100644 efs-filesystem.tf.off

diff --git a/copy_images.tf b/copy_images.tf
index a5134e1..efc63f8 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -25,7 +25,7 @@ locals {
 }
 
 module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
 
   profile          = var.profile
   application_name = var.cluster_name
@@ -41,5 +41,22 @@ module "images" {
   ##  region               = ""
   ##  source_password      = ""
   ##  source_username      = ""
-}
 
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+
+  data "aws_ecr_lifecycle_policy_document" "pushed" {
+    rule {
+      priority    = 1
+      description = "keep images tagged test, last push 28 days ago"
+
+      selection {
+        tag_status       = "tagged"
+        # tag_pattern_list = ["*test*"]
+        count_type       = "sinceImagePushed"
+        count_number     = 28
+        count_unit       = days
+      }
+    }
+  }
+}
diff --git a/efs-filesystem.tf.off b/efs-filesystem.tf.off
new file mode 100644
index 0000000..a382e08
--- /dev/null
+++ b/efs-filesystem.tf.off
@@ -0,0 +1,149 @@
+# -------------------------------------------------------------------------------------
+# EKS-EFS - Creates an EFS volume and Kubernetes resources to use it
+# -------------------------------------------------------------------------------------
+locals {
+  efs_access_points = [
+    {
+      label           = "data-logs"
+      name            = "data-logs"
+      path            = "/data_logs"
+      owner_uid       = 51000
+      owner_gid       = 51000
+      permissions     = "755"
+      claim_name      = "logs"
+      claim_namespace = "logs"
+    },
+    {
+      label           = "data-apps"
+      name            = "data-apps"
+      path            = "/data_apps"
+      owner_uid       = 51000
+      owner_gid       = 51000
+      permissions     = "755"
+      claim_name      = "apps"
+      claim_namespace = "apps"
+    },
+  ]
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Namespace
+# -------------------------------------------------------------------------------------
+resource "kubernetes_namespace" "efs_namespace" {
+  for_each = { for ap in local.efs_access_points : ap.label => ap }
+  metadata {
+    name = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+  }
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Access Point
+# -------------------------------------------------------------------------------------
+resource "aws_efs_access_point" "efs_ap" {
+  for_each       = { for ap in local.efs_access_points : ap.name => ap }
+  file_system_id = module.efs.id
+  root_directory {
+    path = each.value.path
+    creation_info {
+      owner_uid   = each.value.owner_uid
+      owner_gid   = each.value.owner_gid
+      permissions = each.value.permissions
+    }
+  }
+
+  tags = merge(
+    local.base_tags,
+    # local.common_tags,
+    # var.application_tags,
+    tomap({ "Name" = format("%v-efs-access-point_%v", var.cluster_name, each.key) }),
+  )
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume" "efs_ap" {
+  for_each = { for ap in local.efs_access_points : ap.name => ap }
+  metadata {
+    name = format("efs-%v-pv", each.key)
+  }
+  spec {
+    capacity = {
+      storage = "1Gi"
+    }
+    claim_ref {
+      name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+      namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+    }
+    access_modes                     = ["ReadWriteMany"]
+    persistent_volume_reclaim_policy = "Retain"
+    volume_mode                      = "Filesystem"
+    storage_class_name               = "efs"
+    persistent_volume_source {
+      csi {
+        driver        = "efs.csi.aws.com"
+        volume_handle = format("%v:%v:%v", module.efs.id, "", aws_efs_access_point.efs_ap[each.key].id)
+      }
+    }
+  }
+}
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume Claim Per AP
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume_claim" "efs_ap" {
+  for_each = { for ap in local.efs_access_points : ap.name => ap }
+  metadata {
+    name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+    namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
+  }
+  wait_until_bound = false
+  spec {
+    access_modes       = ["ReadWriteMany"]
+    storage_class_name = "efs"
+    resources {
+      requests = {
+        storage = "1Gi"
+      }
+    }
+  }
+  depends_on = [kubernetes_persistent_volume.efs_ap]
+}
+
+# -------------------------------------------------------------------------------------
+# EFS Persistent Volume Base Claim
+# -------------------------------------------------------------------------------------
+resource "kubernetes_persistent_volume_claim" "pvc_efs-cluster-base" {
+  depends_on = [kubernetes_storage_class.efs-sc]
+  metadata {
+    name = format("%v%v-%v", "eks-", var.cluster_name, "base-claim")
+  }
+  wait_until_bound = false
+  spec {
+    access_modes = ["ReadWriteMany"]
+    resources {
+      requests = {
+        storage = "25Gi"
+      }
+    }
+    storage_class_name = "efs"
+  }
+}
+
+output "efs_ap_ids" {
+  description = "EFS AccessPoint IDs"
+  value       = { for k, v in aws_efs_access_point.efs_ap : k => v.id }
+}
+
+## # apiVersion: v1
+## # kind: PersistentVolumeClaim
+## # metadata:
+## #   name: ditd-gups-dev1-data1-geoserver-claim
+## # spec:
+## #   accessModes:
+## #     - ReadWriteMany
+## #   storageClassName: efs-sc
+## #   resources:
+## #     requests:
+## #       storage: 5Gi
+## # 
+## 

From 0fe1ca8e226474ff1ecf49c13b9e2d4dff4a0cc7 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Wed, 3 Jul 2024 22:34:55 -0400
Subject: [PATCH 2/2] unneeded

---
 copy_images.tf | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/copy_images.tf b/copy_images.tf
index efc63f8..5bdc99e 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -45,18 +45,4 @@ module "images" {
   enable_lifecycle_policy = true
   lifecycle_policy_all    = true
 
-  data "aws_ecr_lifecycle_policy_document" "pushed" {
-    rule {
-      priority    = 1
-      description = "keep images tagged test, last push 28 days ago"
-
-      selection {
-        tag_status       = "tagged"
-        # tag_pattern_list = ["*test*"]
-        count_type       = "sinceImagePushed"
-        count_number     = 28
-        count_unit       = days
-      }
-    }
-  }
 }