diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3d8476f..f13d51f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,7 +37,7 @@ repos: # Terraform Hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt args: @@ -94,6 +94,6 @@ repos: # - --hook-config=--parallelism-ci-cpu-cores=2 - repo: https://github.com/ljnsn/cz-conventional-gitmoji - rev: v0.3.2 + rev: v0.3.3 hooks: - id: conventional-gitmoji diff --git a/CHANGELOG.md b/CHANGELOG.md index 7dd3b19..e69de29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,34 +0,0 @@ -## 0.1.0 (2024-08-02) - -### ✨ Features - -- **main.tf**: added adot, snapshot-controller, and updated docs -- **amazon-cloudwatch-observability**: add cloudwatch addon instead of cloudwatch module - -### 🐛🚑️ Fixes - -- **main.tf**: no adot avail for 1.30 -- **main.tf**: remove operators due to timing issues -- **main.tf**: add time_sleep before operators create -- **main.tf**: removed invalied property >>> ⏰ 1m -- **main.tf**: add short sleep after kube update -- **main.tf**: update depends_on -- **main.tf**: fix irsa_role ref from update >>> ⏰ 5m -- **irsa_roles.tf**: use cannonical module ref -- **irsa_roles.tf**: update vars from module -- **dns_zones.tf**: added cluster name tag to vpc -- **dummy-vpc**: add filter and tag for dummy-vpc - -### 💚👷 CI & Build - -- **.cz.yaml**: update commitizen to use scm for version -- **cz**: update cz to use scm for version -- **test.yml**: added test.yml to demonstrate how commitizen and pre-commit-hooks work >>> ⏰ 15m -- **.github/dependabot.yml**: add dependabot for terraform -- **.cz.yaml**: add commitizen config file >>> ⏰ 2h - -### 📝💡 Documentation - -- update resource counts on apply/destroy -- **changelog**: moved old changelog to changelog.md -- **CHANGELOG.md**: added a changelog by running cz ch >>> ⏰ 15m diff --git a/README.md b/README.md index 3c36609..7d5c878 100644 --- a/README.md +++ b/README.md @@ -1,73 +1,7 @@ -# tfmod-eks -Create an EKS cluster given the specification of the cluster. +# tfmod-eks-dns +This module is designed to add DNS to an EKS cluster through the creation of the route53_zone for the cluster domain. -The module creates an EKS cluster named cluster_name in the region using kuberenetes version cluster_version with eks_ng_desired_size nodes initially. The services in the cluster will be accessible using hostnames for the services ending with the cluster_name.domain fully qualified domain name. The cluster-autoscaler will resize the node group based upon capacity from a minimum of eks_ng_min_size to a maximum of eks_ng_max_size. The eks_instance_types is a prioritized list of instance types to use as the worker nodes. Note that it is best if the vCPU and Mem sizes of all of the instance types are the same. - -The cluster is configured with an oidc provider allowing service accounts to be configured with IRSA roles as needed. - -## Addons -Addons installed: - -* amazon-cloudwatch-observability -* aws-ebs-csi-driver -* aws-efs-csi-driver -* coredns -* kube-proxy -* snapshot-controller - -### Apply -Successful completion should show: -```terraform -Apply complete! Resources: 80 added, 0 changed, 0 destroyed. -real 12m24.922s -user 0m17.709s -sys 0m2.079s -``` - -### Destroy -Successful destroy should show: -```terraform -Destroy complete! Resources: 80 destroyed. -real 10m48.444s -user 0m17.624s -sys 0m2.040s -``` - -### Verification - -To verify the nodes were created, use kubectl like -`kubectl get nodes` which should ouput: - -```bash -[morga471@iebcloud terraform]$ k get nodes -NAME STATUS ROLES AGE VERSION -ip-10-129-62-142.us-gov-east-1.compute.internal Ready 4m7s v1.30.1-eks-e564799 -``` - -To verify the pods for the base cluster were created, use kubectl like -`k get pods -A` - -```bash -[morga471@iebcloud terraform]$ k get pods -A -NAMESPACE NAME READY STATUS RESTARTS AGE -amazon-cloudwatch amazon-cloudwatch-observability-controller-manager-5c9d9677h2xf 1/1 Running 0 2m58s -amazon-cloudwatch cloudwatch-agent-95g5j 1/1 Running 0 2m52s -amazon-cloudwatch fluent-bit-cnp45 1/1 Running 0 2m58s -kube-system aws-node-dsdqg 2/2 Running 0 3m8s -kube-system coredns-5479bb6d65-c6x79 1/1 Running 0 3m11s -kube-system coredns-5479bb6d65-j74cm 1/1 Running 0 3m11s -kube-system ebs-csi-controller-7cd8c597d7-96j7p 6/6 Running 0 3m10s -kube-system ebs-csi-controller-7cd8c597d7-m48j8 6/6 Running 0 3m9s -kube-system ebs-csi-node-x555s 3/3 Running 0 3m10s -kube-system efs-csi-controller-85c5486b89-rdjk8 3/3 Running 0 3m9s -kube-system efs-csi-controller-85c5486b89-v6fx2 3/3 Running 0 3m9s -kube-system efs-csi-node-tz47s 3/3 Running 0 3m9s -kube-system kube-proxy-qbgbk 1/1 Running 0 4m12s -kube-system snapshot-controller-7f8d9b84dd-7w7qz 1/1 Running 0 3m10s -kube-system snapshot-controller-7f8d9b84dd-nqqsb 1/1 Running 0 3m10s -``` - -#### Changelog +## Changelog Change logs are auto-generated with commitizen. [CHANGELOG.md](CHANGELOG.md) @@ -77,52 +11,29 @@ Change logs are auto-generated with commitizen. | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 1.5 | | [aws](#requirement\_aws) | >= 5.14.0 | -| [null](#requirement\_null) | >= 3.2.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.67.0 | -| [aws.self](#provider\_aws.self) | 5.67.0 | -| [null](#provider\_null) | 3.2.3 | +| [aws](#provider\_aws) | 5.68.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | -| [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.24.0 | -| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | -| [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | | [route53\_cluster\_domain\_east](#module\_route53\_cluster\_domain\_east) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone | tf-upgrade | | [route53\_cluster\_domain\_west](#module\_route53\_cluster\_domain\_west) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone | tf-upgrade | -| [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | ## Resources | Name | Type | |------|------| -| [aws_ec2_tag.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource | | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_security_group.additional_eks_cluster_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group.all_worker_mgmt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group_rule.allow_sidecar_injection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [null_resource.kube_config_create](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source | -| [aws_iam_roles.roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_roles.sso_admins](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_roles.sso_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_roles) | data source | -| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source | -| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | -| [aws_subnets.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | -| [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | | [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | @@ -130,25 +41,12 @@ Change logs are auto-generated with commitizen. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no | -| [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | 
[
  "148.129.0.0/16",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | -| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | This allows to access the cluster from IEB cloud host | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | -| [cluster\_version](#input\_cluster\_version) | The Kubernetes version number to use for this EKS cluster. See https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.27"` | no | -| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster. | `number` | `80` | no | -| [eks\_instance\_types](#input\_eks\_instance\_types) | EKS worker node instance types | `list(string)` | 
[
  "t3.xlarge"
]
| no | -| [eks\_ng\_desired\_size](#input\_eks\_ng\_desired\_size) | Node Group desired size | `number` | `4` | no | -| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size | `number` | `15` | no | -| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size | `number` | `4` | no | -| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no | | [os\_username](#input\_os\_username) | OS username from environment variable, ideally as $USER | `string` | `null` | no | -| [profile](#input\_profile) | AWS config profile | `string` | `""` | no | | [region](#input\_region) | AWS config region | `string` | `""` | no | | [region\_map](#input\_region\_map) | AWS region map | `map(string)` | 
{
  "east": "us-gov-east-1",
  "west": "us-gov-west-1"
}
| no | | [route53\_endpoints](#input\_route53\_endpoints) | Map of target route53 endpoints (for inbound) central VPCs | `map(map(string))` | 
{
  "route53_main": {
    "account_id": "269244441389",
    "alias": "lab-gov-network-nonprod",
    "us-gov-east-1": "vpc-070595c5b133243dd",
    "us-gov-west-1": "vpc-08b7b4db6a5ddf9c1"
  }
}
| no | | [shared\_vpc\_label](#input\_shared\_vpc\_label) | Label to use for shared VPC for flowlogs and other things | `string` | `null` | no | -| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | -| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no | | [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | | [vpc\_domain\_name](#input\_vpc\_domain\_name) | The DNS domain name of the vpc the cluster is in. | `string` | n/a | yes | | [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes | @@ -157,49 +55,9 @@ Change logs are auto-generated with commitizen. | Name | Description | |------|-------------| -| [access\_entries](#output\_access\_entries) | The access\_entries object added to cluster | -| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | -| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | -| [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled | -| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | -| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | +| [cluster\_domain](#output\_cluster\_domain) | DNS Zone Name | | [cluster\_domain\_id](#output\_cluster\_domain\_id) | DNS Zone ID | -| [cluster\_domain\_name](#output\_cluster\_domain\_name) | DNS Zone Name | | [cluster\_domain\_ns](#output\_cluster\_domain\_ns) | DNS Zone Nameservers | -| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [cluster\_fqdn](#output\_cluster\_fqdn) | The cluster\_name.domain | -| [cluster\_iam\_role](#output\_cluster\_iam\_role) | The arn/name/unique\_id of the iam role for the cluster | -| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | -| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled | -| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | -| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | -| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | -| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group | -| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group | -| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | -| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | -| [cluster\_version](#output\_cluster\_version) | The Kubernetes version for the cluster | -| [ebs\_csi\_irsa\_role](#output\_ebs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the ebs-csi-driver addon | -| [efs\_csi\_irsa\_role](#output\_efs\_csi\_irsa\_role) | The arn/name/unique\_id of the irsa role for the efs-csi-driver addon | -| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created | -| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | -| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created | -| [kms\_key\_arn](#output\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the key | -| [kms\_key\_id](#output\_kms\_key\_id) | The globally unique identifier for the key | -| [kms\_key\_policy](#output\_kms\_key\_policy) | The IAM resource policy set on the key | | [module\_name](#output\_module\_name) | The name of this module. | | [module\_version](#output\_module\_version) | The version of this module. | -| [node\_group\_name](#output\_node\_group\_name) | name of the node group created for use by karpenter | -| [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group | -| [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group | -| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | -| [security\_group\_all\_worker\_mgmt\_id](#output\_security\_group\_all\_worker\_mgmt\_id) | The security group to manage all of the worker nodes. | -| [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | -| [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | -| [subnets](#output\_subnets) | The subnets configured for the VPC. | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block associated with the VPC. | -| [vpc\_cni\_irsa\_role](#output\_vpc\_cni\_irsa\_role) | The arn/name/unique\_id of the irsa role for the vpc-cni addon | -| [vpc\_id](#output\_vpc\_id) | The VPC id where the EKS cluster was deployed. | diff --git a/aws_data.tf b/aws_data.tf new file mode 100644 index 0000000..81d8da8 --- /dev/null +++ b/aws_data.tf @@ -0,0 +1,23 @@ +data "aws_vpc" "eks_vpc" { + filter { + name = "tag:Name" + values = [var.vpc_name] + } +} + +data "aws_caller_identity" "current" {} + +data "aws_arn" "current" { + arn = data.aws_caller_identity.current.arn +} + +#--- +# dummy vpc, so we can associate the zone to this account +#--- +data "aws_vpc" "dummy_vpc" { + count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0 + filter { + name = "tag:Name" + values = ["vpc0-dummy"] + } +} diff --git a/dns-providers.tf b/dns-providers.tf new file mode 100644 index 0000000..2fa7510 --- /dev/null +++ b/dns-providers.tf @@ -0,0 +1,28 @@ +#------------------------------------------------- +# Providers for Cross Account DNS Action +#------------------------------------------------- +provider "aws" { + alias = "route53_main_east" + region = var.region_map["east"] + assume_role { + role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id) + session_name = var.os_username + } +} + +provider "aws" { + alias = "route53_main_west" + region = var.region_map["west"] + assume_role { + role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id) + session_name = var.os_username + } +} + +provider "aws" { + alias = "self" + assume_role { + role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id) + session_name = var.os_username + } +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..45f3bbe --- /dev/null +++ b/main.tf @@ -0,0 +1,81 @@ +#------------------------------------------------- +# DNS Zone for EKS +#------------------------------------------------- + +#------------------------------------------------- +# Locals +#------------------------------------------------- + +locals { + cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name) + cluster_domain_name = format("%v.%v", var.cluster_name, local.vpc_domain_name) + region = var.region + vpc_domain_name = var.vpc_domain_name +} + +#------------------------------------------------- +# cluster_domain dns zone +#------------------------------------------------- + +resource "aws_route53_zone" "cluster_domain" { + name = local.cluster_domain_name + comment = local.cluster_domain_description + force_destroy = false + + vpc { + vpc_id = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id + vpc_region = local.region + } + + lifecycle { + ignore_changes = [vpc] + precondition { + condition = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (!(var.shared_vpc_label == null || var.shared_vpc_label == "") && !(var.vpc_domain_name == null || var.vpc_domain_name == "")) + error_message = "var.vpc_domain_name must be provided when shared VPCs are in use." + } + } + + tags = merge( + var.tags, + { "Name" = local.cluster_domain_name }, + ) +} + +#--- +# cluster domain associations with central networking account +# east region +#--- +module "route53_cluster_domain_east" { + + count = local.region == "us-gov-east-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0 + providers = { + aws.self = aws.self + aws.peer = aws.route53_main_east + } + + source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade" + region = "us-gov-east-1" + vpc_id = data.aws_vpc.eks_vpc.id + zone_ids = try([aws_route53_zone.cluster_domain.zone_id]) + + tags = var.tags +} + +#------------------------------------------------- +# west region +#------------------------------------------------- +module "route53_cluster_domain_west" { + + count = local.region == "us-gov-west-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0 + providers = { + aws.self = aws.self + aws.peer = aws.route53_main_west + } + + source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade" + region = "us-gov-west-1" + vpc_id = data.aws_vpc.eks_vpc.id + zone_ids = [aws_route53_zone.cluster_domain.zone_id] + + tags = var.tags +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..23bd6da --- /dev/null +++ b/outputs.tf @@ -0,0 +1,32 @@ +################################################################################ +# Module information +################################################################################ + +output "module_name" { + description = "The name of this module." + value = local.module_name +} + +output "module_version" { + description = "The version of this module." + value = local.module_version +} + +################################################################################ +# Networking information +################################################################################ + +output "cluster_domain" { + description = "DNS Zone Name" + value = aws_route53_zone.cluster_domain.name +} + +output "cluster_domain_id" { + description = "DNS Zone ID" + value = aws_route53_zone.cluster_domain.zone_id +} + +output "cluster_domain_ns" { + description = "DNS Zone Nameservers" + value = aws_route53_zone.cluster_domain.name_servers +} diff --git a/requirements.tf b/requirements.tf new file mode 100644 index 0000000..94a08f3 --- /dev/null +++ b/requirements.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.5" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.14.0" + } + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..72ab6a6 --- /dev/null +++ b/variables.tf @@ -0,0 +1,73 @@ +################################################################### +# cluster variables +################################################################### + +variable "cluster_name" { + description = "EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev)" + type = string +} + +################################################################### +# account variables +################################################################### + +variable "vpc_name" { + description = "Define the VPC name that will be used by this cluster" + type = string +} + +variable "vpc_domain_name" { + description = "The DNS domain name of the vpc the cluster is in." + type = string +} + +################################################################### +# Common variables +################################################################### + +variable "tags" { + description = "AWS Tags to apply to appropriate resources" + type = map(string) + default = {} +} + +variable "region" { + description = "AWS config region" + type = string + default = "" +} + +variable "os_username" { + description = "OS username from environment variable, ideally as $USER" + type = string + default = null +} + +################################################################### +# DNS variables +################################################################### + +variable "shared_vpc_label" { + description = "Label to use for shared VPC for flowlogs and other things" + type = string + default = null +} + +variable "region_map" { + description = "AWS region map" + type = map(string) + default = { "east" : "us-gov-east-1", "west" : "us-gov-west-1" } +} + +variable "route53_endpoints" { + description = "Map of target route53 endpoints (for inbound) central VPCs" + type = map(map(string)) + default = { + route53_main = { + "account_id" = "269244441389" + "alias" = "lab-gov-network-nonprod" + "us-gov-east-1" = "vpc-070595c5b133243dd" + "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1" + } + } +} diff --git a/version.tf b/version.tf new file mode 100644 index 0000000..83ac3c0 --- /dev/null +++ b/version.tf @@ -0,0 +1,4 @@ +locals { + module_name = "tfmod-eks-dns" + module_version = "0.0.1" +}