From 00e2c5c56f075cb32ea26dd4d1afb64f141d53e4 Mon Sep 17 00:00:00 2001
From: Anthony Zawacki <anthony.c.zawacki@census.gov>
Date: Tue, 26 Sep 2023 14:19:37 -0400
Subject: [PATCH] Moved kubernetes/helm stuff to another module because they
 cause issues with updates.

---
 cluster_autoscaler.tf | 78 -------------------------------------------
 copy_images.tf        | 45 -------------------------
 eks_console_access.tf | 55 ------------------------------
 main.tf               | 32 ------------------
 outputs.tf            | 20 -----------
 requirements.tf       | 12 -------
 6 files changed, 242 deletions(-)
 delete mode 100644 cluster_autoscaler.tf
 delete mode 100644 copy_images.tf
 delete mode 100644 eks_console_access.tf

diff --git a/cluster_autoscaler.tf b/cluster_autoscaler.tf
deleted file mode 100644
index 0d1db1e..0000000
--- a/cluster_autoscaler.tf
+++ /dev/null
@@ -1,78 +0,0 @@
-locals {
-  # https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html
-  autoscale_tags = {
-    format("k8s.io/cluster-autoscaler/%v", var.cluster_name) = "owned"
-    "k8s.io/cluster-autoscaler/enabled"                      = "TRUE"
-  }
-
-  ng_asg_name = module.cluster.eks_managed_node_groups["node_group"].node_group_resources[0].autoscaling_groups[0].name
-}
-
-resource "aws_autoscaling_group_tag" "on-demand" {
-  autoscaling_group_name = local.ng_asg_name
-  tag {
-    key                 = "k8s.io/cluster-autoscaler/node-template/label/eks.amazonaws.com/capacityType"
-    value               = "ON_DEMAND"
-    propagate_at_launch = true
-  }
-}
-
-data "kubernetes_namespace" "kube-system" {
-  depends_on = [
-    module.cluster.eks_managed_node_groups,
-  ]
-
-  metadata {
-    name = "kube-system"
-  }
-}
-
-resource "helm_release" "cluster-autoscaler" {
-  depends_on = [
-    module.images,
-    module.cluster.eks_managed_node_groups,
-  ]
-
-  chart      = "cluster-autoscaler"
-  name       = "cluster-autoscaler"
-  version    = var.cluster_autoscaler_chart_version
-  namespace  = data.kubernetes_namespace.kube-system.metadata[0].name
-  repository = "https://kubernetes.github.io/autoscaler"
-
-  set {
-    name = "image.repository"
-    value = format("%v/%v",
-      module.images.images[local.autoscaler_key].dest_registry,
-      module.images.images[local.autoscaler_key].dest_repository
-    )
-  }
-  set {
-    name  = "image.tag"
-    value = module.images.images[local.autoscaler_key].tag
-  }
-  set {
-    name  = "autoDiscovery.clusterName"
-    value = var.cluster_name
-  }
-  set {
-    name  = "awsRegion"
-    value = var.region
-  }
-
-  set {
-    name  = "rbac.serviceAccount.name"
-    value = "cluster-autoscaler"
-  }
-
-  set {
-    name  = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
-    value = module.cluster_autoscaler_irsa_role.iam_role_arn
-  }
-
-  set {
-    name  = "rbac.serviceAccount.create"
-    value = "false"
-  }
-}
-
-
diff --git a/copy_images.tf b/copy_images.tf
deleted file mode 100644
index a5134e1..0000000
--- a/copy_images.tf
+++ /dev/null
@@ -1,45 +0,0 @@
-locals {
-  autoscaler_key = format("%v#%v", "cluster-autoscaler", var.cluster_autoscaler_tag)
-  kubectl_key    = format("%v#%v", "kubectl", var.kubectl_image_tag)
-
-  image_config = [
-    {
-      enabled         = true
-      dest_path       = null
-      name            = "cluster-autoscaler"
-      source_image    = "autoscaling/cluster-autoscaler"
-      source_registry = "registry.k8s.io"
-      source_tag      = null
-      tag             = var.cluster_autoscaler_tag
-    },
-    {
-      enabled         = true
-      dest_path       = null
-      name            = "kubectl"
-      source_image    = "bitnami/kubectl"
-      source_registry = "docker.io"
-      source_tag      = var.kubectl_image_tag
-      tag             = var.kubectl_image_tag
-    },
-  ]
-}
-
-module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2"
-
-  profile          = var.profile
-  application_name = var.cluster_name
-  image_config     = local.image_config
-  tags             = {}
-
-  ### optional
-  ##  account_alias        = ""
-  ##  account_id           = ""
-  ##  destination_password = ""
-  ##  destination_username = ""
-  ##  override_prefixes    = {}
-  ##  region               = ""
-  ##  source_password      = ""
-  ##  source_username      = ""
-}
-
diff --git a/eks_console_access.tf b/eks_console_access.tf
deleted file mode 100644
index 04b9032..0000000
--- a/eks_console_access.tf
+++ /dev/null
@@ -1,55 +0,0 @@
-# ```shell
-# curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-full-access.yaml
-# curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-restricted-access.yaml
-# ```
-#
-# For full console, we'll use the first one.
-#
-# ```console
-# % kubectl apply -f eks-console-full-access.yaml
-# clusterrole.rbac.authorization.k8s.io/eks-console-dashboard-full-access-clusterrole created
-# clusterrolebinding.rbac.authorization.k8s.io/eks-console-dashboard-full-access-binding created
-# ```
-
-locals {
-  cluster_roles = [
-    {
-      name    = "eks-console-full-access"
-      url     = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-full-access.yaml"
-      enabled = true
-    },
-    {
-      name    = "eks-console-restricted-access"
-      url     = "https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-restricted-access.yaml"
-      enabled = false
-    },
-  ]
-  cluster_roles_map = { for cr in local.cluster_roles : cr.name => cr }
-}
-
-
-data "http" "cluster_roles" {
-  for_each = local.cluster_roles_map
-  url      = each.value.url
-}
-
-data "kubectl_file_documents" "access_documents" {
-  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
-
-  content = data.http.cluster_roles[each.key].body
-}
-
-locals {
-  all_access_documents = flatten([
-    for cr_name, cr_data in local.cluster_roles_map : [
-      for doc in data.kubectl_file_documents.access_documents[cr_name].manifests : doc
-    ] if cr_data.enabled
-  ])
-}
-
-resource "kubectl_manifest" "deploy_cluster_roles" {
-  count = length(local.all_access_documents)
-
-  yaml_body = local.all_access_documents[count.index]
-}
-
diff --git a/main.tf b/main.tf
index 1d9184f..e39cb59 100644
--- a/main.tf
+++ b/main.tf
@@ -1,35 +1,3 @@
-data "aws_eks_cluster" "eks" {
-  depends_on = [
-    module.cluster.eks_managed_node_groups,
-  ]
-
-  name = module.cluster.cluster_name
-}
-
-provider "kubernetes" {
-  host                   = data.aws_eks_cluster.eks.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
-
-  exec {
-    api_version = "client.authentication.k8s.io/v1beta1"
-    command     = "aws"
-    args        = ["eks", "get-token", "--cluster-name", module.cluster.cluster_name, "--region", var.region]
-  }
-}
-
-provider "helm" {
-  kubernetes {
-    host                   = data.aws_eks_cluster.eks.endpoint
-    cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
-
-    exec {
-      api_version = "client.authentication.k8s.io/v1beta1"
-      command     = "aws"
-      args        = ["eks", "get-token", "--cluster-name", module.cluster.cluster_name, "--region", var.region]
-    }
-  }
-}
-
 data "aws_vpc" "eks_vpc" {
   filter {
     name   = "tag:Name"
diff --git a/outputs.tf b/outputs.tf
index e6c12c0..73f5b09 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -287,23 +287,3 @@ output "self_managed_node_groups_autoscaling_group_names" {
 # Additional
 ################################################################################
 
-output "kubectl_image_full_path" {
-  description = "The full URI to access the kubectl image including the registry/repository:tag"
-  value       = module.images.images[local.kubectl_key].dest_full_path
-}
-
-output "kubectl_image_registry" {
-  description = "The registry portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].dest_registry
-}
-
-output "kubectl_image_repository" {
-  description = "The repository portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].dest_repository
-}
-
-output "kubectl_image_tag" {
-  description = "The tag portion of the URI to access the kubectl image"
-  value       = module.images.images[local.kubectl_key].tag
-}
-
diff --git a/requirements.tf b/requirements.tf
index 0217407..1bc9dda 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -10,22 +10,10 @@ terraform {
       source  = "hashicorp/cloudinit"
       version = ">= 2.3.2"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.11.0"
-    }
     http = {
       source  = "hashicorp/http"
       version = ">= 3.4.0"
     }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.23.0"
-    }
     null = {
       source  = "hashicorp/null"
       version = ">= 3.2.1"