From 551b6f75206c559b8a4cd4b8441cb3b244ec5248 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 3 Jul 2024 20:51:51 -0400 Subject: [PATCH 1/9] increase default fs size --- variables.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index 3310d87..8cd358a 100644 --- a/variables.tf +++ b/variables.tf @@ -40,7 +40,7 @@ variable "domain" { variable "eks_instance_disk_size" { description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster." type = number - default = 40 + default = 80 } variable "eks_instance_types" { @@ -106,4 +106,3 @@ variable "aws_environment" { type = string default = "" } - From f8fc3a3a9933b26bfe65e9c6587a1ed9c29e1ffc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 3 Jul 2024 21:29:36 -0400 Subject: [PATCH 2/9] comment domain --- variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/variables.tf b/variables.tf index 8cd358a..aa6c601 100644 --- a/variables.tf +++ b/variables.tf @@ -32,10 +32,10 @@ variable "subnets_name" { default = "*-container-*" } -variable "domain" { - description = "The DNS domain name of the cluster." - type = string -} +# variable "domain" { +# description = "The DNS domain name of the cluster." +# type = string +# } variable "eks_instance_disk_size" { description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster." From 423740049a23f6e945e5c258b9daaa6096ec2abd Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 3 Jul 2024 22:27:28 -0400 Subject: [PATCH 3/9] uncomment --- variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/variables.tf b/variables.tf index aa6c601..8cd358a 100644 --- a/variables.tf +++ b/variables.tf @@ -32,10 +32,10 @@ variable "subnets_name" { default = "*-container-*" } -# variable "domain" { -# description = "The DNS domain name of the cluster." -# type = string -# } +variable "domain" { + description = "The DNS domain name of the cluster." + type = string +} variable "eks_instance_disk_size" { description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster." From 712ca1623a27dadd00aa27648c37246974225377 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 19:58:53 -0400 Subject: [PATCH 4/9] add kubectl update --- .gitignore | 38 -------------------------------------- main.tf | 43 +++++++++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 54 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 7c1cae9..0000000 --- a/.gitignore +++ /dev/null @@ -1,38 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# terraform lock file. -**/.terraform.lock.hcl - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, -# such as password, private keys, and other secrets. These should not be -# part of version control as they are data points which are potentially -# sensitive and subject to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources -# locally and so are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc - diff --git a/main.tf b/main.tf index 20aec65..1ab58d7 100644 --- a/main.tf +++ b/main.tf @@ -55,20 +55,20 @@ locals { # This below is just an example, in practice we'd notionally be creating a role (or multiple) specific to the cluster and setting policy # to allow the cluster users to assume said role; but we need to spend some time parsing what exactly are the permissions we plan to hand # out to these clusters. - # access_entries = { - # inf-admin-t2 = { - # principal_arn = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa" - # kubernetes_groups = [] - # policy_associations = { - # admin = { - # policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" - # access_scope = { - # type = "cluster" - # } - # } - # } - # } - # } + access_entries = { + inf-admin-t2 = { + principal_arn = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa" + kubernetes_groups = [] + policy_associations = { + admin = { + policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + access_scope = { + type = "cluster" + } + } + } + } + } } module "cluster" { @@ -79,7 +79,7 @@ module "cluster" { cluster_version = var.cluster_version cluster_endpoint_public_access = var.cluster_endpoint_public_access enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions - # access_entries = local.access_entries + access_entries = local.access_entries cluster_enabled_log_types = [ "audit", @@ -166,6 +166,18 @@ resource "aws_security_group_rule" "allow_sidecar_injection" { source_security_group_id = module.cluster.cluster_primary_security_group_id } +################################################################# +# Update KubeConfig after cluster complete +################################################################ +resource "null_resource" "kube_config_create" { + depends_on = [module.eks.cluster_name] + provisioner "local-exec" { + interpreter = ["/bin/bash", "-c"] + command = "aws eks --region ${var.region} update-kubeconfig --name ${module.eks.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" + } +} + + # resource "kubernetes_namespace" "operators" { # depends_on = [ # module.cluster.eks_managed_node_groups, @@ -175,4 +187,3 @@ resource "aws_security_group_rule" "allow_sidecar_injection" { # name = var.operators_ns # } # } - From 55879dfb6e8519a1a4f8f07e1c2591f4227509d7 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 20:03:51 -0400 Subject: [PATCH 5/9] update ref --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 1ab58d7..199db29 100644 --- a/main.tf +++ b/main.tf @@ -170,10 +170,10 @@ resource "aws_security_group_rule" "allow_sidecar_injection" { # Update KubeConfig after cluster complete ################################################################ resource "null_resource" "kube_config_create" { - depends_on = [module.eks.cluster_name] + depends_on = [module.cluster.cluster_name] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = "aws eks --region ${var.region} update-kubeconfig --name ${module.eks.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" + command = "aws eks --region ${var.region} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" } } From 07acdfa5ccd89e44a5e9e0f37e5b2268356f7c89 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 20:23:24 -0400 Subject: [PATCH 6/9] add version --- main.tf | 2 +- version.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 199db29..1c21103 100644 --- a/main.tf +++ b/main.tf @@ -173,7 +173,7 @@ resource "null_resource" "kube_config_create" { depends_on = [module.cluster.cluster_name] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = "aws eks --region ${var.region} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" + command = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${local.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" } } diff --git a/version.tf b/version.tf index 801cf4b..64fd1a4 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,4 @@ locals { _module_name = "tfmod-eks" - _module_version = "unknown" + _module_version = "0.0.1-mcm" } From c3985ea88dccdd95b90e1de1b5f20027b56fb809 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 20:28:28 -0400 Subject: [PATCH 7/9] use module input --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 1c21103..04fd1e5 100644 --- a/main.tf +++ b/main.tf @@ -173,7 +173,7 @@ resource "null_resource" "kube_config_create" { depends_on = [module.cluster.cluster_name] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${local.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" + command = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${module.cluster.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" } } From d64e45b79c7c4837307acfe8b979479e61e6055d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 20:33:31 -0400 Subject: [PATCH 8/9] add profile as a var --- main.tf | 2 +- variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 04fd1e5..074159b 100644 --- a/main.tf +++ b/main.tf @@ -173,7 +173,7 @@ resource "null_resource" "kube_config_create" { depends_on = [module.cluster.cluster_name] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${module.cluster.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" + command = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config" } } diff --git a/variables.tf b/variables.tf index 8cd358a..eb16b7f 100644 --- a/variables.tf +++ b/variables.tf @@ -101,6 +101,12 @@ variable "tags" { default = {} } +variable "profile" { + description = "AWS config profile" + type = string + default = "" +} + variable "aws_environment" { description = "AWS Environment (govcloud | east-west)" type = string From c43aebd525bdf9f915e3c12d05e863ef71c7409a Mon Sep 17 00:00:00 2001 From: Matthew Creal Morgan Date: Thu, 18 Jul 2024 22:10:28 -0700 Subject: [PATCH 9/9] Update version.tf --- version.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.tf b/version.tf index 64fd1a4..c703b7b 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,4 @@ locals { _module_name = "tfmod-eks" - _module_version = "0.0.1-mcm" + _module_version = "0.0.1" }