Lokiv3

main.tf

@@ -55,20 +55,20 @@ locals {
   # This below is just an example, in practice we'd notionally be creating a role (or multiple) specific to the cluster and setting policy
   # to allow the cluster users to assume said role; but we need to spend some time parsing what exactly are the permissions we plan to hand 
   # out to these clusters.
-  # access_entries = {
-  #   inf-admin-t2 = {
-  #     principal_arn     = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
-  #     kubernetes_groups = []
-  #     policy_associations = {
-  #       admin = {
-  #         policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
-  #         access_scope = {
-  #           type = "cluster"
-  #         }
-  #       }
-  #     }
-  #   }
-  # }
+  access_entries = {
+    inf-admin-t2 = {
+      principal_arn     = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      kubernetes_groups = []
+      policy_associations = {
+        admin = {
+          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          access_scope = {
+            type = "cluster"
+          }
+        }
+      }
+    }
+  }
 }
 
 module "cluster" {
@@ -79,7 +79,7 @@ module "cluster" {
   cluster_version                          = var.cluster_version
   cluster_endpoint_public_access           = var.cluster_endpoint_public_access
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
-  # access_entries                           = local.access_entries
+  access_entries                           = local.access_entries
 
   cluster_enabled_log_types = [
     "audit",
@@ -166,6 +166,18 @@ resource "aws_security_group_rule" "allow_sidecar_injection" {
   source_security_group_id = module.cluster.cluster_primary_security_group_id
 }
 
+#################################################################
+# Update KubeConfig after cluster complete
+################################################################
+resource "null_resource" "kube_config_create" {
+  depends_on = [module.cluster.cluster_name]
+  provisioner "local-exec" {
+    interpreter = ["/bin/bash", "-c"]
+    command     = "aws eks --region ${data.aws_region.current.name} update-kubeconfig --name ${module.cluster.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config"
+  }
+}
+
+
 # resource "kubernetes_namespace" "operators" {
 #   depends_on = [
 #     module.cluster.eks_managed_node_groups,
@@ -175,4 +187,3 @@ resource "aws_security_group_rule" "allow_sidecar_injection" {
 #     name = var.operators_ns
 #   }
 # }
-

variables.tf

@@ -40,7 +40,7 @@ variable "domain" {
 variable "eks_instance_disk_size" {
   description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum.  Needs to hold the all of the normal operating system files plus every image that will be used in the cluster."
   type        = number
-  default     = 40
+  default     = 80
 }
 
 variable "eks_instance_types" {
@@ -101,9 +101,14 @@ variable "tags" {
   default     = {}
 }
 
+variable "profile" {
+  description = "AWS config profile"
+  type        = string
+  default     = ""
+}
+
 variable "aws_environment" {
   description = "AWS Environment (govcloud | east-west)"
   type        = string
   default     = ""
 }
-

version.tf

@@ -1,4 +1,4 @@
 locals {
   _module_name    = "tfmod-eks"
-  _module_version = "unknown"
+  _module_version = "0.0.1"
 }