From 398f9f11ee16a5ab86a31d6bc89417241ccfff8e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 10 Nov 2021 11:36:59 -0500
Subject: [PATCH] reorg

---
 examples/full-cluster/OFF/empty/locals.tf     |  4 --
 examples/full-cluster/OFF/empty/prefixes.tf   |  1 -
 examples/full-cluster/OFF/empty/test.tf       |  5 --
 examples/full-cluster/OFF/empty/version.tf    |  1 -
 .../aws-auth/data.eks-subdirectory.tf         |  1 +
 .../aws-auth/kubeconfig.eks-subdirectory.tf   |  1 +
 .../cluster-roles/data.eks-subdirectory.tf    |  1 +
 .../full-cluster/cluster-roles/data.eks.tf    | 15 -----
 .../kubeconfig.eks-subdirectory.tf            |  1 +
 .../full-cluster/cluster-roles/kubeconfig.tf  | 29 ---------
 .../common-services/data.eks-subdirectory.tf  |  1 +
 .../full-cluster/common-services/data.eks.tf  | 15 -----
 .../kubeconfig.eks-subdirectory.tf            |  1 +
 .../common-services/kubeconfig.tf             | 29 ---------
 examples/full-cluster/data.eks-main.tf        |  1 +
 examples/full-cluster/efs/README.md           | 20 ++++++-
 .../full-cluster/efs/data.eks-subdirectory.tf |  1 +
 examples/full-cluster/efs/data.eks.tf         | 15 -----
 .../efs/kubeconfig.eks-subdirectory.tf        |  1 +
 examples/full-cluster/efs/kubeconfig.tf       | 29 ---------
 examples/full-cluster/efs/locals.tf           |  2 -
 examples/full-cluster/efs/parent_rs.tf        |  1 +
 examples/full-cluster/includes.d/README.md    | 10 ++++
 .../data.eks-main.tf}                         |  0
 .../data.eks-subdirectory.tf}                 |  0
 .../kubeconfig.eks-main.tf}                   |  0
 .../kubeconfig.eks-subdirectory.tf}           |  0
 examples/full-cluster/includes.d/parent_rs.tf |  4 ++
 examples/full-cluster/irsa-roles/README.md    |  3 +
 .../irsa-roles/cluster-autoscaler/README.md   | 59 +++++++++++++++++++
 .../irsa-roles/cluster-autoscaler/locals.tf   |  2 -
 .../cluster-autoscaler/parent_rs.tf           |  1 +
 .../cluster-autoscaler/remote_state.yml       |  9 ---
 .../irsa-roles/data.eks-subdirectory.tf       |  1 +
 examples/full-cluster/irsa-roles/data.eks.tf  | 15 -----
 examples/full-cluster/irsa-roles/parent_rs.tf |  1 +
 .../full-cluster/irsa-roles/remote_state.yml  |  9 ---
 examples/full-cluster/kubeconfig.eks-main.tf  |  1 +
 examples/full-cluster/tf-run.data             |  1 +
 39 files changed, 108 insertions(+), 183 deletions(-)
 delete mode 100644 examples/full-cluster/OFF/empty/locals.tf
 delete mode 120000 examples/full-cluster/OFF/empty/prefixes.tf
 delete mode 100644 examples/full-cluster/OFF/empty/test.tf
 delete mode 120000 examples/full-cluster/OFF/empty/version.tf
 create mode 120000 examples/full-cluster/aws-auth/data.eks-subdirectory.tf
 create mode 120000 examples/full-cluster/aws-auth/kubeconfig.eks-subdirectory.tf
 create mode 120000 examples/full-cluster/cluster-roles/data.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/cluster-roles/data.eks.tf
 create mode 120000 examples/full-cluster/cluster-roles/kubeconfig.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/cluster-roles/kubeconfig.tf
 create mode 120000 examples/full-cluster/common-services/data.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/common-services/data.eks.tf
 create mode 120000 examples/full-cluster/common-services/kubeconfig.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/common-services/kubeconfig.tf
 create mode 120000 examples/full-cluster/data.eks-main.tf
 create mode 120000 examples/full-cluster/efs/data.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/efs/data.eks.tf
 create mode 120000 examples/full-cluster/efs/kubeconfig.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/efs/kubeconfig.tf
 create mode 120000 examples/full-cluster/efs/parent_rs.tf
 create mode 100644 examples/full-cluster/includes.d/README.md
 rename examples/full-cluster/{data.eks.tf => includes.d/data.eks-main.tf} (100%)
 rename examples/full-cluster/{aws-auth/data.eks.tf => includes.d/data.eks-subdirectory.tf} (100%)
 rename examples/full-cluster/{kubeconfig.tf => includes.d/kubeconfig.eks-main.tf} (100%)
 rename examples/full-cluster/{aws-auth/kubeconfig.tf => includes.d/kubeconfig.eks-subdirectory.tf} (100%)
 create mode 100644 examples/full-cluster/includes.d/parent_rs.tf
 create mode 100644 examples/full-cluster/irsa-roles/README.md
 create mode 100644 examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
 create mode 120000 examples/full-cluster/irsa-roles/cluster-autoscaler/parent_rs.tf
 delete mode 100644 examples/full-cluster/irsa-roles/cluster-autoscaler/remote_state.yml
 create mode 120000 examples/full-cluster/irsa-roles/data.eks-subdirectory.tf
 delete mode 100644 examples/full-cluster/irsa-roles/data.eks.tf
 create mode 120000 examples/full-cluster/irsa-roles/parent_rs.tf
 delete mode 100644 examples/full-cluster/irsa-roles/remote_state.yml
 create mode 120000 examples/full-cluster/kubeconfig.eks-main.tf

diff --git a/examples/full-cluster/OFF/empty/locals.tf b/examples/full-cluster/OFF/empty/locals.tf
deleted file mode 100644
index b7b1696..0000000
--- a/examples/full-cluster/OFF/empty/locals.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-locals {
-  region = var.region
-}
-
diff --git a/examples/full-cluster/OFF/empty/prefixes.tf b/examples/full-cluster/OFF/empty/prefixes.tf
deleted file mode 120000
index e0bf5ad..0000000
--- a/examples/full-cluster/OFF/empty/prefixes.tf
+++ /dev/null
@@ -1 +0,0 @@
-../prefixes.tf
\ No newline at end of file
diff --git a/examples/full-cluster/OFF/empty/test.tf b/examples/full-cluster/OFF/empty/test.tf
deleted file mode 100644
index 96cd77c..0000000
--- a/examples/full-cluster/OFF/empty/test.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-data "aws_ebs_default_kms_key" "current" {}
-
-data "aws_kms_key" "ebs_key" {
-  key_id = data.aws_ebs_default_kms_key.current.key_arn
-}
diff --git a/examples/full-cluster/OFF/empty/version.tf b/examples/full-cluster/OFF/empty/version.tf
deleted file mode 120000
index 061373c..0000000
--- a/examples/full-cluster/OFF/empty/version.tf
+++ /dev/null
@@ -1 +0,0 @@
-../version.tf
\ No newline at end of file
diff --git a/examples/full-cluster/aws-auth/data.eks-subdirectory.tf b/examples/full-cluster/aws-auth/data.eks-subdirectory.tf
new file mode 120000
index 0000000..43b5430
--- /dev/null
+++ b/examples/full-cluster/aws-auth/data.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/data.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/aws-auth/kubeconfig.eks-subdirectory.tf b/examples/full-cluster/aws-auth/kubeconfig.eks-subdirectory.tf
new file mode 120000
index 0000000..e3750a4
--- /dev/null
+++ b/examples/full-cluster/aws-auth/kubeconfig.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/kubeconfig.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/cluster-roles/data.eks-subdirectory.tf b/examples/full-cluster/cluster-roles/data.eks-subdirectory.tf
new file mode 120000
index 0000000..43b5430
--- /dev/null
+++ b/examples/full-cluster/cluster-roles/data.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/data.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/cluster-roles/data.eks.tf b/examples/full-cluster/cluster-roles/data.eks.tf
deleted file mode 100644
index 870e8c6..0000000
--- a/examples/full-cluster/cluster-roles/data.eks.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-
-data "aws_eks_cluster_auth" "cluster" {
-  name = var.cluster_name
-}
-
-locals {
-  aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
-  # for main.tf
-  #  aws_eks_cluster = aws_eks_cluster.eks_cluster
-  # for all subdirectories
-  aws_eks_cluster = data.aws_eks_cluster.cluster
-}
diff --git a/examples/full-cluster/cluster-roles/kubeconfig.eks-subdirectory.tf b/examples/full-cluster/cluster-roles/kubeconfig.eks-subdirectory.tf
new file mode 120000
index 0000000..e3750a4
--- /dev/null
+++ b/examples/full-cluster/cluster-roles/kubeconfig.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/kubeconfig.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/cluster-roles/kubeconfig.tf b/examples/full-cluster/cluster-roles/kubeconfig.tf
deleted file mode 100644
index 5e386f5..0000000
--- a/examples/full-cluster/cluster-roles/kubeconfig.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-resource "null_resource" "kubeconfig" {
-  triggers = {
-    always_run = timestamp()
-  }
-  provisioner "local-exec" {
-    command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
-  }
-  provisioner "local-exec" {
-    command = "test -d '${path.root}/setup' || mkdir '${path.root}/setup'"
-  }
-  provisioner "local-exec" {
-    environment = {
-      AWS_PROFILE = var.profile
-      AWS_REGION  = local.region
-    }
-    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/kube.config"
-  }
-  depends_on = [data.aws_eks_cluster.cluster]
-}
-
-#---
-# call it like
-#---
-##   provisioner "local-exec" {
-##     environment = {
-##       KUBECONFIG = "${path.root}/setup/kube.config"
-##     }
-##     command = "kubectli set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true"
-##   }
diff --git a/examples/full-cluster/common-services/data.eks-subdirectory.tf b/examples/full-cluster/common-services/data.eks-subdirectory.tf
new file mode 120000
index 0000000..43b5430
--- /dev/null
+++ b/examples/full-cluster/common-services/data.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/data.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/common-services/data.eks.tf b/examples/full-cluster/common-services/data.eks.tf
deleted file mode 100644
index 870e8c6..0000000
--- a/examples/full-cluster/common-services/data.eks.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-
-data "aws_eks_cluster_auth" "cluster" {
-  name = var.cluster_name
-}
-
-locals {
-  aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
-  # for main.tf
-  #  aws_eks_cluster = aws_eks_cluster.eks_cluster
-  # for all subdirectories
-  aws_eks_cluster = data.aws_eks_cluster.cluster
-}
diff --git a/examples/full-cluster/common-services/kubeconfig.eks-subdirectory.tf b/examples/full-cluster/common-services/kubeconfig.eks-subdirectory.tf
new file mode 120000
index 0000000..e3750a4
--- /dev/null
+++ b/examples/full-cluster/common-services/kubeconfig.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/kubeconfig.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/common-services/kubeconfig.tf b/examples/full-cluster/common-services/kubeconfig.tf
deleted file mode 100644
index 5e386f5..0000000
--- a/examples/full-cluster/common-services/kubeconfig.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-resource "null_resource" "kubeconfig" {
-  triggers = {
-    always_run = timestamp()
-  }
-  provisioner "local-exec" {
-    command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
-  }
-  provisioner "local-exec" {
-    command = "test -d '${path.root}/setup' || mkdir '${path.root}/setup'"
-  }
-  provisioner "local-exec" {
-    environment = {
-      AWS_PROFILE = var.profile
-      AWS_REGION  = local.region
-    }
-    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/kube.config"
-  }
-  depends_on = [data.aws_eks_cluster.cluster]
-}
-
-#---
-# call it like
-#---
-##   provisioner "local-exec" {
-##     environment = {
-##       KUBECONFIG = "${path.root}/setup/kube.config"
-##     }
-##     command = "kubectli set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true"
-##   }
diff --git a/examples/full-cluster/data.eks-main.tf b/examples/full-cluster/data.eks-main.tf
new file mode 120000
index 0000000..a3addd9
--- /dev/null
+++ b/examples/full-cluster/data.eks-main.tf
@@ -0,0 +1 @@
+includes.d/data.eks-main.tf
\ No newline at end of file
diff --git a/examples/full-cluster/efs/README.md b/examples/full-cluster/efs/README.md
index fe11281..dcb1a87 100644
--- a/examples/full-cluster/efs/README.md
+++ b/examples/full-cluster/efs/README.md
@@ -23,6 +23,22 @@ export HTTP_PROXY=http://proxy.tco.census.gov:3128
 export HTTPS_PROXY=http://proxy.tco.census.gov:3128
 ```
 
+## Setup Steps
+
+First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory.
+
+Then, make sure the `parent_rs` (parent remote state) is updated to the proper remote state, found in the 
+parent directory.
+
+```hcl
+# in parent_rs.tf
+
+  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
+```
+
+Update this with the proper remote state path, as pulled from the application directory for the cluster in the
+parent directory.
+
 ## Terraform Automated
 
 A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script.
@@ -34,7 +50,7 @@ A `tf-run.data` file exists here, so the simplest way to implemnt is with the `t
 % tf-run.sh apply
 ```
 
-* example of the tf-run.sh`steps
+* example of the `tf-run.sh` steps
 
 This is part of a larger cluster configuration, so at the end of the run it indicates another directory
 to visit when done.
@@ -62,10 +78,8 @@ It is highly recommended to use the `tf-run.sh` approach.
 
 ## Terraform Manual
 
-First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory.
 
 ```shell
-
 tf-directory-setup.py -l none
 setup-new-directory.sh
 tf-init
diff --git a/examples/full-cluster/efs/data.eks-subdirectory.tf b/examples/full-cluster/efs/data.eks-subdirectory.tf
new file mode 120000
index 0000000..43b5430
--- /dev/null
+++ b/examples/full-cluster/efs/data.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/data.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/efs/data.eks.tf b/examples/full-cluster/efs/data.eks.tf
deleted file mode 100644
index 870e8c6..0000000
--- a/examples/full-cluster/efs/data.eks.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-
-data "aws_eks_cluster_auth" "cluster" {
-  name = var.cluster_name
-}
-
-locals {
-  aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
-  # for main.tf
-  #  aws_eks_cluster = aws_eks_cluster.eks_cluster
-  # for all subdirectories
-  aws_eks_cluster = data.aws_eks_cluster.cluster
-}
diff --git a/examples/full-cluster/efs/kubeconfig.eks-subdirectory.tf b/examples/full-cluster/efs/kubeconfig.eks-subdirectory.tf
new file mode 120000
index 0000000..e3750a4
--- /dev/null
+++ b/examples/full-cluster/efs/kubeconfig.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/kubeconfig.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/efs/kubeconfig.tf b/examples/full-cluster/efs/kubeconfig.tf
deleted file mode 100644
index 5e386f5..0000000
--- a/examples/full-cluster/efs/kubeconfig.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-resource "null_resource" "kubeconfig" {
-  triggers = {
-    always_run = timestamp()
-  }
-  provisioner "local-exec" {
-    command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
-  }
-  provisioner "local-exec" {
-    command = "test -d '${path.root}/setup' || mkdir '${path.root}/setup'"
-  }
-  provisioner "local-exec" {
-    environment = {
-      AWS_PROFILE = var.profile
-      AWS_REGION  = local.region
-    }
-    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/kube.config"
-  }
-  depends_on = [data.aws_eks_cluster.cluster]
-}
-
-#---
-# call it like
-#---
-##   provisioner "local-exec" {
-##     environment = {
-##       KUBECONFIG = "${path.root}/setup/kube.config"
-##     }
-##     command = "kubectli set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true"
-##   }
diff --git a/examples/full-cluster/efs/locals.tf b/examples/full-cluster/efs/locals.tf
index 3ad38f5..3042080 100644
--- a/examples/full-cluster/efs/locals.tf
+++ b/examples/full-cluster/efs/locals.tf
@@ -8,8 +8,6 @@ locals {
 
 # replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link
 locals {
-  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
-
   vpc_id               = local.parent_rs.cluster_vpc_id
   subnet_ids           = local.parent_rs.cluster_subnet_ids
   cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id
diff --git a/examples/full-cluster/efs/parent_rs.tf b/examples/full-cluster/efs/parent_rs.tf
new file mode 120000
index 0000000..d85ece6
--- /dev/null
+++ b/examples/full-cluster/efs/parent_rs.tf
@@ -0,0 +1 @@
+../includes.d/parent_rs.tf
\ No newline at end of file
diff --git a/examples/full-cluster/includes.d/README.md b/examples/full-cluster/includes.d/README.md
new file mode 100644
index 0000000..b34ca3f
--- /dev/null
+++ b/examples/full-cluster/includes.d/README.md
@@ -0,0 +1,10 @@
+# Includes.d
+
+## parent_rs.tf
+
+Update this with the proper remote state path, as pulled from the application directory for the cluster in the
+main cluster directory.  This is used throughout the cluster components.
+
+```hcl
+  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
+```
diff --git a/examples/full-cluster/data.eks.tf b/examples/full-cluster/includes.d/data.eks-main.tf
similarity index 100%
rename from examples/full-cluster/data.eks.tf
rename to examples/full-cluster/includes.d/data.eks-main.tf
diff --git a/examples/full-cluster/aws-auth/data.eks.tf b/examples/full-cluster/includes.d/data.eks-subdirectory.tf
similarity index 100%
rename from examples/full-cluster/aws-auth/data.eks.tf
rename to examples/full-cluster/includes.d/data.eks-subdirectory.tf
diff --git a/examples/full-cluster/kubeconfig.tf b/examples/full-cluster/includes.d/kubeconfig.eks-main.tf
similarity index 100%
rename from examples/full-cluster/kubeconfig.tf
rename to examples/full-cluster/includes.d/kubeconfig.eks-main.tf
diff --git a/examples/full-cluster/aws-auth/kubeconfig.tf b/examples/full-cluster/includes.d/kubeconfig.eks-subdirectory.tf
similarity index 100%
rename from examples/full-cluster/aws-auth/kubeconfig.tf
rename to examples/full-cluster/includes.d/kubeconfig.eks-subdirectory.tf
diff --git a/examples/full-cluster/includes.d/parent_rs.tf b/examples/full-cluster/includes.d/parent_rs.tf
new file mode 100644
index 0000000..5ccae16
--- /dev/null
+++ b/examples/full-cluster/includes.d/parent_rs.tf
@@ -0,0 +1,4 @@
+# replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link
+locals {
+  parent_rs            = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs
+}
diff --git a/examples/full-cluster/irsa-roles/README.md b/examples/full-cluster/irsa-roles/README.md
new file mode 100644
index 0000000..4f86674
--- /dev/null
+++ b/examples/full-cluster/irsa-roles/README.md
@@ -0,0 +1,3 @@
+# irsa-roles
+
+
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
new file mode 100644
index 0000000..ce466e4
--- /dev/null
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
@@ -0,0 +1,59 @@
+# irsa-roles: cluster-autoscaler
+
+This sets up the needed IAM roles for service accounts for the cluster autoscaler.
+
+
+## Terraform Automated
+
+A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script.
+
+* copy the `remote_state.yml` from the parent and update `directory` to be the current directory
+* run the tf-run.sh
+
+```console
+% tf-run.sh apply
+```
+
+* example of the tf-run.sh`steps
+
+This is part of a larger cluster configuration, so at the end of the run it indicates another directory
+to visit when done.
+
+```console
+% tf-run.sh list
+* running action=plan
+* START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created)
+* reading from tf-run.data
+* read 6 entries from tf-run.data
+> list
+** START: start=1636561755
+* 1 COMMAND> tf-directory-setup.py -l none
+* 2 COMMAND> setup-new-directory.sh
+* 3 COMMAND> tf-init -upgrade
+* 4 POLICY> (*.tf) aws_iam_policy.app_policy1
+* 4 tf-plan -target=aws_iam_policy.app_policy1 
+* 5 tf-plan 
+* 6 COMMAND> tf-directory-setup.py -l s3
+** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created)
+```
+
+It is highly recommended to use the `tf-run.sh` approach.
+
+## Terraform Manual
+
+First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory.
+
+```shell
+tf-directory-setup.py -l none
+setup-new-directory.sh
+tf-init
+````
+
+* Apply the rest
+
+```shell
+tf-apply
+tf-directory-setup.py -l s3
+```
+
+## Post Setup Examination
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
index d1f92d0..3042080 100644
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf
@@ -8,8 +8,6 @@ locals {
 
 # replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link
 locals {
-  parent_rs            = data.terraform_remote_state.applications_apps-adsd-eks_vpc_east_vpc3_apps_eks-adsd-cumulus-qa.outputs
-
   vpc_id               = local.parent_rs.cluster_vpc_id
   subnet_ids           = local.parent_rs.cluster_subnet_ids
   cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/parent_rs.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/parent_rs.tf
new file mode 120000
index 0000000..dfccf35
--- /dev/null
+++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/parent_rs.tf
@@ -0,0 +1 @@
+../parent_rs.tf
\ No newline at end of file
diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/remote_state.yml b/examples/full-cluster/irsa-roles/cluster-autoscaler/remote_state.yml
deleted file mode 100644
index 8b2a0b7..0000000
--- a/examples/full-cluster/irsa-roles/cluster-autoscaler/remote_state.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-directory:       "applications/apps-adsd-eks/vpc/east/vpc3/apps/eks-adsd-cumulus-qa/irsa-roles/cluster-autoscaler"
-profile:         "252960665057-ma6-gov"
-bucket:          "inf-tfstate-252960665057"
-bucket_region:   "us-gov-east-1"
-region:          "us-gov-east-1"
-regions:         ["us-gov-east-1"]
-account_id:      "252960665057"
-account_alias:   "ma6-gov"
-aws_environment: "gov"
diff --git a/examples/full-cluster/irsa-roles/data.eks-subdirectory.tf b/examples/full-cluster/irsa-roles/data.eks-subdirectory.tf
new file mode 120000
index 0000000..43b5430
--- /dev/null
+++ b/examples/full-cluster/irsa-roles/data.eks-subdirectory.tf
@@ -0,0 +1 @@
+../includes.d/data.eks-subdirectory.tf
\ No newline at end of file
diff --git a/examples/full-cluster/irsa-roles/data.eks.tf b/examples/full-cluster/irsa-roles/data.eks.tf
deleted file mode 100644
index 870e8c6..0000000
--- a/examples/full-cluster/irsa-roles/data.eks.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-
-data "aws_eks_cluster_auth" "cluster" {
-  name = var.cluster_name
-}
-
-locals {
-  aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
-  # for main.tf
-  #  aws_eks_cluster = aws_eks_cluster.eks_cluster
-  # for all subdirectories
-  aws_eks_cluster = data.aws_eks_cluster.cluster
-}
diff --git a/examples/full-cluster/irsa-roles/parent_rs.tf b/examples/full-cluster/irsa-roles/parent_rs.tf
new file mode 120000
index 0000000..d85ece6
--- /dev/null
+++ b/examples/full-cluster/irsa-roles/parent_rs.tf
@@ -0,0 +1 @@
+../includes.d/parent_rs.tf
\ No newline at end of file
diff --git a/examples/full-cluster/irsa-roles/remote_state.yml b/examples/full-cluster/irsa-roles/remote_state.yml
deleted file mode 100644
index 7af0a5e..0000000
--- a/examples/full-cluster/irsa-roles/remote_state.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-directory:       "applications/apps-adsd-eks/vpc/east/vpc3/apps/eks-adsd-cumulus-qa/irsa-roles"
-profile:         "252960665057-ma6-gov"
-bucket:          "inf-tfstate-252960665057"
-bucket_region:   "us-gov-east-1"
-region:          "us-gov-east-1"
-regions:         ["us-gov-east-1"]
-account_id:      "252960665057"
-account_alias:   "ma6-gov"
-aws_environment: "gov"
diff --git a/examples/full-cluster/kubeconfig.eks-main.tf b/examples/full-cluster/kubeconfig.eks-main.tf
new file mode 120000
index 0000000..e3f8503
--- /dev/null
+++ b/examples/full-cluster/kubeconfig.eks-main.tf
@@ -0,0 +1 @@
+includes.d/kubeconfig.eks-main.tf
\ No newline at end of file
diff --git a/examples/full-cluster/tf-run.data b/examples/full-cluster/tf-run.data
index 43c6b27..2b570fa 100644
--- a/examples/full-cluster/tf-run.data
+++ b/examples/full-cluster/tf-run.data
@@ -10,6 +10,7 @@ COMMENT EC2 key pairs
 null_resource.generate_keypair
 aws_key_pair.cluster_keypair
 COMMAND tf-directory-setup.py -l s3
+COMMENT be sure to add the setup/ec2-ssh-eks-{cluster} to git-secret, git-secret hide, add the setup/*secret and setup/*pub got git, and commit the entirety of the change
 
 ALL