From 3b84d033c50394950a869624aa620111bb6f5a28 Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 10 Nov 2021 14:23:27 -0500 Subject: [PATCH] fix region.tf from locals.tf --- examples/full-cluster/aws-auth/tf-run.data | 1 + .../cluster-roles/remote_state.yml | 9 -- .../full-cluster/cluster-roles/tf-run.data | 10 ++ .../full-cluster/common-services/tf-run.data | 1 + examples/full-cluster/includes.d/README.md | 34 +++-- .../full-cluster/includes.d/data.eks-main.tf | 6 +- examples/full-cluster/includes.d/parent_rs.tf | 2 +- examples/full-cluster/irsa-roles/README.md | 86 +++++-------- .../irsa-roles/cluster-autoscaler/README.md | 119 ++++++++---------- .../irsa-roles/cluster-autoscaler/data.eks.tf | 1 - .../irsa-roles/cluster-autoscaler/locals.tf | 4 +- .../irsa-roles/cluster-autoscaler/region.tf | 1 + .../irsa-roles/cluster-autoscaler/tf-run.data | 1 + .../{locals.tf => irsa-roles/region.tf} | 0 examples/full-cluster/irsa-roles/tf-run.data | 1 + examples/full-cluster/region.tf | 4 + examples/full-cluster/tf-run.data | 1 + 17 files changed, 139 insertions(+), 142 deletions(-) delete mode 100644 examples/full-cluster/cluster-roles/remote_state.yml create mode 100644 examples/full-cluster/cluster-roles/tf-run.data delete mode 120000 examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf rename examples/full-cluster/{locals.tf => irsa-roles/region.tf} (100%) create mode 100644 examples/full-cluster/region.tf diff --git a/examples/full-cluster/aws-auth/tf-run.data b/examples/full-cluster/aws-auth/tf-run.data index 44f61ff..ce77f28 100644 --- a/examples/full-cluster/aws-auth/tf-run.data +++ b/examples/full-cluster/aws-auth/tf-run.data @@ -1,3 +1,4 @@ +REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh COMMAND tf-init -upgrade diff --git a/examples/full-cluster/cluster-roles/remote_state.yml b/examples/full-cluster/cluster-roles/remote_state.yml deleted file mode 100644 index b1c5141..0000000 --- a/examples/full-cluster/cluster-roles/remote_state.yml +++ /dev/null @@ -1,9 +0,0 @@ -directory: "applications/apps-adsd-eks/vpc/east/vpc3/apps/eks-adsd-cumulus-qa/cluster-roles" -profile: "252960665057-ma6-gov" -bucket: "inf-tfstate-252960665057" -bucket_region: "us-gov-east-1" -region: "us-gov-east-1" -regions: ["us-gov-east-1"] -account_id: "252960665057" -account_alias: "ma6-gov" -aws_environment: "gov" diff --git a/examples/full-cluster/cluster-roles/tf-run.data b/examples/full-cluster/cluster-roles/tf-run.data new file mode 100644 index 0000000..5d91871 --- /dev/null +++ b/examples/full-cluster/cluster-roles/tf-run.data @@ -0,0 +1,10 @@ +REMOTE-STATE +STOP only run this after the cluster roles represented here have been setup in K8S +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh +COMMAND tf-init -upgrade +POLICY +ALL +COMMAND tf-directory-setup.py -l s3 + +COMMENT cd ../ and continue diff --git a/examples/full-cluster/common-services/tf-run.data b/examples/full-cluster/common-services/tf-run.data index 63f8c73..25472df 100644 --- a/examples/full-cluster/common-services/tf-run.data +++ b/examples/full-cluster/common-services/tf-run.data @@ -1,3 +1,4 @@ +REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh COMMAND tf-init -upgrade diff --git a/examples/full-cluster/includes.d/README.md b/examples/full-cluster/includes.d/README.md index b34ca3f..97c168f 100644 --- a/examples/full-cluster/includes.d/README.md +++ b/examples/full-cluster/includes.d/README.md @@ -1,10 +1,30 @@ -# Includes.d +## Requirements -## parent_rs.tf +No requirements. -Update this with the proper remote state path, as pulled from the application directory for the cluster in the -main cluster directory. This is used throughout the cluster components. +## Providers -```hcl - parent_rs = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs -``` +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [null](#provider\_null) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [null_resource.kubeconfig](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | + +## Inputs + +No inputs. + +## Outputs + +No outputs. diff --git a/examples/full-cluster/includes.d/data.eks-main.tf b/examples/full-cluster/includes.d/data.eks-main.tf index 9452be6..7ead28b 100644 --- a/examples/full-cluster/includes.d/data.eks-main.tf +++ b/examples/full-cluster/includes.d/data.eks-main.tf @@ -1,9 +1,9 @@ locals { aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster -# for main.tf + # for main.tf aws_eks_cluster = aws_eks_cluster.eks_cluster -# for all subdirectories -## aws_eks_cluster = data.aws_eks_cluster.cluster + # for all subdirectories + ## aws_eks_cluster = data.aws_eks_cluster.cluster } data "aws_eks_cluster_auth" "cluster" { diff --git a/examples/full-cluster/includes.d/parent_rs.tf b/examples/full-cluster/includes.d/parent_rs.tf index 5ccae16..7d4b782 100644 --- a/examples/full-cluster/includes.d/parent_rs.tf +++ b/examples/full-cluster/includes.d/parent_rs.tf @@ -1,4 +1,4 @@ # replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link locals { - parent_rs = data.terraform_remote_state.{vpc-state-path}_{application-state-path}-eks-{cluster-name}.outputs + parent_rs = data.terraform_remote_state.vpc-state-path_application-state-path-eks-cluster-name.outputs } diff --git a/examples/full-cluster/irsa-roles/README.md b/examples/full-cluster/irsa-roles/README.md index 6915c05..5995413 100644 --- a/examples/full-cluster/irsa-roles/README.md +++ b/examples/full-cluster/irsa-roles/README.md @@ -1,64 +1,44 @@ -# irsa-roles +## Requirements -This is a directory under which actual IRSA role subdirectories exist. No resources are created here. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12.31 | -See the directories to follow the directions containd within: +## Providers -* cluster-autoscaler +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | -## Setup Steps +## Modules -First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. +No modules. -## Terraform Automated +## Resources -A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script. +| Name | Type | +|------|------| +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | -* copy the `remote_state.yml` from the parent and update `directory` to be the current directory -* run the tf-run.sh +## Inputs -```console -% tf-run.sh apply -``` +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | +| [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | +| [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | +| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | +| [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | +| [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | +| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | +| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | +| [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | +| [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | +| [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | +| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | -* example of the `tf-run.sh` steps +## Outputs -This is part of a larger cluster configuration, so at the end of the run it indicates another directory -to visit when done. - -```console -% tf-run.sh list -* running action=plan -* START: tf-run.sh v1.1.2 start=1636562881 end= logfile=logs/run.plan.20211110.1636562881.log (not-created) -* reading from tf-run.data -* read 6 entries from tf-run.data -> list -** START: start=1636562881 -* 1 COMMAND> tf-directory-setup.py -l none -f -* 2 COMMAND> setup-new-directory.sh -* 3 COMMAND> tf-init -upgrade -* 4 tf-plan -* 5 COMMAND> tf-directory-setup.py -l s3 -* 6 COMMENT> cd cluster-roles and tf-run.sh apply -** END: start=1636562881 end=1636562881 elapsed=0 logfile=logs/run.plan.20211110.1636562881.log (not-created) -``` - -It is highly recommended to use the `tf-run.sh` approach. - -## Terraform Manual - -* setup - -```shell -tf-directory-setup.py -l none -setup-new-directory.sh -tf-init -```` - -* Apply the rest - -```shell -tf-plan -tf-apply -tf-directory-setup.py -l s3 -``` +No outputs. diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md index bc949cb..bfe2fa5 100644 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md +++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md @@ -1,66 +1,53 @@ -# irsa-roles: cluster-autoscaler - -This sets up the needed IAM roles for service accounts for the cluster autoscaler. - - -## Setup - -First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. - -## Terraform Automated - -A `tf-run.data` file exists here, so the simplest way to implement is with the `tf-run.sh` script. - -```console -% tf-run.sh apply -``` - -* example of the tf-run.sh`steps - -This is part of a larger cluster configuration, so at the end of the run it indicates another directory -to visit when done. - -```console -% tf-run.sh list -* running action=plan -* START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created) -* reading from tf-run.data -* read 6 entries from tf-run.data -> list -** START: start=1636561755 -* 1 COMMAND> tf-directory-setup.py -l none -* 2 COMMAND> setup-new-directory.sh -* 3 COMMAND> tf-init -upgrade -* 4 POLICY> (*.tf) aws_iam_policy.app_policy1 -* 4 tf-plan -target=aws_iam_policy.app_policy1 -* 5 tf-plan -* 6 COMMAND> tf-directory-setup.py -l s3 -** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created) -``` - -It is highly recommended to use the `tf-run.sh` approach. - -## Terraform Manual - -```shell -tf-directory-setup.py -l none -setup-new-directory.sh -tf-init -```` - -* Apply the the policies - -```shell -tf-plan -target=aws_iam_policy.app_policy1 -tf-apply -target=aws_iam_policy.app_policy1 -``` - -* Apply the rest - -```shell -tf-plan -tf-apply -tf-directory-setup.py -l s3 -``` - -## Post Setup Examination +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12.31 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [app\_role](#module\_app\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [kubernetes_service_account.app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | +| [aws_iam_policy_document.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | +| [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | +| [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | +| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | +| [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | +| [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | +| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | +| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | +| [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | +| [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | +| [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | +| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [app\_role\_arn](#output\_app\_role\_arn) | ARN of IAM Role for Service account for cluster-autoscaler | diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf deleted file mode 120000 index bc5a403..0000000 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/data.eks.tf +++ /dev/null @@ -1 +0,0 @@ -../data.eks.tf \ No newline at end of file diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf index 3042080..4b9ae5a 100644 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf +++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/locals.tf @@ -12,6 +12,6 @@ locals { subnet_ids = local.parent_rs.cluster_subnet_ids cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id - oidc_provider_url = local.parent_rs.oidc_provider_url - oidc_provider_arn = local.parent_rs.oidc_provider_arn + oidc_provider_url = local.parent_rs.oidc_provider_url + oidc_provider_arn = local.parent_rs.oidc_provider_arn } diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf b/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf index f617506..b7b1696 100644 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf +++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/region.tf @@ -1,3 +1,4 @@ locals { region = var.region } + diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data b/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data index 336f6a5..b7371bc 100644 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data +++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/tf-run.data @@ -1,3 +1,4 @@ +REMOTE-STATE COMMAND tf-directory-setup.py -l none COMMAND setup-new-directory.sh COMMAND tf-init -upgrade diff --git a/examples/full-cluster/locals.tf b/examples/full-cluster/irsa-roles/region.tf similarity index 100% rename from examples/full-cluster/locals.tf rename to examples/full-cluster/irsa-roles/region.tf diff --git a/examples/full-cluster/irsa-roles/tf-run.data b/examples/full-cluster/irsa-roles/tf-run.data index 151331f..eecc8ab 100644 --- a/examples/full-cluster/irsa-roles/tf-run.data +++ b/examples/full-cluster/irsa-roles/tf-run.data @@ -1,3 +1,4 @@ +REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh COMMAND tf-init -upgrade diff --git a/examples/full-cluster/region.tf b/examples/full-cluster/region.tf new file mode 100644 index 0000000..b7b1696 --- /dev/null +++ b/examples/full-cluster/region.tf @@ -0,0 +1,4 @@ +locals { + region = var.region +} + diff --git a/examples/full-cluster/tf-run.data b/examples/full-cluster/tf-run.data index 0f9370b..5df6416 100644 --- a/examples/full-cluster/tf-run.data +++ b/examples/full-cluster/tf-run.data @@ -1,3 +1,4 @@ +REMOTE-STATE COMMENT make sure the private-lb subnet and container subnets are tagged properly (see README.md) STOP then continue with at step 3 COMMAND tf-directory-setup.py -l none -f