Merge branch 'master' of github.e.it.census.gov:terraform-modules/aws…

…-eks
terraform-modules · Oct 13, 2022 · 3e09f19 · 3e09f19
2 parents 39ffe77 + 3fe8c52
commit 3e09f19
Show file tree

Hide file tree

Showing 4 changed files with 157 additions and 6 deletions.
diff --git a/examples/efk/expose-kibana.tf b/examples/efk/expose-kibana.tf
@@ -0,0 +1,134 @@
+resource "kubernetes_manifest" "vs_certificate" {
+  manifest = {
+    apiVersion = "cert-manager.io/v1"
+    kind       = "Certificate"
+
+    metadata = {
+      name      = "kibana-cert"
+      namespace = "istio-system"
+    }
+    spec = {
+      secretName = "kibana-cert"
+      commonName = format("%v.%v", "kibana", var.domain)
+      dnsNames   = [format("%v.%v", "kibana", var.domain)]
+      subject = {
+        countries           = ["US"]
+        organizations       = ["U.S. Census Bureau"]
+        organizationalUnits = ["Services"]
+      }
+      usages = [
+        "digital signature",
+        "key encipherment",
+        "server auth",
+        "client auth",
+      ]
+      issuerRef = {
+        kind = "ClusterIssuer"
+        name = "clusterissuer"
+      }
+    }
+  }
+}
+
+resource "kubernetes_manifest" "vs_gateway" {
+  manifest = {
+    apiVersion = "networking.istio.io/v1beta1"
+    kind       = "Gateway"
+
+    metadata = {
+      name      = "kibana"
+      namespace = "istio-system"
+    }
+    spec = {
+      selector = {
+        istio = "ingressgateway"
+      }
+      servers = [
+        { port = {
+          number   = 80
+          name     = "http"
+          protocol = "HTTP"
+          }
+          tls = {
+            httpsRedirect = true
+          }
+          hosts = [format("%v.%v", "kibana", var.domain)]
+        },
+        { port = {
+          number   = 443
+          name     = "https"
+          protocol = "HTTPS"
+          }
+          tls = {
+            mode           = "SIMPLE"
+            credentialName = "kibana-cert"
+          }
+          hosts = [format("%v.%v", "kibana", var.domain)]
+        }
+      ]
+    }
+  }
+}
+
+resource "kubernetes_manifest" "vs_virtualservice" {
+  manifest = {
+    apiVersion = "networking.istio.io/v1beta1"
+    kind       = "VirtualService"
+
+    metadata = {
+      name      = "kibana-route"
+      namespace = "istio-system"
+    }
+    spec = {
+      gateways = [
+        "kibana"
+      ]
+      hosts = [format("%v.%v", "kibana", var.domain)]
+      http = [
+        { name = "kibana-route"
+          match = [
+            { uri = { prefix = "/" } }
+          ]
+          headers = {
+            request = {
+              set = { X-Forwarded-Port = "443" }
+            }
+          }
+          route = [
+            { destination = {
+              host = "kibana-kibana.logging.svc.cluster.local"
+              port = { number = 5601 }
+              }
+            }
+          ]
+        }
+      ]
+    }
+  }
+}
+
+## apiVersion: networking.istio.io/v1beta1
+## kind: VirtualService
+## metadata:
+##   name: kibana-routes
+##   namespace: istio-system
+## spec:
+##   gateways:
+##     - 'kibana'
+##   hosts:
+##     - 'kibana.test4.sandbox.csp2.census.gov'
+##   http:
+##     - name: "kibana-route"
+##       match:
+##         - uri:
+##             prefix: "/"
+##       headers:
+##         request:
+##           set:
+##             X-Forwarded-Port: "443"
+##       route:
+##         - destination:
+##             host: kibana-kibana.logging.svc.cluster.local
+##             port: 
+##               number: 5601
+## 
diff --git a/examples/efk/expose-kibana.yaml → examples/efk/expose-kibana.yaml.orig b/examples/efk/expose-kibana.yaml → examples/efk/expose-kibana.yaml.orig
diff --git a/examples/efk/main.tf b/examples/efk/main.tf
@@ -1,4 +1,4 @@
-resource "null_resource" "eks_cluster" { }
+resource "null_resource" "eks_cluster" {}
 
 resource "kubernetes_namespace" "logging" {
   #  depends_on = [null_resource.copy_images]
@@ -97,7 +97,7 @@ resource "helm_release" "elasticsearch" {
   #    value = "false"
   #  }
 
-#  timeout = 300
+  #  timeout = 300
   timeout = 600
 }
 
@@ -155,7 +155,7 @@ resource "helm_release" "kibana" {
   #    value = "false"
   #  }
 
-#  timeout = 180
+  #  timeout = 180
   timeout = 300
 }
 
@@ -177,7 +177,7 @@ resource "helm_release" "fluentd" {
     value = each.value.image_tag
   }
 
-#  timeout = 180
+  #  timeout = 180
   timeout = 300
 }
 
@@ -189,7 +189,7 @@ resource "kubernetes_config_map" "elasticsearch-output" {
   }
 
   data = {
-    "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf",path.root,"elasticsearch-output"))
+    "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf", path.root, "elasticsearch-output"))
   }
 }
 
@@ -200,6 +200,6 @@ resource "kubernetes_config_map" "apache-log-parser" {
   }
 
   data = {
-    "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf",path.root,"apache-log-parser"))
+    "fluentd.conf" = file(format("%v/config_map_data/%v.fluentd.conf", path.root, "apache-log-parser"))
   }
 }
diff --git a/examples/efk/versions.tf b/examples/efk/versions.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    helm = {
+      source = "hashicorp/helm"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+  }
+  required_version = ">= 0.13"
+}