refine efs access points

terraform-modules · Apr 6, 2023 · 5397a69 · 5397a69
1 parent 22d23ec
commit 5397a69
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 5 deletions.
diff --git a/examples/certificate/service.yml b/examples/certificate/service.yml
@@ -0,0 +1,38 @@
+# https://cert-manager.io/docs/usage/certificate/
+# https://github.com/cert-manager/cert-manager/blob/master/deploy/crds/crd-certificates.yaml
+# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gupsng-web-second-cert
+  namespace: istio-system
+spec:
+# {service}.{cluster}.{domain}
+  commonName: gupsng-web-second.ditd-gups-dev1.dev.csp1.census.gov
+  secretName: gupsng-web-second-cert
+  subject:
+    countries:
+      - US
+    organizations:
+      - "U.S. Census Bureau"
+    organizationalUnits:
+      - EKS
+      - Servers
+  dnsNames:
+# {service}.{cluster}.{domain}
+    - gupsng-web-second.ditd-gups-dev1.dev.csp1.census.gov
+# {service}.{namespace}.svc.cluster.local
+    - gupsng-web-second.ditd-gups-dev1-gups.svc.cluster.local
+# {service}
+    - gupsng-web-second
+  ipAddresses:
+    - 172.20.119.158
+  issuerRef:
+    kind: ClusterIssuer
+    name: clusterissuer
+  usages:
+#    - client auth
+    - server auth
+    - digital signature
+    - key encipherment
diff --git a/examples/efs-persistent-volumes/efs-access-points.tf b/examples/efs-persistent-volumes/efs-access-points.tf
@@ -28,7 +28,7 @@ resource "kubernetes_persistent_volume" "efs_ap" {
       storage = "1Gi"
     }
     claim_ref {
-      name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+      name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.value.claim_name)
       namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
     }
     access_modes                     = ["ReadWriteMany"]
@@ -47,7 +47,7 @@ resource "kubernetes_persistent_volume" "efs_ap" {
 resource "kubernetes_persistent_volume_claim" "efs_ap" {
   for_each = { for ap in local.efs_access_points : ap.name => ap }
   metadata {
-    name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.key)
+    name      = format("%v-%v-%v-claim", var.cluster_name, each.value.claim_namespace, each.value.claim_name)
     namespace = format("%v-%v", var.cluster_name, each.value.claim_namespace)
   }
   wait_until_bound = false

diff --git a/examples/efs-persistent-volumes/settings.efs-access-points.tf b/examples/efs-persistent-volumes/settings.efs-access-points.tf
@@ -2,14 +2,14 @@ locals {
   efs_ap_namespaces = ["geo", "gpp", "ams", "aps", "sdpcs"]
   efs_ap_pv         = ["logs", "apps"]
   efs_ap            = [for p in setproduct(local.efs_ap_namespaces, local.efs_ap_pv) : { label = format("%v-%v", p[0], p[1]), namespace = p[0], volume = p[1] }]
-  efs_access_points = lenght(var.efs_access_points) > 0 ? var.efs_access_points : [for p in local.efs_ap : {
+  efs_access_points = length(var.efs_access_points) > 0 ? var.efs_access_points : [for p in local.efs_ap : {
     label           = p.label
-    name            = format("data-%v", p.label)
+    name            = format("%v-data-%v", p.namespace, p.volume)
     path            = format("/data-%v", p.label)
     owner_uid       = 51000
     owner_gid       = 51000
     permissions     = "755"
-    claim_name      = null
+    claim_name      = format("data-%v", p.volume)
     claim_namespace = p.namespace
   }]
 }