update

terraform-modules · Nov 10, 2021 · 5725f9c · 5725f9c
1 parent ff59421
commit 5725f9c
Show file tree

Hide file tree

Showing 10 changed files with 179 additions and 514 deletions.
diff --git a/examples/full-cluster/README.md b/examples/full-cluster/README.md
diff --git a/examples/full-cluster/data.eks-main.tf b/examples/full-cluster/data.eks-main.tf
diff --git a/examples/full-cluster/data.eks-main.tf b/examples/full-cluster/data.eks-main.tf
@@ -0,0 +1,18 @@
+locals {
+  aws_eks_cluster_auth = data.aws_eks_cluster_auth.cluster
+  # for main.tf
+  aws_eks_cluster = aws_eks_cluster.eks_cluster
+  # for all subdirectories
+  ##  aws_eks_cluster = data.aws_eks_cluster.cluster
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = var.cluster_name
+}
+
+#---
+#  for all subdirectories only
+#---
+## data "aws_eks_cluster" "cluster" {
+##   name = var.cluster_name
+## }
diff --git a/examples/full-cluster/ebs-encryption.tf b/examples/full-cluster/ebs-encryption.tf
@@ -7,9 +7,9 @@ resource "kubernetes_storage_class" "ebs_encrypted" {
   }
   parameters = {
     fsType    = "ext4"
-    type       = "gp2"
-    encrypted  = "true"
-#    kms_key_id = data.aws_kms_key.ebs_key.arn
+    type      = "gp2"
+    encrypted = "true"
+    #    kms_key_id = data.aws_kms_key.ebs_key.arn
     kmsKeyId = data.aws_kms_key.ebs_key.arn
   }
   storage_provisioner    = "kubernetes.io/aws-ebs"

diff --git a/examples/full-cluster/kubeconfig.eks-main.tf b/examples/full-cluster/kubeconfig.eks-main.tf
diff --git a/examples/full-cluster/kubeconfig.eks-main.tf b/examples/full-cluster/kubeconfig.eks-main.tf
@@ -0,0 +1,29 @@
+resource "null_resource" "kubeconfig" {
+  triggers = {
+    always_run = timestamp()
+  }
+  provisioner "local-exec" {
+    command = "which kubectl > /dev/null 2>&1; if [ $? != 0 ]; then 'echo missing kubectl'; exit 1; else exit 0; fi"
+  }
+  provisioner "local-exec" {
+    command = "test -d '${path.root}/setup' || mkdir '${path.root}/setup'"
+  }
+  provisioner "local-exec" {
+    environment = {
+      AWS_PROFILE = var.profile
+      AWS_REGION  = local.region
+    }
+    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/setup/kube.config"
+  }
+  depends_on = [aws_eks_cluster.eks_cluster]
+}
+
+#---
+# call it like
+#---
+##   provisioner "local-exec" {
+##     environment = {
+##       KUBECONFIG = "${path.root}/setup/kube.config"
+##     }
+##     command = "kubectli set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true"
+##   }
diff --git a/examples/full-cluster/main.tf b/examples/full-cluster/main.tf
@@ -29,18 +29,18 @@ locals {
   vpc_id         = data.aws_vpc.eks_vpc.id
   vpc_cidr_block = data.aws_vpc.eks_vpc.cidr_block
   subnets        = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0]
-  s3_base_arn = format("arn:%v:%v:::%%v", data.aws_arn.current.partition, "s3")
+  s3_base_arn    = format("arn:%v:%v:::%%v", data.aws_arn.current.partition, "s3")
 
   base_tags = {
     "eks-cluster-name"      = var.cluster_name
     "boc:tf_module_version" = local._module_version
     "boc:created_by"        = "terraform"
   }
 
-# https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html
+  # https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html
   autoscale_tags = {
-    format("k8s.io/cluster-autoscaler/%v",var.cluster_name) = "owned"
-    "k8s.io/cluster-autoscaler/enabled" = "TRUE"
+    format("k8s.io/cluster-autoscaler/%v", var.cluster_name) = "owned"
+    "k8s.io/cluster-autoscaler/enabled"                      = "TRUE"
   }
 
 }

diff --git a/examples/full-cluster/outputs.tf b/examples/full-cluster/outputs.tf
@@ -20,9 +20,9 @@ output "cluster_certificate_authority_data" {
 
 output "cluster_auth_token" {
   description = "The token required to authenticate with the cluster."
-#  value       = data.aws_eks_cluster_auth.eks_auth.token
-  value       = local.aws_eks_cluster_auth.token
-  sensitive   = true
+  #  value       = data.aws_eks_cluster_auth.eks_auth.token
+  value     = local.aws_eks_cluster_auth.token
+  sensitive = true
 }
 
 output "cluster_worker_sg_id" {

diff --git a/examples/full-cluster/policy.tf b/examples/full-cluster/policy.tf
@@ -172,7 +172,7 @@ resource "aws_iam_policy" "cluster-admin_assume_policy" {
     local.base_tags,
     var.tags,
     var.application_tags,
-    tomap({ "Name" = format("%v%v-cluster-admin-assume", local._prefixes["eks-policy"], var.cluster_name)}),
+    tomap({ "Name" = format("%v%v-cluster-admin-assume", local._prefixes["eks-policy"], var.cluster_name) }),
   )
 }
 
@@ -181,6 +181,6 @@ data "aws_iam_policy_document" "cluster-admin_assume_policy" {
     sid       = "AllowSTSAssumeClusterAdminRole"
     effect    = "Allow"
     actions   = ["sts:AssumeRole"]
-    resources = [ module.role_cluster-admin.role_arn ]
+    resources = [module.role_cluster-admin.role_arn]
   }
 }
diff --git a/examples/full-cluster/role.tf b/examples/full-cluster/role.tf
@@ -121,8 +121,8 @@ module "role_cluster-admin" {
   role_description       = "SAML EKS cluster admin Role for ${var.cluster_name}"
   enable_ldap_creation   = false
   assume_policy_document = data.aws_iam_policy_document.allow_sts.json
-#  assume_policy_document = data.aws_iam_policy_document.cluster-admin_combined.json
-  attached_policies      = [aws_iam_policy.cluster-admin-policy.arn]
+  #  assume_policy_document = data.aws_iam_policy_document.cluster-admin_combined.json
+  attached_policies = [aws_iam_policy.cluster-admin-policy.arn]
 
   tags = merge(
     local.base_tags,

diff --git a/examples/full-cluster/saml.tf b/examples/full-cluster/saml.tf
@@ -2,8 +2,8 @@
 # also, there is no data source for saml provider
 
 locals {
-  saml_provider_arn = format(local.common_arn,"iam","saml-provider/Census_TCO_IDMS")
-  saml_url = var.aws_environment == "gov" ? "https://signin.amazonaws-us-gov.com/saml" : "https://signin.aws.amazon.com/saml"
+  saml_provider_arn = format(local.common_arn, "iam", "saml-provider/Census_TCO_IDMS")
+  saml_url          = var.aws_environment == "gov" ? "https://signin.amazonaws-us-gov.com/saml" : "https://signin.aws.amazon.com/saml"
 }
 
 data "aws_iam_policy_document" "saml_assume" {

diff --git a/examples/full-cluster/securitygroup.tf b/examples/full-cluster/securitygroup.tf
@@ -6,7 +6,7 @@ resource "aws_security_group" "additional_eks_cluster_sg" {
     local.common_tags,
     var.tags,
     var.application_tags,
-    tomap({"Name"= format("%v%v-cluster", local._prefixes["eks-security-group"], var.cluster_name) }),
+    tomap({ "Name" = format("%v%v-cluster", local._prefixes["eks-security-group"], var.cluster_name) }),
   )
 
   vpc_id = data.aws_vpc.eks_vpc.id
@@ -38,7 +38,7 @@ resource "aws_security_group" "all_worker_mgmt" {
     local.common_tags,
     var.tags,
     var.application_tags,
-    tomap({"Name" = format("%v%v-all-worker-mgmt", local._prefixes["eks-security-group"], var.cluster_name)}),
+    tomap({ "Name" = format("%v%v-all-worker-mgmt", local._prefixes["eks-security-group"], var.cluster_name) }),
   )
 
   vpc_id = data.aws_vpc.eks_vpc.id