diff --git a/.gitignore b/.gitignore index 1ae602b..17763e3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,9 +5,6 @@ *.tfstate *.tfstate.* -# .tfvars files -*.tfvars - .terraform/* logs common/README.md diff --git a/examples/cluster-assume-role/settings.auto.tfvars b/examples/cluster-assume-role/settings.auto.tfvars new file mode 100644 index 0000000..9e533ce --- /dev/null +++ b/examples/cluster-assume-role/settings.auto.tfvars @@ -0,0 +1,3 @@ +admin_cluster_list = [ + "edl-sa1", +] diff --git a/examples/efk/test1.auto.tfvars b/examples/efk/test1.auto.tfvars new file mode 100644 index 0000000..f05c175 --- /dev/null +++ b/examples/efk/test1.auto.tfvars @@ -0,0 +1,2 @@ +cluster_name = "test1" +region = "us-east-1" diff --git a/examples/efk/variables.elk.auto.tfvars b/examples/efk/variables.elk.auto.tfvars new file mode 100644 index 0000000..5581230 --- /dev/null +++ b/examples/efk/variables.elk.auto.tfvars @@ -0,0 +1,59 @@ +image_config = [ + { + enabled = true + dest_path = null + name = "elastic/elasticsearch" + source_image = "elasticsearch/elasticsearch" + source_registry = "docker.elastic.co" + source_tag = null + tag = "7.14.0" + }, + { + enabled = true + dest_path = null + name = "elastic/kibana" + source_image = "kibana/kibana" + source_registry = "docker.elastic.co" + source_tag = null + tag = "7.14.0" + }, + { + enabled = true + dest_path = null + name = "fluent/fluentd-kubernetes-daemonset" + source_image = "fluent/fluentd-kubernetes-daemonset" + source_registry = "docker.io" + source_tag = null + tag = "v1.13.3-debian-elasticsearch7-1.2" + }, +] + +chart_config = [ + { + name = "elasticsearch" + chart_name = "elasticsearch" + chart_version = "7.14.0" + source_repository = "https://helm.elastic.co" + image_reference = "elastic/elasticsearch" + image_tag = "7.14.0" + enabled = true + }, + { + name = "kinbana" + chart_name = "kinbana" + chart_version = "7.14.0" + source_repository = "https://helm.elastic.co" + image_reference = "elastic/kibana" + image_tag = "7.14.0" + enabled = true + }, + { + name = "fluentd" + chart_name = "fluentd" + chart_version = "09.2.10" + source_repository = "https://fluent.github.io/helm-charts" + image_reference = "fluent/fluentd-kubernetes-daemonset" + image_tag = "v1.13.3-debian-elasticsearch7-1.2" + enabled = true + }, +] diff --git a/examples/full-cluster-tf-upgrade.old/aws-auth/aws-auth.auto.tfvars b/examples/full-cluster-tf-upgrade.old/aws-auth/aws-auth.auto.tfvars new file mode 100644 index 0000000..6898918 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/aws-auth/aws-auth.auto.tfvars @@ -0,0 +1,28 @@ +aws_auth_users = [ + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + userarn = "" + aws_username = "a-badra001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] +aws_auth_roles = [ + { + rolearn = "" + aws_rolename = "r-inf-cloud-admin" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + rolearn = "" + aws_rolename = "r-inf-terraform" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] diff --git a/examples/full-cluster-tf-upgrade.old/cluster-roles/variables.auto.tfvars b/examples/full-cluster-tf-upgrade.old/cluster-roles/variables.auto.tfvars new file mode 100644 index 0000000..974aef0 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/cluster-roles/variables.auto.tfvars @@ -0,0 +1,16 @@ +istio_installed_namespace = "istio-system" +# enable only for cicd needs +cicd_k8s_group_name = "cicd-deployer" +cicd_k8s_user_name = "cicd-deployer" +cicd_managed_namespaces = [] +deployer_application_istio_role_name = "deployer-application-istio-role" +deployer_application_istio_rolebinding_name = "deployer-application-istio-rolebinding" +deployer_application_role_name = "deployer-application-role" +deployer_application_rolebinding_name = "deployer-application-rolebinding" +deployer_istiosystem_role_name = "deployer-istiosystem-role" +# enable only for dba account needs (most likely, not needed) +dba_admin_rolebinding_name = "dba-admin-rolebinding" +dba_administrator_role_name = "dba-admin-role" +dba_k8s_group_name = "dba-admin" +dba_k8s_user_name = "dba-admin" +dba_managed_namespaces = [] diff --git a/examples/full-cluster-tf-upgrade.old/common-services/common-services.auto.tfvars b/examples/full-cluster-tf-upgrade.old/common-services/common-services.auto.tfvars new file mode 100644 index 0000000..8198041 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/common-services/common-services.auto.tfvars @@ -0,0 +1,2 @@ +#tls_crt_file = "certs/pki.test4.sandbox.csp2.census.gov.bundle.crt" +#tls_key_file = "certs/pki.test4.sandbox.csp2.census.gov.key" diff --git a/examples/full-cluster-tf-upgrade.old/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade.old/common-services/variables.common-services.auto.tfvars new file mode 100644 index 0000000..c6a82a1 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/common-services/variables.common-services.auto.tfvars @@ -0,0 +1,25 @@ +cert_manager_cainjector_tag = "v1.4.3" +cert_manager_controller_tag = "v1.4.3" +cert_manager_webhook_tag = "v1.4.3" +cluster_autoscaler_tag = "v1.21.0" +istio_tag = "1.10.1" +metrics_server_tag = "0.6.2-debian-11-r0" +tls_crt_b64 = "" +tls_crt_contents = "" +tls_crt_file = "" +tls_key_b64 = "" +tls_key_contents = "" +tls_key_file = "" +vault_approle_role_id = "" +vault_approle_role_path = "" +vault_approle_secret_id = "" +vault_authentication = "" +vault_ca_bundle_pem = "" +vault_ca_bundle_pem_b64 = "" +vault_ca_bundle_pem_file = "" +vault_path = "" +vault_serviceaccount_mountpath = "" +vault_serviceaccount_role = "" +vault_serviceaccount_sa = "" +vault_token = "" +vault_url = "" diff --git a/examples/full-cluster-tf-upgrade.old/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade.old/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars new file mode 100644 index 0000000..45b1bf3 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +namespace = "kube-system" +namespace_short = "" +name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade.old/irsa-roles/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade.old/irsa-roles/variables.irsa.auto.tfvars new file mode 100644 index 0000000..d436089 --- /dev/null +++ b/examples/full-cluster-tf-upgrade.old/irsa-roles/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +name = "unknown" +namespace = "unknown" +namespace_short = "" diff --git a/examples/full-cluster-tf-upgrade/1.21/aws-auth/aws-auth.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/aws-auth/aws-auth.auto.tfvars new file mode 100644 index 0000000..6898918 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/aws-auth/aws-auth.auto.tfvars @@ -0,0 +1,28 @@ +aws_auth_users = [ + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + userarn = "" + aws_username = "a-badra001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] +aws_auth_roles = [ + { + rolearn = "" + aws_rolename = "r-inf-cloud-admin" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + rolearn = "" + aws_rolename = "r-inf-terraform" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] diff --git a/examples/full-cluster-tf-upgrade/1.21/cluster-roles/variables.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/cluster-roles/variables.auto.tfvars new file mode 100644 index 0000000..974aef0 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/cluster-roles/variables.auto.tfvars @@ -0,0 +1,16 @@ +istio_installed_namespace = "istio-system" +# enable only for cicd needs +cicd_k8s_group_name = "cicd-deployer" +cicd_k8s_user_name = "cicd-deployer" +cicd_managed_namespaces = [] +deployer_application_istio_role_name = "deployer-application-istio-role" +deployer_application_istio_rolebinding_name = "deployer-application-istio-rolebinding" +deployer_application_role_name = "deployer-application-role" +deployer_application_rolebinding_name = "deployer-application-rolebinding" +deployer_istiosystem_role_name = "deployer-istiosystem-role" +# enable only for dba account needs (most likely, not needed) +dba_admin_rolebinding_name = "dba-admin-rolebinding" +dba_administrator_role_name = "dba-admin-role" +dba_k8s_group_name = "dba-admin" +dba_k8s_user_name = "dba-admin" +dba_managed_namespaces = [] diff --git a/examples/full-cluster-tf-upgrade/1.21/common-services/common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/common-services/common-services.auto.tfvars new file mode 100644 index 0000000..8198041 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/common-services/common-services.auto.tfvars @@ -0,0 +1,2 @@ +#tls_crt_file = "certs/pki.test4.sandbox.csp2.census.gov.bundle.crt" +#tls_key_file = "certs/pki.test4.sandbox.csp2.census.gov.key" diff --git a/examples/full-cluster-tf-upgrade/1.21/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/common-services/variables.common-services.auto.tfvars new file mode 100644 index 0000000..c6a82a1 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/common-services/variables.common-services.auto.tfvars @@ -0,0 +1,25 @@ +cert_manager_cainjector_tag = "v1.4.3" +cert_manager_controller_tag = "v1.4.3" +cert_manager_webhook_tag = "v1.4.3" +cluster_autoscaler_tag = "v1.21.0" +istio_tag = "1.10.1" +metrics_server_tag = "0.6.2-debian-11-r0" +tls_crt_b64 = "" +tls_crt_contents = "" +tls_crt_file = "" +tls_key_b64 = "" +tls_key_contents = "" +tls_key_file = "" +vault_approle_role_id = "" +vault_approle_role_path = "" +vault_approle_secret_id = "" +vault_authentication = "" +vault_ca_bundle_pem = "" +vault_ca_bundle_pem_b64 = "" +vault_ca_bundle_pem_file = "" +vault_path = "" +vault_serviceaccount_mountpath = "" +vault_serviceaccount_role = "" +vault_serviceaccount_sa = "" +vault_token = "" +vault_url = "" diff --git a/examples/full-cluster-tf-upgrade/1.21/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars new file mode 100644 index 0000000..45b1bf3 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +namespace = "kube-system" +namespace_short = "" +name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade/1.21/irsa-roles/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.21/irsa-roles/variables.irsa.auto.tfvars new file mode 100644 index 0000000..d436089 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.21/irsa-roles/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +name = "unknown" +namespace = "unknown" +namespace_short = "" diff --git a/examples/full-cluster-tf-upgrade/1.22/aws-auth/aws-auth.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/aws-auth/aws-auth.auto.tfvars new file mode 100644 index 0000000..6898918 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/aws-auth/aws-auth.auto.tfvars @@ -0,0 +1,28 @@ +aws_auth_users = [ + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + userarn = "" + aws_username = "a-badra001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] +aws_auth_roles = [ + { + rolearn = "" + aws_rolename = "r-inf-cloud-admin" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + rolearn = "" + aws_rolename = "r-inf-terraform" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] diff --git a/examples/full-cluster-tf-upgrade/1.22/cluster-roles/variables.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/cluster-roles/variables.auto.tfvars new file mode 100644 index 0000000..974aef0 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/cluster-roles/variables.auto.tfvars @@ -0,0 +1,16 @@ +istio_installed_namespace = "istio-system" +# enable only for cicd needs +cicd_k8s_group_name = "cicd-deployer" +cicd_k8s_user_name = "cicd-deployer" +cicd_managed_namespaces = [] +deployer_application_istio_role_name = "deployer-application-istio-role" +deployer_application_istio_rolebinding_name = "deployer-application-istio-rolebinding" +deployer_application_role_name = "deployer-application-role" +deployer_application_rolebinding_name = "deployer-application-rolebinding" +deployer_istiosystem_role_name = "deployer-istiosystem-role" +# enable only for dba account needs (most likely, not needed) +dba_admin_rolebinding_name = "dba-admin-rolebinding" +dba_administrator_role_name = "dba-admin-role" +dba_k8s_group_name = "dba-admin" +dba_k8s_user_name = "dba-admin" +dba_managed_namespaces = [] diff --git a/examples/full-cluster-tf-upgrade/1.22/common-services/common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/common-services/common-services.auto.tfvars new file mode 100644 index 0000000..8198041 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/common-services/common-services.auto.tfvars @@ -0,0 +1,2 @@ +#tls_crt_file = "certs/pki.test4.sandbox.csp2.census.gov.bundle.crt" +#tls_key_file = "certs/pki.test4.sandbox.csp2.census.gov.key" diff --git a/examples/full-cluster-tf-upgrade/1.22/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/common-services/variables.common-services.auto.tfvars new file mode 100644 index 0000000..c6a82a1 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/common-services/variables.common-services.auto.tfvars @@ -0,0 +1,25 @@ +cert_manager_cainjector_tag = "v1.4.3" +cert_manager_controller_tag = "v1.4.3" +cert_manager_webhook_tag = "v1.4.3" +cluster_autoscaler_tag = "v1.21.0" +istio_tag = "1.10.1" +metrics_server_tag = "0.6.2-debian-11-r0" +tls_crt_b64 = "" +tls_crt_contents = "" +tls_crt_file = "" +tls_key_b64 = "" +tls_key_contents = "" +tls_key_file = "" +vault_approle_role_id = "" +vault_approle_role_path = "" +vault_approle_secret_id = "" +vault_authentication = "" +vault_ca_bundle_pem = "" +vault_ca_bundle_pem_b64 = "" +vault_ca_bundle_pem_file = "" +vault_path = "" +vault_serviceaccount_mountpath = "" +vault_serviceaccount_role = "" +vault_serviceaccount_sa = "" +vault_token = "" +vault_url = "" diff --git a/examples/full-cluster-tf-upgrade/1.22/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars new file mode 100644 index 0000000..45b1bf3 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +namespace = "kube-system" +namespace_short = "" +name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade/1.22/irsa-roles/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.22/irsa-roles/variables.irsa.auto.tfvars new file mode 100644 index 0000000..d436089 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.22/irsa-roles/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +name = "unknown" +namespace = "unknown" +namespace_short = "" diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/aws-auth/aws-auth.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/aws-auth/aws-auth.auto.tfvars new file mode 100644 index 0000000..6898918 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/aws-auth/aws-auth.auto.tfvars @@ -0,0 +1,28 @@ +aws_auth_users = [ + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + userarn = "" + aws_username = "a-badra001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] +aws_auth_roles = [ + { + rolearn = "" + aws_rolename = "r-inf-cloud-admin" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + rolearn = "" + aws_rolename = "r-inf-terraform" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/cluster-roles/variables.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/cluster-roles/variables.auto.tfvars new file mode 100644 index 0000000..974aef0 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/cluster-roles/variables.auto.tfvars @@ -0,0 +1,16 @@ +istio_installed_namespace = "istio-system" +# enable only for cicd needs +cicd_k8s_group_name = "cicd-deployer" +cicd_k8s_user_name = "cicd-deployer" +cicd_managed_namespaces = [] +deployer_application_istio_role_name = "deployer-application-istio-role" +deployer_application_istio_rolebinding_name = "deployer-application-istio-rolebinding" +deployer_application_role_name = "deployer-application-role" +deployer_application_rolebinding_name = "deployer-application-rolebinding" +deployer_istiosystem_role_name = "deployer-istiosystem-role" +# enable only for dba account needs (most likely, not needed) +dba_admin_rolebinding_name = "dba-admin-rolebinding" +dba_administrator_role_name = "dba-admin-role" +dba_k8s_group_name = "dba-admin" +dba_k8s_user_name = "dba-admin" +dba_managed_namespaces = [] diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/common-services.auto.tfvars new file mode 100644 index 0000000..8198041 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/common-services.auto.tfvars @@ -0,0 +1,2 @@ +#tls_crt_file = "certs/pki.test4.sandbox.csp2.census.gov.bundle.crt" +#tls_key_file = "certs/pki.test4.sandbox.csp2.census.gov.key" diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/variables.common-services.auto.tfvars new file mode 100644 index 0000000..c6a82a1 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/common-services/variables.common-services.auto.tfvars @@ -0,0 +1,25 @@ +cert_manager_cainjector_tag = "v1.4.3" +cert_manager_controller_tag = "v1.4.3" +cert_manager_webhook_tag = "v1.4.3" +cluster_autoscaler_tag = "v1.21.0" +istio_tag = "1.10.1" +metrics_server_tag = "0.6.2-debian-11-r0" +tls_crt_b64 = "" +tls_crt_contents = "" +tls_crt_file = "" +tls_key_b64 = "" +tls_key_contents = "" +tls_key_file = "" +vault_approle_role_id = "" +vault_approle_role_path = "" +vault_approle_secret_id = "" +vault_authentication = "" +vault_ca_bundle_pem = "" +vault_ca_bundle_pem_b64 = "" +vault_ca_bundle_pem_file = "" +vault_path = "" +vault_serviceaccount_mountpath = "" +vault_serviceaccount_role = "" +vault_serviceaccount_sa = "" +vault_token = "" +vault_url = "" diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars new file mode 100644 index 0000000..45b1bf3 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +namespace = "kube-system" +namespace_short = "" +name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/variables.irsa.auto.tfvars new file mode 100644 index 0000000..d436089 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.23.in-progress/irsa-roles/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +name = "unknown" +namespace = "unknown" +namespace_short = "" diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/aws-auth/aws-auth.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/aws-auth/aws-auth.auto.tfvars new file mode 100644 index 0000000..6898918 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/aws-auth/aws-auth.auto.tfvars @@ -0,0 +1,28 @@ +aws_auth_users = [ + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + userarn = "" + aws_username = "a-badra001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] +aws_auth_roles = [ + { + rolearn = "" + aws_rolename = "r-inf-cloud-admin" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + { + rolearn = "" + aws_rolename = "r-inf-terraform" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, +] diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/cluster-roles/variables.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/cluster-roles/variables.auto.tfvars new file mode 100644 index 0000000..974aef0 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/cluster-roles/variables.auto.tfvars @@ -0,0 +1,16 @@ +istio_installed_namespace = "istio-system" +# enable only for cicd needs +cicd_k8s_group_name = "cicd-deployer" +cicd_k8s_user_name = "cicd-deployer" +cicd_managed_namespaces = [] +deployer_application_istio_role_name = "deployer-application-istio-role" +deployer_application_istio_rolebinding_name = "deployer-application-istio-rolebinding" +deployer_application_role_name = "deployer-application-role" +deployer_application_rolebinding_name = "deployer-application-rolebinding" +deployer_istiosystem_role_name = "deployer-istiosystem-role" +# enable only for dba account needs (most likely, not needed) +dba_admin_rolebinding_name = "dba-admin-rolebinding" +dba_administrator_role_name = "dba-admin-role" +dba_k8s_group_name = "dba-admin" +dba_k8s_user_name = "dba-admin" +dba_managed_namespaces = [] diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/common-services.auto.tfvars new file mode 100644 index 0000000..8198041 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/common-services.auto.tfvars @@ -0,0 +1,2 @@ +#tls_crt_file = "certs/pki.test4.sandbox.csp2.census.gov.bundle.crt" +#tls_key_file = "certs/pki.test4.sandbox.csp2.census.gov.key" diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/variables.common-services.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/variables.common-services.auto.tfvars new file mode 100644 index 0000000..c6a82a1 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/common-services/variables.common-services.auto.tfvars @@ -0,0 +1,25 @@ +cert_manager_cainjector_tag = "v1.4.3" +cert_manager_controller_tag = "v1.4.3" +cert_manager_webhook_tag = "v1.4.3" +cluster_autoscaler_tag = "v1.21.0" +istio_tag = "1.10.1" +metrics_server_tag = "0.6.2-debian-11-r0" +tls_crt_b64 = "" +tls_crt_contents = "" +tls_crt_file = "" +tls_key_b64 = "" +tls_key_contents = "" +tls_key_file = "" +vault_approle_role_id = "" +vault_approle_role_path = "" +vault_approle_secret_id = "" +vault_authentication = "" +vault_ca_bundle_pem = "" +vault_ca_bundle_pem_b64 = "" +vault_ca_bundle_pem_file = "" +vault_path = "" +vault_serviceaccount_mountpath = "" +vault_serviceaccount_role = "" +vault_serviceaccount_sa = "" +vault_token = "" +vault_url = "" diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars new file mode 100644 index 0000000..45b1bf3 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +namespace = "kube-system" +namespace_short = "" +name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/variables.irsa.auto.tfvars new file mode 100644 index 0000000..d436089 --- /dev/null +++ b/examples/full-cluster-tf-upgrade/1.24.in-progress/irsa-roles/variables.irsa.auto.tfvars @@ -0,0 +1,3 @@ +name = "unknown" +namespace = "unknown" +namespace_short = "" diff --git a/patch-aws-auth/examples/aws-auth.auto.tfvars b/patch-aws-auth/examples/aws-auth.auto.tfvars new file mode 100644 index 0000000..598e5d3 --- /dev/null +++ b/patch-aws-auth/examples/aws-auth.auto.tfvars @@ -0,0 +1,36 @@ +aws_auth_users = [ + # { + # userarn = "arn:aws:iam::079788916859:user/u-sall0002" + # k8s_username = "admin" + # groups = ["system:masters", "eks-console-dashboard-full-access-group"] + # }, + { + userarn = "" + aws_username = "a-ashle001" + username = "admin" + groups = ["system:masters", "eks-console-dashboard-full-access-group"] + }, + # { + # userarn = "arn:aws:iam::079788916859:user/u-zawac002" + # k8s_username = "admin" + # groups = ["system:masters", "eks-console-dashboard-full-access-group"] + # }, + # { + # userarn = "arn:aws:iam::079788916859:user/u-mcgin314" + # k8s_username = "admin" + # groups = ["system:masters", "eks-console-dashboard-full-access-group"] + # }, +] +aws_auth_roles = [ + { + rolearn : "" + aws_rolename : "r-inf-cloud-admin" + username : "admin" + groups = ["eks-console-dashboard-full-access-group"] + }, + # { + # rolearn: "arn:aws:iam::079788916859:role/r-adsd-eks" + # username: "admin" + # groups = ["system:masters", "eks-console-dashboard-full-access-group"] + # }, +] diff --git a/patch-aws-auth/examples/settings.auto.tfvars b/patch-aws-auth/examples/settings.auto.tfvars new file mode 100644 index 0000000..113185d --- /dev/null +++ b/patch-aws-auth/examples/settings.auto.tfvars @@ -0,0 +1,10 @@ +cluster_name = "adsd-cumulus-dev" +cluster_version = "1.21" +region = "us-gov-east-1" +domain = "adsd-cumulus-dev.dev.dice.census.gov" +eks_instance_disk_size = 40 +eks_vpc_name = "*dice-dev*" +eks_instance_type = "t3.xlarge" +eks_ng_desire_size = 3 +eks_ng_max_size = 15 +eks_ng_min_size = 3