diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control deleted file mode 100644 index 280f449..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control +++ /dev/null @@ -1,20 +0,0 @@ -# .tf-control -# allows for setting a specific command to be used for tf-* commands under this git repo -# see tf-control.sh help for more info - -TFCONTROL_VERSION="1.0.5" - -TFCOMMAND="terraform_latest" -# TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc -# TFARGS="" -# TFNOLOG="" -# TFNOCOLOR="" - -# use the following to force a specific version. An upgrade of an existing 0.12.31 to 1.x -# needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed). Other -# steps in between. See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details -# -#TFCOMMAND="terraform_0.12.31" -#TFCOMMAND="terraform_0.13.7" -#TFCOMMAND="terraform_0.14.11" -#TFCOMMAND="terraform_0.15.5" diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control.tfrc b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control.tfrc deleted file mode 100644 index 7425488..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/.tf-control.tfrc +++ /dev/null @@ -1,24 +0,0 @@ -TFCONTROL_VERSION="1.0.5" - -# https://www.terraform.io/docs/cli/config/config-file.html -plugin_cache_dir = "/data/terraform/terraform.d/plugin-cache" -#disable_checkpoint = true - -provider_installation { -# filesystem_mirror { -# path = "/apps/terraform/terraform.d/providers" -# include = [ "*/*/*" ] -# } - filesystem_mirror { - path = "/data/terraform/terraform.d/providers" - include = [ "*/*/*" ] - } -# filesystem_mirror { -# path = "/apps/terraform/terraform.d/providers" -# include = [ "external.terraform.census.gov/*/*" ] -# } - direct { - include = [ "*/*/*" ] - } -} - diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/README.md b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/README.md deleted file mode 100644 index bc949cb..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# irsa-roles: cluster-autoscaler - -This sets up the needed IAM roles for service accounts for the cluster autoscaler. - - -## Setup - -First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. - -## Terraform Automated - -A `tf-run.data` file exists here, so the simplest way to implement is with the `tf-run.sh` script. - -```console -% tf-run.sh apply -``` - -* example of the tf-run.sh`steps - -This is part of a larger cluster configuration, so at the end of the run it indicates another directory -to visit when done. - -```console -% tf-run.sh list -* running action=plan -* START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created) -* reading from tf-run.data -* read 6 entries from tf-run.data -> list -** START: start=1636561755 -* 1 COMMAND> tf-directory-setup.py -l none -* 2 COMMAND> setup-new-directory.sh -* 3 COMMAND> tf-init -upgrade -* 4 POLICY> (*.tf) aws_iam_policy.app_policy1 -* 4 tf-plan -target=aws_iam_policy.app_policy1 -* 5 tf-plan -* 6 COMMAND> tf-directory-setup.py -l s3 -** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created) -``` - -It is highly recommended to use the `tf-run.sh` approach. - -## Terraform Manual - -```shell -tf-directory-setup.py -l none -setup-new-directory.sh -tf-init -```` - -* Apply the the policies - -```shell -tf-plan -target=aws_iam_policy.app_policy1 -tf-apply -target=aws_iam_policy.app_policy1 -``` - -* Apply the rest - -```shell -tf-plan -tf-apply -tf-directory-setup.py -l s3 -``` - -## Post Setup Examination diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/data.eks-subdirectory.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/data.eks-subdirectory.tf deleted file mode 120000 index 05ab52d..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/data.eks-subdirectory.tf +++ /dev/null @@ -1 +0,0 @@ -../data.eks-subdirectory.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/irsa-roles.autoscale.tf.off b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/irsa-roles.autoscale.tf.off deleted file mode 100644 index 8199a2e..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/irsa-roles.autoscale.tf.off +++ /dev/null @@ -1,63 +0,0 @@ -data "aws_iam_policy_document" "assume_role_policy" { - statement { - actions = ["sts:AssumeRoleWithWebIdentity"] - effect = "Allow" - - condition { - test = "StringEquals" - variable = "${local.oidc_provider_url}:sub" - values = ["system:serviceaccount:${var.namespace}:${var.name}"] - } - - principals { - identifiers = [local.oidc_provider_arn] - type = "Federated" - } - } -} - -data "aws_iam_policy_document" "app_policy1"{ - statement { - sid = "ClusterAutoscaler" - effect = "Allow" - actions = [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "ec2:DescribeLaunchTemplateVersions" - ] - resources = ["*"] - } -} - -resource "aws_iam_policy" "app_policy1" { - name = format("%v%v-%v-%v-policy1", local._prefixes["eks-policy"], var.cluster_name, var.namespace, var.name) - path = "/" - policy = data.aws_iam_policy_document.app_policy1.json - -} - -module "app_role" { - source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" - - role_name = format("%v%v-irsa-%v-%v", local._prefixes["eks"], var.cluster_name, var.namespace, var.name) - role_description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.name}" - enable_ldap_creation = false - assume_policy_document = data.aws_iam_policy_document.assume_role_policy.json - attached_policies = [aws_iam_policy.app_policy1.arn] - - tags = merge( - local.base_tags, - local.common_tags, - var.tags, - var.application_tags, - ) -} - -output "app_role_arn" { - description = "ARN of IAM Role for Service account for cluster-autoscaler" - value = module.app_role.role_arn -} diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/locals.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/locals.tf deleted file mode 100644 index a65fb20..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/locals.tf +++ /dev/null @@ -1,17 +0,0 @@ -locals { - base_tags = { - "eks:cluster_name" = var.cluster_name - "boc:tf_module_version" = local._module_version - "boc:created_by" = "terraform" - } -} - -# replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link -locals { - vpc_id = local.parent_rs.cluster_vpc_id - subnet_ids = local.parent_rs.cluster_subnet_ids - cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id - - oidc_provider_url = local.parent_rs.oidc_provider_url - oidc_provider_arn = local.parent_rs.oidc_provider_arn -} diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/parent_rs.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/parent_rs.tf deleted file mode 120000 index dfccf35..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/parent_rs.tf +++ /dev/null @@ -1 +0,0 @@ -../parent_rs.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/policy.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/policy.tf deleted file mode 100644 index da92e08..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/policy.tf +++ /dev/null @@ -1,23 +0,0 @@ -data "aws_iam_policy_document" "app_policy1" { - statement { - sid = "ClusterAutoscaler" - effect = "Allow" - actions = [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "ec2:DescribeLaunchTemplateVersions" - ] - resources = ["*"] - } -} - -resource "aws_iam_policy" "app_policy1" { - name = format("%v%v-%v__%v__%v", local._prefixes["eks-policy"], var.cluster_name, "p1", var.namespace, var.name) - path = "/" - policy = data.aws_iam_policy_document.app_policy1.json - -} diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/prefixes.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/prefixes.tf deleted file mode 120000 index e0bf5ad..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/prefixes.tf +++ /dev/null @@ -1 +0,0 @@ -../prefixes.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/providers.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/providers.tf deleted file mode 120000 index 7244d01..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/providers.tf +++ /dev/null @@ -1 +0,0 @@ -../providers.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/region.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/region.tf deleted file mode 100644 index b7b1696..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/region.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - region = var.region -} - diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/role.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/role.tf deleted file mode 100644 index 11a6b4d..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/role.tf +++ /dev/null @@ -1,47 +0,0 @@ -data "aws_iam_policy_document" "assume_role_policy" { - statement { - actions = ["sts:AssumeRoleWithWebIdentity"] - effect = "Allow" - - condition { - test = "StringEquals" - variable = "${local.oidc_provider_url}:sub" - values = ["system:serviceaccount:${var.namespace}:${var.name}"] - } - - principals { - identifiers = [local.oidc_provider_arn] - type = "Federated" - } - } -} - -# default name too long, remove the namespace from the role name -# include the namespace and role binding in tags - -module "app_role" { - source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git?ref=tf-upgrade" - - # role_name = format("%v%v-irsa__%v__%v", local._prefixes["eks"], var.cluster_name, var.namespace, var.name) - role_name = format("%v%v-irsa__%v", local._prefixes["eks"], var.cluster_name, var.name) - role_description = "EKS IAM Role for ${var.cluster_name} for service account ${var.namespace}:${var.name}" - enable_ldap_creation = false - assume_policy_document = data.aws_iam_policy_document.assume_role_policy.json - attached_policies = [aws_iam_policy.app_policy1.arn] - - tags = merge( - local.base_tags, - local.common_tags, - var.tags, - var.application_tags, - { - "eks:namespace" = var.namespace - "eks:user" = var.name - } - ) -} - -output "app_role_arn" { - description = "ARN of IAM Role for Service account for cluster-autoscaler" - value = module.app_role.role_arn -} diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/service_account.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/service_account.tf deleted file mode 100644 index 2a0d9e0..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/service_account.tf +++ /dev/null @@ -1,11 +0,0 @@ -# https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - -resource "kubernetes_service_account" "app" { - metadata { - name = var.name - namespace = var.namespace - annotations = { - "eks.amazonaws.com/role-arn" = module.app_role.role_arn - } - } -} diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.data b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.data deleted file mode 100644 index 378ac59..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.data +++ /dev/null @@ -1,18 +0,0 @@ -VERSION 1.2.4 -REMOTE-STATE -COMMAND tf-directory-setup.py -l none -COMMAND setup-new-directory.sh -COMMAND tf-init -upgrade -COMMAND ln -sf ../versions.tf -COMMAND ln -sf ../settings.auto.tfvars -LINKTOP init -LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars -LINKTOP provider_configs.d/provider.ldap_new.tf -LINKTOP provider_configs.d/provider.ldap_new.variables.tf -LINK variables.application_tags.auto.tfvars - -POLICY -ALL -COMMAND tf-directory-setup.py -l s3 - -COMMENT cd .. and execute any additional directories diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.destroy.data b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.destroy.data deleted file mode 100644 index 7a82c9f..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/tf-run.destroy.data +++ /dev/null @@ -1,6 +0,0 @@ -VERSION 1.0.1 -BACKUP-STATE -COMMAND tf-init -COMMAND tf-state list - -ALL diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.eks.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.eks.tf deleted file mode 120000 index 7dd95db..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.eks.tf +++ /dev/null @@ -1 +0,0 @@ -../variables.eks.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars deleted file mode 100644 index 45b1bf3..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -namespace = "kube-system" -namespace_short = "" -name = "cluster-autoscaler" diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.tf deleted file mode 120000 index 840e7bb..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.irsa.tf +++ /dev/null @@ -1 +0,0 @@ -../variables.irsa.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.tags.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.tags.tf deleted file mode 120000 index 2622118..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/variables.tags.tf +++ /dev/null @@ -1 +0,0 @@ -../variables.tags.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/version.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/version.tf deleted file mode 120000 index 061373c..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/version.tf +++ /dev/null @@ -1 +0,0 @@ -../version.tf \ No newline at end of file diff --git a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/versions.tf b/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/versions.tf deleted file mode 120000 index 8bd0ff1..0000000 --- a/examples/full-cluster-tf-upgrade/1.25/irsa-roles/cluster-autoscaler/versions.tf +++ /dev/null @@ -1 +0,0 @@ -../versions.tf \ No newline at end of file