generated from terraform-modules/template_aws_submodules
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
119 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,44 +1,64 @@ | ||
| ## Requirements | ||
| # irsa-roles | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 | | ||
| This is a directory under which actual IRSA role subdirectories exist. No resources are created here. | ||
|
|
||
| ## Providers | ||
| See the directories to follow the directions containd within: | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a | | ||
| * cluster-autoscaler | ||
|
|
||
| ## Modules | ||
| ## Setup Steps | ||
|
|
||
| No modules. | ||
| First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. | ||
|
|
||
| ## Resources | ||
| ## Terraform Automated | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | | ||
| | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | ||
| A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script. | ||
|
|
||
| ## Inputs | ||
| * copy the `remote_state.yml` from the parent and update `directory` to be the current directory | ||
| * run the tf-run.sh | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | | ||
| | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | | ||
| | <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | | ||
| | <a name="input_eks_instance_disk_size"></a> [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | | ||
| | <a name="input_eks_instance_type"></a> [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | | ||
| | <a name="input_eks_ng_desire_size"></a> [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | | ||
| | <a name="input_eks_ng_max_size"></a> [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | | ||
| | <a name="input_eks_ng_min_size"></a> [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | | ||
| | <a name="input_eks_vpc_name"></a> [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | | ||
| | <a name="input_name"></a> [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | | ||
| | <a name="input_namespace"></a> [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | | ||
| | <a name="input_subnets_name"></a> [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | | ||
| | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | | ||
| ```console | ||
| % tf-run.sh apply | ||
| ``` | ||
|
|
||
| ## Outputs | ||
| * example of the `tf-run.sh` steps | ||
|
|
||
| No outputs. | ||
| This is part of a larger cluster configuration, so at the end of the run it indicates another directory | ||
| to visit when done. | ||
|
|
||
| ```console | ||
| % tf-run.sh list | ||
| * running action=plan | ||
| * START: tf-run.sh v1.1.2 start=1636562881 end= logfile=logs/run.plan.20211110.1636562881.log (not-created) | ||
| * reading from tf-run.data | ||
| * read 6 entries from tf-run.data | ||
| > list | ||
| ** START: start=1636562881 | ||
| * 1 COMMAND> tf-directory-setup.py -l none -f | ||
| * 2 COMMAND> setup-new-directory.sh | ||
| * 3 COMMAND> tf-init -upgrade | ||
| * 4 tf-plan | ||
| * 5 COMMAND> tf-directory-setup.py -l s3 | ||
| * 6 COMMENT> cd cluster-roles and tf-run.sh apply | ||
| ** END: start=1636562881 end=1636562881 elapsed=0 logfile=logs/run.plan.20211110.1636562881.log (not-created) | ||
| ``` | ||
|
|
||
| It is highly recommended to use the `tf-run.sh` approach. | ||
|
|
||
| ## Terraform Manual | ||
|
|
||
| * setup | ||
|
|
||
| ```shell | ||
| tf-directory-setup.py -l none | ||
| setup-new-directory.sh | ||
| tf-init | ||
| ```` | ||
|
|
||
| * Apply the rest | ||
|
|
||
| ```shell | ||
| tf-plan | ||
| tf-apply | ||
| tf-directory-setup.py -l s3 | ||
| ``` |
119 changes: 66 additions & 53 deletions
119
examples/full-cluster/irsa-roles/cluster-autoscaler/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,53 +1,66 @@ | ||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 | | ||
|
|
||
| ## Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a | | ||
| | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a | | ||
|
|
||
| ## Modules | ||
|
|
||
| | Name | Source | Version | | ||
| |------|--------|---------| | ||
| | <a name="module_app_role"></a> [app\_role](#module\_app\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a | | ||
|
|
||
| ## Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_iam_policy.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | ||
| | [kubernetes_service_account.app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | | ||
| | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | | ||
| | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | ||
| | [aws_iam_policy_document.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | ||
| | [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | | ||
| | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | | ||
| | <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | | ||
| | <a name="input_eks_instance_disk_size"></a> [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | | ||
| | <a name="input_eks_instance_type"></a> [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | | ||
| | <a name="input_eks_ng_desire_size"></a> [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | | ||
| | <a name="input_eks_ng_max_size"></a> [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | | ||
| | <a name="input_eks_ng_min_size"></a> [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | | ||
| | <a name="input_eks_vpc_name"></a> [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | | ||
| | <a name="input_name"></a> [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | | ||
| | <a name="input_namespace"></a> [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | | ||
| | <a name="input_subnets_name"></a> [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | | ||
| | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_app_role_arn"></a> [app\_role\_arn](#output\_app\_role\_arn) | ARN of IAM Role for Service account for cluster-autoscaler | | ||
| # irsa-roles: cluster-autoscaler | ||
|
|
||
| This sets up the needed IAM roles for service accounts for the cluster autoscaler. | ||
|
|
||
|
|
||
| ## Setup | ||
|
|
||
| First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. | ||
|
|
||
| ## Terraform Automated | ||
|
|
||
| A `tf-run.data` file exists here, so the simplest way to implement is with the `tf-run.sh` script. | ||
|
|
||
| ```console | ||
| % tf-run.sh apply | ||
| ``` | ||
|
|
||
| * example of the tf-run.sh`steps | ||
|
|
||
| This is part of a larger cluster configuration, so at the end of the run it indicates another directory | ||
| to visit when done. | ||
|
|
||
| ```console | ||
| % tf-run.sh list | ||
| * running action=plan | ||
| * START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created) | ||
| * reading from tf-run.data | ||
| * read 6 entries from tf-run.data | ||
| > list | ||
| ** START: start=1636561755 | ||
| * 1 COMMAND> tf-directory-setup.py -l none | ||
| * 2 COMMAND> setup-new-directory.sh | ||
| * 3 COMMAND> tf-init -upgrade | ||
| * 4 POLICY> (*.tf) aws_iam_policy.app_policy1 | ||
| * 4 tf-plan -target=aws_iam_policy.app_policy1 | ||
| * 5 tf-plan | ||
| * 6 COMMAND> tf-directory-setup.py -l s3 | ||
| ** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created) | ||
| ``` | ||
|
|
||
| It is highly recommended to use the `tf-run.sh` approach. | ||
|
|
||
| ## Terraform Manual | ||
|
|
||
| ```shell | ||
| tf-directory-setup.py -l none | ||
| setup-new-directory.sh | ||
| tf-init | ||
| ```` | ||
|
|
||
| * Apply the the policies | ||
|
|
||
| ```shell | ||
| tf-plan -target=aws_iam_policy.app_policy1 | ||
| tf-apply -target=aws_iam_policy.app_policy1 | ||
| ``` | ||
|
|
||
| * Apply the rest | ||
|
|
||
| ```shell | ||
| tf-plan | ||
| tf-apply | ||
| tf-directory-setup.py -l s3 | ||
| ``` | ||
|
|
||
| ## Post Setup Examination |