From acfa5c8168ac860637d41214c6daafd351c71008 Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 16 Nov 2021 13:35:10 -0500 Subject: [PATCH] restore README.md --- examples/full-cluster/irsa-roles/README.md | 86 ++++++++----- .../irsa-roles/cluster-autoscaler/README.md | 119 ++++++++++-------- 2 files changed, 119 insertions(+), 86 deletions(-) diff --git a/examples/full-cluster/irsa-roles/README.md b/examples/full-cluster/irsa-roles/README.md index 5995413..6915c05 100644 --- a/examples/full-cluster/irsa-roles/README.md +++ b/examples/full-cluster/irsa-roles/README.md @@ -1,44 +1,64 @@ -## Requirements +# irsa-roles -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | +This is a directory under which actual IRSA role subdirectories exist. No resources are created here. -## Providers +See the directories to follow the directions containd within: -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | +* cluster-autoscaler -## Modules +## Setup Steps -No modules. +First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. -## Resources +## Terraform Automated -| Name | Type | -|------|------| -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | +A `tf-run.data` file exists here, so the simplest way to implemnt is with the `tf-run.sh` script. -## Inputs +* copy the `remote_state.yml` from the parent and update `directory` to be the current directory +* run the tf-run.sh -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | -| [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | -| [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | -| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | -| [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | -| [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | -| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | -| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | -| [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | -| [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | -| [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | -| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | -| [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | +```console +% tf-run.sh apply +``` -## Outputs +* example of the `tf-run.sh` steps -No outputs. +This is part of a larger cluster configuration, so at the end of the run it indicates another directory +to visit when done. + +```console +% tf-run.sh list +* running action=plan +* START: tf-run.sh v1.1.2 start=1636562881 end= logfile=logs/run.plan.20211110.1636562881.log (not-created) +* reading from tf-run.data +* read 6 entries from tf-run.data +> list +** START: start=1636562881 +* 1 COMMAND> tf-directory-setup.py -l none -f +* 2 COMMAND> setup-new-directory.sh +* 3 COMMAND> tf-init -upgrade +* 4 tf-plan +* 5 COMMAND> tf-directory-setup.py -l s3 +* 6 COMMENT> cd cluster-roles and tf-run.sh apply +** END: start=1636562881 end=1636562881 elapsed=0 logfile=logs/run.plan.20211110.1636562881.log (not-created) +``` + +It is highly recommended to use the `tf-run.sh` approach. + +## Terraform Manual + +* setup + +```shell +tf-directory-setup.py -l none +setup-new-directory.sh +tf-init +```` + +* Apply the rest + +```shell +tf-plan +tf-apply +tf-directory-setup.py -l s3 +``` diff --git a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md index bfe2fa5..bc949cb 100644 --- a/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md +++ b/examples/full-cluster/irsa-roles/cluster-autoscaler/README.md @@ -1,53 +1,66 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.31 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | -| [kubernetes](#provider\_kubernetes) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [app\_role](#module\_app\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [kubernetes_service_account.app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | -| [aws_iam_policy_document.app_policy1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no | -| [cluster\_version](#input\_cluster\_version) | The EKS version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no | -| [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no | -| [eks\_instance\_disk\_size](#input\_eks\_instance\_disk\_size) | The size of the disk in gigabytes | `number` | `40` | no | -| [eks\_instance\_type](#input\_eks\_instance\_type) | EKS worker node instance type | `string` | `"t3.xlarge"` | no | -| [eks\_ng\_desire\_size](#input\_eks\_ng\_desire\_size) | Node Group desire size, default is 1 | `number` | `4` | no | -| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size, default is 10 | `number` | `16` | no | -| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size, default is 1 | `number` | `4` | no | -| [eks\_vpc\_name](#input\_eks\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | `"*UNKNOWN*"` | no | -| [name](#input\_name) | K8S service names for IAM Role for Service Account (per-pod) | `string` | n/a | yes | -| [namespace](#input\_namespace) | K8S namespace for IAM Role for Service Account (per-pod) | `string` | n/a | yes | -| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no | -| [tags](#input\_tags) | AWS Tags to apply to appropriate resources. | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [app\_role\_arn](#output\_app\_role\_arn) | ARN of IAM Role for Service account for cluster-autoscaler | +# irsa-roles: cluster-autoscaler + +This sets up the needed IAM roles for service accounts for the cluster autoscaler. + + +## Setup + +First, copy the `remote_state.yml` from the parent and update `directory` to be the current directory. + +## Terraform Automated + +A `tf-run.data` file exists here, so the simplest way to implement is with the `tf-run.sh` script. + +```console +% tf-run.sh apply +``` + +* example of the tf-run.sh`steps + +This is part of a larger cluster configuration, so at the end of the run it indicates another directory +to visit when done. + +```console +% tf-run.sh list +* running action=plan +* START: tf-run.sh v1.1.2 start=1636561755 end= logfile=logs/run.plan.20211110.1636561755.log (not-created) +* reading from tf-run.data +* read 6 entries from tf-run.data +> list +** START: start=1636561755 +* 1 COMMAND> tf-directory-setup.py -l none +* 2 COMMAND> setup-new-directory.sh +* 3 COMMAND> tf-init -upgrade +* 4 POLICY> (*.tf) aws_iam_policy.app_policy1 +* 4 tf-plan -target=aws_iam_policy.app_policy1 +* 5 tf-plan +* 6 COMMAND> tf-directory-setup.py -l s3 +** END: start=1636561755 end=1636561755 elapsed=0 logfile=logs/run.plan.20211110.1636561755.log (not-created) +``` + +It is highly recommended to use the `tf-run.sh` approach. + +## Terraform Manual + +```shell +tf-directory-setup.py -l none +setup-new-directory.sh +tf-init +```` + +* Apply the the policies + +```shell +tf-plan -target=aws_iam_policy.app_policy1 +tf-apply -target=aws_iam_policy.app_policy1 +``` + +* Apply the rest + +```shell +tf-plan +tf-apply +tf-directory-setup.py -l s3 +``` + +## Post Setup Examination