From 79c683c81b99ac4a437f708bf2fa7217ec8cc2d3 Mon Sep 17 00:00:00 2001 From: Michael Cymerman Date: Fri, 25 Aug 2023 08:27:34 -0400 Subject: [PATCH 1/2] Update README.md typo when copying/pasting this won't work without the 's' in extras --- examples/extras/cloudwatch-agent/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/extras/cloudwatch-agent/README.md b/examples/extras/cloudwatch-agent/README.md index ee7afb6..3448ab9 100644 --- a/examples/extras/cloudwatch-agent/README.md +++ b/examples/extras/cloudwatch-agent/README.md @@ -67,7 +67,7 @@ cd 107742151971-do2-govcloud/vpc/east/vpc5/apps/eks-ditd-gups-stage/common-servi mkdir cloudwatch-agent cd cloudwatch-agent git checkout -b add-cloudwatch-agent -rsync -avRWH $EKS_SOURCE/examples/extra/cloudwatch-agent/./ ./ +rsync -avRWH $EKS_SOURCE/examples/extras/cloudwatch-agent/./ ./ ``` ## Step 3: Plan From c1641650ee9bbfe339d927659ed820423458cab3 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 7 Sep 2023 15:21:57 -0400 Subject: [PATCH 2/2] add xray --- examples/extras/xray/.tf-control | 20 ++++ examples/extras/xray/.tf-control.tfrc | 24 +++++ examples/extras/xray/locals.tf | 17 ++++ examples/extras/xray/region.tf | 3 + examples/extras/xray/tf-run.data | 31 ++++++ examples/extras/xray/tf-run.destroy.data | 6 ++ .../extras/xray/variables.xray.auto.tfvars | 21 ++++ examples/extras/xray/variables.xray.tf | 39 ++++++++ examples/extras/xray/xray.tf | 99 +++++++++++++++++++ 9 files changed, 260 insertions(+) create mode 100644 examples/extras/xray/.tf-control create mode 100644 examples/extras/xray/.tf-control.tfrc create mode 100644 examples/extras/xray/locals.tf create mode 100644 examples/extras/xray/region.tf create mode 100644 examples/extras/xray/tf-run.data create mode 100644 examples/extras/xray/tf-run.destroy.data create mode 100644 examples/extras/xray/variables.xray.auto.tfvars create mode 100644 examples/extras/xray/variables.xray.tf create mode 100644 examples/extras/xray/xray.tf diff --git a/examples/extras/xray/.tf-control b/examples/extras/xray/.tf-control new file mode 100644 index 0000000..280f449 --- /dev/null +++ b/examples/extras/xray/.tf-control @@ -0,0 +1,20 @@ +# .tf-control +# allows for setting a specific command to be used for tf-* commands under this git repo +# see tf-control.sh help for more info + +TFCONTROL_VERSION="1.0.5" + +TFCOMMAND="terraform_latest" +# TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc +# TFARGS="" +# TFNOLOG="" +# TFNOCOLOR="" + +# use the following to force a specific version. An upgrade of an existing 0.12.31 to 1.x +# needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed). Other +# steps in between. See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details +# +#TFCOMMAND="terraform_0.12.31" +#TFCOMMAND="terraform_0.13.7" +#TFCOMMAND="terraform_0.14.11" +#TFCOMMAND="terraform_0.15.5" diff --git a/examples/extras/xray/.tf-control.tfrc b/examples/extras/xray/.tf-control.tfrc new file mode 100644 index 0000000..7425488 --- /dev/null +++ b/examples/extras/xray/.tf-control.tfrc @@ -0,0 +1,24 @@ +TFCONTROL_VERSION="1.0.5" + +# https://www.terraform.io/docs/cli/config/config-file.html +plugin_cache_dir = "/data/terraform/terraform.d/plugin-cache" +#disable_checkpoint = true + +provider_installation { +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "*/*/*" ] +# } + filesystem_mirror { + path = "/data/terraform/terraform.d/providers" + include = [ "*/*/*" ] + } +# filesystem_mirror { +# path = "/apps/terraform/terraform.d/providers" +# include = [ "external.terraform.census.gov/*/*" ] +# } + direct { + include = [ "*/*/*" ] + } +} + diff --git a/examples/extras/xray/locals.tf b/examples/extras/xray/locals.tf new file mode 100644 index 0000000..4b9ae5a --- /dev/null +++ b/examples/extras/xray/locals.tf @@ -0,0 +1,17 @@ +locals { + base_tags = { + "eks-cluster-name" = var.cluster_name + "boc:tf_module_version" = local._module_version + "boc:created_by" = "terraform" + } +} + +# replace TF remote state accordingly in parent_rs with that from the parent directory, and be sure to make the link +locals { + vpc_id = local.parent_rs.cluster_vpc_id + subnet_ids = local.parent_rs.cluster_subnet_ids + cluster_worker_sg_id = local.parent_rs.cluster_worker_sg_id + + oidc_provider_url = local.parent_rs.oidc_provider_url + oidc_provider_arn = local.parent_rs.oidc_provider_arn +} diff --git a/examples/extras/xray/region.tf b/examples/extras/xray/region.tf new file mode 100644 index 0000000..f617506 --- /dev/null +++ b/examples/extras/xray/region.tf @@ -0,0 +1,3 @@ +locals { + region = var.region +} diff --git a/examples/extras/xray/tf-run.data b/examples/extras/xray/tf-run.data new file mode 100644 index 0000000..0db70b8 --- /dev/null +++ b/examples/extras/xray/tf-run.data @@ -0,0 +1,31 @@ +VERSION 1.4.2 +REMOTE-STATE +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh + +LINKTOP init +LINKTOP includes.d/variables.account_tags.tf +LINKTOP includes.d/variables.account_tags.auto.tfvars +LINKTOP includes.d/variables.infrastructure_tags.tf +LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars +LINKTOP includes.d/variables.application_tags.tf +# LINKTOP includes.d/variables.application_tags.auto.tfvars +LINK variables.application_tags.auto.tfvars +LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars +LINKTOP provider_configs.d/provider.ldap_new.tf +LINKTOP provider_configs.d/provider.ldap_new.variables.tf +LINK settings.auto.tfvars +LINK includes.d/parent_rs.tf +LINK includes.d/data.eks-subdirectory.tf +LINK includes.d/kubeconfig.eks-subdirectory.tf +LINK variables.eks.tf +LINK prefixes.tf +LINK providers.tf +LINK variables.addons.tf +LINK versions.tf +LINK version.tf +LINK variables.vpc.tf +LINK variables.vpc.auto.tfvars +COMMAND tf-init + +ALL diff --git a/examples/extras/xray/tf-run.destroy.data b/examples/extras/xray/tf-run.destroy.data new file mode 100644 index 0000000..7a82c9f --- /dev/null +++ b/examples/extras/xray/tf-run.destroy.data @@ -0,0 +1,6 @@ +VERSION 1.0.1 +BACKUP-STATE +COMMAND tf-init +COMMAND tf-state list + +ALL diff --git a/examples/extras/xray/variables.xray.auto.tfvars b/examples/extras/xray/variables.xray.auto.tfvars new file mode 100644 index 0000000..d6b045c --- /dev/null +++ b/examples/extras/xray/variables.xray.auto.tfvars @@ -0,0 +1,21 @@ +xray_charts = { + "xray" = { + name = "aws-xray" + documentation = "https://artifacthub.io/packages/helm/okgolove/aws-xray" + repository = "https://okgolove.github.io/helm-charts" + version = "4.0.3" + use_remote = true + } +} +xray_images = { + "xray" = { + name = "aws-xray-daemon" + image = "public.ecr.aws/xray/aws-xray-daemon" + dest_path = null + source_registry = "public.ecr.aws" + source_image = "xray/aws-xray-daemon" + source_tag = null + tag = "3.3.7" + enabled = true + } +} diff --git a/examples/extras/xray/variables.xray.tf b/examples/extras/xray/variables.xray.tf new file mode 100644 index 0000000..c466dd9 --- /dev/null +++ b/examples/extras/xray/variables.xray.tf @@ -0,0 +1,39 @@ +variable "xray_namespace" { + description = "Service namespace" + type = string + default = "default" +} + +variable "xray_name" { + description = "Service account name" + type = string + default = "aws-xray" +} + +variable "xray_charts" { + description = "Map of object with details about remote charts" + type = map(object( + { + name = string + documentation = optional(string, null) + repository = string + version = string + use_remote = bool + })) + default = {} +} + +variable "xray_images" { + description = "List of image configuration objects to copy from SOURCE to DESTINATION" + type = map(object({ + name = string, + documentation = optional(string, null) + tag = string, + dest_path = string, + source_registry = string, + source_image = string, + source_tag = string, + enabled = bool, + })) + default = {} +} diff --git a/examples/extras/xray/xray.tf b/examples/extras/xray/xray.tf new file mode 100644 index 0000000..446edc5 --- /dev/null +++ b/examples/extras/xray/xray.tf @@ -0,0 +1,99 @@ +data "aws_iam_policy" "policy_xray" { + name = "AWSXRayDaemonWriteAccess" +} + +module "role_xray" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + + role_description = "EKS IAM Role for ${var.cluster_name} for service account ${var.xray_namespace}:${var.xray_name}" + role_name = format("%v%v-irsa__%v", local._prefixes["eks-role"], var.cluster_name, var.xray_name) + + role_policy_arns = { + policy = data.aws_iam_policy.policy_xray.arn + } + + oidc_providers = { + main = { + provider_arn = local.oidc_provider_arn + namespace_service_accounts = [format("%v:%v", var.xray_namespace, var.xray_name)] + } + } + + tags = merge( + local.base_tags, + local.common_tags, + var.application_tags, + { + "eks:namespace" = var.xray_namespace + "eks:user" = var.xray_name + } + ) +} + +locals { + xray_images_output = { for k, v in module.images_xray.images : v.name => v } +} + +module "images_xray" { + source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git?ref=tf-upgrade" + + profile = var.profile + application_list = [] + application_name = format("eks/%v", var.cluster_name) + image_config = [for k, v in var.xray_images : v if v.enabled] + tags = merge( + local.base_tags, + local.common_tags, + var.application_tags, + ) +} + +# resource "kubernetes_namespace" "xray" { +# metadata { +# name = var.xray_namespace +# } +# } + +resource "helm_release" "xray" { + chart = "aws-xray" + name = "aws-xray" + namespace = var.xray_namespace + repository = var.xray_charts["xray"].use_remote ? var.xray_charts["xray"].repository : "${path.module}/charts" + version = var.xray_charts["xray"].use_remote ? var.xray_charts["xray"].version : null + + depends_on = [module.images_xray] + set { + name = "image.repository" + value = split(":", local.xray_images_output["aws-xray-daemon"].dest_full_path)[0] + } + + set { + name = "image.tag" + value = local.xray_images_output["aws-xray-daemon"].tag + } + set { + name = "xray.region" + value = local.region + } + set { + name = "clusterName" + value = var.cluster_name + } + set { + name = "serviceAccount.name" + value = var.xray_name + } + set { + name = "serviceAccount.create" + value = "true" + } + set { + name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = module.role_xray.iam_role_arn + } + set { + name = "xray.roleArn" + value = module.role_xray.iam_role_arn + } + timeout = 300 +}