include certificate and Cloudwatch on terrraform

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
kubeshark · Sep 21, 2023 · c316092 · c316092
1 parent cb27d2f
commit c316092
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 38 deletions.
diff --git a/deploy/kubernetes/terraform/addons.tf b/deploy/kubernetes/terraform/addons.tf
@@ -1,3 +1,9 @@
+data "aws_acm_certificate" "kubeshark_crt" {
+  domain      = "*.kubehq.org"
+  statuses = ["ISSUED"]
+  most_recent = true
+}
+
 module "eks_blueprints_addons" {
   source  = "aws-ia/eks-blueprints-addons/aws"
   version = "~> 1.0" #ensure to update this to the latest/desired version
@@ -7,27 +13,13 @@ module "eks_blueprints_addons" {
   cluster_version   = module.eks.cluster_version
   oidc_provider_arn = module.eks.oidc_provider_arn
 
-#   eks_addons = {
-#     aws-ebs-csi-driver = {
-#       most_recent = true
-#     }
-#     coredns = {
-#       most_recent = true
-#     }
-#     vpc-cni = {
-#       most_recent = true
-#     }
-#     kube-proxy = {
-#       most_recent = true
-#     }
-#   }
-
+  enable_kube_prometheus_stack           = var.enable_kube_prometheus_stack
+  enable_aws_cloudwatch_metrics          = var.enable_aws_cloudwatch_metrics
+  enable_ingress_nginx                   = var.enable_ingress_nginx
   enable_aws_load_balancer_controller    = true
-  enable_kube_prometheus_stack           = false
   enable_metrics_server                  = true
   enable_external_secrets                = false
-  enable_ingress_nginx                   = false
-  enable_argocd                          = true
+  enable_argocd                          = false
   enable_cluster_proportional_autoscaler = false
   enable_external_dns                    = false
   enable_karpenter                       = false
@@ -64,10 +56,14 @@ resource "helm_release" "kubeshark" {
   name = "kubeshark"
   repository = "https://helm.kubeshark.co"
   chart = "kubeshark"
-  values = [templatefile("${path.module}/values/kubeshark.yaml", {})]
+  values = [templatefile("${path.module}/values/kubeshark.yaml", {
+    certificate_arn = data.aws_acm_certificate.kubeshark_crt.arn
+  })]
+  count = var.enable_kubeshark ? 1 : 0
 }
 
-resource "kubectl_manifest" "sock-shop" {
-  yaml_body = templatefile("${path.module}/values/sock-shop-demo.yaml", {})
+resource "kubectl_manifest" "sock_shop" {
+  yaml_body = templatefile("${path.module}/../complete-demo.yaml", {})
   wait_for_rollout = true
+  count = var.enable_sock_shop ? 1 : 0
 }
diff --git a/deploy/kubernetes/terraform/locals.tf b/deploy/kubernetes/terraform/locals.tf
@@ -7,7 +7,8 @@ locals {
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
   tags = {
-    Example    = local.name
+    Release    = local.name
+    Kind       = "demo"
     GithubRepo = "terraform-aws-eks"
     GithubOrg  = "terraform-aws-modules"
   }

diff --git a/deploy/kubernetes/terraform/values/ingress-nginx.yaml b/deploy/kubernetes/terraform/values/ingress-nginx.yaml
@@ -3,6 +3,7 @@ controller:
     enabled: true
   service:
     externalTrafficPolicy: Local
+    type: LoadBalancer
     targetPorts:
       http: http
       https: http
@@ -11,4 +12,9 @@ controller:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
       service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
-      service.beta.kubernetes.io/aws-load-balancer-internal: false
+      service.beta.kubernetes.io/aws-load-balancer-internal: false
+      service.beta.kubernetes.io/aws-load-balancer-type: external
+      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /healthz
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: 10254
diff --git a/deploy/kubernetes/terraform/values/kubeshark.yaml b/deploy/kubernetes/terraform/values/kubeshark.yaml
@@ -2,6 +2,8 @@ tap:
   ingress:
     enabled: true
     classname: alb
+    host: demo.kubehq.org
     annotations:
       alb.ingress.kubernetes.io/scheme: internet-facing
-      alb.ingress.kubernetes.io/target-type: ip
+      alb.ingress.kubernetes.io/target-type: ip
+      alb.ingress.kubernetes.io/certificate-arn : "${certificate_arn}"
diff --git a/deploy/kubernetes/terraform/values/sock-shop-demo.yaml b/deploy/kubernetes/terraform/values/sock-shop-demo.yaml
diff --git a/deploy/kubernetes/terraform/variables.tf b/deploy/kubernetes/terraform/variables.tf
@@ -7,3 +7,34 @@ variable "region" {
   type        = string
   default     = "us-east-2"
 }
+
+variable "enable_kubeshark" {
+  description = "Enables Kubeshark installation"
+  type = bool
+  default = false
+}
+
+variable "enable_sock_shop" {
+  description = "Enables Sock Shop installation"
+  type = bool
+  default = false
+}
+
+variable "enable_kube_prometheus_stack" {
+  description = "Enables Prometheus Stack installation"
+  type = bool
+  default = true
+}
+
+variable "enable_aws_cloudwatch_metrics" {
+  description = "Enables Cloudwatch Metrics installation"
+  type = bool
+  default = true
+}
+
+variable "enable_ingress_nginx" {
+  description = "Enables Ingress Nginx installation"
+  type = bool
+  default = false
+}
+