From 4a1a197daa32e883679a74b9f5bedee1e80549e3 Mon Sep 17 00:00:00 2001 From: Andrew S Date: Mon, 9 Aug 2021 13:35:10 +0600 Subject: [PATCH 1/8] #94 bumped provider versions --- terraform/layer1-aws/main.tf | 4 ++-- terraform/layer2-k8s/main.tf | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/layer1-aws/main.tf b/terraform/layer1-aws/main.tf index fa06a785..1ff4c18a 100644 --- a/terraform/layer1-aws/main.tf +++ b/terraform/layer1-aws/main.tf @@ -4,11 +4,11 @@ terraform { required_providers { aws = { source = "aws" - version = "3.38.0" + version = "3.53.0" } kubernetes = { source = "kubernetes" - version = "2.1.0" + version = "2.4.1" } } } diff --git a/terraform/layer2-k8s/main.tf b/terraform/layer2-k8s/main.tf index 66a30779..5f7994ef 100644 --- a/terraform/layer2-k8s/main.tf +++ b/terraform/layer2-k8s/main.tf @@ -4,15 +4,15 @@ terraform { required_providers { aws = { source = "aws" - version = "3.38.0" + version = "3.53.0" } kubernetes = { source = "kubernetes" - version = "2.1.0" + version = "2.4.1" } helm = { source = "helm" - version = "2.1.2" + version = "2.2.0" } } } From fa227656650207917902fc4f31889249ff2904bb Mon Sep 17 00:00:00 2001 From: Andrew S Date: Mon, 9 Aug 2021 13:36:58 +0600 Subject: [PATCH 2/8] #94 updated lock files --- terraform/layer1-aws/.terraform.lock.hcl | 97 ++++++++++++++++-------- terraform/layer2-k8s/.terraform.lock.hcl | 87 ++++++++++----------- 2 files changed, 109 insertions(+), 75 deletions(-) diff --git a/terraform/layer1-aws/.terraform.lock.hcl b/terraform/layer1-aws/.terraform.lock.hcl index b129a238..d146677d 100644 --- a/terraform/layer1-aws/.terraform.lock.hcl +++ b/terraform/layer1-aws/.terraform.lock.hcl @@ -2,42 +2,58 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "3.38.0" - constraints = ">= 2.49.0, >= 2.53.0, >= 3.10.0, >= 3.22.0, 3.38.0" + version = "3.53.0" + constraints = ">= 2.49.0, >= 2.53.0, >= 3.15.0, >= 3.40.0, >= 3.43.0, 3.53.0" hashes = [ - "h1:ARuS11ThIcUfmAQKWNXGPLOa1GheaIwkeCnMh9Mjvao=", - "h1:qKEjN/EM56XT46vGY33eoq7nD6JuGqRqFp7tkzTrRM0=", - "zh:20476d4c1b0c0efc55226bcbd85fbd948638fd9860a0edcdb7875cbb2b449e46", - "zh:7102622e6549cc3fc46b9ad68cbf4c50b162ce1013d4da817d05d1edf1f12fae", - "zh:74ff7f1610065e14c043cd9d74b3d5e0de4474f09a1a81e0b126b920b5cf6a27", - "zh:800e1b168149d507d23845f7a8b7e598c7dc16d2ee0f47848cf85d3e7458884f", - "zh:81ac3c68d6230b77740ca367e0c05a32ebb9be0fe5478c836573218a84eb3e46", - "zh:86536598796ba65539816f08351ac0ab32988ab84fa8f100049579996fafc800", - "zh:b9985c64f0f0b5bafb7067a60381fd807f7c3dd952c5d9f531385e464867bdd5", - "zh:c19c692896469724c6320fa7d87532ec3935e14e0e0fa0a8a0f1cf28ae7a0b0a", - "zh:cb8b14f246953a275ada562f5275a0d1a4938b7d20597e62fabe264012410f53", - "zh:cdbfa0ad87ff4d7451cfb89e53692a651d4c9cadece6845e60d986fd454b52b3", - "zh:ed5c4c8ae5adda37942bb15ef058c0811a95cb4c87259ae822627756dcb90efc", + "h1:kcda9YVaFUzBFVtKXNZrQB801i2XkH1Y5gbdOHNpB38=", + "zh:35a77c79170b0cf3fb7eb835f3ce0b715aeeceda0a259e96e49fed5a30cf6646", + "zh:519d5470a932b1ec9a0fe08876c5e0f0f84f8e506b652c051e4ab708be081e89", + "zh:58cfa5b454602d57c47acd15c2ad166a012574742cdbcf950787ce79b6510218", + "zh:5fc3c0162335a730701c0175809250233f45f1021da8fa52c73635e4c08372d8", + "zh:6790f9d6261eb4bd5cdd7cd9125f103befce2ba127f9ba46eef83585b86e1d11", + "zh:76e1776c3bf9568d520f78419ec143c081f653b8df4fb22577a8c4a35d3315f9", + "zh:ca8ed88d0385e45c35223ace59b1bf77d81cd2154d5416e63a3dddaf0def30e6", + "zh:d002562c4a89a9f1f6cd8d854fad3c66839626fc260e5dde5267f6d34dbd97a4", + "zh:da5e47fb769e90a2f16c90fd0ba95d62da3d76eb006823664a5c6e96188731b0", + "zh:dfe7f33ec252ea550e090975a5f10940c27302bebb5559957957937b069646ea", + "zh:fa91574605ddce726e8a4e421297009a9dabe023106e139ac46da49c8285f2fe", + ] +} + +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.2.0" + hashes = [ + "h1:siiI0wK6/jUDdA5P8ifTO0yc9YmXHml4hz5K9I9N+MA=", + "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96", + "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d", + "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9", + "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472", + "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f", + "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb", + "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a", + "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c", + "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c", + "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517", + "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.1.0" - constraints = ">= 1.11.1, 2.1.0" + version = "2.4.1" + constraints = ">= 1.11.1, 2.4.1" hashes = [ - "h1:8RC6upWV190+kE3+rYI4HuSouBUOfOXwV5GvIEXW4nk=", - "h1:L/3XfqLQ4bS1PjH/FksJPm+MYIOxCwn97ozbfSwg/VQ=", - "zh:22e2bcef08fb7f97ed503a27e3725d9d14fdd09fe3aa144fae8a7f78ed27856a", - "zh:2380cc2a91239b80ea380af8a7fcdcc7396f5213a71a251a5505c962ac6cb9c2", - "zh:496ea2818d5480590ada763672be051f4e76dc12c6a61fde2faa0c909e174eb7", - "zh:4e5b6c230d9a8da8a0f12e5db198f158f2c26432ad8e1c6ac22770ce7ec39118", - "zh:55ad614beffda4cdc918ad87dca09bb7b961f12183c0923230301f73e23e9665", - "zh:6849c52899091fa2f6714d8e5180a4affffc4b2ad03dc2250043d4b32049e16e", - "zh:7a6f0d9da5172b3770af98d59263e142313a8b2c4048271893c6003493ad1c89", - "zh:7c97fb24e60c41fa16f6305620d18ae51545c329f46f92988493a4c51a4e43e5", - "zh:a08111c4898544c40c62437cc28798d1f4d7298f61ddaf3f48dddec042d3519f", - "zh:be7493bff6b9f95fe203c295bfc5933111e7c8a5f3bd9e9ae143a0d699d516f8", - "zh:e4c94adc65b5ad5551893f58c19e1c766f212f16220087ca3e940a89449ac285", + "h1:RpE4kNQYkGxIyHyIEHXcdt/vKCtTVU2NNzTrOK4hb9E=", + "zh:10a368f3a3f26d821f02b55f0c42bdd4d2cd0dc5e2568c513bce39d92d25526f", + "zh:2183272a6d44f23d562d47ff4d6592685d8797838bdae69a50f92121743b020f", + "zh:24c492d61ce4dbcac4bb4410bd5e657ab28d19ab320d41104148ee626b44f5ed", + "zh:291380db0cd581d806158e5ddfd7133592055151109fcf0c923644cede5f30c7", + "zh:46933ddae44108d1a2956d917bafdb8879147b204b1bfac0c238773d2587e288", + "zh:5b96c1c330d709d87faa44f1cc9b1db87baeba5056638fe07c51a9b5a67f297e", + "zh:9fbb4ac6de96f68df324adbb77fd5eee6138f534f5393dc3bac18e615c75e0d0", + "zh:b8da6bbb97c20ec6e26c0160060c24d4e91b5057342b8b93a43f4019ab36e344", + "zh:c12390d668ef2f4c943c385de3befb54c0bfd0f9a3aa28b6aec55f7db4f4a518", + "zh:dee3d13f664037ada51e6f51c7e1c1361e643e1e61fbc9403b0f3985caa29c90", + "zh:ed10c04a636fa4a0f6e5e6068cb2f9a0f976b596cbabb9bd429631e3ba7fa35a", ] } @@ -119,3 +135,24 @@ provider "registry.terraform.io/hashicorp/template" { "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", ] } + +provider "registry.terraform.io/terraform-aws-modules/http" { + version = "2.4.1" + constraints = ">= 2.4.1" + hashes = [ + "h1:FINkX7/X/cr5NEssB7dMqVWa6YtJtmwzvkfryuR39/k=", + "zh:0111f54de2a9815ded291f23136d41f3d2731c58ea663a2e8f0fef02d377d697", + "zh:0740152d76f0ccf54f4d0e8e0753739a5233b022acd60b5d2353d248c4c17204", + "zh:569518f46809ec9cdc082b4dfd4e828236eee2b50f87b301d624cfd83b8f5b0d", + "zh:7669f7691de91eec9f381e9a4be81aa4560f050348a86c6ea7804925752a01bb", + "zh:81cd53e796ec806aca2d8e92a2aed9135661e170eeff6cf0418e54f98816cd05", + "zh:82f01abd905090f978b169ac85d7a5952322a5f0f460269dd981b3596652d304", + "zh:9a235610066e0f7e567e69c23a53327271a6fc568b06bf152d8fe6594749ed2b", + "zh:aeabdd8e633d143feb67c52248c85358951321e35b43943aeab577c005abd30a", + "zh:c20d22dba5c79731918e7192bc3d0b364d47e98a74f47d287e6cc66236bc0ed0", + "zh:c4fea2cb18c31ed7723deec5ebaff85d6795bb6b6ed3b954794af064d17a7f9f", + "zh:e21e88b6e7e55b9f29b046730d9928c65a4f181fd5f60a42f1cd41b46a0a938d", + "zh:eddb888a74dea348a0acdfee13a08875bacddde384bd9c28342a534269665568", + "zh:f46d5f1403b8d8dfafab9bdd7129d3080bb62a91ea726f477fd43560887b8c4a", + ] +} diff --git a/terraform/layer2-k8s/.terraform.lock.hcl b/terraform/layer2-k8s/.terraform.lock.hcl index 65b3b6c0..d3266236 100644 --- a/terraform/layer2-k8s/.terraform.lock.hcl +++ b/terraform/layer2-k8s/.terraform.lock.hcl @@ -2,22 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "3.38.0" - constraints = "3.38.0" + version = "3.53.0" + constraints = "3.53.0" hashes = [ - "h1:ARuS11ThIcUfmAQKWNXGPLOa1GheaIwkeCnMh9Mjvao=", - "h1:qKEjN/EM56XT46vGY33eoq7nD6JuGqRqFp7tkzTrRM0=", - "zh:20476d4c1b0c0efc55226bcbd85fbd948638fd9860a0edcdb7875cbb2b449e46", - "zh:7102622e6549cc3fc46b9ad68cbf4c50b162ce1013d4da817d05d1edf1f12fae", - "zh:74ff7f1610065e14c043cd9d74b3d5e0de4474f09a1a81e0b126b920b5cf6a27", - "zh:800e1b168149d507d23845f7a8b7e598c7dc16d2ee0f47848cf85d3e7458884f", - "zh:81ac3c68d6230b77740ca367e0c05a32ebb9be0fe5478c836573218a84eb3e46", - "zh:86536598796ba65539816f08351ac0ab32988ab84fa8f100049579996fafc800", - "zh:b9985c64f0f0b5bafb7067a60381fd807f7c3dd952c5d9f531385e464867bdd5", - "zh:c19c692896469724c6320fa7d87532ec3935e14e0e0fa0a8a0f1cf28ae7a0b0a", - "zh:cb8b14f246953a275ada562f5275a0d1a4938b7d20597e62fabe264012410f53", - "zh:cdbfa0ad87ff4d7451cfb89e53692a651d4c9cadece6845e60d986fd454b52b3", - "zh:ed5c4c8ae5adda37942bb15ef058c0811a95cb4c87259ae822627756dcb90efc", + "h1:kcda9YVaFUzBFVtKXNZrQB801i2XkH1Y5gbdOHNpB38=", + "zh:35a77c79170b0cf3fb7eb835f3ce0b715aeeceda0a259e96e49fed5a30cf6646", + "zh:519d5470a932b1ec9a0fe08876c5e0f0f84f8e506b652c051e4ab708be081e89", + "zh:58cfa5b454602d57c47acd15c2ad166a012574742cdbcf950787ce79b6510218", + "zh:5fc3c0162335a730701c0175809250233f45f1021da8fa52c73635e4c08372d8", + "zh:6790f9d6261eb4bd5cdd7cd9125f103befce2ba127f9ba46eef83585b86e1d11", + "zh:76e1776c3bf9568d520f78419ec143c081f653b8df4fb22577a8c4a35d3315f9", + "zh:ca8ed88d0385e45c35223ace59b1bf77d81cd2154d5416e63a3dddaf0def30e6", + "zh:d002562c4a89a9f1f6cd8d854fad3c66839626fc260e5dde5267f6d34dbd97a4", + "zh:da5e47fb769e90a2f16c90fd0ba95d62da3d76eb006823664a5c6e96188731b0", + "zh:dfe7f33ec252ea550e090975a5f10940c27302bebb5559957957937b069646ea", + "zh:fa91574605ddce726e8a4e421297009a9dabe023106e139ac46da49c8285f2fe", ] } @@ -40,42 +39,40 @@ provider "registry.terraform.io/hashicorp/external" { } provider "registry.terraform.io/hashicorp/helm" { - version = "2.1.2" - constraints = "2.1.2" + version = "2.2.0" + constraints = "2.2.0" hashes = [ - "h1:UVuNjmuEM4ZVtItbh1QRGulkBWxDY929roxFQhEf9Ks=", - "h1:axFN2JRP+iDo8EAhCfnA3fRUCB5S5x4zCKkivWLNN+Y=", - "zh:09bd2b6f33a040c3fd59d82c9768b886b8c82163e31ec92dc1b747229d0548df", - "zh:09f209fa57ad5d01f04c458f1719b42958ca5e0fc2eca63d9ec29f92c77a29f8", - "zh:0bfc627539500ffb2a41a2f8a5ea7f6fb1d76367b11bbf9489b483b9e8dfff8f", - "zh:0c0fef5587a5e927d15f9f4cc13cd0620b138238f9a422490fe9ea2bf086b61a", - "zh:187f99648fad2b84d49cdd372f8f6cedbf06e13411b3f1ff66708f66852d7855", - "zh:3d9ae08f8a99b19e80bd27708aecf592c28c92da66fd60189dfd7dce4d7da93c", - "zh:60b767109362c616b2e6386bfb08581b03bc3e528920444e52b16743f5a180d6", - "zh:729db42ed49d91c9b51eb602b9253e6ed6b3ab613c42deefc14996c9a8ee8ae4", - "zh:8401f3bf6d69ce43eb14911823c7e5cbb273cf564508043cd04fb064c30a3e1a", - "zh:91139b492ce1f41847017349ea49f9441b7cf70762c8d1c32a6a909e25ed10c1", - "zh:98fca606a539510edc94dcad8069a321e6a42df90e483f58df03b305726d9220", + "h1:liBgOoOXhA2A1DbL0oaifyNnoGOyHxMG4+xD1Kl58XA=", + "zh:01341dd1e9cc7e7f6999e11e7473bcdca2dd72dd27f91beed1f4fb599a15dfba", + "zh:20e86c9eccd3a81ef5ac243af31b61fc4d2d679437384bd0870e92fa1b3ed6c9", + "zh:22a71127c5dbea4f62edb5bcf00b5c163de04aa19d45a7a1f621f973ffd09d20", + "zh:28ab7c84a5f8ed82fc520668db93d650571ddf59d98845cb18a1fa1a7888efc0", + "zh:3985a30929ad8fdc6b94f0e1cbd62a63db75ee961b8ba7db1cf4bfd29e8009ff", + "zh:477d92e26ba0c906087a5dd827ac3917dad7d5af770ee0ab4b08d0f273150586", + "zh:750928ec5ef54b2090bd6a6d8a19630a8712bbbccc0429251e88ccd361c1d3c0", + "zh:a615841fd90094bddc1269127e501fa60453c441b9548ff73752fe14efc38ed0", + "zh:e762aca7883374fa255efba50f5bdf791fece7d61e3920e593fb1a2cbb598981", + "zh:f76f372ead52948ca53610b371cb80c80ebcf058ef0a5c0ce9f0ce38dcc9a8eb", + "zh:fa36fe93ed977f4478cc6547ec3c45c28e56f10632e85446b0c3d71449f8c4bb", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.1.0" - constraints = "2.1.0" + version = "2.4.1" + constraints = "2.4.1" hashes = [ - "h1:8RC6upWV190+kE3+rYI4HuSouBUOfOXwV5GvIEXW4nk=", - "h1:L/3XfqLQ4bS1PjH/FksJPm+MYIOxCwn97ozbfSwg/VQ=", - "zh:22e2bcef08fb7f97ed503a27e3725d9d14fdd09fe3aa144fae8a7f78ed27856a", - "zh:2380cc2a91239b80ea380af8a7fcdcc7396f5213a71a251a5505c962ac6cb9c2", - "zh:496ea2818d5480590ada763672be051f4e76dc12c6a61fde2faa0c909e174eb7", - "zh:4e5b6c230d9a8da8a0f12e5db198f158f2c26432ad8e1c6ac22770ce7ec39118", - "zh:55ad614beffda4cdc918ad87dca09bb7b961f12183c0923230301f73e23e9665", - "zh:6849c52899091fa2f6714d8e5180a4affffc4b2ad03dc2250043d4b32049e16e", - "zh:7a6f0d9da5172b3770af98d59263e142313a8b2c4048271893c6003493ad1c89", - "zh:7c97fb24e60c41fa16f6305620d18ae51545c329f46f92988493a4c51a4e43e5", - "zh:a08111c4898544c40c62437cc28798d1f4d7298f61ddaf3f48dddec042d3519f", - "zh:be7493bff6b9f95fe203c295bfc5933111e7c8a5f3bd9e9ae143a0d699d516f8", - "zh:e4c94adc65b5ad5551893f58c19e1c766f212f16220087ca3e940a89449ac285", + "h1:RpE4kNQYkGxIyHyIEHXcdt/vKCtTVU2NNzTrOK4hb9E=", + "zh:10a368f3a3f26d821f02b55f0c42bdd4d2cd0dc5e2568c513bce39d92d25526f", + "zh:2183272a6d44f23d562d47ff4d6592685d8797838bdae69a50f92121743b020f", + "zh:24c492d61ce4dbcac4bb4410bd5e657ab28d19ab320d41104148ee626b44f5ed", + "zh:291380db0cd581d806158e5ddfd7133592055151109fcf0c923644cede5f30c7", + "zh:46933ddae44108d1a2956d917bafdb8879147b204b1bfac0c238773d2587e288", + "zh:5b96c1c330d709d87faa44f1cc9b1db87baeba5056638fe07c51a9b5a67f297e", + "zh:9fbb4ac6de96f68df324adbb77fd5eee6138f534f5393dc3bac18e615c75e0d0", + "zh:b8da6bbb97c20ec6e26c0160060c24d4e91b5057342b8b93a43f4019ab36e344", + "zh:c12390d668ef2f4c943c385de3befb54c0bfd0f9a3aa28b6aec55f7db4f4a518", + "zh:dee3d13f664037ada51e6f51c7e1c1361e643e1e61fbc9403b0f3985caa29c90", + "zh:ed10c04a636fa4a0f6e5e6068cb2f9a0f976b596cbabb9bd429631e3ba7fa35a", ] } From 9ca6f3c03b98ede428663a60ae9605ed64cef993 Mon Sep 17 00:00:00 2001 From: Andrew S Date: Mon, 9 Aug 2021 13:38:16 +0600 Subject: [PATCH 3/8] #94 updated acm, eks and r53 modules versions --- terraform/layer1-aws/aws-acm.tf | 2 +- terraform/layer1-aws/aws-eks.tf | 2 +- terraform/layer1-aws/aws-r53.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/layer1-aws/aws-acm.tf b/terraform/layer1-aws/aws-acm.tf index 731c2d57..af9ca25e 100644 --- a/terraform/layer1-aws/aws-acm.tf +++ b/terraform/layer1-aws/aws-acm.tf @@ -1,6 +1,6 @@ module "acm" { source = "terraform-aws-modules/acm/aws" - version = "2.12.0" + version = "3.2.0" create_certificate = var.create_acm_certificate diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf index d7072fc4..1176d8c6 100644 --- a/terraform/layer1-aws/aws-eks.tf +++ b/terraform/layer1-aws/aws-eks.tf @@ -1,6 +1,6 @@ module "eks" { source = "terraform-aws-modules/eks/aws" - version = "15.1.0" + version = "17.1.0" cluster_name = local.name cluster_version = var.eks_cluster_version diff --git a/terraform/layer1-aws/aws-r53.tf b/terraform/layer1-aws/aws-r53.tf index a654ca5e..b3c87394 100644 --- a/terraform/layer1-aws/aws-r53.tf +++ b/terraform/layer1-aws/aws-r53.tf @@ -1,6 +1,6 @@ module "r53_zone" { source = "terraform-aws-modules/route53/aws//modules/zones" - version = "~> 1.9.0" + version = "2.1.0" create = var.create_r53_zone From b161316ddc3242687f5e029f716accbf0bfb4bd0 Mon Sep 17 00:00:00 2001 From: Andrew S Date: Wed, 11 Aug 2021 15:20:19 +0600 Subject: [PATCH 4/8] #95 added fargate profile Also added cluster logs parameter for eks and moved local variables to locals.tf. --- terraform/layer1-aws/aws-eks.tf | 71 +++++++++++++------------------ terraform/layer1-aws/aws-vpc.tf | 11 ----- terraform/layer1-aws/locals.tf | 25 +++++++++++ terraform/layer1-aws/variables.tf | 14 ++++++ 4 files changed, 69 insertions(+), 52 deletions(-) diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf index 5e0e47a8..4001cb4d 100644 --- a/terraform/layer1-aws/aws-eks.tf +++ b/terraform/layer1-aws/aws-eks.tf @@ -7,6 +7,9 @@ module "eks" { subnets = module.vpc.intra_subnets enable_irsa = true + cluster_enabled_log_types = var.eks_cluster_enabled_log_types + cluster_log_retention_in_days = var.eks_cluster_log_retention_in_days + tags = { ClusterName = local.name Environment = local.env @@ -33,18 +36,8 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot" public_ip = false additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "false" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "false" - "value" = "true" - } - ] + + tags = local.worker_tags }, { name = "ondemand" @@ -56,18 +49,8 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=ondemand" public_ip = false additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "true" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "true" - "value" = "true" - } - ] + + tags = local.worker_tags }, { name = "ci" @@ -81,27 +64,33 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot --node-labels=purpose=ci --register-with-taints=purpose=ci:NoSchedule" public_ip = true additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "false" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "false" - "value" = "true" - }, + + tags = concat(local.worker_tags, [{ + "key" = "k8s.io/cluster-autoscaler/node-template/label/purpose" + "propagate_at_launch" = "true" + "value" = "ci" + }]) + }, + ] + + fargate_profiles = { + default = { + name = "fargate" + + selectors = [ { - "key" = "k8s.io/cluster-autoscaler/node-template/label/purpose" - "propagate_at_launch" = "true" - "value" = "ci" + namespace = "fargate" } ] - }, - ] - map_roles = local.eks_map_roles + subnets = module.vpc.private_subnets + + tags = merge(local.tags, { + Namespace = "fargate" + }) + } + } + map_roles = local.eks_map_roles write_kubeconfig = var.eks_write_kubeconfig } diff --git a/terraform/layer1-aws/aws-vpc.tf b/terraform/layer1-aws/aws-vpc.tf index 0f00bf1e..e61f3250 100644 --- a/terraform/layer1-aws/aws-vpc.tf +++ b/terraform/layer1-aws/aws-vpc.tf @@ -1,14 +1,3 @@ -locals { - cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] - - private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] - public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] - database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] - intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] - - azs = data.aws_availability_zones.available.names -} - module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "3.2.0" diff --git a/terraform/layer1-aws/locals.tf b/terraform/layer1-aws/locals.tf index 126b37bb..fc9ae14b 100644 --- a/terraform/layer1-aws/locals.tf +++ b/terraform/layer1-aws/locals.tf @@ -1,5 +1,6 @@ # Use this as name base for all resources: locals { + # COMMON env = terraform.workspace == "default" ? var.environment : terraform.workspace short_region = var.short_region[var.region] name = "${var.name}-${local.env}-${local.short_region}" @@ -16,6 +17,17 @@ locals { zone_id = var.create_r53_zone ? keys(module.r53_zone.this_route53_zone_zone_id)[0] : (var.zone_id != null ? var.zone_id : data.aws_route53_zone.main[0].zone_id) + # VPC + cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] + + private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] + public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] + database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] + intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] + + azs = data.aws_availability_zones.available.names + + # EKS eks_map_roles = concat(var.eks_map_roles, [ { @@ -25,4 +37,17 @@ locals { "system:masters"] }] ) + + worker_tags = [ + { + "key" = "k8s.io/cluster-autoscaler/enabled" + "propagate_at_launch" = "false" + "value" = "true" + }, + { + "key" = "k8s.io/cluster-autoscaler/${local.name}" + "propagate_at_launch" = "false" + "value" = "true" + } + ] } diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf index 266efd4b..7f9458f6 100644 --- a/terraform/layer1-aws/variables.tf +++ b/terraform/layer1-aws/variables.tf @@ -69,6 +69,7 @@ variable "region" { } variable "az_count" { + type = number description = "Count of avaiablity zones, min 2" default = 3 } @@ -136,6 +137,18 @@ variable "eks_write_kubeconfig" { description = "Flag for eks module to write kubeconfig" } +variable "eks_cluster_enabled_log_types" { + type = list(string) + default = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)" +} + +variable "eks_cluster_log_retention_in_days" { + type = number + default = 90 + description = "Number of days to retain log events. Default retention - 90 days." +} + # ECR variable "ecr_repos" { type = list(any) @@ -144,6 +157,7 @@ variable "ecr_repos" { } variable "ecr_repo_retention_count" { + type = number default = 50 description = "number of images to store in ECR" } From 1113da0cadaebc89472d8bc5a756bfcee0aaf05a Mon Sep 17 00:00:00 2001 From: Andrew S Date: Wed, 11 Aug 2021 15:21:48 +0600 Subject: [PATCH 5/8] #95 fixed grafana dashboard url --- terraform/layer2-k8s/templates/prometheus-values.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/layer2-k8s/templates/prometheus-values.tmpl b/terraform/layer2-k8s/templates/prometheus-values.tmpl index c8eac4cd..4c1a216d 100644 --- a/terraform/layer2-k8s/templates/prometheus-values.tmpl +++ b/terraform/layer2-k8s/templates/prometheus-values.tmpl @@ -127,7 +127,7 @@ grafana: logs: logs: ## Dashboard for quick search application logs for loki with two datasources loki and prometheus - https://grafana.com/grafana/dashboards/12019 - url: https://s3.amazonaws.com/grafana-dashboards.maddevs.org/common/aws-eks-base/loki-dashboard-quick-search.json + url: https://grafana-dashboards.maddevs.org/common/aws-eks-base/loki-dashboard-quick-search.json k8s: nginx-ingress: From 3a0baf5869cc513179cc62a972d6d851e24d235e Mon Sep 17 00:00:00 2001 From: Andrew S Date: Wed, 11 Aug 2021 15:23:40 +0600 Subject: [PATCH 6/8] #96 added fargate profile Also added cluster logs parameter for eks and moved local variables to locals.tf. --- terraform/layer1-aws/aws-eks.tf | 71 ++++++++----------- terraform/layer1-aws/aws-vpc.tf | 11 --- terraform/layer1-aws/locals.tf | 25 +++++++ terraform/layer1-aws/variables.tf | 14 ++++ .../templates/prometheus-values.tmpl | 2 +- 5 files changed, 70 insertions(+), 53 deletions(-) diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf index 5e0e47a8..4001cb4d 100644 --- a/terraform/layer1-aws/aws-eks.tf +++ b/terraform/layer1-aws/aws-eks.tf @@ -7,6 +7,9 @@ module "eks" { subnets = module.vpc.intra_subnets enable_irsa = true + cluster_enabled_log_types = var.eks_cluster_enabled_log_types + cluster_log_retention_in_days = var.eks_cluster_log_retention_in_days + tags = { ClusterName = local.name Environment = local.env @@ -33,18 +36,8 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot" public_ip = false additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "false" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "false" - "value" = "true" - } - ] + + tags = local.worker_tags }, { name = "ondemand" @@ -56,18 +49,8 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=ondemand" public_ip = false additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "true" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "true" - "value" = "true" - } - ] + + tags = local.worker_tags }, { name = "ci" @@ -81,27 +64,33 @@ module "eks" { kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot --node-labels=purpose=ci --register-with-taints=purpose=ci:NoSchedule" public_ip = true additional_userdata = file("${path.module}/templates/eks-x86-nodes-userdata.sh") - tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "false" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "false" - "value" = "true" - }, + + tags = concat(local.worker_tags, [{ + "key" = "k8s.io/cluster-autoscaler/node-template/label/purpose" + "propagate_at_launch" = "true" + "value" = "ci" + }]) + }, + ] + + fargate_profiles = { + default = { + name = "fargate" + + selectors = [ { - "key" = "k8s.io/cluster-autoscaler/node-template/label/purpose" - "propagate_at_launch" = "true" - "value" = "ci" + namespace = "fargate" } ] - }, - ] - map_roles = local.eks_map_roles + subnets = module.vpc.private_subnets + + tags = merge(local.tags, { + Namespace = "fargate" + }) + } + } + map_roles = local.eks_map_roles write_kubeconfig = var.eks_write_kubeconfig } diff --git a/terraform/layer1-aws/aws-vpc.tf b/terraform/layer1-aws/aws-vpc.tf index 0f00bf1e..e61f3250 100644 --- a/terraform/layer1-aws/aws-vpc.tf +++ b/terraform/layer1-aws/aws-vpc.tf @@ -1,14 +1,3 @@ -locals { - cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] - - private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] - public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] - database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] - intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] - - azs = data.aws_availability_zones.available.names -} - module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "3.2.0" diff --git a/terraform/layer1-aws/locals.tf b/terraform/layer1-aws/locals.tf index 126b37bb..fc9ae14b 100644 --- a/terraform/layer1-aws/locals.tf +++ b/terraform/layer1-aws/locals.tf @@ -1,5 +1,6 @@ # Use this as name base for all resources: locals { + # COMMON env = terraform.workspace == "default" ? var.environment : terraform.workspace short_region = var.short_region[var.region] name = "${var.name}-${local.env}-${local.short_region}" @@ -16,6 +17,17 @@ locals { zone_id = var.create_r53_zone ? keys(module.r53_zone.this_route53_zone_zone_id)[0] : (var.zone_id != null ? var.zone_id : data.aws_route53_zone.main[0].zone_id) + # VPC + cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] + + private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] + public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] + database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] + intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] + + azs = data.aws_availability_zones.available.names + + # EKS eks_map_roles = concat(var.eks_map_roles, [ { @@ -25,4 +37,17 @@ locals { "system:masters"] }] ) + + worker_tags = [ + { + "key" = "k8s.io/cluster-autoscaler/enabled" + "propagate_at_launch" = "false" + "value" = "true" + }, + { + "key" = "k8s.io/cluster-autoscaler/${local.name}" + "propagate_at_launch" = "false" + "value" = "true" + } + ] } diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf index 266efd4b..7f9458f6 100644 --- a/terraform/layer1-aws/variables.tf +++ b/terraform/layer1-aws/variables.tf @@ -69,6 +69,7 @@ variable "region" { } variable "az_count" { + type = number description = "Count of avaiablity zones, min 2" default = 3 } @@ -136,6 +137,18 @@ variable "eks_write_kubeconfig" { description = "Flag for eks module to write kubeconfig" } +variable "eks_cluster_enabled_log_types" { + type = list(string) + default = ["api", "audit", "authenticator", "controllerManager", "scheduler"] + description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)" +} + +variable "eks_cluster_log_retention_in_days" { + type = number + default = 90 + description = "Number of days to retain log events. Default retention - 90 days." +} + # ECR variable "ecr_repos" { type = list(any) @@ -144,6 +157,7 @@ variable "ecr_repos" { } variable "ecr_repo_retention_count" { + type = number default = 50 description = "number of images to store in ECR" } diff --git a/terraform/layer2-k8s/templates/prometheus-values.tmpl b/terraform/layer2-k8s/templates/prometheus-values.tmpl index c8eac4cd..4c1a216d 100644 --- a/terraform/layer2-k8s/templates/prometheus-values.tmpl +++ b/terraform/layer2-k8s/templates/prometheus-values.tmpl @@ -127,7 +127,7 @@ grafana: logs: logs: ## Dashboard for quick search application logs for loki with two datasources loki and prometheus - https://grafana.com/grafana/dashboards/12019 - url: https://s3.amazonaws.com/grafana-dashboards.maddevs.org/common/aws-eks-base/loki-dashboard-quick-search.json + url: https://grafana-dashboards.maddevs.org/common/aws-eks-base/loki-dashboard-quick-search.json k8s: nginx-ingress: From 6743213202789071f91039951ff983a8ca8321c3 Mon Sep 17 00:00:00 2001 From: Andrew S Date: Wed, 11 Aug 2021 15:54:29 +0600 Subject: [PATCH 7/8] #96 moved locals for eks and vpc back to separate files --- terraform/layer1-aws/aws-eks.tf | 25 ++++++++++++++++++++++++ terraform/layer1-aws/aws-vpc.tf | 10 +++++++++- terraform/layer1-aws/locals.tf | 34 --------------------------------- 3 files changed, 34 insertions(+), 35 deletions(-) diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf index 4001cb4d..3b204137 100644 --- a/terraform/layer1-aws/aws-eks.tf +++ b/terraform/layer1-aws/aws-eks.tf @@ -1,3 +1,28 @@ +locals { + eks_map_roles = concat(var.eks_map_roles, + [ + { + rolearn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator" + username = "administrator" + groups = [ + "system:masters"] + }] + ) + + worker_tags = [ + { + "key" = "k8s.io/cluster-autoscaler/enabled" + "propagate_at_launch" = "false" + "value" = "true" + }, + { + "key" = "k8s.io/cluster-autoscaler/${local.name}" + "propagate_at_launch" = "false" + "value" = "true" + } + ] +} + module "eks" { source = "terraform-aws-modules/eks/aws" version = "17.1.0" diff --git a/terraform/layer1-aws/aws-vpc.tf b/terraform/layer1-aws/aws-vpc.tf index e61f3250..fdf9478b 100644 --- a/terraform/layer1-aws/aws-vpc.tf +++ b/terraform/layer1-aws/aws-vpc.tf @@ -1,3 +1,12 @@ +locals { + cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] + private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] + public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] + database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] + intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] + azs = data.aws_availability_zones.available.names +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "3.2.0" @@ -68,5 +77,4 @@ module "vpc" { Name = "${local.name}-intra" destination = "intra" } - } diff --git a/terraform/layer1-aws/locals.tf b/terraform/layer1-aws/locals.tf index fc9ae14b..9717fbb3 100644 --- a/terraform/layer1-aws/locals.tf +++ b/terraform/layer1-aws/locals.tf @@ -16,38 +16,4 @@ locals { ssl_certificate_arn = var.create_acm_certificate ? module.acm.this_acm_certificate_arn : data.aws_acm_certificate.main[0].arn zone_id = var.create_r53_zone ? keys(module.r53_zone.this_route53_zone_zone_id)[0] : (var.zone_id != null ? var.zone_id : data.aws_route53_zone.main[0].zone_id) - - # VPC - cidr_subnets = [for cidr_block in cidrsubnets(var.cidr, 2, 2, 2, 2) : cidrsubnets(cidr_block, 4, 4, 4, 4)] - - private_subnets = chunklist(local.cidr_subnets[0], var.az_count)[0] - public_subnets = chunklist(local.cidr_subnets[1], var.az_count)[0] - database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0] - intra_subnets = chunklist(local.cidr_subnets[3], var.az_count)[0] - - azs = data.aws_availability_zones.available.names - - # EKS - eks_map_roles = concat(var.eks_map_roles, - [ - { - rolearn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator" - username = "administrator" - groups = [ - "system:masters"] - }] - ) - - worker_tags = [ - { - "key" = "k8s.io/cluster-autoscaler/enabled" - "propagate_at_launch" = "false" - "value" = "true" - }, - { - "key" = "k8s.io/cluster-autoscaler/${local.name}" - "propagate_at_launch" = "false" - "value" = "true" - } - ] } From 1945ced6648092eb4cfd578f35faafed22bd2843 Mon Sep 17 00:00:00 2001 From: Andrew S Date: Thu, 12 Aug 2021 11:18:52 +0600 Subject: [PATCH 8/8] #96 decided to put only audit logs for eks as a default value --- terraform/layer1-aws/variables.tf | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf index 7f9458f6..7e7957ce 100644 --- a/terraform/layer1-aws/variables.tf +++ b/terraform/layer1-aws/variables.tf @@ -139,8 +139,8 @@ variable "eks_write_kubeconfig" { variable "eks_cluster_enabled_log_types" { type = list(string) - default = ["api", "audit", "authenticator", "controllerManager", "scheduler"] - description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)" + default = ["audit"] + description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler" } variable "eks_cluster_log_retention_in_days" { @@ -149,6 +149,12 @@ variable "eks_cluster_log_retention_in_days" { description = "Number of days to retain log events. Default retention - 90 days." } +variable "eks_cluster_encryption_config_enable" { + type = bool + default = false + description = "Enable or not encryption for k8s secrets with aws-kms" +} + # ECR variable "ecr_repos" { type = list(any) @@ -162,8 +168,3 @@ variable "ecr_repo_retention_count" { description = "number of images to store in ECR" } -variable "eks_cluster_encryption_config_enable" { - type = bool - default = false - description = "Enable or not encryption for k8s secrets with aws-kms" -}