Merge pull request #9 from dominodatalab/miguelhar.PLAT-5749.ocp-support

Miguelhar.plat 5749.ocp support
dominodatalab · Oct 28, 2022 · 83651a2 · 83651a2
2 parents 2afec00 + 70948a1
commit 83651a2
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 11 deletions.
diff --git a/main.tf b/main.tf
@@ -105,7 +105,7 @@ module "network" {
   availability_zones  = random_shuffle.azs.result
   public_subnets      = local.public_cidr_blocks
   private_subnets     = local.private_cidr_blocks
-  flow_log_bucket_arn = module.storage.s3_buckets["monitoring"].arn
+  flow_log_bucket_arn = { arn = module.storage.s3_buckets["monitoring"].arn }
 }
 
 locals {

diff --git a/submodules/network/README.md b/submodules/network/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.32.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.22.0 |
 
 ## Modules
 
@@ -41,10 +41,11 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_add_eks_elb_tags"></a> [add\_eks\_elb\_tags](#input\_add\_eks\_elb\_tags) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zone names where the subnets will be created | `list(string)` | n/a | yes |
 | <a name="input_cidr"></a> [cidr](#input\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | `""` | no |
-| <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `string` | n/a | yes |
+| <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `object({ arn = string })` | `null` | no |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | list of cidrs for the private subnets | `list(string)` | n/a | yes |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | list of cidrs for the public subnets | `list(string)` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |

diff --git a/submodules/network/main.tf b/submodules/network/main.tf
@@ -72,7 +72,8 @@ resource "aws_default_network_acl" "default" {
 }
 
 resource "aws_flow_log" "this" {
-  log_destination          = var.flow_log_bucket_arn
+  count                    = var.flow_log_bucket_arn != null ? 1 : 0
+  log_destination          = var.flow_log_bucket_arn["arn"]
   vpc_id                   = local.vpc_id
   max_aggregation_interval = 600
   log_destination_type     = "s3"

diff --git a/submodules/network/subnets.tf b/submodules/network/subnets.tf
@@ -25,10 +25,15 @@ resource "aws_subnet" "public" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = {
+  tags = var.add_eks_elb_tags ? {
     "Name"                                   = each.value.name
-    "kubernetes.io/role/elb"                 = "1",
-    "kubernetes.io/cluster/${var.deploy_id}" = "shared",
+    "kubernetes.io/role/elb"                 = "1"
+    "kubernetes.io/cluster/${var.deploy_id}" = "shared"
+    } : {
+    "Name" = each.value.name
+  }
+  lifecycle {
+    ignore_changes = [tags]
   }
 }
 
@@ -38,9 +43,14 @@ resource "aws_subnet" "private" {
   availability_zone = each.value.az
   vpc_id            = local.vpc_id
   cidr_block        = each.value.cidr
-  tags = {
+  tags = var.add_eks_elb_tags ? {
     "Name"                                   = each.value.name
-    "kubernetes.io/role/internal-elb"        = "1",
-    "kubernetes.io/cluster/${var.deploy_id}" = "shared",
+    "kubernetes.io/role/internal-elb"        = "1"
+    "kubernetes.io/cluster/${var.deploy_id}" = "shared"
+    } : {
+    "Name" = each.value.name
+  }
+  lifecycle {
+    ignore_changes = [tags]
   }
 }
diff --git a/submodules/network/variables.tf b/submodules/network/variables.tf
@@ -48,7 +48,15 @@ variable "cidr" {
   }
 }
 
+## This is an object in order to be used as a conditional in count, due to https://github.com/hashicorp/terraform/issues/26755
 variable "flow_log_bucket_arn" {
-  type        = string
+  type        = object({ arn = string })
   description = "Bucket for vpc flow logging"
+  default     = null
+}
+
+variable "add_eks_elb_tags" {
+  type        = bool
+  description = "Toggle k8s cluster tag on subnet"
+  default     = true
 }