From cd799096cd81be37ad43762953904737d00c002e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Wed, 5 Jun 2024 20:37:46 +0200 Subject: [PATCH] chore: tflint and cleanup --- .github/workflows/ci.yaml | 9 +- .tflint.hcl | 10 ++ Makefile | 29 ++++-- README.md | 2 + examples/with-backstage/README.md | 17 ++-- .../with-backstage/backstage-humanitec.tf | 76 +-------------- examples/with-backstage/provider.tf | 14 ++- .../with-backstage/terraform.tfvars.example | 5 +- examples/with-backstage/variables.tf | 6 -- main.tf | 8 ++ modules/base/README.md | 92 ++++++++++--------- modules/base/humanitec.tf | 2 +- modules/base/main.tf | 2 - modules/base/providers.tf | 10 +- modules/base/terraform.tfvars.example | 52 +++++++++++ 15 files changed, 178 insertions(+), 156 deletions(-) create mode 100644 .tflint.hcl create mode 100644 modules/base/terraform.tfvars.example diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0c0f5a3..73570c6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,7 +20,7 @@ jobs: - name: Install terraform-docs run: | WORK_DIR=$(mktemp -d) - curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz + curl -Lo ${WORK_DIR}/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.18.0/terraform-docs-v0.18.0-$(uname)-amd64.tar.gz cd ${WORK_DIR} tar -xzf terraform-docs.tar.gz chmod +x terraform-docs @@ -31,8 +31,11 @@ jobs: - name: Check git diff is clean (all files generated should be committed) run: git diff --exit-code - - name: Terraform Format Check - run: make fmt-check + - uses: terraform-linters/setup-tflint@v4 + with: + tflint_version: v0.51.1 + - name: Terraform Lint + run: make lint - name: Stub GitHub App credentials (required for validation) run: cd ./examples/with-backstage && STUB_FILE=1 node create-gh-app/index.js diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..676fcf4 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,10 @@ +plugin "terraform" { + enabled = true + preset = "recommended" +} + +plugin "aws" { + enabled = true + version = "0.31.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} diff --git a/Makefile b/Makefile index ccca688..7d3b704 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,18 @@ TF_DIRS = $(patsubst %/main.tf, %, $(shell find . -type d -name .terraform -prune -o -name 'main.tf' -print)) VALIDATE_TF_DIRS = $(addprefix validate-,$(TF_DIRS)) +LINT_TF_DIRS = $(addprefix lint-,$(TF_DIRS)) +DOCS_TF_DIRS = $(addprefix docs-,$(TF_DIRS)) + +# Generate docs for a terraform directories +$(DOCS_TF_DIRS): docs-%: + @echo "Docs $*" + terraform-docs --config docs/.terraform-docs.yaml $* + terraform-docs --config docs/.terraform-docs-example.yaml $* # Generate docs .PHONY: docs -docs: - terraform-docs --lockfile=false ./modules/base - terraform-docs --config docs/.terraform-docs.yaml . - terraform-docs --config docs/.terraform-docs-example.yaml . - terraform-docs --config docs/.terraform-docs.yaml ./examples/with-backstage - terraform-docs --config docs/.terraform-docs-example.yaml ./examples/with-backstage +docs: $(DOCS_TF_DIRS) + @echo "All docs generated" # Format all terraform files fmt: @@ -27,3 +31,16 @@ $(VALIDATE_TF_DIRS): validate-%: # Validate all terraform directories validate: $(VALIDATE_TF_DIRS) @echo "All validated" + +# Lint a terraform directories +$(LINT_TF_DIRS): lint-%: + @echo "Lint $*" + tflint --config "$(PWD)/.tflint.hcl" --chdir="$*" + +# Initialize tflint +lint-init: + tflint --init + +# Lint all terraform directories +lint: lint-init $(LINT_TF_DIRS) fmt-check + @echo "All linted" diff --git a/README.md b/README.md index 1107f16..01a866a 100644 --- a/README.md +++ b/README.md @@ -184,7 +184,9 @@ Once you are finished with the reference architecture, you can remove all provis |------|---------| | terraform | >= 1.3.0 | | aws | ~> 5.17 | +| helm | ~> 2.12 | | humanitec | ~> 1.0 | +| kubernetes | ~> 2.25 | ### Modules diff --git a/examples/with-backstage/README.md b/examples/with-backstage/README.md index 65e8668..86f6da7 100644 --- a/examples/with-backstage/README.md +++ b/examples/with-backstage/README.md @@ -72,10 +72,13 @@ Once you are finished with the reference architecture, you can remove all provis | Name | Version | |------|---------| +| terraform | >= 1.0.0 | | terraform | >= 1.3.0 | | aws | ~> 5.17 | | github | ~> 5.38 | +| helm | ~> 2.12 | | humanitec | ~> 1.0 | +| kubernetes | ~> 2.25 | | random | ~> 3.5 | ### Providers @@ -92,15 +95,12 @@ Once you are finished with the reference architecture, you can remove all provis | Name | Source | Version | |------|--------|---------| | backstage\_ecr | terraform-aws-modules/ecr/aws | ~> 1.6 | -| backstage\_iam\_policy\_ecr\_create\_repository | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository | n/a | -| backstage\_iam\_role\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account | n/a | -| backstage\_k8s\_service\_account | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account | n/a | -| backstage\_mysql | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic | n/a | -| backstage\_postgres | git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic | n/a | -| backstage\_workload | git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account | n/a | +| backstage\_mysql | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/mysql/basic | +| backstage\_postgres | github.com/humanitec-architecture/resource-packs-in-cluster | v2024-06-05//humanitec-resource-defs/postgres/basic | | base | ../../modules/base | n/a | | iam\_github\_oidc\_provider | terraform-aws-modules/iam/aws//modules/iam-github-oidc-provider | ~> 5.30 | | iam\_github\_oidc\_role | terraform-aws-modules/iam/aws//modules/iam-github-oidc-role | ~> 5.30 | +| terraform\_state\_backend | cloudposse/tfstate-backend/aws | 1.1.1 | ### Resources @@ -114,12 +114,8 @@ Once you are finished with the reference architecture, you can remove all provis | [github_actions_organization_variable.backstage_humanitec_org_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource | | [github_repository.backstage](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource | | [humanitec_application.backstage](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | -| [humanitec_resource_definition_criteria.backstage_iam_policy_ecr_create_repository](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_iam_role_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_k8s_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.backstage_mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.backstage_postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | -| [humanitec_resource_definition_criteria.backstage_workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_value.app_config_backend_auth_keys](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | | [humanitec_value.aws_default_region](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | | [humanitec_value.backstage_cloud_provider](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource | @@ -144,5 +140,4 @@ Once you are finished with the reference architecture, you can remove all provis | humanitec\_org\_id | Humanitec Organization ID | `string` | n/a | yes | | disk\_size | Disk size in GB to use for EKS nodes | `number` | `20` | no | | instance\_types | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | -| resource\_packs\_aws\_rev | Revision of the resource-packs-aws repository to use | `string` | `"refs/heads/main"` | no | diff --git a/examples/with-backstage/backstage-humanitec.tf b/examples/with-backstage/backstage-humanitec.tf index b06fbdb..edd6e1f 100644 --- a/examples/with-backstage/backstage-humanitec.tf +++ b/examples/with-backstage/backstage-humanitec.tf @@ -108,7 +108,7 @@ locals { # in-cluster postgres module "backstage_postgres" { - source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/postgres/basic" + source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/postgres/basic" prefix = local.res_def_prefix } @@ -120,84 +120,12 @@ resource "humanitec_resource_definition_criteria" "backstage_postgres" { force_delete = true } -# k8s service account (to assume an AWS role) - -module "backstage_k8s_service_account" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/k8s/service-account" - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_k8s_service_account" { - resource_definition_id = module.backstage_k8s_service_account.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# AWS policy to create ECR repositories (required to scaffold apps) - -module "backstage_iam_policy_ecr_create_repository" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-policy/ecr-create-repository" - - driver_account = module.base.humanitec_resource_account_id - resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.aws_region - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_iam_policy_ecr_create_repository" { - resource_definition_id = module.backstage_iam_policy_ecr_create_repository.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# AWS role assumable by the k8s service account - -module "backstage_iam_role_service_account" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/iam-role/service-account" - - driver_account = module.base.humanitec_resource_account_id - resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.aws_region - - policy_classes = ["default"] - - cluster_name = module.base.eks_cluster_name - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_iam_role_service_account" { - resource_definition_id = module.backstage_iam_role_service_account.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - -# Workload resource that sets the service account - -module "backstage_workload" { - source = "git::https://github.com/humanitec-architecture/resource-packs-aws.git//humanitec-resource-defs/workload/service-account" - - prefix = local.res_def_prefix -} - -resource "humanitec_resource_definition_criteria" "backstage_workload" { - resource_definition_id = module.backstage_workload.id - app_id = humanitec_application.backstage.id - - force_delete = true -} - - # Configure required resources for scaffolded apps # in-cluster mysql module "backstage_mysql" { - source = "git::https://github.com/humanitec-architecture/resource-packs-in-cluster.git//humanitec-resource-defs/mysql/basic" + source = "github.com/humanitec-architecture/resource-packs-in-cluster?ref=v2024-06-05//humanitec-resource-defs/mysql/basic" prefix = local.res_def_prefix } diff --git a/examples/with-backstage/provider.tf b/examples/with-backstage/provider.tf index 990d784..e388034 100644 --- a/examples/with-backstage/provider.tf +++ b/examples/with-backstage/provider.tf @@ -4,13 +4,21 @@ terraform { source = "hashicorp/aws" version = "~> 5.17" } + github = { + source = "integrations/github" + version = "~> 5.38" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.12" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } - github = { - source = "integrations/github" - version = "~> 5.38" + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25" } random = { source = "hashicorp/random" diff --git a/examples/with-backstage/terraform.tfvars.example b/examples/with-backstage/terraform.tfvars.example index 1125b1a..7b5799e 100644 --- a/examples/with-backstage/terraform.tfvars.example +++ b/examples/with-backstage/terraform.tfvars.example @@ -20,7 +20,4 @@ humanitec_org_id = "" # List of EC2 instances types to use for EKS nodes instance_types = [ "t3.large" -] - -# Revision of the resource-packs-aws repository to use -resource_packs_aws_rev = "refs/heads/main" \ No newline at end of file +] \ No newline at end of file diff --git a/examples/with-backstage/variables.tf b/examples/with-backstage/variables.tf index 8d8238a..43ac6c5 100644 --- a/examples/with-backstage/variables.tf +++ b/examples/with-backstage/variables.tf @@ -24,12 +24,6 @@ variable "humanitec_ci_service_user_token" { sensitive = true } -variable "resource_packs_aws_rev" { - description = "Revision of the resource-packs-aws repository to use" - type = string - default = "refs/heads/main" -} - variable "instance_types" { description = "List of EC2 instances types to use for EKS nodes" type = list(string) diff --git a/main.tf b/main.tf index 08cd954..574c2c9 100644 --- a/main.tf +++ b/main.tf @@ -5,10 +5,18 @@ terraform { source = "hashicorp/aws" version = "~> 5.17" } + helm = { + source = "hashicorp/helm" + version = "~> 2.12" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.25" + } } required_version = ">= 1.3.0" } diff --git a/modules/base/README.md b/modules/base/README.md index efb9d3f..bc26e2b 100644 --- a/modules/base/README.md +++ b/modules/base/README.md @@ -1,35 +1,40 @@ -# base +# base Module that provides the reference architecture. +## Terraform docs + -## Requirements +### Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.3.0 | -| [aws](#requirement\_aws) | >= 4.50 | -| [kubernetes](#requirement\_kubernetes) | >= 2.0.3 | +| terraform | >= 1.3.0 | +| aws | >= 4.50 | +| helm | ~> 2.12 | +| humanitec | ~> 1.0 | +| kubernetes | >= 2.0.3 | +| random | ~> 3.5 | -## Providers +### Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.50 | -| [helm](#provider\_helm) | n/a | -| [humanitec](#provider\_humanitec) | n/a | -| [kubernetes](#provider\_kubernetes) | >= 2.0.3 | -| [random](#provider\_random) | n/a | +| aws | >= 4.50 | +| helm | ~> 2.12 | +| humanitec | ~> 1.0 | +| kubernetes | >= 2.0.3 | +| random | ~> 3.5 | -## Modules +### Modules | Name | Source | Version | |------|--------|---------| -| [aws\_eks](#module\_aws\_eks) | terraform-aws-modules/eks/aws | ~> 20.2 | -| [aws\_vpc](#module\_aws\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.1 | -| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.30 | +| aws\_eks | terraform-aws-modules/eks/aws | ~> 20.2 | +| aws\_vpc | terraform-aws-modules/vpc/aws | ~> 5.1 | +| ebs\_csi\_irsa\_role | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.30 | -## Resources +### Resources | Name | Type | |------|------| @@ -42,44 +47,43 @@ Module that provides the reference architecture. | [humanitec_resource_definition_criteria.k8s_cluster_driver](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.k8s_namespace](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_elb_hosted_zone_id.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_hosted_zone_id) | data source | | [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | | [kubernetes_service.ingress_nginx_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | -## Inputs +### Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_k8s\_access\_entries](#input\_additional\_k8s\_access\_entries) | Additional access entries add to the k8s aws-auth configmap | 
list(object({
    id            = string
    principal_arn = string
    groups        = list(string)
  }))
| `[]` | no | -| [capacity\_type](#input\_capacity\_type) | Defines whether to use ON\_DEMAND or SPOT EC2 instances for EKS nodes | `string` | `"ON_DEMAND"` | no | -| [cluster\_name](#input\_cluster\_name) | Name for the EKS cluster | `string` | `"ref-arch"` | no | -| [cluster\_version](#input\_cluster\_version) | Version of the EKS cluster to deploy | `string` | `null` | no | -| [disk\_size](#input\_disk\_size) | Disk size in GB to use for EKS nodes | `number` | `20` | no | -| [eks\_public\_access\_cidrs](#input\_eks\_public\_access\_cidrs) | List of CIDRs that can access the EKS cluster's public endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [environment](#input\_environment) | Name of the environment to be deployed into | `string` | `"development"` | no | -| [iam\_role\_name](#input\_iam\_role\_name) | Name of the IAM user to create for Humanitec EKS access | `string` | `"svc-humanitec"` | no | -| [ingress\_nginx\_min\_unavailable](#input\_ingress\_nginx\_min\_unavailable) | Number of allowed unavaiable replicas for the ingress-nginx controller | `number` | `1` | no | -| [ingress\_nginx\_replica\_count](#input\_ingress\_nginx\_replica\_count) | Number of replicas for the ingress-nginx controller | `number` | `2` | no | -| [instance\_types](#input\_instance\_types) | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | -| [node\_group\_desired\_size](#input\_node\_group\_desired\_size) | Desired number of nodes for the EKS node group | `number` | `3` | no | -| [node\_group\_max\_size](#input\_node\_group\_max\_size) | Maximum number of nodes for the EKS node group | `number` | `3` | no | -| [node\_group\_min\_size](#input\_node\_group\_min\_size) | Minimum number of nodes for the EKS node group | `number` | `2` | no | -| [region](#input\_region) | AWS Region to deploy into | `string` | `"us-east-1"` | no | -| [vpc\_name](#input\_vpc\_name) | AWS VPC name | `string` | `"ref-arch"` | no | +| additional\_k8s\_access\_entries | Additional access entries add to the k8s aws-auth configmap | 
list(object({
    id            = string
    principal_arn = string
    groups        = list(string)
  }))
| `[]` | no | +| capacity\_type | Defines whether to use ON\_DEMAND or SPOT EC2 instances for EKS nodes | `string` | `"ON_DEMAND"` | no | +| cluster\_name | Name for the EKS cluster | `string` | `"ref-arch"` | no | +| cluster\_version | Version of the EKS cluster to deploy | `string` | `null` | no | +| disk\_size | Disk size in GB to use for EKS nodes | `number` | `20` | no | +| eks\_public\_access\_cidrs | List of CIDRs that can access the EKS cluster's public endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| environment | Name of the environment to be deployed into | `string` | `"development"` | no | +| iam\_role\_name | Name of the IAM user to create for Humanitec EKS access | `string` | `"svc-humanitec"` | no | +| ingress\_nginx\_min\_unavailable | Number of allowed unavaiable replicas for the ingress-nginx controller | `number` | `1` | no | +| ingress\_nginx\_replica\_count | Number of replicas for the ingress-nginx controller | `number` | `2` | no | +| instance\_types | List of EC2 instances types to use for EKS nodes | `list(string)` | 
[
  "t3.large"
]
| no | +| node\_group\_desired\_size | Desired number of nodes for the EKS node group | `number` | `3` | no | +| node\_group\_max\_size | Maximum number of nodes for the EKS node group | `number` | `3` | no | +| node\_group\_min\_size | Minimum number of nodes for the EKS node group | `number` | `2` | no | +| region | AWS Region to deploy into | `string` | `"us-east-1"` | no | +| vpc\_name | AWS VPC name | `string` | `"ref-arch"` | no | -## Outputs +### Outputs | Name | Description | |------|-------------| -| [eks\_cluster\_certificate\_authority\_data](#output\_eks\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [eks\_cluster\_name](#output\_eks\_cluster\_name) | The name of the EKS cluster | -| [eks\_oidc\_provider](#output\_eks\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | The ARN of the OIDC Provider | -| [environment](#output\_environment) | Name of the environment to be deployed into | -| [humanitec\_resource\_account\_id](#output\_humanitec\_resource\_account\_id) | Humanitec resource account id for the cluster | -| [ingress\_nginx\_external\_dns](#output\_ingress\_nginx\_external\_dns) | External DNS entry for the Nginx ingress controller | -| [vpc\_id](#output\_vpc\_id) | VPC id | +| eks\_cluster\_certificate\_authority\_data | Base64 encoded certificate data required to communicate with the cluster | +| eks\_cluster\_endpoint | Endpoint for your Kubernetes API server | +| eks\_cluster\_name | The name of the EKS cluster | +| eks\_oidc\_provider | The OpenID Connect identity provider (issuer URL without leading `https://`) | +| eks\_oidc\_provider\_arn | The ARN of the OIDC Provider | +| environment | Name of the environment to be deployed into | +| humanitec\_resource\_account\_id | Humanitec resource account id for the cluster | +| ingress\_nginx\_external\_dns | External DNS entry for the Nginx ingress controller | +| vpc\_id | VPC id | diff --git a/modules/base/humanitec.tf b/modules/base/humanitec.tf index 304f73e..b7394ba 100644 --- a/modules/base/humanitec.tf +++ b/modules/base/humanitec.tf @@ -1,7 +1,7 @@ # Humanitec resource definition to connect the cluster to Humanitec locals { - ingress_address = data.kubernetes_service.ingress_nginx_controller.status.0.load_balancer.0.ingress.0.hostname + ingress_address = data.kubernetes_service.ingress_nginx_controller.status[0].load_balancer[0].ingress[0].hostname } data "aws_elb_hosted_zone_id" "main" {} diff --git a/modules/base/main.tf b/modules/base/main.tf index c4f3f8b..94a8fda 100644 --- a/modules/base/main.tf +++ b/modules/base/main.tf @@ -62,8 +62,6 @@ module "aws_vpc" { tags = local.tags } -data "aws_caller_identity" "current" {} - locals { default_k8s_access_entries = [ { diff --git a/modules/base/providers.tf b/modules/base/providers.tf index 76fb784..2ff1e62 100644 --- a/modules/base/providers.tf +++ b/modules/base/providers.tf @@ -9,10 +9,16 @@ terraform { version = ">= 2.0.3" } helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" + version = "~> 2.12" } humanitec = { - source = "humanitec/humanitec" + source = "humanitec/humanitec" + version = "~> 1.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.5" } } required_version = ">= 1.3.0" diff --git a/modules/base/terraform.tfvars.example b/modules/base/terraform.tfvars.example new file mode 100644 index 0000000..55132ff --- /dev/null +++ b/modules/base/terraform.tfvars.example @@ -0,0 +1,52 @@ + +# Additional access entries add to the k8s aws-auth configmap +additional_k8s_access_entries = [] + +# Defines whether to use ON_DEMAND or SPOT EC2 instances for EKS nodes +capacity_type = "ON_DEMAND" + +# Name for the EKS cluster +cluster_name = "ref-arch" + +# Version of the EKS cluster to deploy +cluster_version = "" + +# Disk size in GB to use for EKS nodes +disk_size = 20 + +# List of CIDRs that can access the EKS cluster's public endpoint +eks_public_access_cidrs = [ + "0.0.0.0/0" +] + +# Name of the environment to be deployed into +environment = "development" + +# Name of the IAM user to create for Humanitec EKS access +iam_role_name = "svc-humanitec" + +# Number of allowed unavaiable replicas for the ingress-nginx controller +ingress_nginx_min_unavailable = 1 + +# Number of replicas for the ingress-nginx controller +ingress_nginx_replica_count = 2 + +# List of EC2 instances types to use for EKS nodes +instance_types = [ + "t3.large" +] + +# Desired number of nodes for the EKS node group +node_group_desired_size = 3 + +# Maximum number of nodes for the EKS node group +node_group_max_size = 3 + +# Minimum number of nodes for the EKS node group +node_group_min_size = 2 + +# AWS Region to deploy into +region = "us-east-1" + +# AWS VPC name +vpc_name = "ref-arch" \ No newline at end of file