Initial commit.

infra/ingress-controller/.terraform.lock.hcl

@@ -0,0 +1,40 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.4.0"
+  constraints = "~> 4.4.0"
+  hashes = [
+    "h1:xUXge6/Bn/CzSjZpmQIr7/FwANKj+3cIEnxYlgS1xFo=",
+    "zh:087e8e1b9c3d2c9d547181aa88f75fd42d9800eea6d37c0276b1208c427113ff",
+    "zh:25c3deac14f06a7da5d4d8b56dd5e25a24b5c3bb6bb7a585145d7df1a6e5bc3f",
+    "zh:5bd23fc03cd51eca3f1e4e4414624dcc4f075eca5cf5aabf06b54b4edded5c50",
+    "zh:8399507975a422a84b93b24c07db34cc9342f54aa693eace1b451c6b1ab54b87",
+    "zh:9618bed0832433fee57579d4a001479b08e2092d0c08539edb897f57f6ea0114",
+    "zh:b0b9060bc367c5fb6175c7ae59382fd6107ab0c0bad6e40cd3205127d8e6717d",
+    "zh:b160122057659cceb72f78a86483f71d59742502dad23b770dc4248b8e94edd4",
+    "zh:cb927f4622ef9bf439b867aef760c948839e1cec2ddb8bdba7abfc5183124360",
+    "zh:e37ce5054a5838eda190f286a62eeb7146087863e38b1a205aa0eb12a5e765b9",
+    "zh:e38856fd703b2f6e08a35cbe5ddab9a734c9608d2372411bfa6ef1b05ffeb758",
+    "zh:f342e638d9672d969ed3946b9f0650cf327690b35e0812b2ddae97bd32c2d946",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.4.1"
+  constraints = "2.4.1"
+  hashes = [
+    "h1:Gqwrr+yKWR79esN39X9eRCddxMNapmaGMynLfjrUJJo=",
+    "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14",
+    "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5",
+    "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526",
+    "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772",
+    "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd",
+    "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e",
+    "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0",
+    "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3",
+    "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f",
+    "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67",
+    "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e",
+  ]
+}

infra/ingress-controller/terragrunt.hcl

@@ -0,0 +1,122 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "${get_repo_root()}//modules/eks-ingress-controller"
+}
+
+dependency "vpc" {
+  config_path = "../vpc"
+
+  # Configure mock outputs for the `validate` and `plan` commands that are returned when there are no outputs available
+  # (e.g the module hasn't been applied yet)
+  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
+  mock_outputs = {
+    vpc_id          = "fake-vpc-id"
+    private_subnets = ["fake-private-subnet-id-1", "fake-sprivate-ubnet-id-2"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+
+  # Configure mock outputs for the `validate` and `plan` commands that are returned when there are no outputs available
+  # (e.g the module hasn't been applied yet)
+  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
+  mock_outputs = {
+    cluster_id                         = "fake-cluster-id"
+    cluster_endpoint                   = "https://fake-cluster-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data = "ZmFrZS1jYS1jZXJ0LWRhdGE="
+  }
+}
+
+dependency "public_dns" {
+  config_path = "../dns-public"
+
+  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
+  mock_outputs = {
+    dns_zone = {
+      zone_id = "ZXXXXXXXXXXXXXXXXXXX"
+    }
+    sub_zones = {
+      "fake.sub.zone.com" = {
+        zone_id = "ZXXXXXXXXXXXXXXXXXXX"
+      }
+    }
+  }
+}
+
+dependency "private_dns" {
+  config_path = "../dns-private"
+
+  mock_outputs_allowed_terraform_commands = ["validate", "plan"]
+  mock_outputs = {
+    dns_zone = {
+      zone_id = "ZXXXXXXXXXXXXXXXXXXX"
+    }
+    sub_zones = {
+      "fake.sub.zone.com" = {
+        zone_id = "ZXXXXXXXXXXXXXXXXXXX"
+      }
+    }
+  }
+}
+
+locals {
+  config_vars = read_terragrunt_config(find_in_parent_folders("config.hcl"))
+
+  environment            = local.config_vars.locals.environment
+  eks_ingress_controller = local.config_vars.locals.eks_ingress_controller
+
+  lb_config_public = merge(
+    local.eks_ingress_controller.load_balancer_config.public,
+    {
+      type            = "external"
+      proxy-protocol  = "*"
+      nlb-target-type = "instance"
+    }
+  )
+  lb_config_internal = merge(
+    local.eks_ingress_controller.load_balancer_config.internal,
+    {
+      type            = "external"
+      proxy-protocol  = "*"
+      nlb-target-type = "instance"
+    }
+  )
+}
+
+generate = local.config_vars.generate
+
+inputs = {
+  cluster_id                         = dependency.eks.outputs.cluster_id
+  cluster_endpoint                   = dependency.eks.outputs.cluster_endpoint
+  cluster_certificate_authority_data = dependency.eks.outputs.cluster_certificate_authority_data
+  namespace                          = local.eks_ingress_controller.namespace
+  create_namespace                   = local.eks_ingress_controller.create_namespace
+  ingress_config = {
+    use-proxy-protocol         = true
+    proxy-real-ip-cidr         = dependency.vpc.outputs.vpc_cidr_block
+    use-forwarded-headers      = true
+    compute-full-forwarded-for = true
+  }
+
+  load_balancer_config = {
+    public   = local.lb_config_public,
+    internal = local.lb_config_internal,
+  }
+
+  enable_internal_lb = local.eks_ingress_controller.enable_internal_lb
+
+  public_dns_record = {
+    zone_id = dependency.public_dns.outputs.dns_zone.zone_id
+    name    = "${local.lb_config_public.dns_record}.${dependency.public_dns.outputs.dns_zone.name}"
+  }
+
+  internal_dns_record = {
+    zone_id = dependency.private_dns.outputs.dns_zone.zone_id
+    name    = "${local.lb_config_internal.dns_record}.${dependency.private_dns.outputs.dns_zone.name}"
+  }
+
+}