mycroft/avx-pmarie-aws-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adding a lot of stuff.

Browse Source
This commit is contained in:
Patrick MARIE
2022-07-12 22:32:18 +02:00
parent 188cf2679c
commit 621e04fb94
35 changed files with 704 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/eip-set/main.tf Normal file
View File

@ -0,0 +1,8 @@
module "eip" {
source = "../eip"
for_each = var.eips
eip_count = each.value.count
vpc = each.value.vpc
tags = each.value.tags
}

3
modules/eip-set/outputs.tf Normal file
View File

@ -0,0 +1,3 @@
output "eip_groups" {
value = module.eip
}

8
modules/eip-set/variables.tf Normal file
View File

@ -0,0 +1,8 @@
variable "eips" {
description = "a map of elastic ip objects"
type = map(object({
vpc = bool
count = number
tags = map(string)
}))
}

8
modules/eip-set/versions.tf Normal file
View File

@ -0,0 +1,8 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.4.0"
}
}
}

6
modules/eip/main.tf Normal file
View File

@ -0,0 +1,6 @@
resource "aws_eip" "self" {
count = var.eip_count
vpc = var.vpc
tags = var.tags
}

3
modules/eip/outputs.tf Normal file
View File

@ -0,0 +1,3 @@
output "eips" {
value = aws_eip.self.*
}

12
modules/eip/variables.tf Normal file
View File

@ -0,0 +1,12 @@
variable "vpc" {
type = bool
description = "Boolean if the EIP is in a VPC or not"
}
variable "eip_count" {
type = number
description = "The number of elastic ip to create"
}
variable "tags" {
type = map(string)
description = "The tags to set on the eip"
}

3
modules/eks-cert-manager/data.tf Normal file
View File

@ -0,0 +1,3 @@
data "aws_eks_cluster_auth" "self" {
name = var.cluster_id
}

13
modules/eks-cert-manager/main.tf Normal file
View File

@ -0,0 +1,13 @@
resource "helm_release" "cert_manager" {
name = "cert-manager"
repository = "https://charts.jetstack.io"
chart = "cert-manager"
version = "1.8.0"
namespace = var.namespace
create_namespace = var.create_namespace
set {
name = "installCRDs"
value = true
}
}

7
modules/eks-cert-manager/provider.tf Normal file
View File

@ -0,0 +1,7 @@
provider "helm" {
kubernetes {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
token = data.aws_eks_cluster_auth.self.token
}
}

24
modules/eks-cert-manager/variables.tf Normal file
View File

@ -0,0 +1,24 @@
variable "cluster_id" {
type = string
description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
}
variable "cluster_endpoint" {
type = string
description = "Endpoint for your Kubernetes API server"
}
variable "cluster_certificate_authority_data" {
type = string
description = "Base64 encoded certificate data required to communicate with the cluster"
}
variable "namespace" {
type = string
description = "The namespace where cert-manager is deployed"
}
variable "create_namespace" {
type = bool
description = "Flag allowing to create the namespace if it does not exists"
}

12
modules/eks-cert-manager/versions.tf Normal file
View File

@ -0,0 +1,12 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "2.4.1"
}
aws = {
source = "hashicorp/aws"
version = "~> 4.4.0"
}
}
}

3
modules/eks-external-secrets/data.tf Normal file
View File

@ -0,0 +1,3 @@
data "aws_eks_cluster_auth" "self" {
name = var.cluster_id
}

53
modules/eks-external-secrets/main.tf Normal file
View File

@ -0,0 +1,53 @@
resource "helm_release" "external_secrets" {
name = "external-secrets"
repository = "https://charts.external-secrets.io"
chart = "external-secrets"
version = "0.5.2"
namespace = var.namespace
create_namespace = var.create_namespace
set {
name = "installCRDs"
value = true
}
set {
name = "webhook.create"
value = true
}
set {
name = "certController.create"
value = true
}
set {
name = "webhook.serviceMonitor.enabled"
value = var.service_monitor
}
set {
name = "webhook.serviceMonitor.additionalLabels.release"
value = "prometheus-community"
}
set {
name = "serviceMonitor.enabled"
value = var.service_monitor
}
set {
name = "serviceMonitor.additionalLabels.release"
value = "prometheus-community"
}
set {
name = "certController.serviceMonitor.enabled"
value = var.service_monitor
}
set {
name = "certController.serviceMonitor.additionalLabels.release"
value = "prometheus-community"
}
}

16
modules/eks-external-secrets/provider.tf Normal file
View File

@ -0,0 +1,16 @@
provider "helm" {
kubernetes {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
token = data.aws_eks_cluster_auth.self.token
}
}
provider "kubernetes" {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
token = data.aws_eks_cluster_auth.self.token
experiments {
manifest_resource = true
}
}

32
modules/eks-external-secrets/variables.tf Normal file
View File

@ -0,0 +1,32 @@
variable "cluster_id" {
type = string
description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
}
variable "cluster_endpoint" {
type = string
description = "Endpoint for your Kubernetes API server"
}
variable "cluster_certificate_authority_data" {
type = string
description = "Base64 encoded certificate data required to communicate with the cluster"
}
variable "namespace" {
default = "external-secrets"
type = string
description = "The name of the namespace where the operator will be deployed"
}
variable "create_namespace" {
default = true
type = bool
description = "If true, the namespace is create if it does not exists"
}
variable "service_monitor" {
type = bool
default = false
description = "If true, the ServiceMonitor is created for the monitoring based on Prometheus operator"
}

16
modules/eks-external-secrets/versions.tf Normal file
View File

@ -0,0 +1,16 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "2.4.1"
}
aws = {
source = "hashicorp/aws"
version = "~> 4.4.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.10.0"
}
}
}

30
modules/eks-ingress-controller/values.yaml
View File

@ -5,6 +5,7 @@ controller:
proxy-real-ip-cidr: ${proxy-real-ip-cidr}
use-forwarded-headers: ${use-forwarded-headers}
compute-full-forwarded-for: ${compute-full-forwarded-for}
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ${public.backend-protocol}
@ -12,9 +13,15 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: '${public.cross-zone-load-balancing-enabled}'
service.beta.kubernetes.io/aws-load-balancer-type: ${public.type}
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "scheme=internet-facing,${tags}"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "${public.proxy-protocol}"
%{~ if public.enable-proxy-protocol ~}
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
%{~ endif ~}
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "${public.nlb-target-type}"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
%{~ if public.eip-allocations != "" ~}
service.beta.kubernetes.io/aws-load-balancer-eip-allocations: ${public.eip-allocations}
%{~ endif ~}
service.beta.kubernetes.io/aws-load-balancer-name: "${public.name}"
internal:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
@ -23,17 +30,20 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: '${internal.cross-zone-load-balancing-enabled}'
service.beta.kubernetes.io/aws-load-balancer-type: ${internal.type}
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "scheme=internal,${tags}"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "${internal.proxy-protocol}"
%{~ if internal.enable-proxy-protocol ~}
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
%{~ endif ~}
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "${public.nlb-target-type}"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=false
service.beta.kubernetes.io/aws-load-balancer-name: "${internal.name}"
# metrics:
# enabled: true
# serviceMonitor:
# enabled: true
# additionalLabels:
# release: prometheus-community
# namespaceSelector:
# any: true
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus-community
namespaceSelector:
any: true
...

6
modules/eks-ingress-controller/variables.tf
View File

@ -5,8 +5,10 @@ variable "load_balancer_config" {
cross-zone-load-balancing-enabled = bool
type = string
dns_record = string
proxy-protocol = string
enable-proxy-protocol = bool
nlb-target-type = string
eip-allocations = string
name = string
}))
description = "The AWS Load Balancer(s) configuration. Map keys shall be 'public' and/or 'internal'"
}
@ -98,4 +100,4 @@ variable "internal_dns_record" {
variable "tags" {
type = map(string)
default = {}
}
}

3
modules/eks-kube-prometheus-stack/data.tf Normal file
View File

@ -0,0 +1,3 @@
data "aws_eks_cluster_auth" "self" {
name = var.cluster_id
}

41
modules/eks-kube-prometheus-stack/main.tf Normal file
View File

@ -0,0 +1,41 @@
resource "helm_release" "kube_prometheus_stack" {
name = var.prom_operator_release_name
repository = "https://prometheus-community.github.io/helm-charts"
chart = "kube-prometheus-stack"
version = "34.9.0"
namespace = var.namespace
create_namespace = var.create_namespace
set {
name = "prometheus.ingress.enabled"
value = true
}
set {
name = "prometheus.ingress.hosts"
value = "{prometheus-operator.${var.domain}}"
}
set {
name = "alertmanager.enabled"
value = var.enable_alertmanager
}
set {
name = "alertmanager.ingress.enabled"
value = var.enable_alertmanager
}
set {
name = "alertmanager.ingress.hosts"
value = "{alertmanager.${var.domain}}"
}
set {
name = "grafana.enabled"
value = var.enable_grafana
}
set {
name = "grafana.ingress.enabled"
value = var.enable_grafana
}
set {
name = "grafana.ingress.hosts"
value = "{grafana.${var.domain}}"
}
}

7
modules/eks-kube-prometheus-stack/provider.tf Normal file
View File

@ -0,0 +1,7 @@
provider "helm" {
kubernetes {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data)
token = data.aws_eks_cluster_auth.self.token
}
}

61
modules/eks-kube-prometheus-stack/variables.tf Normal file
View File

@ -0,0 +1,61 @@
variable "cluster_id" {
type = string
description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
}
variable "cluster_endpoint" {
type = string
description = "Endpoint for your Kubernetes API server"
}
variable "cluster_certificate_authority_data" {
type = string
description = "Base64 encoded certificate data required to communicate with the cluster"
}
variable "namespace" {
type = string
description = "The namespace where the kube-prometheus-stack is deployed"
default = "monitoring"
}
variable "create_namespace" {
type = bool
description = "Flag allowing to create the namespace if it does not exists"
default = true
}
variable "domain" {
type = string
description = "Domain name used to setup ingress for kube-prometheus-stack"
}
variable "prom_operator_release_name" {
type = string
description = "The name of the Helm release deploying the prometheus stack chart"
default = "prometheus-community"
}
variable "pushgateway_release_name" {
type = string
description = "The name of the Helm release deploying the pushgateway chart"
default = "pushgateway"
}
variable "enable_alertmanager" {
type = bool
default = true
description = "Enable alertmanager in the Prometheus Operator"
}
variable "enable_grafana" {
type = bool
default = true
description = "Enable grafana in the Prometheus Operator"
}
variable "enable_pushgateway" {
type = bool
default = true
description = "Enable pushgateway in the Prometheus Operator"
}

12
modules/eks-kube-prometheus-stack/versions.tf Normal file
View File

@ -0,0 +1,12 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "2.4.1"
}
aws = {
source = "hashicorp/aws"
version = "~> 4.4.0"
}
}
}