deflax/k8s-cluster
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

remove terraform since it was just an unfinished experiment

Browse source
This commit is contained in:
deflax 2024-05-18 05:12:34 +03:00
parent 21a59cba7f
commit 28f1e4e550
25 changed files with 0 additions and 1381 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
terraform/README.md
View file

@ -1,15 +0,0 @@
### Environment variables
- `TF_VAR_vultr_apikey`
- `TF_VAR_proxmox_node01_password`
- `TF_VAR_proxmox_node02_password`
- `TF_VAR_proxmox_node03_password`
- `TF_VAR_proxmox_node04_password`
- `TF_VAR_proxmox_node05_password`
### Create proxmox terraform user
```
# Create the user
pveum user add terraform@pve --password hackme123
# Assign the user the correct role
pveum aclmod / -user terraform@pve -role Administrator
```

32
terraform/staging/.gitlab-ci.yml
View file

@ -1,32 +0,0 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml
include:
- template: Terraform/Base.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
- template: Jobs/SAST-IaC.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
stages:
- validate
- test
- build
- deploy
fmt:
extends: .terraform:fmt
needs: []
validate:
extends: .terraform:validate
needs: []
build:
extends: .terraform:build
deploy:
extends: .terraform:deploy
dependencies:
- build
environment:
name: $TF_STATE_NAME

50
terraform/staging/main.tf
View file

@ -1,50 +0,0 @@
terraform {
backend "http" {
}
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.8.0"
}
}
}
provider "proxmox" {
alias = "prox01"
pm_api_url = "https://10.15.0.101:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node01_password
pm_tls_insecure = true
}
provider "proxmox" {
alias = "prox02"
pm_api_url = "https://10.15.0.102:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node02_password
pm_tls_insecure = true
}
provider "proxmox" {
alias = "prox03"
pm_api_url = "https://10.15.0.103:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node03_password
pm_tls_insecure = true
}
provider "proxmox" {
alias = "prox04"
pm_api_url = "https://10.15.0.104:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node04_password
pm_tls_insecure = true
}
provider "proxmox" {
alias = "prox05"
pm_api_url = "https://10.15.0.105:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node05_password
pm_tls_insecure = true
}

28
terraform/staging/variables.tf
View file

@ -1,28 +0,0 @@
variable "proxmox_user" {
default = "terraform@pve"
}
variable "proxmox_node01_password" {
type = string
description = "prox01 pve pass"
}
variable "proxmox_node02_password" {
type = string
description = "prox02 pve pass"
}
variable "proxmox_node03_password" {
type = string
description = "prox03 pve pass"
}
variable "proxmox_node04_password" {
type = string
description = "prox04 pve pass"
}
variable "proxmox_node05_password" {
type = string
description = "prox05 pve pass"
}

32
terraform/testbed-hetzner/.gitlab-ci.yml
View file

@ -1,32 +0,0 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml
include:
- template: Terraform/Base.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
- template: Jobs/SAST-IaC.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
stages:
- validate
- test
- build
- deploy
fmt:
extends: .terraform:fmt
needs: []
validate:
extends: .terraform:validate
needs: []
build:
extends: .terraform:build
deploy:
extends: .terraform:deploy
dependencies:
- build
environment:
name: $TF_STATE_NAME

35
terraform/testbed-hetzner/k8s-masters.tf
View file

@ -1,35 +0,0 @@
resource "vultr_instance" "master01test" {
tag = "staging-testbed"
hostname = "master01.teststaging.example.com"
plan = "vc2-2c-4gb"
region = "ams"
os_id = "477"
enable_ipv6 = false
backups = "disabled"
ddos_protection = false
activation_email = true
}
resource "vultr_instance" "master02test" {
tag = "staging-testbed"
hostname = "master02.teststaging.example.com"
plan = "vc2-2c-4gb"
region = "ams"
os_id = "477"
enable_ipv6 = false
backups = "disabled"
ddos_protection = false
activation_email = true
}
resource "vultr_instance" "master03test" {
tag = "staging-testbed"
hostname = "master03.teststaging.example.com"
plan = "vc2-2c-4gb"
region = "ams"
os_id = "477"
enable_ipv6 = false
backups = "disabled"
ddos_protection = false
activation_email = true
}

41
terraform/testbed-hetzner/k8s-workers.tf
View file

@ -1,41 +0,0 @@
resource "proxmox_vm_qemu" "worker01test" {
count = 1
vmid = 211
name = "worker01.teststaging.example.com"
target_node = "prox05"
clone = "debian-cloudinit"
os_type = "cloud-init"
cores = 4
sockets = "1"
cpu = "kvm64"
memory = 4096
scsihw = "virtio-scsi-pci"
bootdisk = "virtio0"
disk {
id = 0
size = 32
type = "virtio"
storage = "local"
iothread = true
}
network {
id = 0
model = "virtio"
bridge = "vmbr0"
}
lifecycle {
ignore_changes = [
network,
]
}
# Cloud Init Settings
#ipconfig0 = "ip=212.83.177.200/24,gw=10.10.10.1"
cicustom = "network=local:snippets/networkworker01teststaging.yaml"
sshkeys = <<EOF
${var.ansible_ssh_key}
EOF
}

28
terraform/testbed-hetzner/main.tf
View file

@ -1,28 +0,0 @@
terraform {
backend "http" {
}
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.8.0"
}
vultr = {
source = "vultr/vultr"
version = "2.5.0"
}
}
}
provider "proxmox" {
alias = "prox05"
pm_api_url = "https://10.15.0.105:8006/api2/json"
pm_user = var.proxmox_user
pm_password = var.proxmox_node05_password
pm_tls_insecure = true
}
provider "vultr" {
api_key = var.vultr_apikey
rate_limit = 700
retry_limit = 3
}

18
terraform/testbed-hetzner/variables.tf
View file

@ -1,18 +0,0 @@
variable "pm_user" {
default = "terraform@pve"
}
variable "vmid" {
default = 400
description = "Starting ID for the Prox VMs"
}
variable "proxmox_node05_password" {
type = string
description = "prox05 pve pass"
}
variable "vultr_apikey" {
type = string
description = "vultr cloud api key"
}

32
terraform/testbed/.gitlab-ci.yml
View file

@ -1,32 +0,0 @@
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml
include:
- template: Terraform/Base.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
- template: Jobs/SAST-IaC.latest.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
stages:
- validate
- test
- build
- deploy
fmt:
extends: .terraform:fmt
needs: []
validate:
extends: .terraform:validate
needs: []
build:
extends: .terraform:build
deploy:
extends: .terraform:deploy
dependencies:
- build
environment:
name: $TF_STATE_NAME

1
terraform/testbed/README.md
View file

@ -1 +0,0 @@
# eks-terraform

18
terraform/testbed/backend.tf
View file

@ -1,18 +0,0 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.34.0"
}
kubectl = {
source = "gavinbunney/kubectl"
version = ">= 1.14.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.6.0"
}
}
required_version = ">= 1.2.9"
}

3
terraform/testbed/main.tf
View file

@ -1,3 +0,0 @@
module "main" {
source = "./modules/main"
}

78
terraform/testbed/modules/main/aurora.tf
View file

@ -1,78 +0,0 @@
module "aurora" {
source = "../aurora"
name = "${var.prefix}-${var.cluster_name}"
engine = "aurora-mysql"
engine_version = var.engine_version
instances = {
for i in range(var.num_of_instances) : tostring(i) => {
instance_class = var.instance_type
}
}
monitoring_interval = 60
iam_role_use_name_prefix = false
iam_role_name = "${var.prefix}-rds-monitoring-role"
kms_key_id = module.kms.key_arn
vpc_id = module.vpc.vpc_id
subnets = module.vpc.database_subnets
database_name = var.database_name
create_db_cluster_parameter_group = var.create_db_cluster_parameter_group
db_cluster_parameter_group_family = var.parameter_group_family
db_cluster_parameter_group_name = var.cluster_name
availability_zones = var.azs
enabled_cloudwatch_logs_exports = var.cloud_watch_exports
master_password = random_password.password.result
master_username = var.db_master_username
create_random_password = false
allowed_security_groups = [module.eks_cluster.security_group_id]
}
############### SECRET MANAGER ######################
data "aws_secretsmanager_secret" "secretmasterdb" {
arn = aws_secretsmanager_secret.secretmasterdb.arn
}
data "aws_secretsmanager_secret_version" "creds" {
secret_id = data.aws_secretsmanager_secret.secretmasterdb.arn
depends_on = [aws_secretsmanager_secret_version.sversion]
}
locals {
db_creds = jsondecode(data.aws_secretsmanager_secret_version.creds.secret_string)
}
resource "random_password" "password" {
length = 24
override_special = "!#$%&*()-_=+[]{}<>:?"
}
resource "random_integer" "random" {
min = 100
max = 999
}
resource "aws_secretsmanager_secret" "secretmasterdb" {
name = "${var.prefix}-${var.db_master_username}-${random_integer.random.result}"
kms_key_id = module.kms.key_arn
}
resource "aws_secretsmanager_secret_version" "sversion" {
secret_id = aws_secretsmanager_secret.secretmasterdb.id
secret_string = <<EOF
{
"username": "${var.db_master_username}",
"password": "${random_password.password.result}",
"engine": "aurora-mysql",
"host": "${module.aurora.cluster_endpoint}",
"port": "${module.aurora.cluster_port}",
"dbClusterIdentifier": "${var.database_name}"
}
EOF
}

15
terraform/testbed/modules/main/ecr.tf
View file

@ -1,15 +0,0 @@
module "ecr" {
source = "../ecr_repository"
repository_name = "${var.prefix}-${var.repo_name}"
repository_encryption_type = var.ecr_encryption
repository_kms_key = module.kms.key_arn
image_tag_mutability = var.is_image_mutable
scan_on_push = var.scan_enabled
force_delete = var.delete_enabled
lifecycle_policy = var.ecr_policy
tags = var.ecr_tags
}

7
terraform/testbed/modules/main/eks_cluster.tf
View file

@ -1,7 +0,0 @@
module "eks_cluster" {
source = "../eks_cluster"
cluster_name = var.eks_cluster_name
public_subnets = module.vpc.public_subnets
private_subnets = module.vpc.private_subnets
}

7
terraform/testbed/modules/main/eks_fargate.tf
View file

@ -1,7 +0,0 @@
module "fargate" {
source = "../fargate"
eks_cluster_name = module.eks_cluster.cluster_name
fargate_profile_name = var.fargate_profile_name
subnet_ids = module.vpc.private_subnets
kubernetes_namespace = var.kubernetes_namespace
}

20
terraform/testbed/modules/main/eks_kubernetes.tf
View file

@ -1,20 +0,0 @@
module "kubernetes" {
source = "../kubernetes"
region = var.aws_region
vpc_id = module.vpc.vpc_id
vpc_cidr = var.cidr
efs_subnet_ids = module.vpc.private_subnets
eks_cluster_name = module.eks_cluster.cluster_name
eks_cluster_endpoint = module.eks_cluster.endpoint
eks_oidc_url = module.eks_cluster.oidc_url
eks_ca_certificate = module.eks_cluster.ca_certificate
namespace = var.kubernetes_namespace
deployment_name = var.deployment_name
replicas = var.deployment_replicas
labels = var.app_labels
db_name = var.database_name
db_address = module.aurora.cluster_endpoint
db_user = var.db_master_username
db_pass = random_password.password.result
namespace_depends_on = [ module.fargate.id , module.eks_node_group.id ]
}

11
terraform/testbed/modules/main/eks_node_group.tf
View file

@ -1,11 +0,0 @@
module "eks_node_group" {
source = "../eks_node_group"
eks_cluster_name = module.eks_cluster.cluster_name
node_group_name = var.node_group_name
subnet_ids = [ module.vpc.private_subnets[0], module.vpc.private_subnets[1] ]
instance_types = var.ng_instance_types
disk_size = var.disk_size
desired_nodes = var.desired_nodes
max_nodes = var.max_nodes
min_nodes = var.min_nodes
}

29
terraform/testbed/modules/main/eventbridge.tf
View file

@ -1,29 +0,0 @@
module "eventbridge" {
source = "../eventbridge"
create = var.create_eventbridge_module
create_role = var.event_role_enabled
create_bus = var.event_bus_enabled
rules = {
"${var.prefix}-action" = {
description = var.event_rule_description
event_pattern = jsonencode({
"detail-type" : [
"AWS API Call via CloudTrail"
],
"detail" : {
"eventSource" : ["${module.kms.key_arn}"],
"eventName" : var.event_name
} })
}
}
targets = {
"${var.prefix}-action" = [{
name = var.target_name
arn = module.sns_topic.sns_topic_arn
}]
}
}

18
terraform/testbed/modules/main/kms.tf
View file

@ -1,18 +0,0 @@
module "kms" {
source = "../kms"
create = var.create_kms_module
key_usage = var.k_usage
deletion_window_in_days = var.days_of_deletion
enable_key_rotation = var.enabled_rotation
is_enabled = var.key_enabled
customer_master_key_spec = var.key_specs
key_owners = var.k_owners
key_administrators = var.key_admins
key_users = var.k_users
key_aws_services = var.key_service_principals
key_service_users = var.k_service_users
aliases = var.alias
}

44
terraform/testbed/modules/main/main.tf
View file

@ -1,44 +0,0 @@
data "aws_caller_identity" "current" {}
provider "aws" {
region = var.aws_region
default_tags {
tags = var.def_tags
}
}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.default.id]
command = "aws"
}
}
}
# provider "kubectl" {
# host = data.aws_eks_cluster.default.endpoint
# cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
# load_config_file = false
# exec {
# api_version = "client.authentication.k8s.io/v1beta1"
# args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.default.id]
# command = "aws"
# }
# }
provider "kubernetes" {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
# token = data.aws_eks_cluster_auth.default.token
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.default.id]
command = "aws"
}
}

63
terraform/testbed/modules/main/sns.tf
View file

@ -1,63 +0,0 @@
module "sns_topic" {
source = "../sns_topic"
create_sns_topic = var.create_sns_module
policy = data.aws_iam_policy_document.sns_topic_policy.json
name = "${var.prefix}-${var.name_of_topic}"
kms_master_key_id = module.kms.key_id
}
data "aws_iam_policy_document" "sns_topic_policy" {
statement {
sid = "Policy1"
effect = "Allow"
principals {
type = "Service"
identifiers = var.principles_for_policy_1
}
actions = ["SNS:Publish"]
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
}
statement {
sid = "Policy2"
effect = "Allow"
principals {
type = "Service"
identifiers = var.principles_for_policy_2
}
actions = ["SNS:Publish"]
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
condition {
test = "StringEquals"
variable = "AWS:SourceOwner"
values = [
data.aws_caller_identity.current.account_id,
]
}
}
statement {
sid = "Policy3"
effect = "Allow"
principals {
type = "Service"
identifiers = var.principles_for_policy_3
}
actions = ["SNS:Publish"]
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
condition {
test = "StringEquals"
variable = "AWS:Referer"
values = [
data.aws_caller_identity.current.account_id,
]
}
}
}

717
terraform/testbed/modules/main/variables.tf
View file

@ -1,717 +0,0 @@
########## MAIN VARIABLES ##########
variable "aws_region" {
description = "Set AWS region"
type = string
default = "eu-west-1"
}
variable "prefix" {
description = "Set prefix for environment (EXAMPLE:test/dev/prod)"
type = string
default = "test"
}
variable "def_tags" {
description = "Tags related to all AWS resources created"
type = map(string)
default = {
"Environment" = "Test"
}
}
######### ALB VARIABLES #########
variable "alb_name" {
description = "The name of the Application load balancer"
type = string
default = "fargate-alb"
}
# variable "acm_cert_arn" {
# description = "The ACM certificate arn to be used with the ALB"
# type = string
# }
######### ECS VARIABLES #########
variable "efs_name" {
description = "The name of the EFS"
type = string
default = "efs"
}
variable "ecs_cluster_name" {
description = "The name of the ecs_cluster"
type = string
default = "ecs-cluster-fargate"
}
variable "container_insights" {
description = "Value for container insights, accepts enabled or disabled"
type = string
default = "enabled"
}
variable "ecs_fargate_name" {
description = "The name of ecs_fargate"
type = string
default = "ecs-fargate"
}
variable "tg_name" {
description = "Name of the target group"
type = string
default = "ecs-fargate-tg"
}
variable "logs_retention_days" {
description = "Number of days that logs will be kept. Accepted values: (1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653)"
type = number
default = 14
}
variable "task_definition_cpu" {
description = "The CPU value of the task. Accepted values: 256 (.25 vCPU),512 (.5 vCPU),1024 (1 vCPU), 2048 (2 vCPU), 4096 (4 vCPU),8192 (8 vCPU)"
type = number
default = 256
}
variable "task_definition_memory" {
description = "The memory value of the task. Values depend on task_definition_cpu values. Accepted values can be found at https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html"
type = number
default = 512
}
variable "task_container_port" {
description = "The port number on the container that is bound to the user-specified or automatically assigned host port"
type = number
default = 80
}
variable "task_desired_count" {
description = "The number of instances of the task definitions to place and keep running"
type = number
default = 1
}
########## KMS VARIABLES ##########
variable "create_kms_module" {
description = "Should it create the KMS module or not"
type = bool
default = true
}
variable "k_usage" {
description = "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. Defaults to `ENCRYPT_DECRYPT`"
type = string
default = "ENCRYPT_DECRYPT"
}
variable "days_of_deletion" {
description = "Waiting period, after which the AWS KMS key is deleted. Valid values are days(number) between: `7` and `30` days inclusive"
type = number
default = 30
}
variable "enabled_rotation" {
description = "Enables key rotation. Default is `true`"
type = bool
default = true
}
variable "key_enabled" {
description = "Specifies whether the key is enabled. Defaults to `true`"
type = bool
default = true
}
variable "key_specs" {
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`"
type = string
default = "SYMMETRIC_DEFAULT"
}
variable "k_owners" {
description = "List of IAM ARNs, which have kms:* permissions"
type = list(string)
default = []
}
variable "key_admins" {
description = "List of IAM ARNs, which have `kms:Create*`, `kms:Describe*`, `kms:Enable`, `kms:List*`, `kms:Put*`, `kms:Update*`, `kms:Revoke*`, `kms:Disable*`, `kms:Get*`, `kms:Delete*`, `kms:TagResource`, `kms:UntagResource`, `kms:ScheduleKeyDeletion`, `kms:CancelKeyDeletion` permissions"
type = list(string)
default = []
}
variable "k_users" {
description = "A list of IAM ARNs, which have `kms:Encrypt`, `kms:Decrypt`, `kms:ReEncrypt*`, `kms:GenerateDataKey*`, `kms:DescribeKey` permissions"
type = list(string)
default = []
}
variable "key_service_principals" {
description = "A list of AWS service principals (https://gist.github.com/shortjared/4c1e3fe52bdfa47522cfe5b41e5d6f22)"
type = list(string)
default = ["sns.amazonaws.com", "events.amazonaws.com"]
}
variable "k_service_users" {
description = "A list of IAM ARNs, which have `kms:CreateGrant, `kms:ListGrants`, `kms:RevokeGrant` permissions"
type = list(string)
default = []
}
variable "alias" {
description = "List of key aliases"
type = list(string)
default = ["terraform-key1"]
}
variable "tags" {
description = "Map of strings/tags to add to the key resource"
type = map(string)
default = {
Created = "True"
}
}
########## EVENTBRIDGE VARIABLES ##########
variable "create_eventbridge_module" {
description = "Should it create the EventBridge module or not"
type = bool
default = true
}
variable "event_role_enabled" {
description = "Controls whether IAM roles should be created"
type = bool
default = false
}
variable "event_bus_enabled" {
description = "Controls whether EventBridge Bus resource should be created. When, `false`, the default bus will be used for the rules"
type = bool
default = false
}
variable "event_rule_description" {
description = "Description for the event rule"
type = string
default = "Detects KMS Deletion and Key disabled state"
}
variable "event_sources" {
description = "List of evvent sources for the Event Rule, services, etc."
type = list(string)
default = ["kms.amazonaws.com"]
}
variable "event_name" {
description = "List of events to detect"
type = list(string)
default = ["DisableKey", "ScheduleKeyDeletion"]
}
variable "target_name" {
description = "Name of the Target rule of the event"
type = string
default = "SNS target"
}
########## SNS VARIABLES ##########
variable "create_sns_module" {
description = "Should it create the SNS module or not"
type = bool
default = true
}
variable "name_of_topic" {
description = "The name of the SNS topic to create"
type = string
default = "sns-topic"
}
variable "encryption_key" {
description = "Defines the key to encrypt the SNS topic"
type = string
default = null
}
variable "principles_for_policy_1" {
description = "Principals for Policy 1"
type = list(string)
default = ["events.amazonaws.com", "s3.amazonaws.com", "rds.amazonaws.com", "budgets.amazonaws.com"]
}
variable "principles_for_policy_2" {
description = "Principals for Policy 2"
type = list(string)
default = ["cloudwatch.amazonaws.com", "elasticache.amazonaws.com", "elasticbeanstalk.amazonaws.com", "autoscaling.amazonaws.com"]
}
variable "principles_for_policy_3" {
description = "Principals for Policy 3"
type = list(string)
default = ["ses.amazonaws.com", "events.amazonaws.com"]
}
########## VPC VARIABLES ##########
variable "create_vpc_module" {
description = "Should it create the VPC module or not"
type = bool
default = true
}
variable "vpc_name" {
description = "Name of the VPC"
type = string
default = "VPC"
}
variable "cidr" {
description = "CIDR of the VPC"
type = string
default = "10.0.0.0/16"
}
variable "azs" {
description = "A list of availability zones names or ids in the region"
type = list(string)
default = ["eu-west-1a", "eu-west-1b", "eu-west-1c",]
}
variable "private_subnets" {
description = " A list of private subnets inside the VPC"
type = list(string)
default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
}
variable "public_subnets" {
description = " A list of public subnets inside the VPC"
type = list(string)
default = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
}
variable "database_subnets" {
description = " A list of private subnets inside the VPC"
type = list(string)
default = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
}
variable "enable_nat_gateway" {
description = "Should be true if you want to provision NAT Gateways for each of your private networks"
type = bool
default = true
}
variable "create_database_subnet_group" {
description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
type = bool
default = true
}
variable "private_acl_dedicated" {
description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
type = bool
default = true
}
variable "public_acl_dedicated" {
description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
type = bool
default = true
}
variable "pub_inbound_acl" {
description = "Public subnets inbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "pub_outbound_acl" {
description = "Public subnets outbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "private_inbound_acl" {
description = "Private subnets inbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "private_outbound_acl" {
description = "Private subnets outbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "vpc_tags" {
description = "Map of strings/tags to add to the VPCresource"
type = map(string)
default = {
Created = "True"
}
}
########## ECR VARIABLES ##########
variable "create_ecr_module" {
description = "Should it create the ECR module or not"
type = bool
default = true
}
variable "is_image_mutable" {
description = "The tag mutability setting for the repo. Values <IMMUTABLE> or <MUTABLE>"
type = string
default = "MUTABLE"
}
variable "ecr_encryption" {
description = "The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256`"
type = string
default = "KMS"
}
variable "repository_kms_key" {
description = "The ARN of the KMS key to use when encryption_type is `KMS`. If not specified, uses the default AWS managed key for ECR"
type = string
default = null
}
variable "repo_name" {
description = "Name of the repo to be created"
type = string
default = "ecr-repo"
}
variable "ecr_tags" {
description = "Tags to set on the ecr repo"
type = map(string)
default = {
Creation = "True"
}
}
variable "scan_enabled" {
description = "Whether images are scanned after being pushed to the repo"
type = bool
default = true
}
variable "delete_enabled" {
description = "Whether the repository can be forcefully removed while having images stored inside"
type = bool
default = true
}
variable "ecr_policy" {
description = "ECR Lifecycle Policy (json string) to manage the image lifecycles in the ECR repo"
type = string
default = <<L_POLICY
{
"rules": [
{
"action": {
"type": "expire"
},
"selection": {
"countType": "imageCountMoreThan",
"countNumber": 50,
"tagStatus": "any"
},
"description": "Only keep 50 images",
"rulePriority": 10
}
]
}
L_POLICY
}
########## RDS VARIABLES ##########
variable "engine_version" {
description = "The Version of the DB engine"
type = string
default = "5.7"
}
variable "cluster_name" {
description = "Cluster Name"
type = string
default = "clusterdb"
}
variable "num_of_instances" {
description = "The number of instances that you wish to be in the cluster"
type = number
default = 1
}
variable "instance_type" {
description = "Type of instance- number of CPU's and RAM that will be provided to the instance (example: db.t3.small).Keep in mind that some types are not supported in different regions and versions of engine"
type = string
default = "db.t3.small"
}
variable "cloud_watch_exports" {
description = "Which parameters to export to cloudwatch"
type = list(string)
default = ["error", "slowquery"]
}
variable "parameter_group_name" {
description = "Parameter group name"
type = string
default = "sqlvpcparamgroupname"
}
variable "parameter_group_family" {
description = "Parameter group family"
type = string
default = "aurora-mysql5.7"
}
variable "create_db_cluster_parameter_group" {
description = "To create the parameter group or not, default is true"
type = bool
default = true
}
variable "db_master_username" {
description = "DB master username"
type = string
default = "rootuser"
}
variable "database_name" {
description = "Name of the database"
type = string
default = "testdb"
}
########## WAF VARIABLES ##########
variable "waf_scope" {
description = "The scope of the WAF. Region for lb association or cloudfront for cloudfront cdn association. Accepted values: (REGIONAL, CLOUDFRONT)."
type = string
default = "CLOUDFRONT"
}
########## CLOUDFRONT VARIABLES ##########
# variable "cdn_alias" {
# description = "Extra CNAMEs (alternate domain names), if any, for this distribution."
# type = list(string)
# }
# variable "us_east_cert_arn" {
# description = "The ACM certificate available in us-east-1 to be used with Cloudfront"
# type = string
# }
variable "cdn_comment" {
description = "Comment for the Cloudfront distribution"
type = string
default = "Cloudfront CDN for Wordpress"
}
variable "cdn_price_class" {
description = "Price class for the Clodufront distribution. Accepted values: (PriceClass_100, PriceClass_200, PriceClass_All)"
type = string
default = "PriceClass_100"
}
variable "origin_protocol_policy" {
description = "The origin protocol policy for Cloudfront. Accepted values are (https-only, http-only and match-viewer)"
type = string
default = "match-viewer"
}
variable "origin_ssl_protocols" {
description = "A list of accepted SSL origin protocols"
type = list(string)
default = ["TLSv1.2"]
}
variable "cdn_allowed_methods" {
description = "List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront"
type = list(string)
default = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
}
variable "cdn_cached_methods" {
description = "List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD)"
type = list(string)
default = ["GET", "HEAD"]
}
variable "enable_cdn" {
description = "Enable or disable the Cloudfront modules. Allowed values: (true or false)"
type = bool
default = true
}
variable "cdn_is_ipv6_enabled" {
description = "Enable or disable ipv6 on Cloudfront"
type = bool
default = true
}
variable "cdn_retain_on_delete" {
description = "Enable or disable retention after delete of the CDN. Allowed values: (true or false)"
type = bool
default = false
}
variable "cdn_wait_for_deployment" {
description = "If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process."
type = bool
default = false
}
######### AUTO SCALING VARIABLES ############
variable "as_max_cpu_threshold" {
description = "Threshold for max CPU usage"
type = string
default = "85"
}
variable "as_min_cpu_threshold" {
description = "Threshold for min CPU usage"
type = string
default = "10"
}
variable "as_max_cpu_evaluation_period" {
description = "The number of periods over which data is compared to the specified threshold for max cpu metric alarm"
type = string
default = "3"
}
variable "as_min_cpu_evaluation_period" {
description = "The number of periods over which data is compared to the specified threshold for min cpu metric alarm"
type = string
default = "3"
}
variable "as_max_cpu_period" {
description = "The period in seconds over which the specified statistic is applied for max cpu metric alarm"
type = string
default = "60"
}
variable "as_min_cpu_period" {
description = "The period in seconds over which the specified statistic is applied for min cpu metric alarm"
type = string
default = "60"
}
variable "as_scale_target_max_capacity" {
description = "The max capacity of the scalable target"
type = number
default = 5
}
variable "as_scale_target_min_capacity" {
description = "The min capacity of the scalable target"
type = number
default = 1
}
#### EFS ####
variable "app_labels" {
type = map
description = "List of the labels for Deployment"
default = {
"app" = "wordpress"
"tier" = "frontend"
}
}
variable "deployment_replicas" {
type = string
description = "Number of replicas for the Deployment"
default = 3
}
variable "deployment_name" {
type = string
description = "Name of the Deployment"
default = "wordpress"
}
variable "kubernetes_namespace" {
type = string
description = "Kubernetes namespace for selection"
default = "wordpress-rds"
}
variable "fargate_profile_name" {
type = string
description = "Name of the Fargate Profile"
default = "eks_fargate"
}
variable "desired_nodes" {
description = "Desired number of worker nodes"
default = 2
}
variable "max_nodes" {
description = "Maximum number of worker nodes"
default = 2
}
variable "min_nodes" {
description = "Minimum number of worker nodes"
default = 1
}
variable "ng_instance_types" {
type = list(string)
description = "List of instance types associated with the EKS Node Group"
default = ["t2.micro"]
}
variable "disk_size" {
description = "Disk Size for Worker Nodes in GiB"
default = 10
}
variable "eks_cluster_name" {
description = "Name of the EKS Cluster"
default = "k8s"
}
variable "node_group_name" {
type = string
description = "Name of the EKS Node Group"
default = "k8s"
}

39
terraform/testbed/modules/main/vpc.tf
View file

@ -1,39 +0,0 @@
module "vpc" {
source = "../vpc"
name = "Kubernetes"
cidr = "10.0.0.0/16"
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
public_subnet_tags = {
Name = "${terraform.workspace}-public-subnet"
"kubernetes.io/cluster/${var.eks_cluster_name}-${terraform.workspace}" = "shared"
"kubernetes.io/role/elb" = 1
Environment = terraform.workspace
}
private_subnet_tags = {
Name = "${terraform.workspace}-private-subnet"
"kubernetes.io/cluster/${var.eks_cluster_name}-${terraform.workspace}" = "shared"
"kubernetes.io/role/internal-elb" = 1
Environment = terraform.workspace
}
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "${var.vpc_name}-${terraform.workspace}"
"kubernetes.io/cluster/${var.eks_cluster_name}" = "shared"
}
}