Slicing patterns

README.md

@@ -4,29 +4,18 @@ Terraform module which creates multi-tenancy resources on Amazon EKS.
 
 ## Usage
 
-See [`tests`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/test) directory for working tests to reference:
+See [`patterns`](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/tree/main/patterns) directory for working tests to reference:
 
 
-### Standalone - Admin Team
+### Cluster Admin
 
-```hcl
-module "admin_team" {
-  source = "aws-ia/eks-blueprints-teams/aws"
+https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/blob/3011726aa7609fa201be8021ecfc2202bda47c8d/patterns/cluster-admin/main.tf#L38-L49
 
-  name = "admin-team"
+### Namespaced Admin
 
-  # Enables elevated, admin privileges for this team
-  enable_admin = true
-  users        = ["arn:aws:iam::111122223333:role/my-admin-role"]
-  cluster_arn  = "arn:aws:eks:us-west-2:111122223333:cluster/my-cluster"
-
-  tags = {
-    Environment = "dev"
-  }
-}
-```
+https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/blob/3011726aa7609fa201be8021ecfc2202bda47c8d/patterns/cluster-admin/main.tf#L38-L49
 
-### Standalone - Developer Team
+### Developer Team
 
 ```hcl
 module "development_team" {

patterns/development-team/README.md

@@ -0,0 +1,69 @@
+# Amazon EKS Blueprints Teams - Complete
+
+Configuration in this directory creates:
+
+- An EKS cluster (required to support module/tests)
+- An administrative team
+- A red team which demonstrates creating one team per module definition
+- Blue teams which demonstrates creating multiple teams per module definition
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.17 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_development_team"></a> [development\_team](#module\_development\_team) | ../.. | n/a |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.13 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_development_team_aws_auth_configmap_role"></a> [development\_team\_aws\_auth\_configmap\_role](#output\_development\_team\_aws\_auth\_configmap\_role) | Dictionary containing the necessary details for adding the role created to the `aws-auth` configmap |
+| <a name="output_development_team_iam_role_arn"></a> [development\_team\_iam\_role\_arn](#output\_development\_team\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_development_team_iam_role_name"></a> [development\_team\_iam\_role\_name](#output\_development\_team\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_development_team_iam_role_unique_id"></a> [development\_team\_iam\_role\_unique\_id](#output\_development\_team\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
+| <a name="output_development_team_kubeconfig"></a> [development\_team\_kubeconfig](#output\_development\_team\_kubeconfig) | Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig |
+| <a name="output_development_team_namespaces"></a> [development\_team\_namespaces](#output\_development\_team\_namespaces) | Mapf of Kubernetes namespaces created and their attributes |
+| <a name="output_development_team_rbac_group"></a> [development\_team\_rbac\_group](#output\_development\_team\_rbac\_group) | The name of the Kubernetes RBAC group |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+Apache-2.0 Licensed. See [LICENSE](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/blob/main/LICENSE)

patterns/no-admin/main.tf → patterns/development-team/main.tf

@@ -32,34 +32,35 @@ locals {
 }
 
 ################################################################################
-# EKS Multi-Tenancy Module
+# EKS Development Teams Module
 ################################################################################
 
-module "red_team" {
+module "development_team" {
   source = "../.."
 
-  name = "red-team"
+  name = "development-team"
 
   users             = [data.aws_caller_identity.current.arn]
   cluster_arn       = module.eks.cluster_arn
   oidc_provider_arn = module.eks.oidc_provider_arn
 
   labels = {
-    team = "red"
+    team = "dev"
   }
 
   annotations = {
-    team = "red"
+    team = "dev"
   }
 
   namespaces = {
     default = {
       # Provides access to an existing namespace
       create = false
     }
-    red = {
+    app = {
+
       labels = {
-        projectName = "project-red",
+        projectName = "project-app",
       }
 
       resource_quota = {
@@ -154,43 +155,6 @@ module "red_team" {
   tags = local.tags
 }
 
-module "blue_teams" {
-  source = "../.."
-
-  for_each = {
-    one = {}
-    two = {}
-  }
-  name = "blue-team-${each.key}"
-
-  users             = [data.aws_caller_identity.current.arn]
-  cluster_arn       = module.eks.cluster_arn
-  oidc_provider_arn = module.eks.oidc_provider_arn
-
-  namespaces = {
-    "blue-${each.key}" = {
-      labels = {
-        appName     = "blue-team-app",
-        projectName = "project-blue",
-      }
-
-      resource_quota = {
-        hard = {
-          "requests.cpu"    = "2000m",
-          "requests.memory" = "4Gi",
-          "limits.cpu"      = "4000m",
-          "limits.memory"   = "16Gi",
-          "pods"            = "20",
-          "secrets"         = "20",
-          "services"        = "20"
-        }
-      }
-    }
-  }
-
-  tags = local.tags
-}
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -219,8 +183,7 @@ module "eks" {
   manage_aws_auth_configmap = true
   aws_auth_roles = flatten(
     [
-      module.red_team.aws_auth_configmap_role,
-      [for team in module.blue_teams : team.aws_auth_configmap_role],
+      module.development_team.aws_auth_configmap_role,
     ]
   )
 

patterns/development-team/outputs.tf

@@ -0,0 +1,35 @@
+# Red Team
+output "development_team_namespaces" {
+  description = "Mapf of Kubernetes namespaces created and their attributes"
+  value       = module.development_team.namespaces
+}
+
+output "development_team_rbac_group" {
+  description = "The name of the Kubernetes RBAC group"
+  value       = module.development_team.rbac_group
+}
+
+output "development_team_aws_auth_configmap_role" {
+  description = "Dictionary containing the necessary details for adding the role created to the `aws-auth` configmap"
+  value       = module.development_team.aws_auth_configmap_role
+}
+
+output "development_team_iam_role_name" {
+  description = "The name of the IAM role"
+  value       = module.development_team.iam_role_name
+}
+
+output "development_team_iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the IAM role"
+  value       = module.development_team.iam_role_arn
+}
+
+output "development_team_iam_role_unique_id" {
+  description = "Stable and unique string identifying the IAM role"
+  value       = module.development_team.iam_role_unique_id
+}
+
+output "development_team_kubeconfig" {
+  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name} --role-arn ${module.development_team.iam_role_arn}"
+}

patterns/multiple-app-teams/README.md

@@ -0,0 +1,69 @@
+# Amazon EKS Blueprints Teams - Complete
+
+Configuration in this directory creates:
+
+- An EKS cluster (required to support module/tests)
+- An administrative team
+- A red team which demonstrates creating one team per module definition
+- Blue teams which demonstrates creating multiple teams per module definition
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.47 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.17 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.47 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_application_teams"></a> [application\_teams](#module\_application\_teams) | ../.. | n/a |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.13 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_application_teams_aws_auth_configmap_role"></a> [application\_teams\_aws\_auth\_configmap\_role](#output\_application\_teams\_aws\_auth\_configmap\_role) | Dictionary containing the necessary details for adding the role created to the `aws-auth` configmap |
+| <a name="output_application_teams_iam_role_arn"></a> [application\_teams\_iam\_role\_arn](#output\_application\_teams\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_application_teams_iam_role_name"></a> [application\_teams\_iam\_role\_name](#output\_application\_teams\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_application_teams_iam_role_unique_id"></a> [application\_teams\_iam\_role\_unique\_id](#output\_application\_teams\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
+| <a name="output_application_teams_kubeconfig"></a> [application\_teams\_kubeconfig](#output\_application\_teams\_kubeconfig) | Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig |
+| <a name="output_application_teams_namespaces"></a> [application\_teams\_namespaces](#output\_application\_teams\_namespaces) | Mapf of Kubernetes namespaces created and their attributes |
+| <a name="output_application_teams_rbac_group"></a> [application\_teams\_rbac\_group](#output\_application\_teams\_rbac\_group) | The name of the Kubernetes RBAC group |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+Apache-2.0 Licensed. See [LICENSE](https://github.com/aws-ia/terraform-aws-eks-blueprints-teams/blob/main/LICENSE)