Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[refactor]: Upgrade to support v18.X of community EKS module #91

Merged
merged 33 commits into from
Nov 17, 2022
Merged
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
da99165
initial refactor commit; wip
jrsdav Sep 7, 2022
021912a
Refactor mostly finished; more scenario testing required
jrsdav Sep 16, 2022
c36ac75
added cluster-name tag
jrsdav Sep 19, 2022
c00b996
Updated default scaling config for ngs
jrsdav Sep 21, 2022
c423d3d
Merge branch 'refactor/vnext' of https://github.com/streamnative/terr…
jrsdav Sep 21, 2022
721b58a
Added enable flag for istio
jrsdav Sep 22, 2022
b4f63b0
Added wildcard to default hosted zone id
jrsdav Sep 22, 2022
18850d3
Added default value for istio service domain
jrsdav Sep 22, 2022
d6bd912
Added velero
jrsdav Sep 26, 2022
961c11c
Changed deprecated bucket config
jrsdav Sep 26, 2022
07e1aab
Fixed velero OIDC inputs
jrsdav Sep 26, 2022
09f1ef2
Added ACL resource for velero bucket
jrsdav Sep 26, 2022
d148c70
Fixed NG arn to work with iam-authenticator at creation
jrsdav Sep 28, 2022
6cba5f8
Removed old submodules;added tiered storage;updated ng config;misc va…
jrsdav Sep 29, 2022
b66fe84
Added flag to enable istio explicitly
jrsdav Oct 4, 2022
a056476
added istio source logic for external-dns
jrsdav Oct 4, 2022
1bfbcf0
Updated velero plugin version
jrsdav Oct 6, 2022
77f90f4
Updated velero config
jrsdav Oct 6, 2022
2903ee3
Added more SG inputs;updated autoscaler perms;removed tiered storage …
jrsdav Oct 17, 2022
1faea93
removed calico inputs
jrsdav Oct 17, 2022
cc93459
removed unneeded RBAC configs
jrsdav Oct 17, 2022
74e486a
Added migration_mode flag for cleaner handling of upgrades
jrsdav Oct 19, 2022
aaf78fb
Increment parent module version; added external-dns domain filtering
jrsdav Oct 21, 2022
7a4f8fd
Removed kubernetes.io/cluster tag from all resources
jrsdav Oct 21, 2022
6f8e3f7
Add arns as outputs
Oct 24, 2022
cb042a0
Merge branch 'refactor-vnext' of github.com:streamnative/terraform-aw…
Oct 24, 2022
b5a089a
Expose cluster_certificate_authority_data to communicate with cluster
jdmaguire Oct 25, 2022
5ce7e5b
Update outputs.tf
jdmaguire Oct 25, 2022
37025c9
Added default node SG rules
jrsdav Nov 2, 2022
bb11b87
Merge branch 'refactor-vnext' of https://github.com/streamnative/terr…
jrsdav Nov 2, 2022
ae7ef66
AWS LB arn
Nov 4, 2022
206cb00
readme updates
jrsdav Nov 7, 2022
86fe9b4
Merge branch 'master' into refactor-vnext
Nov 17, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Removed old submodules;added tiered storage;updated ng config;misc va…
…r defaults
jrsdav committed Sep 29, 2022
commit 6cba5f8198987d387ddc96264895405cecffe053
4 changes: 2 additions & 2 deletions csi.tf
Original file line number Diff line number Diff line change
@@ -125,7 +125,7 @@ data "aws_iam_policy_document" "csi" {
"kms:ListGrants",
"kms:RevokeGrant",
]
resources = [local.kms_key]
resources = [local.ebs_kms_key]
effect = "Allow"
condition {
test = "Bool"
@@ -141,7 +141,7 @@ data "aws_iam_policy_document" "csi" {
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
resources = [local.kms_key]
resources = [local.ebs_kms_key]
effect = "Allow"
}
}
2 changes: 1 addition & 1 deletion istio.tf
Original file line number Diff line number Diff line change
@@ -34,7 +34,7 @@ locals {
}

module "istio" {
count = var.enable_bootstrap ? 1 : 0
count = var.enable_bootstrap ? 1 : 0
source = "github.com/streamnative/terraform-helm-charts//modules/istio-operator?ref=v0.8.4"

enable_istio_operator = true
31 changes: 21 additions & 10 deletions main.tf
Original file line number Diff line number Diff line change
@@ -30,13 +30,18 @@ data "aws_kms_key" "ebs_default" {
key_id = "alias/aws/ebs"
}

data "aws_kms_key" "s3_default" {
key_id = "alias/aws/s3"
}

locals {
s3_kms_key = var.s3_encryption_kms_key_arn == "" ? data.aws_kms_key.s3_default.arn : var.s3_encryption_kms_key_arn
aws_partition = data.aws_partition.current.partition
account_id = data.aws_caller_identity.current.account_id
cluster_subnet_ids = concat(var.private_subnet_ids, var.public_subnet_ids)
default_lb_policy_arn = "arn:${local.aws_partition}:iam::${local.account_id}:policy/StreamNative/StreamNativeCloudLBPolicy"
default_service_policy_arn = "arn:${local.aws_partition}:iam::${local.account_id}:policy/StreamNative/StreamNativeCloudRuntimePolicy"
kms_key = var.disk_encryption_kms_key_id == "" ? data.aws_kms_key.ebs_default.arn : var.disk_encryption_kms_key_id
ebs_kms_key = var.disk_encryption_kms_key_arn == "" ? data.aws_kms_key.ebs_default.arn : var.disk_encryption_kms_key_arn
oidc_issuer = trimprefix(module.eks.cluster_oidc_issuer_url, "https://")
private_subnet_cidrs = var.enable_node_group_private_networking == false ? [] : [for i, v in var.private_subnet_ids : data.aws_subnet.private_subnets[i].cidr_block]

@@ -51,6 +56,14 @@ locals {
)

## Node Group Configuration
compute_units = {
"large" = "Small"
"xlarge" = "Medium"
"2xlarge" = "Medium"
"4xlarge" = "Large"
"8xlarge" = "Large"
}

node_group_defaults = {
ami_id = var.node_pool_ami_id
block_device_mappings = {
@@ -61,7 +74,7 @@ locals {
volume_type = "gp3"
iops = var.node_pool_disk_iops
encrypted = true
kms_key_id = local.kms_key
kms_key_id = local.ebs_kms_key
delete_on_termination = true
}
}
@@ -72,7 +85,6 @@ locals {
ebs_optimized = var.node_pool_ebs_optimized
enable_monitoring = var.enable_node_pool_monitoring
iam_role_arn = replace(aws_iam_role.ng.arn, replace(var.iam_path, "/^//", ""), "") # Work around for https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153
labels = var.node_pool_labels
min_size = var.node_pool_min_size
max_size = var.node_pool_max_size
pre_bootstrap_user_data = var.node_pool_pre_userdata
@@ -92,7 +104,8 @@ locals {
subnet_ids = [data.aws_subnet.private_subnets[i].id]
instance_types = [instance_type]
name = "snc-${split(".", instance_type)[1]}-${data.aws_subnet.private_subnets[i].availability_zone}"
desired_size = split(".", instance_type)[1] == "xlarge" ? 1 : 0
desired_size = split(".", instance_type)[1] == "xlarge" ? 1 : 0
labels = merge(var.node_pool_labels, { "cloud.streamnative.io/instance-type" = lookup(local.compute_units, split(".", instance_type)[1], "null") })
}
]
]) : "${node_group.name}" => node_group
@@ -110,7 +123,7 @@ locals {
# Add the worker node role back in with the path so the EKS console reports healthy node status
worker_node_role = [
{
rolearn = aws_iam_role.ng.arn
rolearn = aws_iam_role.ng.arn
username = "system:node:{{EC2PrivateDNSName}}"
groups = ["system:bootstrappers", "system:nodes"]
}
@@ -134,9 +147,7 @@ module "eks" {
cluster_security_group_description = "EKS cluster security group."
###############################################################################################

# aws_auth_accounts = var.map_additional_aws_accounts
aws_auth_roles = local.role_bindings
# aws_auth_users = var.map_additional_iam_users
aws_auth_roles = local.role_bindings
cluster_name = var.cluster_name
cluster_version = var.cluster_version
create_cluster_primary_security_group_tags = false
@@ -198,7 +209,7 @@ resource "kubernetes_storage_class" "sn_default" {
parameters = {
type = "gp3"
encrypted = "true"
kmsKeyId = local.kms_key
kmsKeyId = local.ebs_kms_key
}
reclaim_policy = "Delete"
allow_volume_expansion = true
@@ -213,7 +224,7 @@ resource "kubernetes_storage_class" "sn_ssd" {
parameters = {
type = "gp3"
encrypted = "true"
kmsKeyId = local.kms_key
kmsKeyId = local.ebs_kms_key
}
reclaim_policy = "Delete"
allow_volume_expansion = true
61 changes: 0 additions & 61 deletions modules/backup-resources/README.md

This file was deleted.

180 changes: 0 additions & 180 deletions modules/backup-resources/main.tf

This file was deleted.

Loading