diff --git a/infra-as-code/terraform/egov-staging/main.tf b/infra-as-code/terraform/egov-staging/main.tf new file mode 100644 index 0000000000..ebd5cf6e07 --- /dev/null +++ b/infra-as-code/terraform/egov-staging/main.tf @@ -0,0 +1,235 @@ +terraform { + backend "s3" { + bucket = "egov-staging-terraform-state" + key = "terraform" + region = "ap-south-1" + } +} + +module "network" { + source = "../modules/kubernetes/aws/network" + vpc_cidr_block = "${var.vpc_cidr_block}" + cluster_name = "${var.cluster_name}" + availability_zones = "${var.network_availability_zones}" +} + +# PostGres DB +module "db" { + source = "../modules/db/aws" + subnet_ids = "${module.network.private_subnets}" + vpc_security_group_ids = ["${module.network.rds_db_sg_id}"] + availability_zone = "${element(var.availability_zone, 0)}" + instance_class = "db.m6g.large" ## postgres db instance type + engine_version = "12.17" ## postgres version + storage_type = "gp3" + storage_gb = "165" ## postgres disk size + backup_retention_days = "7" + administrator_login = "${var.db_username}" + administrator_login_password = "${var.db_password}" + db_name = "${var.db_name}" + db_subnet_group = "${var.db_subnet_group}" + environment = "${var.cluster_name}" +} + +data "aws_eks_cluster" "cluster" { + name = "${module.eks.cluster_id}" +} + +data "aws_eks_cluster_auth" "cluster" { + name = "${module.eks.cluster_id}" +} + +data "aws_caller_identity" "current" {} + +data "tls_certificate" "thumb" { + url = "${data.aws_eks_cluster.cluster.identity.0.oidc.0.issuer}" +} + +provider "kubernetes" { + host = "${data.aws_eks_cluster.cluster.endpoint}" + cluster_ca_certificate = "${base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)}" + token = "${data.aws_eks_cluster_auth.cluster.token}" + #load_config_file = false +} + +module "iam_user_deployer" { + source = "terraform-aws-modules/iam/aws//modules/iam-user" + + name = "${var.cluster_name}-kube-deployer" + force_destroy = true + create_iam_user_login_profile = false + create_iam_access_key = true + + # User "egovterraform" has uploaded his public key here - https://keybase.io/egovterraform/pgp_keys.asc + pgp_key = "${var.iam_keybase_user}" +} + +module "iam_user_admin" { + source = "terraform-aws-modules/iam/aws//modules/iam-user" + + name = "${var.cluster_name}-kube-admin" + force_destroy = true + create_iam_user_login_profile = false + create_iam_access_key = true + + # User "egovterraform" has uploaded his public key here - https://keybase.io/egovterraform/pgp_keys.asc + pgp_key = "${var.iam_keybase_user}" +} + +module "iam_user_user" { + source = "terraform-aws-modules/iam/aws//modules/iam-user" + + name = "${var.cluster_name}-kube-user" + force_destroy = true + create_iam_user_login_profile = false + create_iam_access_key = true + + # User "test" has uploaded his public key here - https://keybase.io/test/pgp_keys.asc + pgp_key = "${var.iam_keybase_user}" +} + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "17.24.0" + cluster_name = "${var.cluster_name}" + vpc_id = "${module.network.vpc_id}" + cluster_version = "${var.kubernetes_version}" + subnets = "${concat(module.network.private_subnets, module.network.public_subnets)}" + + worker_groups = [ + { + name = "spot" + ami_id = "ami-01d4aea4600d4dd60" + subnets = "${concat(slice(module.network.private_subnets, 0, length(var.availability_zones)))}" + instance_type = "${var.instance_type}" + override_instance_types = "${var.override_instance_types}" + kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot" + asg_max_size = "${var.number_of_worker_nodes}" + asg_desired_capacity = "${var.number_of_worker_nodes}" + spot_allocation_strategy = "capacity-optimized" + spot_instance_pools = null + } + ] + tags = "${ + tomap({ + "kubernetes.io/cluster/${var.cluster_name}" = "owned", + "KubernetesCluster" = "${var.cluster_name}" + })}" +} + +resource "aws_iam_role" "eks_iam" { + name = "${var.cluster_name}-eks" + + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Sid = "EKSWorkerAssumeRole" + Effect = "Allow", + Principal = { + Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}" + }, + Action = "sts:AssumeRoleWithWebIdentity", + Condition = { + StringEquals = { + "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub" = "system:serviceaccount:kube-system:ebs-csi-controller-sa" + } + } + } + ] + }) +} + +resource "kubernetes_annotations" "example" { + api_version = "v1" + kind = "ServiceAccount" + metadata { + name = "ebs-csi-controller-sa" + namespace = "kube-system" + } + annotations = { + "eks.amazonaws.com/role-arn" = "${aws_iam_role.eks_iam.arn}" + } +} + +resource "aws_iam_role_policy_attachment" "cluster_AmazonEBSCSIDriverPolicy" { + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" + role = "${aws_iam_role.eks_iam.name}" +} + +resource "aws_iam_role_policy_attachment" "cluster_AmazonEC2FullAccess" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess" + role = "${aws_iam_role.eks_iam.name}" +} + +resource "aws_iam_openid_connect_provider" "eks_oidc_provider" { + client_id_list = ["sts.amazonaws.com"] + thumbprint_list = ["${data.tls_certificate.thumb.certificates.0.sha1_fingerprint}"] # This should be empty or provide certificate thumbprints if needed + url = "${data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer}" # Replace with the OIDC URL from your EKS cluster details +} + +resource "aws_eks_addon" "kube_proxy" { + cluster_name = data.aws_eks_cluster.cluster.name + addon_name = "kube-proxy" + resolve_conflicts = "OVERWRITE" +} +resource "aws_eks_addon" "core_dns" { + cluster_name = data.aws_eks_cluster.cluster.name + addon_name = "coredns" + resolve_conflicts = "OVERWRITE" +} +resource "aws_eks_addon" "aws_ebs_csi_driver" { + cluster_name = data.aws_eks_cluster.cluster.name + addon_name = "aws-ebs-csi-driver" + addon_version = "v1.23.0-eksbuild.1" + resolve_conflicts = "OVERWRITE" +} + +module "es-master" { + + source = "../modules/storage/aws" + storage_count = 3 + environment = "${var.cluster_name}" + disk_prefix = "es-master" + availability_zones = "${var.availability_zones}" + storage_sku = "gp2" + disk_size_gb = "2" + +} +module "es-data-v1" { + + source = "../modules/storage/aws" + storage_count = 3 + environment = "${var.cluster_name}" + disk_prefix = "es-data-v1" + availability_zones = "${var.availability_zones}" + storage_sku = "gp2" + disk_size_gb = "25" + +} + +module "zookeeper" { + + source = "../modules/storage/aws" + storage_count = 3 + environment = "${var.cluster_name}" + disk_prefix = "zookeeper" + availability_zones = "${var.availability_zones}" + storage_sku = "gp2" + disk_size_gb = "2" + +} + +module "kafka" { + + source = "../modules/storage/aws" + storage_count = 3 + environment = "${var.cluster_name}" + disk_prefix = "kafka" + availability_zones = "${var.availability_zones}" + storage_sku = "gp2" + disk_size_gb = "55" + +} + + diff --git a/infra-as-code/terraform/egov-staging/outputs.tf b/infra-as-code/terraform/egov-staging/outputs.tf new file mode 100644 index 0000000000..9763812549 --- /dev/null +++ b/infra-as-code/terraform/egov-staging/outputs.tf @@ -0,0 +1,58 @@ +output "vpc_id" { + value = "${module.network.vpc_id}" +} + +output "private_subnets" { + value = "${module.network.private_subnets}" +} + +output "public_subnets" { + value = "${module.network.public_subnets}" +} + +output "cluster_endpoint" { + description = "Endpoint for EKS control plane." + value = "${module.eks.cluster_endpoint}" +} + +output "kubectl_config" { + description = "kubectl config as generated by the module." + value = "${module.eks.kubeconfig}" +} + +output "es_master_volume_ids" { + value = "${module.es-master.volume_ids}" +} + +output "es_data_volume_ids" { + value = "${module.es-data-v1.volume_ids}" +} + +output "zookeeper_volume_ids" { + value = "${module.zookeeper.volume_ids}" +} + +output "kafka_vol_ids" { + value = "${module.kafka.volume_ids}" +} + +output "db_instance_endpoint" { + value = "${module.db.db_instance_endpoint}" +} + + +output "db_instance_name" { + description = "The database name" + value = "${module.db.db_instance_name}" +} + +output "db_instance_username" { + description = "The master username for the database" + value = "${module.db.db_instance_username}" + sensitive = true +} + +output "db_instance_port" { + description = "The database port" + value = "${module.db.db_instance_port}" +} \ No newline at end of file diff --git a/infra-as-code/terraform/staging/providers.tf b/infra-as-code/terraform/egov-staging/providers.tf similarity index 99% rename from infra-as-code/terraform/staging/providers.tf rename to infra-as-code/terraform/egov-staging/providers.tf index 88fecb61a1..4337a5ea20 100644 --- a/infra-as-code/terraform/staging/providers.tf +++ b/infra-as-code/terraform/egov-staging/providers.tf @@ -4,7 +4,6 @@ provider "aws" { region = "ap-south-1" - } # Using these data sources allows the configuration to be diff --git a/infra-as-code/terraform/staging/remote-state/main.tf b/infra-as-code/terraform/egov-staging/remote-state/main.tf similarity index 59% rename from infra-as-code/terraform/staging/remote-state/main.tf rename to infra-as-code/terraform/egov-staging/remote-state/main.tf index 7977cf1923..40d7e21e9c 100644 --- a/infra-as-code/terraform/staging/remote-state/main.tf +++ b/infra-as-code/terraform/egov-staging/remote-state/main.tf @@ -3,19 +3,23 @@ provider "aws" { } resource "aws_s3_bucket" "terraform_state" { - bucket = "egov-staging-terraform-state" - - versioning { - enabled = true - } + bucket = "${var.bucket_name}" lifecycle { prevent_destroy = true } } +resource "aws_s3_bucket_versioning" "versioning" { + bucket = aws_s3_bucket.terraform_state.id + versioning_configuration { + status = "Enabled" + } +} + + resource "aws_dynamodb_table" "terraform_state_lock" { - name = "egov-staging-terraform-state" + name = "${var.bucket_name}" read_capacity = 1 write_capacity = 1 hash_key = "LockID" diff --git a/infra-as-code/terraform/egov-staging/remote-state/variables.tf b/infra-as-code/terraform/egov-staging/remote-state/variables.tf new file mode 100644 index 0000000000..415d8e963e --- /dev/null +++ b/infra-as-code/terraform/egov-staging/remote-state/variables.tf @@ -0,0 +1,3 @@ +variable "bucket_name" { + default = "egov-staging-terraform-state" +} \ No newline at end of file diff --git a/infra-as-code/terraform/egov-staging/variables.tf b/infra-as-code/terraform/egov-staging/variables.tf new file mode 100644 index 0000000000..e7b39f6289 --- /dev/null +++ b/infra-as-code/terraform/egov-staging/variables.tf @@ -0,0 +1,90 @@ +# +# Variables Configuration. Check for REPLACE to substitute custom values. Check the description of each +# tag for more information +# + +variable "cluster_name" { + description = "Name of the Kubernetes cluster" + default = "egov-staging" #REPLACE +} + +variable "vpc_cidr_block" { + description = "CIDR block" + default = "10.1.64.0/19" +} + + +variable "network_availability_zones" { + description = "Configure availability zones configuration for VPC. Leave as default for India. Recommendation is to have subnets in at least two availability zones" + default = ["ap-south-1a", "ap-south-1b"] #REPLACE IF NEEDED +} + +variable "availability_zones" { + description = "Amazon EKS runs and scales the Kubernetes control plane across multiple AWS Availability Zones to ensure high availability. Specify a comma separated list to have a cluster spanning multiple zones. Note that this will have cost implications" + default = ["ap-south-1a"] #REPLACE IF NEEDED +} + +variable "availability_zone" { + description = "RDS availability zone" + default = ["ap-south-1b"] #REPLACE IF NEEDED +} + +variable "kubernetes_version" { + description = "kubernetes version" + default = "1.29" +} + +variable "instance_type" { + description = "eGov recommended below instance type as a default" + default = "m4.xlarge" +} + +variable "override_instance_types" { + description = "Arry of instance types for SPOT instances" + default = ["r5a.large", "r5ad.large", "r5d.large", "m4.xlarge"] + +} + +variable "number_of_worker_nodes" { + description = "eGov recommended below worker node counts as default" + default = "7" #REPLACE IF NEEDED +} + +variable "ssh_key_name" { + description = "ssh key name, not required if your using spot instance types" + default = "egov-staging" #REPLACE +} + +variable "db_subnet_group" { + default = "default-vpc-0f630338229cf5c1e" +} + +variable "db_name" { + description = "RDS DB name. Make sure there are no hyphens or other special characters in the DB name. Else, DB creation will fail" + default = "egov-staging" #REPLACE +} + +variable "db_username" { + description = "RDS database user name" + default = "egovdev" #REPLACE +} + +#DO NOT fill in here. This will be asked at runtime +variable "db_password" {} + +variable "public_key" { + default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrfbaDFN3FmjUoVUx4YH1eHPruFbWz6JGPfSKTwIqT75xFzU/Q6KCa3Xa6FnEOpcUKXej95pkeUnXywohojF6FrNak5p5xfGmmwC8UA9s5UxsI7flBKVnjsAbcRuxoa/AtOzg4Cizz6zQLl2JZAivZU1PwZjIJo8dcum9bjZYVHwZc3csKJ2nYgpcQrV8AWnfKtLvl5WNfNF0i5bWOieNLKiEc5DtsKYbQ6umrhhCaoGcH0S/Gy6w0PPSnnfl/AWXO7ckFtEXQbdz9Y15zeUFKgUsbklXxmC6D37BkPGu+IjCZSOttPV+PRM0Dnf0jQLvMV0UhEkguD9ALC5xikqNlFyPH5bGetWDxtLbn61tnoOIYG6lXAdk2Oe35yWWt3ZgcccWtYuRwDo0ofBwY9jWOkEcCefDyYg+S7h1VzNsbB9DsFv0vPcaxHcZK8bLdyhnz1+9rXy/flbiS5kE0O97aZ4zm4wAmqiivN2wWhUez18k2Mcs= demo@demo" + description = "ssh key" +} + +## change ssh key_name eg. digit-quickstart_your-name + +variable "key_name" { + default = "digit-quickstart" + description = "ssh key name" +} + +variable "iam_keybase_user" { + default = "keybase:egovterraform" +} + diff --git a/infra-as-code/terraform/modules/db/aws/main.tf b/infra-as-code/terraform/modules/db/aws/main.tf index 423b057700..63a2e8287c 100644 --- a/infra-as-code/terraform/modules/db/aws/main.tf +++ b/infra-as-code/terraform/modules/db/aws/main.tf @@ -3,11 +3,10 @@ resource "aws_db_subnet_group" "db_subnet_group" { subnet_ids = "${var.subnet_ids}" tags = "${ - map( - "Name", "db-subnet-group-${var.environment}", - "environment", "${var.environment}" - ) - }" + tomap({ + "Name" = "db-subnet-group-${var.environment}", + "environment" = "${var.environment}" + })}" } resource "aws_db_instance" "rds_postgres" { @@ -22,13 +21,16 @@ resource "aws_db_instance" "rds_postgres" { password = "${var.administrator_login_password}" vpc_security_group_ids = "${var.vpc_security_group_ids}" backup_retention_period = "${var.backup_retention_days}" - db_subnet_group_name = "${aws_db_subnet_group.db_subnet_group.name}" + db_subnet_group_name = "${var.db_subnet_group}" copy_tags_to_snapshot = "true" + auto_minor_version_upgrade = "false" + allow_major_version_upgrade = "false" + skip_final_snapshot = "true" + apply_immediately = "true" tags = "${ - map( - "Name", "${var.environment}-db", - "environment", "${var.environment}" - ) - }" + tomap({ + "Name" = "${var.environment}-db", + "environment" = "${var.environment}" + })}" } \ No newline at end of file diff --git a/infra-as-code/terraform/modules/db/aws/outputs.tf b/infra-as-code/terraform/modules/db/aws/outputs.tf index cde0f09f4a..cb0fc45c25 100644 --- a/infra-as-code/terraform/modules/db/aws/outputs.tf +++ b/infra-as-code/terraform/modules/db/aws/outputs.tf @@ -2,3 +2,22 @@ output "rds_postgres_address" { value = "${aws_db_instance.rds_postgres.address}" } +output "db_instance_endpoint" { + value = "${aws_db_instance.rds_postgres.endpoint}" # Adjusted to match the module's actual output +} + +output "db_instance_name" { + description = "The database name" + value = "${aws_db_instance.rds_postgres.identifier}" # Adjusted to match the module's actual output +} + +output "db_instance_username" { + description = "The master username for the database" + value = "${aws_db_instance.rds_postgres.username}" # Adjusted to match the module's actual output + sensitive = true +} + +output "db_instance_port" { + description = "The database port" + value = "${aws_db_instance.rds_postgres.port}" # Adjusted to match the module's actual output +} diff --git a/infra-as-code/terraform/modules/db/aws/variables.tf b/infra-as-code/terraform/modules/db/aws/variables.tf index c9e94feba7..d616f9b836 100644 --- a/infra-as-code/terraform/modules/db/aws/variables.tf +++ b/infra-as-code/terraform/modules/db/aws/variables.tf @@ -9,4 +9,5 @@ variable "backup_retention_days" {} variable "administrator_login" {} variable "administrator_login_password" {} variable "db_name" {} +variable "db_subnet_group" {} variable "environment" {} \ No newline at end of file diff --git a/infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf b/infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf index 885343633b..47e76d01b7 100644 --- a/infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf +++ b/infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf @@ -24,11 +24,10 @@ resource "aws_iam_role" "eks_iam" { POLICY tags = "${ - map( - "kubernetes.io/cluster/${var.cluster_name}", "owned", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "kubernetes.io/cluster/${var.cluster_name}" = "owned", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSClusterPolicy" { diff --git a/infra-as-code/terraform/modules/kubernetes/aws/network/main.tf b/infra-as-code/terraform/modules/kubernetes/aws/network/main.tf index 36f7426165..e71ff7d4c0 100644 --- a/infra-as-code/terraform/modules/kubernetes/aws/network/main.tf +++ b/infra-as-code/terraform/modules/kubernetes/aws/network/main.tf @@ -11,11 +11,10 @@ resource "aws_vpc" "vpc" { enable_dns_hostnames = true tags = "${ - map( - "Name", "${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - ) - }" + tomap({ + "Name" = "${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + })}" } resource "aws_subnet" "public_subnet" { @@ -26,14 +25,13 @@ resource "aws_subnet" "public_subnet" { vpc_id = "${aws_vpc.vpc.id}" tags = "${ - map( - "Name", "utility-${var.availability_zones[count.index]}-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "kubernetes.io/role/elb", 1, - "SubnetType", "Utility", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "utility-${var.availability_zones[count.index]}-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "kubernetes.io/role/elb" = 1, + "SubnetType" = "Utility", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_subnet" "private_subnet" { @@ -44,26 +42,24 @@ resource "aws_subnet" "private_subnet" { vpc_id = "${aws_vpc.vpc.id}" tags = "${ - map( - "Name", "${var.availability_zones[count.index]}-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "kubernetes.io/role/internal-elb", 1, - "SubnetType", "Private", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "${var.availability_zones[count.index]}-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "kubernetes.io/role/internal-elb" = 1, + "SubnetType" = "Private", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_internet_gateway" "internet_gateway" { vpc_id = "${aws_vpc.vpc.id}" tags = "${ - map( - "Name", "${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_route_table" "public_route_table" { @@ -75,12 +71,11 @@ resource "aws_route_table" "public_route_table" { } tags = "${ - map( - "Name", "public-${var.cluster_name}-rtb", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "public-${var.cluster_name}-rtb", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_route_table_association" "public" { @@ -95,12 +90,11 @@ resource "aws_eip" "eip" { depends_on = ["aws_internet_gateway.internet_gateway"] tags = "${ - map( - "Name", "eip-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "eip-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } @@ -111,12 +105,11 @@ resource "aws_nat_gateway" "nat" { depends_on = ["aws_internet_gateway.internet_gateway"] tags = "${ - map( - "Name", "nat-gw-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "nat-gw-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } @@ -129,12 +122,11 @@ resource "aws_route_table" "private_route_table" { } tags = "${ - map( - "Name", "private-${var.cluster_name}-rtb", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "private-${var.cluster_name}-rtb", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_route_table_association" "private" { @@ -158,12 +150,11 @@ resource "aws_security_group" "worker_nodes_sg" { } tags = "${ - map( - "Name", "nodes-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "nodes-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_security_group" "master_nodes_sg" { @@ -172,12 +163,11 @@ resource "aws_security_group" "master_nodes_sg" { vpc_id = "${aws_vpc.vpc.id}" tags = "${ - map( - "Name", "masters-${var.cluster_name}", - "kubernetes.io/cluster/${var.cluster_name}", "shared", - "KubernetesCluster", "${var.cluster_name}" - ) - }" + tomap({ + "Name" = "masters-${var.cluster_name}", + "kubernetes.io/cluster/${var.cluster_name}" = "shared", + "KubernetesCluster" = "${var.cluster_name}" + })}" } resource "aws_security_group" "rds_db_sg" { @@ -186,10 +176,9 @@ resource "aws_security_group" "rds_db_sg" { vpc_id = "${aws_vpc.vpc.id}" tags = "${ - map( - "Name", "db-${var.cluster_name}" - ) - }" + tomap({ + "Name" = "db-${var.cluster_name}" + })}" } resource "aws_security_group_rule" "master_nodes_egress_workers" { diff --git a/infra-as-code/terraform/modules/kubernetes/oci/network/main.tf b/infra-as-code/terraform/modules/kubernetes/oci/network/main.tf index 34f0dc7889..ea7a93387c 100644 --- a/infra-as-code/terraform/modules/kubernetes/oci/network/main.tf +++ b/infra-as-code/terraform/modules/kubernetes/oci/network/main.tf @@ -10,15 +10,14 @@ resource "oci_core_vcn" "VCN" { display_name = "${var.ClusterName}-vcn" dns_label = var.dns-label freeform_tags = "${ - map( - "Name", "${var.ClusterName}" - ) - }" + tomap({ + "Name" = "${var.ClusterName}" + })}" } resource "oci_core_subnet" "public_subnet" { count = 1 - cidr_block = "${cidrsubnet("${var.vcn_cidr}", 5, count.index)}" + cidr_block = "${cidrsubnet("${var.vcn_cidr}" = 5, count.index)}" compartment_id = var.tenancy_id display_name = "${var.ClusterName}-Utility-subnet" dns_label = "Utility" @@ -28,17 +27,16 @@ resource "oci_core_subnet" "public_subnet" { security_list_ids = [oci_core_security_list.public-security-list.id] freeform_tags = "${ - map( - "SubnetType", "Utility", - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "SubnetType" = "Utility", + "KubernetesCluster" = "${var.ClusterName}" + })}" } resource "oci_core_subnet" "private_subnet" { count = 1 - cidr_block = "${cidrsubnet("${var.vcn_cidr}", 3, 2+count.index)}" + cidr_block = "${cidrsubnet("${var.vcn_cidr}" = 3, 2+count.index)}" compartment_id = var.tenancy_id display_name = "${var.ClusterName}-private-subnet" dns_label = "private" @@ -48,11 +46,10 @@ resource "oci_core_subnet" "private_subnet" { security_list_ids = [oci_core_security_list.worker-security-list.id] freeform_tags = "${ - map( - "SubnetType", "Private", - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "SubnetType" = "Private", + "KubernetesCluster" = "${var.ClusterName}" + })}" } @@ -62,10 +59,9 @@ resource "oci_core_internet_gateway" "InternetGateway" { vcn_id = oci_core_vcn.VCN.id freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } resource "oci_core_nat_gateway" "nat_gateway" { @@ -78,10 +74,9 @@ resource "oci_core_nat_gateway" "nat_gateway" { depends_on = [oci_core_internet_gateway.InternetGateway] freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } @@ -96,10 +91,9 @@ resource "oci_core_public_ip" "public_ip" { depends_on = [oci_core_internet_gateway.InternetGateway] freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } @@ -115,10 +109,9 @@ resource "oci_core_route_table" "private_route_table" { } freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } resource "oci_core_route_table" "public_route_table" { @@ -132,10 +125,9 @@ resource "oci_core_route_table" "public_route_table" { } freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } @@ -187,10 +179,9 @@ resource "oci_core_security_list" "worker-security-list" { } freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } @@ -214,9 +205,8 @@ resource "oci_core_security_list" "public-security-list" { } freeform_tags = "${ - map( - "KubernetesCluster", "${var.ClusterName}" - ) - }" + tomap({ + "KubernetesCluster" = "${var.ClusterName}" + })}" } \ No newline at end of file diff --git a/infra-as-code/terraform/staging/main.tf b/infra-as-code/terraform/staging/main.tf deleted file mode 100644 index 9f6fd14121..0000000000 --- a/infra-as-code/terraform/staging/main.tf +++ /dev/null @@ -1,160 +0,0 @@ -terraform { - backend "s3" { - bucket = "egov-staging-terraform-state" - key = "terraform" - region = "ap-south-1" - } -} - -module "network" { - source = "../modules/kubernetes/aws/network" - vpc_cidr_block = "${var.vpc_cidr_block}" - cluster_name = "${var.cluster_name}" - availability_zones = "${var.network_availability_zones}" -} - - -module "iam_user_deployer" { - source = "terraform-aws-modules/iam/aws//modules/iam-user" - - name = "${var.cluster_name}-kube-deployer" - force_destroy = true - create_iam_user_login_profile = false - create_iam_access_key = true - - # User "egovterraform" has uploaded his public key here - https://keybase.io/egovterraform/pgp_keys.asc - pgp_key = "${var.iam_keybase_user}" -} - -module "iam_user_admin" { - source = "terraform-aws-modules/iam/aws//modules/iam-user" - - name = "${var.cluster_name}-kube-admin" - force_destroy = true - create_iam_user_login_profile = false - create_iam_access_key = true - - # User "egovterraform" has uploaded his public key here - https://keybase.io/egovterraform/pgp_keys.asc - pgp_key = "${var.iam_keybase_user}" -} - -module "iam_user_user" { - source = "terraform-aws-modules/iam/aws//modules/iam-user" - - name = "${var.cluster_name}-kube-user" - force_destroy = true - create_iam_user_login_profile = false - create_iam_access_key = true - - # User "test" has uploaded his public key here - https://keybase.io/test/pgp_keys.asc - pgp_key = "${var.iam_keybase_user}" -} - -data "aws_eks_cluster" "cluster" { - name = "${module.eks.cluster_id}" -} - -data "aws_eks_cluster_auth" "cluster" { - name = "${module.eks.cluster_id}" -} -provider "kubernetes" { - host = "${data.aws_eks_cluster.cluster.endpoint}" - cluster_ca_certificate = "${base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)}" - token = "${data.aws_eks_cluster_auth.cluster.token}" - load_config_file = false - version = "~> 1.11" -} - -module "eks" { - source = "terraform-aws-modules/eks/aws" - cluster_name = "${var.cluster_name}" - cluster_version = "${var.kubernetes_version}" - subnets = "${concat(module.network.private_subnets, module.network.public_subnets)}" - - tags = "${ - map( - "kubernetes.io/cluster/${var.cluster_name}", "owned", - "KubernetesCluster", "${var.cluster_name}" - ) - }" - - vpc_id = "${module.network.vpc_id}" - - worker_groups_launch_template = [ - { - name = "spot" - subnets = "${concat(slice(module.network.private_subnets, 0, length(var.availability_zones)), slice(module.network.public_subnets, 0, length(var.availability_zones)))}" - override_instance_types = "${var.override_instance_types}" - asg_max_size = 4 - asg_desired_capacity = 4 - kubelet_extra_args = "--node-labels=node.kubernetes.io/lifecycle=spot" - spot_allocation_strategy= "capacity-optimized" - spot_instance_pools = null - }, - ] - - map_users = [ - { - userarn = "${module.iam_user_deployer.iam_user_arn}" - username = "${module.iam_user_deployer.iam_user_name}" - groups = ["system:masters"] - }, - { - userarn = "${module.iam_user_admin.iam_user_arn}" - username = "${module.iam_user_admin.iam_user_name}" - groups = ["global-readonly", "digit-user"] - }, - { - userarn = "${module.iam_user_user.iam_user_arn}" - username = "${module.iam_user_user.iam_user_name}" - groups = ["global-readonly"] - }, - ] -} - -module "es-master" { - - source = "../modules/storage/aws" - storage_count = 3 - environment = "${var.cluster_name}" - disk_prefix = "es-master" - availability_zones = "${var.availability_zones}" - storage_sku = "gp2" - disk_size_gb = "2" - -} -module "es-data-v1" { - - source = "../modules/storage/aws" - storage_count = 3 - environment = "${var.cluster_name}" - disk_prefix = "es-data-v1" - availability_zones = "${var.availability_zones}" - storage_sku = "gp2" - disk_size_gb = "25" - -} - -module "zookeeper" { - - source = "../modules/storage/aws" - storage_count = 3 - environment = "${var.cluster_name}" - disk_prefix = "zookeeper" - availability_zones = "${var.availability_zones}" - storage_sku = "gp2" - disk_size_gb = "2" - -} - -module "kafka" { - - source = "../modules/storage/aws" - storage_count = 3 - environment = "${var.cluster_name}" - disk_prefix = "kafka" - availability_zones = "${var.availability_zones}" - storage_sku = "gp2" - disk_size_gb = "50" - -} \ No newline at end of file diff --git a/infra-as-code/terraform/staging/outputs.tf b/infra-as-code/terraform/staging/outputs.tf deleted file mode 100644 index 4977165a37..0000000000 --- a/infra-as-code/terraform/staging/outputs.tf +++ /dev/null @@ -1,62 +0,0 @@ -output "vpc_id" { - value = module.network.vpc_id -} - -output "private_subnets" { - value = module.network.private_subnets -} - -output "public_subnets" { - value = module.network.public_subnets -} - -output "master_nodes_sg_id" { - value = module.network.master_nodes_sg_id -} - -output "worker_nodes_sg_id" { - value = module.network.worker_nodes_sg_id -} - -output "cluster_endpoint" { - description = "Endpoint for EKS control plane." - value = module.eks.cluster_endpoint -} - -output "kubectl_config" { - description = "kubectl config as generated by the module." - value = module.eks.kubeconfig -} - -output "config_map_aws_auth" { - description = "A kubernetes configuration to authenticate to this EKS cluster." - value = module.eks.config_map_aws_auth -} - -output "es_master_volume_ids" { - value = "${module.es-master.volume_ids}" -} - -output "es_data_volume_ids" { - value = "${module.es-data-v1.volume_ids}" -} - -output "zookeeper_volume_ids" { - value = "${module.zookeeper.volume_ids}" -} - -output "kafka_vol_ids" { - value = "${module.kafka.volume_ids}" -} - -output "deployer_secret_key_cmd" { - value = "${map(module.iam_user_deployer.iam_access_key_id, module.iam_user_deployer.keybase_secret_key_decrypt_command)}" -} - -output "admin_secret_key_cmd" { - value = "${map(module.iam_user_admin.iam_access_key_id, module.iam_user_admin.keybase_secret_key_decrypt_command)}" -} - -output "user_secret_key_cmd" { - value = "${map(module.iam_user_user.iam_access_key_id, module.iam_user_user.keybase_secret_key_decrypt_command)}" -} \ No newline at end of file diff --git a/infra-as-code/terraform/staging/remote-state/terraform.tfstate.backup b/infra-as-code/terraform/staging/remote-state/terraform.tfstate.backup deleted file mode 100644 index 957dc59b6c..0000000000 --- a/infra-as-code/terraform/staging/remote-state/terraform.tfstate.backup +++ /dev/null @@ -1,55 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.14.10", - "serial": 3, - "lineage": "213c497d-2db2-52de-e0b1-ed55a2adb0ac", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "terraform_state", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::egov-staging-terraform-state", - "bucket": "egov-staging-terraform-state", - "bucket_domain_name": "egov-staging-terraform-state.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "egov-staging-terraform-state.s3.ap-south-1.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z11RGJOFQNVJUP", - "id": "egov-staging-terraform-state", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "ap-south-1", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": null, - "tags_all": {}, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - } - ] -} diff --git a/infra-as-code/terraform/staging/variables.tf b/infra-as-code/terraform/staging/variables.tf deleted file mode 100644 index 2782f7f85f..0000000000 --- a/infra-as-code/terraform/staging/variables.tf +++ /dev/null @@ -1,45 +0,0 @@ -# -# Variables Configuration -# - -variable "cluster_name" { - default = "egov-staging" -} - -variable "vpc_cidr_block" { - default = "10.1.64.0/19" -} - -variable "network_availability_zones" { - default = ["ap-south-1a", "ap-south-1b"] -} - -variable "availability_zones" { - default = ["ap-south-1a"] -} - -variable "kubernetes_version" { - default = "1.18" -} - -variable "instance_type" { - default = "m4.xlarge" -} - -variable "override_instance_types" { - default = ["r5a.large", "r5ad.large", "r5d.large", "m4.xlarge"] - -} - -variable "number_of_worker_nodes" { - default = "4" -} - -variable "ssh_key_name" { - default = "egov-staging" -} -variable "iam_keybase_user" { - default = "keybase:egovterraform" -} - -