allow users to retain template configurations

RADAR-base · Jan 10, 2024 · b016572 · b016572
1 parent ed02e8b
commit b016572
Show file tree

Hide file tree

Showing 10 changed files with 76 additions and 225 deletions.
diff --git a/README.md b/README.md
@@ -27,6 +27,8 @@ export TF_VAR_AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
 
 ## Workspaces
 The definition of resources required for running RADAR-base components is located in the `cluster` directory, while other optional resources are defined in the `config` directory. Please treat each directory as a separate workspace and perform terraform operations individually. The `cluster` resources need to be created and made fully available before you proceed with the creation of the `config` ones.
+
+To retain the user-specific configurations for future infrastructure updates, modify `terraform.tfvars` within the workspace and push the change to your repository. If needed, additional variables defined in `variables.tf` can also be included there.
 | :information_source:  Important Notice  |
 |:----------------------------------------|
 |As a best practice, never save raw values of secret variables in your repository. Instead, always encrypt them before committing. If your cluster is no longer in use, run `terraform destory` to delete all the associated resources and reduce your cloud spending. If you have resources created within `config`, run `terraform destory` in that directory before running the counterpart in `cluster`.|

diff --git a/cluster/eks.tf b/cluster/eks.tf
@@ -88,6 +88,11 @@ module "eks" {
           snapshotter : {
             forceEnable : false
           }
+        },
+        controller : {
+          volumeModificationFeature : {
+            enabled : true
+          }
         }
       })
     }
@@ -190,19 +195,3 @@ module "eks" {
 
   tags = merge(tomap({ "Name" : var.eks_cluster_name }), var.common_tags)
 }
-
-output "radar_base_eks_cluster_name" {
-  value = module.eks.cluster_name
-}
-
-output "radar_base_eks_cluser_endpoint" {
-  value = module.eks.cluster_endpoint
-}
-
-output "radar_base_eks_dmz_node_group_name" {
-  value = element(split(":", module.eks.eks_managed_node_groups.dmz.node_group_id), 1)
-}
-
-output "radar_base_eks_worker_node_group_name" {
-  value = element(split(":", module.eks.eks_managed_node_groups.worker.node_group_id), 1)
-}
diff --git a/cluster/terraform.tfvars b/cluster/terraform.tfvars
@@ -0,0 +1,3 @@
+AWS_REGION             = "eu-west-2"
+environment            = "dev"
+eks_admins_group_users = []
diff --git a/cluster/vpc.tf b/cluster/vpc.tf
@@ -45,7 +45,3 @@ module "vpc" {
   default_security_group_tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-vpc-default-sg" }), var.common_tags)
   tags                        = merge(tomap({ "Name" : "${var.eks_cluster_name}-vpc" }), var.common_tags)
 }
-
-output "radar_base_vpc_public_subnets" {
-  value = module.vpc.public_subnets
-}
diff --git a/config/data.tf b/config/data.tf
@@ -72,5 +72,22 @@ locals {
     gp2 = "radar-base-ebs-sc-gp2"
     gp3 = "radar-base-ebs-sc-gp3"
     io1 = "radar-base-ebs-sc-io1"
+    io2 = "radar-base-ebs-sc-io2"
   }
+
+  s3_bucket_names = {
+    intermediate_output_storage = "${var.eks_cluster_name}-intermediate-output-storage"
+    output_storage              = "${var.eks_cluster_name}-output-storage"
+    velero_backups              = "${var.eks_cluster_name}-velero-backups"
+  }
+
+  cname_prefixes = [
+    "alertmanager",
+    "dashboard",
+    "grafana",
+    "graylog",
+    "prometheus",
+    "s3",
+  ]
+
 }
diff --git a/config/ebs.tf b/config/ebs.tf
@@ -1,52 +1,21 @@
-resource "kubectl_manifest" "ebs_sc_gp2" {
-  yaml_body = <<-YAML
-    apiVersion: storage.k8s.io/v1 
-    kind: StorageClass
-    metadata:
-      name: ${local.storage_classes.gp2}
-    provisioner: ebs.csi.aws.com
-    volumeBindingMode: WaitForFirstConsumer
-    allowVolumeExpansion: true
-    reclaimPolicy: Retain
-    parameters:
-      type: gp2
-      fstype: ext4
-  YAML
-}
+resource "kubectl_manifest" "ebs_storage_classes" {
+  for_each = local.storage_classes
 
-resource "kubectl_manifest" "ebs_sc_gp3" {
   yaml_body = <<-YAML
     apiVersion: storage.k8s.io/v1 
     kind: StorageClass
     metadata:
-      name: ${local.storage_classes.gp3}
+      name: ${each.value}
     provisioner: ebs.csi.aws.com
     volumeBindingMode: WaitForFirstConsumer
     allowVolumeExpansion: true
     reclaimPolicy: Retain
     parameters:
-      type: gp3
+      type: ${each.key}
       fstype: ext4
   YAML
 }
 
-resource "kubectl_manifest" "ebs_sc_io1" {
-  yaml_body = <<-YAML
-    apiVersion: storage.k8s.io/v1
-    kind: StorageClass
-    metadata:
-      name: ${local.storage_classes.io1}
-    provisioner: ebs.csi.aws.com
-    volumeBindingMode: WaitForFirstConsumer
-    allowVolumeExpansion: true
-    reclaimPolicy: Retain
-    parameters:
-      type: io1
-      iopsPerGB: "100"
-      fsType: ext4
-  YAML
-}
-
 resource "kubernetes_annotations" "unset_eks_default_gp2" {
   api_version = "storage.k8s.io/v1"
   kind        = "StorageClass"
@@ -73,9 +42,7 @@ resource "kubernetes_annotations" "set_defaut_storage_class" {
   }
 
   depends_on = [
-    kubectl_manifest.ebs_sc_gp2,
-    kubectl_manifest.ebs_sc_gp3,
-    kubectl_manifest.ebs_sc_io1,
+    kubectl_manifest.ebs_storage_classes,
     kubernetes_annotations.unset_eks_default_gp2,
   ]
 }
@@ -91,3 +58,7 @@ output "radar_base_ebs_storage_class_gp3" {
 output "radar_base_ebs_storage_class_io1" {
   value = local.storage_classes.io1
 }
+
+output "radar_base_ebs_storage_class_io2" {
+  value = local.storage_classes.io2
+}
diff --git a/config/route53.tf b/config/route53.tf
@@ -15,61 +15,11 @@ resource "aws_route53_record" "main" {
   records = [aws_eip.cluster_loadbalancer_eip[0].public_dns]
 }
 
-resource "aws_route53_record" "alertmanager" {
-  count = var.enable_route53 ? 1 : 0
-
-  zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "alertmanager.${var.environment}.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 300
-  records = ["${var.environment}.${var.domain_name}"]
-}
-
-resource "aws_route53_record" "dashboard" {
-  count = var.enable_route53 ? 1 : 0
-
-  zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "dashboard.${var.environment}.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 300
-  records = ["${var.environment}.${var.domain_name}"]
-}
-
-resource "aws_route53_record" "grafana" {
-  count = var.enable_route53 ? 1 : 0
-
-  zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "grafana.${var.environment}.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 300
-  records = ["${var.environment}.${var.domain_name}"]
-}
-
-resource "aws_route53_record" "graylog" {
-  count = var.enable_route53 ? 1 : 0
-
-  zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "graylog.${var.environment}.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 300
-  records = ["${var.environment}.${var.domain_name}"]
-}
-
-resource "aws_route53_record" "prometheus" {
-  count = var.enable_route53 ? 1 : 0
-
-  zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "prometheus.${var.environment}.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 300
-  records = ["${var.environment}.${var.domain_name}"]
-}
-
-resource "aws_route53_record" "s3" {
-  count = var.enable_route53 ? 1 : 0
+resource "aws_route53_record" "this" {
+  for_each = toset([for prefix in local.cname_prefixes : prefix if var.enable_route53])
 
   zone_id = aws_route53_zone.primary[0].zone_id
-  name    = "s3.${var.environment}.${var.domain_name}"
+  name    = "${each.value}.${var.environment}.${var.domain_name}"
   type    = "CNAME"
   ttl     = 300
   records = ["${var.environment}.${var.domain_name}"]