Skip to content

Commit

Permalink
General Upgrades and Housekeeping for Terraform bootstrap (#193)
Browse files Browse the repository at this point in the history
* upgrading module eks to 20.12 and eks to 1.30

* upgrading crossplane to 1.16

* upgrading aws provider to be compatible with eks module

* adding the cluster creator admin

* upgrading argocd chart to last stable version

* replacing the kubectl provider to use the alekc/kubectl

* adjusting the helm values to a separate directory

* adjusting argo filename

* fixing crossplane to use a separate file

* using eks blueprints addon directly to deploy crossplane

* replacing variables to local config

* increase timeout to avoid first deploy errors

* increase timeout to avoid first deploy errors

* removing gatekeeper since it's not required

* removing internal addon module

* adjusting the crossplane grafana dashboard

* adding back provider boolean variables

* adding gatekeeper back with the wait and timeout

* remove the prefix from helm values

* adding the variables back

* adjusting the helm values name
  • Loading branch information
edgarsilva948 authored May 31, 2024
1 parent 0b6957a commit de9662d
Show file tree
Hide file tree
Showing 16 changed files with 113 additions and 160 deletions.
53 changes: 0 additions & 53 deletions bootstrap/terraform/addon/main.tf

This file was deleted.

22 changes: 0 additions & 22 deletions bootstrap/terraform/addon/variables.tf

This file was deleted.

File renamed without changes.
105 changes: 53 additions & 52 deletions bootstrap/terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ provider "kubernetes" {
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region]
args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region]
command = "aws"
}
}
Expand All @@ -21,7 +21,7 @@ provider "helm" {
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region]
args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region]
command = "aws"
}
}
Expand All @@ -32,7 +32,7 @@ provider "kubectl" {
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region]
args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region]
command = "aws"
}
load_config_file = false
Expand Down Expand Up @@ -65,7 +65,7 @@ locals {

module "ebs_csi_driver_irsa" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
version = "~> 5.14"
version = "~> 5.30"

role_name = "${local.name}-ebs-csi-driver"

Expand All @@ -87,25 +87,36 @@ module "ebs_csi_driver_irsa" {

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.13"
version = "~> 20.0"

cluster_name = local.name
cluster_version = local.cluster_version
cluster_endpoint_public_access = true
kms_key_enable_default_policy = true

# Give the Terraform identity admin access to the cluster
# which will allow resources to be deployed into the cluster
enable_cluster_creator_admin_permissions = true

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

cluster_addons = {
aws-ebs-csi-driver = {
most_recent = true
service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
}
coredns = {}
kube-proxy = {}
vpc-cni = {}
coredns = {
most_recent = true
}
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

# for production cluster, add a node group for add-ons that should not be inerrupted such as coredns
eks_managed_node_groups = {
initial = {
Expand All @@ -127,29 +138,40 @@ module "eks" {

module "eks_blueprints_addons" {
source = "aws-ia/eks-blueprints-addons/aws"
version = "1.8.0"
version = "~> 1.16"

cluster_name = module.eks.cluster_name
cluster_endpoint = module.eks.cluster_endpoint
cluster_version = module.eks.cluster_version
oidc_provider_arn = module.eks.oidc_provider_arn
enable_argocd = true

enable_argocd = true
argocd = {
namespace = "argocd"
chart_version = "6.3.1" # ArgoCD v2.10.1
chart_version = "6.11.1" # ArgoCD v2.11.2
wait = true
timeout = "600"
values = [
templatefile("${path.module}/argocd-values.yaml", {
templatefile("${path.module}/values/argocd.yaml", {
crossplane_aws_provider_enable = local.aws_provider.enable
crossplane_upjet_aws_provider_enable = local.upjet_aws_provider.enable
crossplane_kubernetes_provider_enable = local.kubernetes_provider.enable
})]
}
enable_gatekeeper = true
enable_gatekeeper = true
gatekeeper = {
timeout = "600"
wait = true
}

enable_metrics_server = true
enable_kube_prometheus_stack = true
enable_aws_load_balancer_controller = true

enable_kube_prometheus_stack = true
kube_prometheus_stack = {
values = [file("${path.module}/kube-prometheus-stack-values.yaml")]
wait = true
timeout = "600"
values = [file("${path.module}/values/prometheus.yaml")]
}

depends_on = [module.eks.eks_managed_node_groups]
Expand All @@ -159,42 +181,23 @@ module "eks_blueprints_addons" {
# Crossplane
#---------------------------------------------------------------
module "crossplane" {
source = "github.com/awslabs/crossplane-on-eks/bootstrap/terraform/addon/"
enable_crossplane = true
crossplane = {
values = [yamlencode({
args = ["--enable-environment-configs"]
metrics = {
enabled = true
}
resourcesCrossplane = {
limits = {
cpu = "1"
memory = "2Gi"
}
requests = {
cpu = "100m"
memory = "1Gi"
}
}
resourcesRBACManager = {
limits = {
cpu = "500m"
memory = "1Gi"
}
requests = {
cpu = "100m"
memory = "512Mi"
}
}
})]
}
source = "aws-ia/eks-blueprints-addon/aws"
version = "1.1.1"

name = "crossplane"
description = "A Helm chart to deploy crossplane project"
namespace = "crossplane-system"
create_namespace = true
chart = "crossplane"
chart_version = "1.16.0"
repository = "https://charts.crossplane.io/stable/"
values = [file("${path.module}/values/crossplane.yaml")]

depends_on = [module.eks.eks_managed_node_groups]
}

resource "kubectl_manifest" "environmentconfig" {
yaml_body = templatefile("${path.module}/environmentconfig.yaml", {
yaml_body = templatefile("${path.module}/config/environmentconfig.yaml", {
awsAccountID = data.aws_caller_identity.current.account_id
eksOIDC = module.eks.oidc_provider
vpcID = module.vpc.vpc_id
Expand All @@ -211,7 +214,7 @@ locals {

upjet_aws_provider = {
enable = var.enable_upjet_aws_provider # defaults to true
version = "v1.4.0"
version = "v1.5.0"
runtime_config = "upjet-aws-runtime-config"
provider_config_name = "aws-provider-config" #this is the providerConfigName used in all the examples in this repo
families = [
Expand Down Expand Up @@ -390,7 +393,6 @@ resource "kubectl_manifest" "aws_provider_config" {
depends_on = [kubectl_manifest.aws_provider, time_sleep.aws_wait_60_seconds]
}


#---------------------------------------------------------------
# Crossplane Kubernetes Provider
#---------------------------------------------------------------
Expand Down Expand Up @@ -519,7 +521,6 @@ resource "kubectl_manifest" "helm_provider_config" {
depends_on = [kubectl_manifest.helm_provider, time_sleep.wait_60_seconds_helm]
}


#---------------------------------------------------------------
# Supporting Resources
#---------------------------------------------------------------
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/terraform/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ output "eks_cluster_id" {
}
output "configure_kubectl" {
description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${var.name} --region ${var.region}"
value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${local.name} --region ${local.region}"
}
File renamed without changes.
18 changes: 18 additions & 0 deletions bootstrap/terraform/values/crossplane.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
args:
- "--enable-environment-configs"
metrics:
enabled: true
resourcesCrossplane:
limits:
cpu: "1"
memory: "2Gi"
requests:
cpu: "100m"
memory: "1Gi"
resourcesRBACManager:
limits:
cpu: "500m"
memory: "1Gi"
requests:
cpu: "100m"
memory: "512Mi"
Original file line number Diff line number Diff line change
Expand Up @@ -16,39 +16,43 @@ grafana:
type: "LoadBalancer"
annotations:
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
resources:
resources:
requests:
cpu : "100m"
memory : "1Gi"
cpu: "100m"
memory: "1Gi"
limits:
cpu: "1"
memory: "2Gi"
datasources:
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/
isDefault: false
uid: prometheusdatasource
- name: Prometheus
type: prometheus
access: proxy
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/
isDefault: false
uid: prometheusdatasource
deleteDatasources:
- name: Prometheus
- name: Prometheus
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
- name: "default"
orgId: 1
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
crossplane:
gnetId: 19747
revision: 5
gnetId: 21169
revision: 1
datasource: prometheusdatasource
argocd:
gnetId: 14584
revision: 1
datasource: prometheusdatasource
4 changes: 2 additions & 2 deletions bootstrap/terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ variable "name" {
variable "cluster_version" {
type = string
description = "Kubernetes Version"
default = "1.29"
default = "1.30"
}

variable "capacity_type" {
Expand Down Expand Up @@ -46,5 +46,5 @@ variable "enable_kubernetes_provider" {
variable "enable_helm_provider" {
type = bool
description = "Installs the helm provider"
default = false
default = false
}
Loading

0 comments on commit de9662d

Please sign in to comment.