diff --git a/bootstrap/terraform/addon/main.tf b/bootstrap/terraform/addon/main.tf deleted file mode 100644 index 7adc1d4c..00000000 --- a/bootstrap/terraform/addon/main.tf +++ /dev/null @@ -1,53 +0,0 @@ -################################################################################ -# Crossplane -################################################################################ - -module "crossplane" { - source = "aws-ia/eks-blueprints-addon/aws" - version = "1.1.0" - - create = var.enable_crossplane - - # https://github.com/crossplane/crossplane/tree/master/cluster/charts/crossplane - name = try(var.crossplane.name, "crossplane") - description = try(var.crossplane.description, "A Helm chart to deploy crossplane project") - namespace = try(var.crossplane.namespace, "crossplane-system") - create_namespace = try(var.crossplane.create_namespace, true) - chart = try(var.crossplane.chart, "crossplane") - chart_version = try(var.crossplane.chart_version, "1.15.1") - repository = try(var.crossplane.repository, "https://charts.crossplane.io/stable/") - values = try(var.crossplane.values, []) - - timeout = try(var.crossplane.timeout, null) - repository_key_file = try(var.crossplane.repository_key_file, null) - repository_cert_file = try(var.crossplane.repository_cert_file, null) - repository_ca_file = try(var.crossplane.repository_ca_file, null) - repository_username = try(var.crossplane.repository_username, null) - repository_password = try(var.crossplane.repository_password, null) - devel = try(var.crossplane.devel, null) - verify = try(var.crossplane.verify, null) - keyring = try(var.crossplane.keyring, null) - disable_webhooks = try(var.crossplane.disable_webhooks, null) - reuse_values = try(var.crossplane.reuse_values, null) - reset_values = try(var.crossplane.reset_values, null) - force_update = try(var.crossplane.force_update, null) - recreate_pods = try(var.crossplane.recreate_pods, null) - cleanup_on_fail = try(var.crossplane.cleanup_on_fail, null) - max_history = try(var.crossplane.max_history, null) - atomic = try(var.crossplane.atomic, null) - skip_crds = try(var.crossplane.skip_crds, null) - render_subchart_notes = try(var.crossplane.render_subchart_notes, null) - disable_openapi_validation = try(var.crossplane.disable_openapi_validation, null) - wait = try(var.crossplane.wait, false) - wait_for_jobs = try(var.crossplane.wait_for_jobs, null) - dependency_update = try(var.crossplane.dependency_update, null) - replace = try(var.crossplane.replace, null) - lint = try(var.crossplane.lint, null) - - postrender = try(var.crossplane.postrender, []) - set = try(var.crossplane.set, []) - set_sensitive = try(var.crossplane.set_sensitive, []) - - tags = var.tags -} - diff --git a/bootstrap/terraform/addon/variables.tf b/bootstrap/terraform/addon/variables.tf deleted file mode 100644 index b05f5bd9..00000000 --- a/bootstrap/terraform/addon/variables.tf +++ /dev/null @@ -1,22 +0,0 @@ -variable "tags" { - description = "A map of tags to add to all resources" - type = map(string) - default = {} -} - -################################################################################ -# Crossplane -################################################################################ - -variable "enable_crossplane" { - description = "Enable Crossplane Kubernetes add-on" - type = bool - default = false -} - -variable "crossplane" { - description = "Crossplane add-on configuration values" - type = any - default = {} -} - diff --git a/bootstrap/terraform/environmentconfig.yaml b/bootstrap/terraform/config/environmentconfig.yaml similarity index 100% rename from bootstrap/terraform/environmentconfig.yaml rename to bootstrap/terraform/config/environmentconfig.yaml diff --git a/bootstrap/terraform/main.tf b/bootstrap/terraform/main.tf index e6ed65cd..dcdfa6a0 100644 --- a/bootstrap/terraform/main.tf +++ b/bootstrap/terraform/main.tf @@ -10,7 +10,7 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) exec { api_version = "client.authentication.k8s.io/v1beta1" - args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region] + args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region] command = "aws" } } @@ -21,7 +21,7 @@ provider "helm" { cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) exec { api_version = "client.authentication.k8s.io/v1beta1" - args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region] + args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region] command = "aws" } } @@ -32,7 +32,7 @@ provider "kubectl" { cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) exec { api_version = "client.authentication.k8s.io/v1beta1" - args = ["eks", "get-token", "--cluster-name", local.name, "--region", var.region] + args = ["eks", "get-token", "--cluster-name", local.name, "--region", local.region] command = "aws" } load_config_file = false @@ -65,7 +65,7 @@ locals { module "ebs_csi_driver_irsa" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.14" + version = "~> 5.30" role_name = "${local.name}-ebs-csi-driver" @@ -87,25 +87,36 @@ module "ebs_csi_driver_irsa" { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.13" + version = "~> 20.0" cluster_name = local.name cluster_version = local.cluster_version cluster_endpoint_public_access = true kms_key_enable_default_policy = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + cluster_addons = { aws-ebs-csi-driver = { + most_recent = true service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn } - coredns = {} - kube-proxy = {} - vpc-cni = {} + coredns = { + most_recent = true + } + kube-proxy = { + most_recent = true + } + vpc-cni = { + most_recent = true + } } - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets - # for production cluster, add a node group for add-ons that should not be inerrupted such as coredns eks_managed_node_groups = { initial = { @@ -127,29 +138,40 @@ module "eks" { module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" - version = "1.8.0" + version = "~> 1.16" cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint cluster_version = module.eks.cluster_version oidc_provider_arn = module.eks.oidc_provider_arn - enable_argocd = true + + enable_argocd = true argocd = { namespace = "argocd" - chart_version = "6.3.1" # ArgoCD v2.10.1 + chart_version = "6.11.1" # ArgoCD v2.11.2 + wait = true + timeout = "600" values = [ - templatefile("${path.module}/argocd-values.yaml", { + templatefile("${path.module}/values/argocd.yaml", { crossplane_aws_provider_enable = local.aws_provider.enable crossplane_upjet_aws_provider_enable = local.upjet_aws_provider.enable crossplane_kubernetes_provider_enable = local.kubernetes_provider.enable })] } - enable_gatekeeper = true + enable_gatekeeper = true + gatekeeper = { + timeout = "600" + wait = true + } + enable_metrics_server = true - enable_kube_prometheus_stack = true enable_aws_load_balancer_controller = true + + enable_kube_prometheus_stack = true kube_prometheus_stack = { - values = [file("${path.module}/kube-prometheus-stack-values.yaml")] + wait = true + timeout = "600" + values = [file("${path.module}/values/prometheus.yaml")] } depends_on = [module.eks.eks_managed_node_groups] @@ -159,42 +181,23 @@ module "eks_blueprints_addons" { # Crossplane #--------------------------------------------------------------- module "crossplane" { - source = "github.com/awslabs/crossplane-on-eks/bootstrap/terraform/addon/" - enable_crossplane = true - crossplane = { - values = [yamlencode({ - args = ["--enable-environment-configs"] - metrics = { - enabled = true - } - resourcesCrossplane = { - limits = { - cpu = "1" - memory = "2Gi" - } - requests = { - cpu = "100m" - memory = "1Gi" - } - } - resourcesRBACManager = { - limits = { - cpu = "500m" - memory = "1Gi" - } - requests = { - cpu = "100m" - memory = "512Mi" - } - } - })] - } + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + name = "crossplane" + description = "A Helm chart to deploy crossplane project" + namespace = "crossplane-system" + create_namespace = true + chart = "crossplane" + chart_version = "1.16.0" + repository = "https://charts.crossplane.io/stable/" + values = [file("${path.module}/values/crossplane.yaml")] depends_on = [module.eks.eks_managed_node_groups] } resource "kubectl_manifest" "environmentconfig" { - yaml_body = templatefile("${path.module}/environmentconfig.yaml", { + yaml_body = templatefile("${path.module}/config/environmentconfig.yaml", { awsAccountID = data.aws_caller_identity.current.account_id eksOIDC = module.eks.oidc_provider vpcID = module.vpc.vpc_id @@ -211,7 +214,7 @@ locals { upjet_aws_provider = { enable = var.enable_upjet_aws_provider # defaults to true - version = "v1.4.0" + version = "v1.5.0" runtime_config = "upjet-aws-runtime-config" provider_config_name = "aws-provider-config" #this is the providerConfigName used in all the examples in this repo families = [ @@ -390,7 +393,6 @@ resource "kubectl_manifest" "aws_provider_config" { depends_on = [kubectl_manifest.aws_provider, time_sleep.aws_wait_60_seconds] } - #--------------------------------------------------------------- # Crossplane Kubernetes Provider #--------------------------------------------------------------- @@ -519,7 +521,6 @@ resource "kubectl_manifest" "helm_provider_config" { depends_on = [kubectl_manifest.helm_provider, time_sleep.wait_60_seconds_helm] } - #--------------------------------------------------------------- # Supporting Resources #--------------------------------------------------------------- diff --git a/bootstrap/terraform/outputs.tf b/bootstrap/terraform/outputs.tf index 65fccc14..97dffc31 100644 --- a/bootstrap/terraform/outputs.tf +++ b/bootstrap/terraform/outputs.tf @@ -4,5 +4,5 @@ output "eks_cluster_id" { } output "configure_kubectl" { description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" - value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${var.name} --region ${var.region}" + value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${local.name} --region ${local.region}" } diff --git a/bootstrap/terraform/argocd-values.yaml b/bootstrap/terraform/values/argocd.yaml similarity index 100% rename from bootstrap/terraform/argocd-values.yaml rename to bootstrap/terraform/values/argocd.yaml diff --git a/bootstrap/terraform/values/crossplane.yaml b/bootstrap/terraform/values/crossplane.yaml new file mode 100644 index 00000000..3691d3ba --- /dev/null +++ b/bootstrap/terraform/values/crossplane.yaml @@ -0,0 +1,18 @@ +args: + - "--enable-environment-configs" +metrics: + enabled: true +resourcesCrossplane: + limits: + cpu: "1" + memory: "2Gi" + requests: + cpu: "100m" + memory: "1Gi" +resourcesRBACManager: + limits: + cpu: "500m" + memory: "1Gi" + requests: + cpu: "100m" + memory: "512Mi" diff --git a/bootstrap/terraform/kube-prometheus-stack-values.yaml b/bootstrap/terraform/values/prometheus.yaml similarity index 55% rename from bootstrap/terraform/kube-prometheus-stack-values.yaml rename to bootstrap/terraform/values/prometheus.yaml index 8ee7ca37..b83c6275 100644 --- a/bootstrap/terraform/kube-prometheus-stack-values.yaml +++ b/bootstrap/terraform/values/prometheus.yaml @@ -16,39 +16,43 @@ grafana: type: "LoadBalancer" annotations: service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" - resources: + resources: requests: - cpu : "100m" - memory : "1Gi" + cpu: "100m" + memory: "1Gi" limits: cpu: "1" memory: "2Gi" - datasources: + datasources: datasources.yaml: apiVersion: 1 datasources: - - name: Prometheus - type: prometheus - access: proxy - url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/ - isDefault: false - uid: prometheusdatasource + - name: Prometheus + type: prometheus + access: proxy + url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090/ + isDefault: false + uid: prometheusdatasource deleteDatasources: - - name: Prometheus + - name: Prometheus dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - - name: 'default' - orgId: 1 - type: file - disableDeletion: false - editable: true - options: - path: /var/lib/grafana/dashboards/default + - name: "default" + orgId: 1 + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default dashboards: default: crossplane: - gnetId: 19747 - revision: 5 + gnetId: 21169 + revision: 1 + datasource: prometheusdatasource + argocd: + gnetId: 14584 + revision: 1 datasource: prometheusdatasource diff --git a/bootstrap/terraform/variables.tf b/bootstrap/terraform/variables.tf index f4cdec3b..110197fe 100644 --- a/bootstrap/terraform/variables.tf +++ b/bootstrap/terraform/variables.tf @@ -16,7 +16,7 @@ variable "name" { variable "cluster_version" { type = string description = "Kubernetes Version" - default = "1.29" + default = "1.30" } variable "capacity_type" { @@ -46,5 +46,5 @@ variable "enable_kubernetes_provider" { variable "enable_helm_provider" { type = bool description = "Installs the helm provider" - default = false + default = false } diff --git a/bootstrap/terraform/versions.tf b/bootstrap/terraform/versions.tf index 2ffd5358..b82daba3 100644 --- a/bootstrap/terraform/versions.tf +++ b/bootstrap/terraform/versions.tf @@ -1,25 +1,32 @@ terraform { - required_version = ">= 1.0.0" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 5.34" } kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" + source = "alekc/kubectl" + version = ">= 2.0" } kubernetes = { source = "hashicorp/kubernetes" - version = ">= 2.19" + version = ">= 2.30" } helm = { source = "hashicorp/helm" - version = ">= 2.11.0" + version = ">= 2.13" } } + + # ## Used for end-to-end testing on project; update to suit your needs + # backend "s3" { + # bucket = "terraform-crossplane-on-eks-github-actions-state" + # region = "us-east-1" + # key = "e2e/bootstrap/terraform/terraform.tfstate" + # } } diff --git a/bootstrap/terraform/destroy.sh b/docs/_partials/destroy.md old mode 100755 new mode 100644 similarity index 92% rename from bootstrap/terraform/destroy.sh rename to docs/_partials/destroy.md index 1e686718..7b95aafb --- a/bootstrap/terraform/destroy.sh +++ b/docs/_partials/destroy.md @@ -1,9 +1,7 @@ -#!/bin/bash - -set -xe - +```sh terraform destroy -target="module.crossplane" -auto-approve terraform destroy -target="module.eks_blueprints_addons" -auto-approve terraform destroy -target="module.eks" -auto-approve terraform destroy -target="module.vpc" -auto-approve terraform destroy -auto-approve +``` \ No newline at end of file diff --git a/doc/debugging.md b/docs/debugging.md similarity index 100% rename from doc/debugging.md rename to docs/debugging.md diff --git a/doc/nested-compositions.md b/docs/nested-compositions.md similarity index 100% rename from doc/nested-compositions.md rename to docs/nested-compositions.md diff --git a/doc/patching-101.md b/docs/patching-101.md similarity index 100% rename from doc/patching-101.md rename to docs/patching-101.md diff --git a/doc/rds-day-2.md b/docs/rds-day-2.md similarity index 100% rename from doc/rds-day-2.md rename to docs/rds-day-2.md diff --git a/doc/vault-integration.md b/docs/vault-integration.md similarity index 100% rename from doc/vault-integration.md rename to docs/vault-integration.md