diff --git a/.tool-versions b/.tool-versions index e00c723e..145602c5 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,5 +1,5 @@ -terragrunt 0.35.16 -terraform 1.1.3 +terragrunt 0.36.0 +terraform 1.1.4 terraform-docs 0.16.0 -tflint 0.33.1 -tfsec 0.61.3 +tflint 0.34.1 +tfsec 0.63.1 diff --git a/README.md b/README.md index 82ae3203..07385417 100644 --- a/README.md +++ b/README.md @@ -12,12 +12,17 @@ * [Terraform/Terragrunt](#terraformterragrunt) +* [Contributing](#contributing) * [Requirements](#requirements) * [Terragrunt](#terragrunt) * [Main purposes](#main-purposes) * [What you get](#what-you-get) * [Curated Features](#curated-features) + * [Bottlerocket support](#bottlerocket-support) + * [AWS Session Manager by default](#aws-session-manager-by-default) + * [From and to Zero scaling with EKS Managed Node Groups](#from-and-to-zero-scaling-with-eks-managed-node-groups) * [Enforced security](#enforced-security) + * [Out of the box logging](#out-of-the-box-logging) * [Out of the box monitoring](#out-of-the-box-monitoring) * [Helm v3 provider](#helm-v3-provider) * [Other and not limited to](#other-and-not-limited-to) @@ -48,6 +53,12 @@ with Terragrunt. [Archive branch is available here](https://github.com/particule * Terragrunt implementation is available in the [`terragrunt`](./terragrunt) folder. +## Contributing + +Contribution are welcome, as well as issues, we are usually quite reactive. If +you need more support for your project, do not hesitate to [reach us +directly](mailto:contact@particule.io). + ## Requirements ### Terragrunt @@ -65,29 +76,62 @@ A production cluster all defined in IaaC with Terraform/Terragrunt: * AWS VPC if needed based on [`terraform-aws-vpc`](https://github.com/terraform-aws-modules/terraform-aws-vpc) * EKS cluster base on [`terraform-aws-eks`](https://github.com/terraform-aws-modules/terraform-aws-eks) -* Kubernetes addons based on [`terraform-kubernetes-addons`](https://github.com/particuleio/terraform-kubernetes-addons): provides various addons that are often used on Kubernetes and specifically on EKS. +* Kubernetes addons based on [`terraform-kubernetes-addons`](https://github.com/particuleio/terraform-kubernetes-addons): provides various addons that are often used on Kubernetes and specifically on EKS. This module is currated by [Particule](https://particule.io/en/) and well maintained. Everything is tied together with Terragrunt and allows you to deploy a multi -cluster architecture in a matter of minutes (ok maybe an hour) and different AWS -accounts for different environments. +cluster architecture in a matter of minutes. ## Curated Features -The main additionals features are the curated addons list, see -[here](https://github.com/particuleio/terraform-kubernetes-addons) and in the -customization of the cluster policy +The additional features are provided by tEKS here as well as our [curated addons +module](https://github.com/particuleio/terraform-kubernetes-addons) which +support a bunch of various configuration. + +### Bottlerocket support + +[Bottlerocket OS](https://github.com/bottlerocket-os/bottlerocket) is available +for node groups (see example +(here)[https://github.com/particuleio/teks/tree/main/terragrunt/live/production/eu-west-1/clusters/demo/eks]). +Bottle rocket is a container centric OS with less attack surface and no default +shell. + +### AWS Session Manager by default + +All the instances (Bottlerocket or Amazon Linux) are registered with [AWS Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html). No SSH keys or SSH access is open on instances. Shell access on every instance can be given with SSM for added security. + +``` +aws ssm start-session --target INSTANCE_ID +``` + +### From and to Zero scaling with EKS Managed Node Groups + +tEKS support scaling to and from 0, even with using [well know Kubernetes labels](https://kubernetes.io/docs/reference/labels-annotations-taints/), there are a number of [ongoing issues](https://github.com/aws/containers-roadmap/issues/724) for support of [EKS Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) with [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler). Thanks to [automatic ASG tagging](https://github.com/particuleio/teks/blob/main/terragrunt/snippets/eks-asg-tags/eks-asg-tags.tf), tEKS adds the necessary tags on autoscaling group to balance similar node groups and allow you to scale to and from 0 and even to use well know labels such as `node.kubernetes.io/instance-type` or `topology.kubernetes.io/zone +`. The logic can be extended to support other well known labels. ### Enforced security -* No IAM credentials on instances, everything is enforced with [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/) +* No IAM credentials on instances, everything is enforced with [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/). * Each addons is deployed in it's own namespace with sensible default network policies. -* Calico Tigera Operator for network policy +* Calico Tigera Operator for network policy. +* PSP are enabled but not enforced because of depreciation. + +### Out of the box logging + +Three stacks are supported: +* [AWS for Fluent Bit](https://docs.fluentbit.io/manual/installation/aws-container): Forward containers logs to Cloudwatch Logs +* [Grafana Loki](https://grafana.com/oss/loki/): Uses [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) to forward logs + to [Loki](https://grafana.com/oss/loki/). Grafana or a tEKS supported + monitoring stack (see below) is necessary to display logs. ### Out of the box monitoring * Prometheus Operator with defaults dashboards * Addons that support metrics are enable along with their `serviceMonitor` -* Custom grafana dashboard are available by default. +* Custom grafana dashboard are available by default + +Two stacks are supported: +* [Victoria Metrics](https://victoriametrics.com/) [Stack](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack): [Victoria Metrics](https://victoriametrics.com/) is a Prometheus alertnative, [compatible with prometheus CRDs](https://github.com/VictoriaMetrics/operator#overview) +* [Kube Prometheus Stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack): Classic [Prometheus](https://prometheus.io/) Monitoring ### Helm v3 provider @@ -96,8 +140,7 @@ customization of the cluster policy ### Other and not limited to -* priorityClasses for addons -* use of [`kubectl-provider`], no more local exec and custom manifest are properly handled +* priorityClasses for addons and critical addons * lot of manual stuff have been automated under the hood ## Requirements @@ -111,7 +154,7 @@ Terragrunt is not a hard requirement but all the modules are tested with Terragr ## Examples -[`terragrunt/live`](terragrunt/live) folder provides an opinionated directory structure for a production environment with an example using +[`terragrunt/live`](terragrunt/live) folder provides an opinionated directory structure for a production environment. ## Additional infrastructure blocks diff --git a/terragrunt/live/production/env_tags.yaml b/terragrunt/live/production/env_tags.yaml index a23bcb46..ecc67b22 100644 --- a/terragrunt/live/production/env_tags.yaml +++ b/terragrunt/live/production/env_tags.yaml @@ -1,2 +1,2 @@ --- -Environment: demo +Environment: production diff --git a/terragrunt/live/production/env_values.yaml b/terragrunt/live/production/env_values.yaml index 3b458231..cf70b808 100644 --- a/terragrunt/live/production/env_values.yaml +++ b/terragrunt/live/production/env_values.yaml @@ -1,2 +1,2 @@ -env: demo +env: production default_domain_name: clusterfrak-dynamics.io diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl index f144ba3b..c4af9d78 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical/terragrunt.hcl @@ -17,7 +17,7 @@ include "eks" { } terraform { - source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v3.1.0" + source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v3.2.0" } generate "provider-local" { @@ -26,6 +26,16 @@ generate "provider-local" { contents = file("../../../../../../provider-config/eks-addons/eks-addons.tf") } +generate "provider-github" { + path = "provider-github.tf" + if_exists = "overwrite_terragrunt" + contents = <<-EOF + provider "github" { + owner = "${include.root.locals.merged.github_owner}" + } + EOF +} + inputs = { priority-class = { @@ -56,7 +66,7 @@ inputs = { aws-ebs-csi-driver = { enabled = true is_default_class = true - wait = true + wait = false use_encryption = true use_kms = true } @@ -77,9 +87,10 @@ inputs = { npd = { # Waiing for ARM image https://github.com/kubernetes/node-problem-detector/issues/586 enabled = true + wait = false extra_values = <<-EXTRA_VALUES nodeSelector: - kubernetes.io/arch: arm64 + kubernetes.io/arch: amd64 EXTRA_VALUES } diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl index 6e88ab60..7e5dd4a2 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons/terragrunt.hcl @@ -17,7 +17,7 @@ include "eks" { } terraform { - source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v3.1.0" + source = "github.com/particuleio/terraform-kubernetes-addons.git//modules/aws?ref=v3.2.0" } generate "provider-local" { @@ -26,6 +26,16 @@ generate "provider-local" { contents = file("../../../../../../provider-config/eks-addons/eks-addons.tf") } +generate "provider-github" { + path = "provider-github.tf" + if_exists = "overwrite_terragrunt" + contents = <<-EOF + provider "github" { + owner = "${include.root.locals.merged.github_owner}" + } + EOF +} + inputs = { priority-class = { @@ -47,10 +57,11 @@ inputs = { } cert-manager = { - enabled = true - acme_http01_enabled = true - acme_dns01_enabled = true - extra_values = <<-EXTRA_VALUES + enabled = true + acme_http01_enabled = true + acme_dns01_enabled = true + acme_http01_ingress_class = "nginx" + extra_values = <<-EXTRA_VALUES ingressShim: defaultIssuerName: letsencrypt defaultIssuerKind: ClusterIssuer @@ -60,7 +71,7 @@ inputs = { cluster-autoscaler = { enabled = true - version = "v1.21.0" + version = "v1.21.2" extra_values = <<-EXTRA_VALUES extraArgs: scale-down-utilization-threshold: 0.7 @@ -76,13 +87,13 @@ inputs = { # For this to work: # * GITHUB_TOKEN should be set flux2 = { - enabled = false + enabled = true target_path = "gitops/clusters/${include.root.locals.merged.env}/${include.root.locals.merged.name}" - github_url = "ssh://git@github.com/owner/repo" - repository = "repo" + github_url = "ssh://git@github.com/particuleio/teks" + repository = "teks" branch = "main" - repository_visibility = "private" - version = "v0.25.1" + repository_visibility = "public" + version = "v0.25.3" auto_image_update = true } @@ -113,7 +124,7 @@ inputs = { extra_values = <<-EXTRA_VALUES grafana: image: - tag: 8.3.3 + tag: 8.3.4 deploymentStrategy: type: Recreate ingress: @@ -140,6 +151,7 @@ inputs = { ruleSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false + probeSelectorNilUsesHelmValues: false storageSpec: volumeClaimTemplate: spec: @@ -147,13 +159,51 @@ inputs = { resources: requests: storage: 10Gi + resources: + requests: + cpu: 1 + memory: 2Gi + limits: + cpu: 2 + memory: 2Gi EXTRA_VALUES } loki-stack = { enabled = true bucket_force_destroy = true - + extra_values = <<-VALUES + resources: + requests: + cpu: 1 + memory: 2Gi + limits: + cpu: 2 + memory: 4Gi + config: + limits_config: + ingestion_rate_mb: 320 + ingestion_burst_size_mb: 512 + max_streams_per_user: 100000 + chunk_store_config: + max_look_back_period: 2160h + table_manager: + retention_deletes_enabled: true + retention_period: 2160h + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "telemetry/loki-ca" + hosts: + - host: logz.${include.root.locals.merged.default_domain_name} + paths: ["/"] + tls: + - secretName: logz.${include.root.locals.merged.default_domain_name} + hosts: + - logz.${include.root.locals.merged.default_domain_name} + VALUES bucket_lifecycle_rule = [ { id = "log" @@ -173,6 +223,7 @@ inputs = { promtail = { enabled = true + wait = false } thanos = { diff --git a/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl b/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl index bb1b69a3..3a40907b 100644 --- a/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl +++ b/terragrunt/live/production/eu-west-1/clusters/demo/eks/terragrunt.hcl @@ -138,15 +138,16 @@ inputs = { eks_managed_node_group_defaults = { force_update_version = true desired_size = 1 - min_size = 1 + min_size = 0 max_size = 10 + ebs_optimized = true capacity_type = "ON_DEMAND" iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"] block_device_mappings = { root = { device_name = "/dev/xvda" ebs = { - volume_size = 20 + volume_size = 15 volume_type = "gp3" } } @@ -158,7 +159,8 @@ inputs = { "default-a" = { desired_size = 1 ami_type = "AL2_x86_64" - instance_types = ["t3a.medium"] + platform = "linux" + instance_types = ["t3a.large"] subnet_ids = [dependency.vpc.outputs.private_subnets[0]] pre_bootstrap_user_data = <<-EOT #!/bin/bash @@ -166,7 +168,7 @@ inputs = { cat <<-EOF > /etc/profile.d/bootstrap.sh export CONTAINER_RUNTIME="containerd" export USE_MAX_PODS=false - export KUBELET_EXTRA_ARGS="--max-pods=${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")}" + export KUBELET_EXTRA_ARGS="--max-pods=${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.large --cni-version 1.10.1 --cni-prefix-delegation-enabled")}" EOF # Source extra environment variables in bootstrap script sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh @@ -181,16 +183,19 @@ inputs = { } "default-b" = { - desired_size = 1 - ami_type = "BOTTLEROCKET_x86_64" - platform = "bottlerocket" - instance_types = ["t3a.medium"] - subnet_ids = [dependency.vpc.outputs.private_subnets[1]] + ami_type = "BOTTLEROCKET_x86_64" + platform = "bottlerocket" + instance_types = ["t3a.large"] + subnet_ids = [dependency.vpc.outputs.private_subnets[1]] + enable_bootstrap_user_data = true + bootstrap_extra_args = <<-EOT + "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.large --cni-version 1.10.1 --cni-prefix-delegation-enabled")} + EOT block_device_mappings = { root = { device_name = "/dev/xvda" ebs = { - volume_size = 10 + volume_size = 2 volume_type = "gp3" delete_on_termination = true encrypted = true @@ -208,41 +213,48 @@ inputs = { } } } - bootstrap_extra_args = <<-EOT - "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")} - EOT labels = { network = "private" } } "default-c" = { - desired_size = 1 - ami_type = "AL2_x86_64" - instance_types = ["t3a.medium"] - subnet_ids = [dependency.vpc.outputs.private_subnets[2]] - pre_bootstrap_user_data = <<-EOT - #!/bin/bash - set -ex - cat <<-EOF > /etc/profile.d/bootstrap.sh - export CONTAINER_RUNTIME="containerd" - export USE_MAX_PODS=false - export KUBELET_EXTRA_ARGS="--max-pods=${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")}" - EOF - # Source extra environment variables in bootstrap script - sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh - cd /tmp - sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm - sudo systemctl enable amazon-ssm-agent - sudo systemctl start amazon-ssm-agent + ami_type = "BOTTLEROCKET_x86_64" + platform = "bottlerocket" + instance_types = ["t3a.large"] + subnet_ids = [dependency.vpc.outputs.private_subnets[2]] + enable_bootstrap_user_data = true + bootstrap_extra_args = <<-EOT + "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t3a.large --cni-version 1.10.1 --cni-prefix-delegation-enabled")} EOT + block_device_mappings = { + root = { + device_name = "/dev/xvda" + ebs = { + volume_size = 2 + volume_type = "gp3" + delete_on_termination = true + encrypted = true + kms_key_id = dependency.encryption_config.outputs.arn + } + } + containers = { + device_name = "/dev/xvdb" + ebs = { + volume_size = 20 + volume_type = "gp3" + delete_on_termination = true + encrypted = true + kms_key_id = dependency.encryption_config.outputs.arn + } + } + } labels = { network = "private" } } "arm-a" = { - desired_size = 1 ami_type = "AL2_ARM_64" instance_types = ["t4g.medium"] subnet_ids = [dependency.vpc.outputs.private_subnets[0]] @@ -267,16 +279,19 @@ inputs = { } "arm-b" = { - desired_size = 1 - ami_type = "BOTTLEROCKET_ARM_64" - platform = "bottlerocket" - instance_types = ["t4g.medium"] - subnet_ids = [dependency.vpc.outputs.private_subnets[1]] + ami_type = "BOTTLEROCKET_ARM_64" + platform = "bottlerocket" + instance_types = ["t4g.medium"] + subnet_ids = [dependency.vpc.outputs.private_subnets[1]] + enable_bootstrap_user_data = true + bootstrap_extra_args = <<-EOT + "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t4g.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")} + EOT block_device_mappings = { root = { device_name = "/dev/xvda" ebs = { - volume_size = 10 + volume_size = 2 volume_type = "gp3" delete_on_termination = true encrypted = true @@ -294,34 +309,42 @@ inputs = { } } } - bootstrap_extra_args = <<-EOT - "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t4g.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")} - EOT labels = { network = "private" } } "arm-c" = { - desired_size = 1 - ami_type = "AL2_ARM_64" - instance_types = ["t4g.medium"] - subnet_ids = [dependency.vpc.outputs.private_subnets[2]] - pre_bootstrap_user_data = <<-EOT - #!/bin/bash - set -ex - cat <<-EOF > /etc/profile.d/bootstrap.sh - export CONTAINER_RUNTIME="containerd" - export USE_MAX_PODS=false - export KUBELET_EXTRA_ARGS="--max-pods=${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t4g.medium --cni-version 1.10.1 --cni-prefix-delegation-enabled")}" - EOF - # Source extra environment variables in bootstrap script - sed -i '/^set -o errexit/a\\nsource /etc/profile.d/bootstrap.sh' /etc/eks/bootstrap.sh - cd /tmp - sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm - sudo systemctl enable amazon-ssm-agent - sudo systemctl start amazon-ssm-agent + ami_type = "BOTTLEROCKET_ARM_64" + platform = "bottlerocket" + instance_types = ["t4g.medium"] + subnet_ids = [dependency.vpc.outputs.private_subnets[2]] + enable_bootstrap_user_data = true + bootstrap_extra_args = <<-EOT + "max-pods" = ${run_cmd("/bin/sh", "-c", "../../../../../../../tools/max-pods-calculator.sh --instance-type t4g.large --cni-version 1.10.1 --cni-prefix-delegation-enabled")} EOT + block_device_mappings = { + root = { + device_name = "/dev/xvda" + ebs = { + volume_size = 2 + volume_type = "gp3" + delete_on_termination = true + encrypted = true + kms_key_id = dependency.encryption_config.outputs.arn + } + } + containers = { + device_name = "/dev/xvdb" + ebs = { + volume_size = 20 + volume_type = "gp3" + delete_on_termination = true + encrypted = true + kms_key_id = dependency.encryption_config.outputs.arn + } + } + } labels = { network = "private" } diff --git a/terragrunt/modules/aws-eks-addons/1.19/addons.tf b/terragrunt/modules/aws-eks-addons/1.19/addons.tf deleted file mode 100644 index 46a90daa..00000000 --- a/terragrunt/modules/aws-eks-addons/1.19/addons.tf +++ /dev/null @@ -1,24 +0,0 @@ -locals { - addons_cluster_name = element(concat(aws_eks_cluster.this.*.id, [""]), 0) -} - -resource "aws_eks_addon" "vpc_cni" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "vpc-cni" - addon_version = "v1.10.1-eksbuild.1" -} - -resource "aws_eks_addon" "coredns" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "coredns" - addon_version = "v1.8.3-eksbuild.1" -} - -resource "aws_eks_addon" "kube_proxy" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "kube-proxy" - addon_version = "v1.19.6-eksbuild.2" -} diff --git a/terragrunt/modules/aws-eks-addons/1.20/addons.tf b/terragrunt/modules/aws-eks-addons/1.20/addons.tf deleted file mode 100644 index 125e1eda..00000000 --- a/terragrunt/modules/aws-eks-addons/1.20/addons.tf +++ /dev/null @@ -1,24 +0,0 @@ -locals { - addons_cluster_name = element(concat(aws_eks_cluster.this.*.id, [""]), 0) -} - -resource "aws_eks_addon" "vpc_cni" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "vpc-cni" - addon_version = "v1.10.1-eksbuild.1" -} - -resource "aws_eks_addon" "coredns" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "coredns" - addon_version = "v1.8.3-eksbuild.1" -} - -resource "aws_eks_addon" "kube_proxy" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "kube-proxy" - addon_version = "v1.20.4-eksbuild.2" -} diff --git a/terragrunt/modules/aws-eks-addons/1.21/addons.tf b/terragrunt/modules/aws-eks-addons/1.21/addons.tf deleted file mode 100644 index 7aeed087..00000000 --- a/terragrunt/modules/aws-eks-addons/1.21/addons.tf +++ /dev/null @@ -1,24 +0,0 @@ -locals { - addons_cluster_name = element(concat(aws_eks_cluster.this.*.id, [""]), 0) -} - -resource "aws_eks_addon" "vpc_cni" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "vpc-cni" - addon_version = "v1.10.1-eksbuild.1" -} - -resource "aws_eks_addon" "coredns" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "coredns" - addon_version = "v1.8.4-eksbuild.1" -} - -resource "aws_eks_addon" "kube_proxy" { - cluster_name = local.addons_cluster_name - resolve_conflicts = "OVERWRITE" - addon_name = "kube-proxy" - addon_version = "v1.21.2-eksbuild.2" -} diff --git a/terragrunt/modules/ecr-public/main.tf b/terragrunt/modules/ecr-public/main.tf deleted file mode 100644 index 3a519a44..00000000 --- a/terragrunt/modules/ecr-public/main.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "aws_ecrpublic_repository" "this" { - for_each = var.public_repositories - - repository_name = each.key - - catalog_data { - about_text = lookup(each.value, "about_text", "") - architectures = lookup(each.value, "architectures", []) - description = lookup(each.value, "description", "") - logo_image_blob = lookup(each.value, "logo_image_path", "") - operating_systems = lookup(each.value, "operating_systems", []) - usage_text = lookup(each.value, "usage_text", "") - } -} diff --git a/terragrunt/modules/ecr-public/outputs.tf b/terragrunt/modules/ecr-public/outputs.tf deleted file mode 100644 index 1152fe50..00000000 --- a/terragrunt/modules/ecr-public/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "public_repositories" { - value = aws_ecrpublic_repository.this -} diff --git a/terragrunt/modules/ecr-public/variables.tf b/terragrunt/modules/ecr-public/variables.tf deleted file mode 100644 index f6b4fbe4..00000000 --- a/terragrunt/modules/ecr-public/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "public_repositories" { - type = any - default = null -} diff --git a/terragrunt/modules/eks-asg-tags/eks-asg-tags.tf b/terragrunt/modules/eks-asg-tags/eks-asg-tags.tf deleted file mode 100644 index ac580ab1..00000000 --- a/terragrunt/modules/eks-asg-tags/eks-asg-tags.tf +++ /dev/null @@ -1,70 +0,0 @@ -data "aws_autoscaling_group" "node_groups" { - for_each = module.eks_managed_node_group - name = each.value.node_group_resources.0.autoscaling_groups.0.name -} - -data "aws_arn" "node_groups" { - for_each = data.aws_autoscaling_group.node_groups - arn = each.value.arn -} - -resource "null_resource" "node_groups_asg_tags" { - for_each = data.aws_autoscaling_group.node_groups - - triggers = { - asg = each.value.arn - labels = jsonencode(lookup(var.eks_managed_node_groups[each.key], "labels", null)) - taints = jsonencode(lookup(var.eks_managed_node_groups[each.key], "taint", null)) - restricted_labels = jsonencode(lookup(var.eks_managed_node_groups[each.key], "restricted_labels", null)) - instance_types = jsonencode(lookup(var.eks_managed_node_groups[each.key], "instance_types", null)) - md5file = md5(file("eks-asg-tags.tf")) - } - - provisioner "local-exec" { - command = <