Skip to content

Commit

Permalink
Subdomain (#4)
Browse files Browse the repository at this point in the history
* remove subdomains
  • Loading branch information
lpm0073 authored Apr 5, 2022
1 parent 7211af6 commit 059cdf2
Show file tree
Hide file tree
Showing 18 changed files with 51 additions and 103 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).


## [0.0.5]

- removed subdomains list

## [0.0.4]

- parameterized deployment yaml manifests with cookiecutter
Expand Down
1 change: 0 additions & 1 deletion README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,6 @@ Review your production environment parameters.
locals {
environment = "courses"
subdomains = ["dev", "test"]
# defaults to this value
environment_domain = "courses.yourschool.edu"
Expand Down
2 changes: 1 addition & 1 deletion tests/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#------------------------------------------------------------------------------

GITHUB_REPO="gh:lpm0073/cookiecutter-openedx-devops"
GITHUB_BRANCH="eks_alb"
GITHUB_BRANCH="subdomain"
OUTPUT_FOLDER="/Users/mcdaniel/cookiecutter/"

cookiecutter --checkout $GITHUB_BRANCH \
Expand Down
1 change: 0 additions & 1 deletion {{cookiecutter.github_repo_name}}/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,6 @@ Set your `production environment parameters <terraform/environments/{{ cookiecut
locals {
environment = "{{ cookiecutter.environment_subdomain }}"
subdomains = ["dev", "test"]
environment_domain = "${local.environment}.${local.global_vars.locals.root_domain}"
environment_namespace = "${local.environment}-${local.global_vars.locals.platform_name}-${local.global_vars.locals.platform_region}"
Expand Down
14 changes: 0 additions & 14 deletions {{cookiecutter.github_repo_name}}/terraform/environments/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,10 @@ Terraform environments give you the ability to create multiple, distinct AWS VPC

The general strategy is that a common set of parameters are defined in [terraform/environments/global.hcl](./global.hcl) that each environment uses, plus, each environment maintains its own set of parameters for environment-specific settings like domain names and resource instances sizes for example.

So, to be clear, creating additional Terragrunt environments might be more separation than you actually require, and add more costs than your budget can bear. Keep in mind that this is probably more easily accomplished simply by adding subdomains to the one VPC that is created based on the settings in [terraform/environments/{{ cookiecutter.environment_name }}/env.hcl](./{{ cookiecutter.environment_name }}/env.hcl), as follows:

```
locals {
global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl"))
environment = "{{ cookiecutter.environment_name }}"
subdomains = ["dev", "test", "qa", "lawrence-dev", "frank-dev"]
}```
The difference between these two methodologies is that the former creates an entire VPC per environment, increasing your monthly AWS bill by multiples, whereas the latter simply adds additional domain records, S3 buckets, and logical databases as necessary to support the additional environments.

### Why would you create an additional Terragrunt environment?

1. You would take this approach if, for example, internal policy at your organization dictactates that developers and qa staff **must** be completely isolated from your prod environment. That is precisely what an additional Terragrunt environment provides for you. This affords you absolute separation between environemnts, but at significantly higher AWS cost and more support burden on you.

2. An alternative scenario would be that, for quality-of-service reasons, you want to completely separate a large MOOC from the course content that you offer to regularly-enrolled students. To accomplish this you could use the **prod** environement created by Cookiecutter for your enrolled students, and then create a second environment named **mooc**.
### Why wouldn't you create an additional Terragrunt environment?
Contrastly, if you are budget conscious and you are otherwise indifferent to how and where your development and qa environments are housed -- provided of course that these are reasonably isolated from your prod environment -- then you would simply add subdomains to [terraform/environments/{{ cookiecutter.environment_name }}/env.hcl](terraform/environments/{{ cookiecutter.environment_name }}/env.hcl).
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ locals {

environment = "{{ cookiecutter.environment_name }}"
environment_subdomain = "{{ cookiecutter.environment_subdomain }}"
subdomains = []
environment_domain = "${local.environment_subdomain}.${local.global_vars.locals.root_domain}"
environment_namespace = "${local.environment}-${local.global_vars.locals.platform_name}-${local.global_vars.locals.platform_region}"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ locals {
env = local.environment_vars.locals.environment
environment_domain = local.environment_vars.locals.environment_domain
environment_namespace = local.environment_vars.locals.environment_namespace
subdomains = local.environment_vars.locals.subdomains
root_domain = local.global_vars.locals.root_domain
platform_name = local.global_vars.locals.platform_name
platform_region = local.global_vars.locals.platform_region
Expand Down Expand Up @@ -67,7 +66,6 @@ inputs = {
environment_domain = local.environment_domain
root_domain = local.root_domain
environment_namespace = local.environment_namespace
subdomains = local.subdomains
private_subnet_ids = dependency.vpc.outputs.private_subnets
public_subnet_ids = dependency.vpc.outputs.public_subnets
vpc_id = dependency.vpc.outputs.vpc_id
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ locals {
env = local.environment_vars.locals.environment
environment_domain = local.environment_vars.locals.environment_domain
environment_namespace = local.environment_vars.locals.environment_namespace
subdomains = local.environment_vars.locals.subdomains
root_domain = local.global_vars.locals.root_domain
platform_name = local.global_vars.locals.platform_name
platform_region = local.global_vars.locals.platform_region
Expand Down Expand Up @@ -65,7 +64,6 @@ inputs = {
environment_domain = local.environment_domain
root_domain = local.root_domain
environment_namespace = local.environment_namespace
subdomains = local.subdomains
private_subnet_ids = dependency.vpc.outputs.private_subnets
public_subnet_ids = dependency.vpc.outputs.public_subnets
vpc_id = dependency.vpc.outputs.vpc_id
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ locals {
aws_region = local.global_vars.locals.aws_region
environment = local.environment_vars.locals.environment
environment_namespace = local.environment_vars.locals.environment_namespace
subdomains = local.environment_vars.locals.subdomains

tags = merge(
local.environment_vars.locals.tags,
Expand All @@ -42,7 +41,6 @@ include {
inputs = {
aws_region = local.aws_region
environment_namespace = local.environment_namespace
subdomains = local.subdomains
name = "${local.environment_namespace}"
cidr = "192.168.0.0/20"
azs = ["${local.aws_region}a", "${local.aws_region}b", "${local.aws_region}c"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,6 @@
#
# usage: Add DNS records and tls certs to environment aws_region for ALB.
# Also add certs to us-east-1 for Cloudfront distributions.
#
# we have to add these here, inside of eks_fargate because we
# need to iterate the subdomains, and this is only possible
# within the terragrunt module in which the subdomain
# resources are created.
#
# that is, the following line only works from
# inside eks:
# aws_route53_zone.subdomain[count.index].name
#
# where aws_route53_zone was declared as a resource rather
# than as data
#------------------------------------------------------------------------------

#------------------------------------------------------------------------------
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
Amazon Elastic Kubernetes Service (EKS)
=======================================

see: curl -o eks-console-full-access.yaml https://s3.us-west-2.amazonaws.com/amazon-eks/docs/eks-console-full-access.yaml

Implements a `Kubernetes Cluster <https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/>`_ via `AWS Elastic Kubernetes Service (EKS) <https://aws.amazon.com/kubernetes/>`_. A Kubernetes cluster is a set of nodes that run containerized applications that are grouped in pods and organized with namespaces. Containerizing an application into a Docker container means packaging that app with its dependences and its required services into a single binary run-time file that can be downloaded directly from the Docker registry.
Our Kubernetes Cluster resides inside the VPC on a private subnet, meaning that it is generally not visible to the public. In order to be able to receive traffic from the outside world we implement `Kubernetes Ingress Controllers <https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/>`_ which in turn implement a `Kubernetes Ingress <https://kubernetes.io/docs/concepts/services-networking/ingress/>`_
for both an `AWS Application Load Balancer <https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html>`_ as well as our `Nginx proxy server <https://www.nginx.com/>`_.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@ variable "environment_domain" {
type = string
}

variable "subdomains" {
type = list(string)
}

variable "environment_namespace" {
type = string
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: eks-console-dashboard-full-access-clusterrole
rules:
- apiGroups:
- ""
resources:
- nodes
- namespaces
- pods
verbs:
- get
- list
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- statefulsets
- replicasets
verbs:
- get
- list
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: eks-console-dashboard-full-access-binding
subjects:
- kind: Group
name: eks-console-dashboard-full-access-group
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: eks-console-dashboard-full-access-clusterrole
apiGroup: rbac.authorization.k8s.io
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,6 @@
# date: Feb-2022
#
# usage: Add tls certs to us-east-1 for Cloudfront distributions.
#
# we have to add these here, inside of eks because we
# need to iterate the subdomains, and this is only possible
# within the terragrunt module in which the subdomain
# resources are created.
#
# that is, the following line only works from
# inside eks:
# aws_route53_zone.subdomain[count.index].name
#
# where aws_route53_zone was declared as a resource rather
# than as data
#------------------------------------------------------------------------------

# FIX NOTE: do we even need this for anything?
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,29 +42,3 @@ data "kubernetes_service" "ingress_nginx_controller" {
}

data "aws_elb_hosted_zone_id" "main" {}

resource "aws_route53_record" "ingress_domains_wildcard" {
count = length(var.subdomains)
zone_id = aws_route53_zone.subdomain[count.index].id
name = "*.${element(var.subdomains, count.index)}.${var.environment_domain}"
type = "A"

alias {
name = data.kubernetes_service.ingress_nginx_controller.status.0.load_balancer.0.ingress.0.hostname
zone_id = data.aws_elb_hosted_zone_id.main.id
evaluate_target_health = true
}
}

resource "aws_route53_record" "ingress_domains_naked" {
count = length(var.subdomains)
zone_id = aws_route53_zone.subdomain[count.index].id
name = "${element(var.subdomains, count.index)}.${var.environment_domain}"
type = "A"

alias {
name = data.kubernetes_service.ingress_nginx_controller.status.0.load_balancer.0.ingress.0.hostname
zone_id = data.aws_elb_hosted_zone_id.main.id
evaluate_target_health = true
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,6 @@ data "aws_route53_zone" "environment_domain" {
name = var.environment_domain
}

resource "aws_route53_zone" "subdomain" {
count = length(var.subdomains)
name = "${element(var.subdomains, count.index)}.${var.environment_domain}"
}

resource "aws_route53_record" "subdomain-ns" {
count = length(var.subdomains)
zone_id = data.aws_route53_zone.environment_domain.zone_id
name = "${element(var.subdomains, count.index)}.${var.environment_domain}"
type = "NS"
ttl = "30"
records = aws_route53_zone.subdomain[count.index].name_servers
}

resource "aws_route53_record" "naked" {
zone_id = data.aws_route53_zone.environment_domain.id
name = var.environment_domain
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,6 @@ variable "root_domain" {
type = string
}

variable "subdomains" {
description = "Base domain (route53 zone) for the default cluster ingress"
type = list(string)
}


variable "tags" {
description = "A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only."
type = map(string)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@
#
# usage: create a VPC to contain all Open edX backend resources.
#------------------------------------------------------------------------------
variable "subdomains" {
description = "Base domain (route53 zone) for the default cluster ingress"
type = list(string)
}

variable "aws_region" {
description = "The region in which the origin S3 bucket was created."
type = string
Expand Down

0 comments on commit 059cdf2

Please sign in to comment.